Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

persistent browser hijacker and pop-over ads [Solved]


  • This topic is locked This topic is locked

#1
hexrei

hexrei

    Member

  • Member
  • PipPip
  • 18 posts
As title says, using Firefox, I'm getting redirects every few clicks, and lower right and left hand corner popups advertising stuff. Any ideas?

Here's my OTL report...

OTL logfile created on: 12/10/2012 2:28:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HexRei\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.92 Gb Total Physical Memory | 11.95 Gb Available Physical Memory | 75.06% Memory free
31.84 Gb Paging File | 27.72 Gb Available in Paging File | 87.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 7.93 Gb Free Space | 6.66% Space Free | Partition Type: NTFS
Drive D: | 1862.89 Gb Total Space | 735.94 Gb Free Space | 39.51% Space Free | Partition Type: NTFS
Drive E: | 4.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HIGGSFIELD | User Name: HexRei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/10 14:28:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HexRei\Desktop\OTL.exe
PRC - [2012/12/07 13:48:11 | 000,304,640 | ---- | M] () -- C:\Windows\msisear.exe
PRC - [2012/12/06 17:08:54 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/12/06 17:08:14 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/12/04 18:12:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/12/04 17:38:00 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/12/04 04:41:25 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/11/11 22:30:18 | 003,389,080 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012/09/14 15:55:00 | 002,529,096 | ---- | M] (Desura Pty Ltd) -- C:\Program Files (x86)\Desura\desura.exe
PRC - [2012/09/14 15:55:00 | 000,131,912 | ---- | M] (Desura Pty Ltd) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe
PRC - [2012/08/30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/22 15:26:10 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/04/22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/06 17:08:54 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/12/06 17:08:14 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/12/04 17:38:00 | 002,240,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012/12/04 17:38:00 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/12/04 17:38:00 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/12/04 04:41:28 | 000,835,072 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/04 04:41:27 | 020,319,568 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/04 04:41:26 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/04 04:41:26 | 000,965,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/12/04 04:41:26 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/04 04:41:26 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/14 15:55:05 | 014,289,408 | ---- | M] () -- C:\Program Files (x86)\Desura\bin\wxmsw290u_vc_desura.dll
MOD - [2012/09/14 15:55:02 | 018,300,416 | ---- | M] () -- C:\Program Files (x86)\Desura\bin\cef_desura.dll
MOD - [2012/09/14 15:55:01 | 001,577,761 | ---- | M] () -- C:\Program Files (x86)\Desura\bin\avcodec-53.dll
MOD - [2012/09/14 15:55:01 | 000,213,022 | ---- | M] () -- C:\Program Files (x86)\Desura\bin\avformat-53.dll
MOD - [2012/09/14 15:55:01 | 000,134,035 | ---- | M] () -- C:\Program Files (x86)\Desura\bin\avutil-51.dll
MOD - [2012/08/30 09:39:42 | 000,374,120 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/03/14 07:15:01 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/07 13:48:11 | 000,304,640 | ---- | M] () [Auto | Running] -- C:\Windows\msisear.exe -- (W32Serv)
SRV - [2012/12/05 09:41:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/04 18:12:39 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/23 16:23:24 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/14 15:55:00 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/08/30 11:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/04/26 14:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/08/22 15:26:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 07:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/16 06:10:15 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/28 19:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/07/28 19:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/06/09 19:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/31 19:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/10/14 09:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 16:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 16:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 16:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/12/10 11:17:57 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/03/08 12:15:28 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.ya...ilc=8.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 08 24 EF A2 FD CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....h?fr=mkg030&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B92b0b569-e26f-498e-a85b-66f765c6962b%7D:3.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mkg030&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 17:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/12/04 17:37:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{42F6A681-D341-11E1-8270-B8AC6F996F26}: C:\Users\HexRei\AppData\Local\{42F6A681-D341-11E1-8270-B8AC6F996F26}\

[2012/03/08 12:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HexRei\AppData\Roaming\Mozilla\Extensions
[2012/12/05 22:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\extensions
[2012/12/05 22:42:46 | 000,004,043 | ---- | M] () (No name found) -- C:\Users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\extensions\{92b0b569-e26f-498e-a85b-66f765c6962b}.xpi
[2012/11/23 13:12:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/03/14 09:39:41 | 000,001,210 | ---- | M] () -- C:\Users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\searchplugins\search.xml
[2012/12/05 09:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/06 10:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/12/06 10:41:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/06 17:08:14 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/12/06 17:08:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/06 17:08:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/09 00:08:25 | 000,001,473 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 87.236.195.128 www.google-analytics.com.
O1 - Hosts: 87.236.195.128 ad-emea.doubleclick.net.
O1 - Hosts: 87.236.195.128 www.statcounter.com.
O1 - Hosts: 87.236.195.128 connect.facebook.net.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [hitfvs] C:\Users\HexRei\AppData\Roaming\hitfvs.dll (Donkey)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [wsksy] C:\Users\HexRei\AppData\Roaming\wsksy.dll (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - Startup: C:\Users\HexRei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E533D77-0555-4984-8481-A053D41F7143}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/20 10:15:04 | 000,000,042 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/10 14:28:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HexRei\Desktop\OTL.exe
[2012/12/10 11:19:36 | 000,619,520 | ---- | C] (IDT, Inc.) -- C:\Users\HexRei\AppData\Roaming\wsksy.dll
[2012/12/07 13:43:51 | 000,152,064 | ---- | C] (Donkey) -- C:\Users\HexRei\AppData\Roaming\hitfvs.dll
[2012/12/06 17:07:20 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/12/06 03:17:29 | 079,389,248 | ---- | C] (Microsoft Corporation) -- C:\Users\HexRei\Desktop\msert.exe
[2012/12/06 03:15:56 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/12/06 03:15:25 | 017,260,040 | ---- | C] (Microsoft Corporation) -- C:\Users\HexRei\Desktop\Windows-KB890830-V4.14.exe
[2012/12/05 09:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/04 18:12:38 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Local\PunkBuster
[2012/12/04 18:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2012/12/04 17:55:37 | 000,000,000 | ---D | C] -- C:\Users\HexRei\Documents\Baldur's Gate - Enhanced Edition
[2012/12/04 17:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarCry 3
[2012/12/04 17:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012/12/04 17:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FarCry 3
[2012/12/04 17:32:52 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/12/04 17:32:52 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/12/04 17:32:52 | 000,122,904 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/12/04 17:32:52 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/12/04 17:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/12/04 17:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beamdog
[2012/12/04 17:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beamdog
[2012/12/02 00:12:45 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Local\4A Games
[2012/12/01 03:49:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/11/24 13:53:05 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Local\SKIDROW
[2012/11/24 13:15:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SQUARE ENIX
[2012/11/21 23:39:37 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Roaming\Skype
[2012/11/21 23:39:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/11/21 23:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/21 23:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/21 23:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/11/16 16:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProcessExplorer
[2012/11/16 16:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/11/15 13:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/11/15 13:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/12 20:44:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/11/12 16:45:34 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Roaming\JAM Software
[2012/11/12 16:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2012/11/12 16:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software
[2012/11/11 22:30:21 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Local\Origin
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/10 14:28:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HexRei\Desktop\OTL.exe
[2012/12/10 14:25:12 | 000,006,523 | ---- | M] () -- C:\Users\HexRei\AppData\Local\92b0b569-e26f-498e-a85b-66f765c6962b.crx
[2012/12/10 14:22:26 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/10 14:22:26 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/10 11:23:51 | 000,780,436 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/10 11:23:51 | 000,661,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/10 11:23:51 | 000,121,518 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/10 11:19:38 | 000,619,520 | ---- | M] (IDT, Inc.) -- C:\Users\HexRei\AppData\Roaming\wsksy.dll
[2012/12/10 11:17:57 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/12/10 11:17:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/09 21:56:04 | 000,026,739 | ---- | M] () -- C:\Users\HexRei\Desktop\Dan Contract.odt
[2012/12/09 00:08:25 | 000,001,473 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/07 13:48:11 | 000,304,640 | ---- | M] () -- C:\Windows\msisear.exe
[2012/12/07 13:43:51 | 000,152,064 | ---- | M] (Donkey) -- C:\Users\HexRei\AppData\Roaming\hitfvs.dll
[2012/12/07 01:20:13 | 000,002,114 | ---- | M] () -- C:\Users\HexRei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/12/06 17:08:54 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/06 17:08:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/06 13:05:17 | 000,129,635 | ---- | M] () -- C:\Users\HexRei\Desktop\twc_handout.pdf
[2012/12/06 12:39:57 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/06 12:39:57 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/06 12:35:14 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/06 03:18:05 | 079,389,248 | ---- | M] (Microsoft Corporation) -- C:\Users\HexRei\Desktop\msert.exe
[2012/12/06 03:15:33 | 017,260,040 | ---- | M] (Microsoft Corporation) -- C:\Users\HexRei\Desktop\Windows-KB890830-V4.14.exe
[2012/12/04 18:12:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/04 17:32:52 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/12/04 17:32:52 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/12/04 17:32:52 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/12/04 17:32:52 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/12/01 23:10:09 | 000,000,114 | ---- | M] () -- C:\Users\HexRei\Desktop\del.IE.bat
[2012/11/28 16:38:13 | 000,000,748 | ---- | M] () -- C:\Users\HexRei\Desktop\Clark - Shortcut.lnk
[2012/11/25 22:02:40 | 000,000,000 | ---- | M] () -- C:\ctfmon.lnk
[2012/11/20 11:46:05 | 095,023,320 | ---- | M] () -- C:\ProgramData\0.pad
[2012/11/11 22:43:01 | 000,772,462 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/09 13:07:02 | 000,026,739 | ---- | C] () -- C:\Users\HexRei\Desktop\Dan Contract.odt
[2012/12/07 13:48:09 | 000,304,640 | ---- | C] () -- C:\Windows\msisear.exe
[2012/12/06 13:05:17 | 000,129,635 | ---- | C] () -- C:\Users\HexRei\Desktop\twc_handout.pdf
[2012/12/05 22:42:44 | 000,006,523 | ---- | C] () -- C:\Users\HexRei\AppData\Local\92b0b569-e26f-498e-a85b-66f765c6962b.crx
[2012/12/04 18:12:56 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/04 18:12:56 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/04 18:12:45 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/04 18:12:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/25 22:02:40 | 000,000,000 | ---- | C] () -- C:\ctfmon.lnk
[2012/11/15 16:04:53 | 095,023,320 | ---- | C] () -- C:\ProgramData\0.pad
[2012/11/15 14:01:18 | 000,000,114 | ---- | C] () -- C:\Users\HexRei\Desktop\del.IE.bat
[2012/11/07 22:23:22 | 000,002,159 | ---- | C] () -- C:\Users\HexRei\AppData\Local\recently-used.xbel
[2012/09/11 09:08:58 | 000,000,210 | ---- | C] () -- C:\Users\HexRei\.java.policy
[2012/08/30 09:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/08/27 10:51:19 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2012/04/10 15:25:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/10 15:25:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/10 15:25:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/10 15:25:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/10 15:25:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/19 17:00:23 | 000,772,462 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/10 13:43:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/03/08 12:15:28 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/03/08 12:13:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012/03/08 12:10:59 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/08 12:10:59 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/08 12:10:59 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/08 12:10:59 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/08 12:10:59 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/08 12:09:24 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2012/11/12 01:55:54 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$9ebc8946ea23cd78e93b28cb32eaa402\@
[2012/11/12 01:55:50 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$9ebc8946ea23cd78e93b28cb32eaa402\L
[2012/11/12 01:55:50 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$9ebc8946ea23cd78e93b28cb32eaa402\U
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
hexrei

hexrei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
First, thanks for the help :)

Ok, steps done. here are the logs.

Results of screen317's Security Check version 0.99.56
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 6 Update 25
Java™ 6 Update 31
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Mozilla Thunderbird (17.0.)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 47% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````





# AdwCleaner v2.100 - Logfile created 12/11/2012 at 00:09:05
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : HexRei - HIGGSFIELD
# Boot Mode : Normal
# Running from : C:\Users\HexRei\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\searchplugins\search.xml

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\prefs.js

C:\Users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [895 octets] - [11/12/2012 00:09:05]

########## EOF - C:\AdwCleaner[S1].txt - [954 octets] ##########








RogueKiller V8.3.2 [Dec 10 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : HexRei [Admin rights]
Mode : Remove -- Date : 12/11/2012 00:13:29

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : hitfvs (rundll32.exe "C:\Users\HexRei\AppData\Roaming\hitfvs.dll",HrUtreamToByte) -> DELETED
[RUN][PREVRUN] HKLM\[...]\Run : wsksy ("C:\Windows\System32\rundll32.exe" "C:\Users\HexRei\AppData\Roaming\wsksy.dll",GetIndicesEx) -> DELETED
[TASK][PREVRUN] ProgramDataUpdater : C:\Windows\System32\rundll32.exe aepdu.dll,AePduRunUpdate -> DELETED
[TASK][PREVRUN] Proxy : C:\Windows\System32\rundll32.exe /d acproxy.dll,PerformAutochkOperations -> DELETED
[TASK][PREVRUN] SR : C:\Windows\System32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation -> DELETED
[TASK][PREVRUN] IpAddressConflict1 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem -> DELETED
[TASK][PREVRUN] IpAddressConflict2 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$9ebc8946ea23cd78e93b28cb32eaa402\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$9ebc8946ea23cd78e93b28cb32eaa402\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$9ebc8946ea23cd78e93b28cb32eaa402\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
87.236.195.128 www.google-analytics.com.
87.236.195.128 ad-emea.doubleclick.net.
87.236.195.128 www.statcounter.com.
87.236.195.128 connect.facebook.net.
93.115.241.27 www.google-analytics.com.
93.115.241.27 ad-emea.doubleclick.net.
93.115.241.27 www.statcounter.com.
93.115.241.27 connect.facebook.net.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] f8ea9da12dee6d83a867bb19a48d756d
[BSP] f249397b8509341d4d8d6d485a3c7377 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] f201cac2dfb109a2120dd82c79ee1f94
[BSP] f249397b8509341d4d8d6d485a3c7377 : Windows 7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo

+++++ PhysicalDrive1: WDC WD2002FAEX-007BA0 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_12112012_02d0013.txt >>
RKreport[1]_S_12112012_02d0012.txt ; RKreport[2]_S_12112012_02d0013.txt ; RKreport[3]_D_12112012_02d0013.txt









ZEROACCESSS was flashing with a big warning sign on roguekiller...
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
hexrei

hexrei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ComboFix 12-12-10.01 - HexRei 12/11/2012 13:40:38.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16301.12296 [GMT -8:00]
Running from: c:\users\HexRei\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0.pad
c:\users\HexRei\AppData\Roaming\hitfvs.dll
c:\users\HexRei\AppData\Roaming\wsksy.dll
c:\windows\svchost.exe
c:\windows\SysWow64\config\systemprofile\wgsdgsdgdsgsd.exe
c:\windows\SysWow64\tmpB2D2.tmp
c:\windows\SysWow64\tmpB2D3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 )))))))))))))))))))))))))))))))
.
.
2012-12-11 21:48 . 2012-12-11 21:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-11 21:48 . 2012-12-11 21:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-11 21:48 . 2012-12-11 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-11 12:38 . 2012-12-11 12:38 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0BD1946-041F-4081-99F3-F5D97E150A6F}\offreg.dll
2012-12-07 21:48 . 2012-12-07 21:48 304640 ----a-w- c:\windows\msisear.exe
2012-12-05 02:12 . 2012-12-06 20:39 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-05 02:12 . 2012-12-06 20:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-05 02:12 . 2012-12-06 20:39 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-05 02:12 . 2012-12-05 02:12 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-05 02:12 . 2012-12-05 02:12 -------- d-----w- c:\users\HexRei\AppData\Local\PunkBuster
2012-12-05 02:11 . 2012-12-05 02:11 -------- d-----w- c:\programdata\Orbit
2012-12-05 01:37 . 2012-12-07 09:20 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-12-05 01:35 . 2012-12-05 06:08 -------- d-----w- c:\program files (x86)\FarCry 3
2012-12-05 01:32 . 2012-12-05 01:32 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-05 01:32 . 2012-12-05 01:32 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-05 01:32 . 2012-12-05 01:32 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-05 01:32 . 2012-12-05 01:32 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-05 01:32 . 2012-12-05 01:32 -------- d-----w- c:\program files (x86)\OpenAL
2012-12-05 01:25 . 2012-12-05 01:25 -------- d-----w- c:\program files (x86)\Beamdog
2012-12-03 02:14 . 2012-12-03 02:14 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2012-12-02 08:12 . 2012-12-02 08:12 -------- d-----w- c:\users\HexRei\AppData\Local\4A Games
2012-11-24 21:53 . 2012-11-24 21:53 -------- d-----w- c:\users\HexRei\AppData\Local\SKIDROW
2012-11-24 21:15 . 2012-11-24 21:15 -------- d-----w- c:\program files (x86)\SQUARE ENIX
2012-11-22 07:39 . 2012-12-11 08:29 -------- d-----w- c:\users\HexRei\AppData\Roaming\Skype
2012-11-22 07:39 . 2012-11-22 07:39 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-22 07:39 . 2012-11-22 07:39 -------- d-----r- c:\program files (x86)\Skype
2012-11-22 07:39 . 2012-11-22 07:39 -------- d-----w- c:\programdata\Skype
2012-11-17 00:54 . 2012-11-18 22:41 -------- d-----w- c:\program files (x86)\ProcessExplorer
2012-11-17 00:50 . 2012-12-07 01:10 -------- d-----w- c:\program files\Sandboxie
2012-11-15 21:18 . 2012-11-15 21:18 -------- d-----w- c:\program files\CCleaner
2012-11-13 04:44 . 2012-12-10 06:45 -------- d-----w- c:\windows\system32\MpEngineStore
2012-11-13 00:45 . 2012-11-13 00:45 -------- d-----w- c:\users\HexRei\AppData\Roaming\JAM Software
2012-11-13 00:45 . 2012-11-13 00:45 -------- d-----w- c:\program files (x86)\JAM Software
2012-11-12 06:30 . 2012-11-12 06:30 -------- d-----w- c:\users\HexRei\AppData\Local\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 08:10 . 2012-03-08 20:41 25640 ----a-w- c:\windows\gdrv.sys
2012-12-07 01:08 . 2012-06-19 03:12 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-07 01:08 . 2012-03-08 20:36 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 03:54 . 2012-03-16 03:39 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 00:57 . 2012-09-20 00:57 17896 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2012-09-15 19:33 . 2012-09-15 19:33 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-15 19:33 . 2012-08-02 02:09 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-15 19:33 . 2012-03-14 15:14 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-12-10 3492504]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Desura"="c:\program files (x86)\Desura\desura.exe" [2012-09-14 2529096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17878704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe" [2012-06-19 351904]
.
c:\users\HexRei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 cxlmzaoe;cxlmzaoe;c:\windows\system32\drivers\cxlmzaoe.sys [x]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-08-22 57344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 W32Serv;Windows Search Scheduler;c:\windows\msisear.exe [2012-12-07 304640]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-03-08 30528]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-16 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-11 21104]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-16 283200]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-09-14 131912]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2009-11-25 20:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2009-11-25 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-31 2552320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - ExtSQL: 2012-12-11 00:10; {92b0b569-e26f-498e-a85b-66f765c6962b}; c:\users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\extensions\{92b0b569-e26f-498e-a85b-66f765c6962b}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cube Experimental_is1 - c:\program files (x86)\Bethesda Softworks\Fallout 3\unins000.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
AddRemove-{4f004f4a-1930-4b55-83e6-61660211787f} - c:\users\HexRei\AppData\Local\Package Cache\{4f004f4a-1930-4b55-83e6-61660211787f}\MechWarriorOnline.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:50,79,9e,11,2e,6b,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-11 13:50:13
ComboFix-quarantined-files.txt 2012-12-11 21:50
ComboFix2.txt 2012-08-03 17:33
ComboFix3.txt 2012-04-10 23:32
.
Pre-Run: 19,878,453,248 bytes free
Post-Run: 19,868,274,688 bytes free
.
- - End Of File - - A8CED5595A0C1429A18B01D0E1359769







I haven't gotten a browser redirect yet, but the popups are still happening. They look like facebook chat windows and make the same noise when they pop up.
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello



I would like a fresh scan from rougekiller and I would like a fresh scan from OTL
  • 0

#7
hexrei

hexrei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
RogueKiller V8.3.2 [Dec 10 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : HexRei [Admin rights]
Mode : Remove -- Date : 12/11/2012 15:01:21

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
87.236.195.128 www.google-analytics.com.
87.236.195.128 ad-emea.doubleclick.net.
87.236.195.128 www.statcounter.com.
87.236.195.128 connect.facebook.net.
93.115.241.27 www.google-analytics.com.
93.115.241.27 ad-emea.doubleclick.net.
93.115.241.27 www.statcounter.com.
93.115.241.27 connect.facebook.net.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] f8ea9da12dee6d83a867bb19a48d756d
[BSP] f249397b8509341d4d8d6d485a3c7377 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] f201cac2dfb109a2120dd82c79ee1f94
[BSP] f249397b8509341d4d8d6d485a3c7377 : Windows 7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo

+++++ PhysicalDrive1: WDC WD2002FAEX-007BA0 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5]_D_12112012_02d1501.txt >>
RKreport[3]_D_12112012_02d0013.txt ; RKreport[4]_S_12112012_02d1447.txt ; RKreport[5]_D_12112012_02d1501.txt



OTL logfile created on: 12/11/2012 3:02:17 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HexRei\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.92 Gb Total Physical Memory | 9.10 Gb Available Physical Memory | 57.16% Memory free
31.84 Gb Paging File | 27.25 Gb Available in Paging File | 85.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 16.98 Gb Free Space | 14.25% Space Free | Partition Type: NTFS
Drive D: | 1862.89 Gb Total Space | 735.93 Gb Free Space | 39.50% Space Free | Partition Type: NTFS
Drive E: | 4.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HIGGSFIELD | User Name: HexRei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/10 14:28:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HexRei\Desktop\OTL.exe
PRC - [2012/12/06 17:08:54 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/12/06 17:08:14 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/12/04 18:12:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/12/04 17:38:00 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/12/04 04:41:25 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/09/14 15:55:00 | 002,529,096 | ---- | M] (Desura Pty Ltd) -- C:\Program Files (x86)\Desura\desura.exe
PRC - [2012/09/14 15:55:00 | 000,131,912 | ---- | M] (Desura Pty Ltd) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe
PRC - [2012/08/30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/27 12:51:28 | 001,498,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/04/22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/06 17:08:54 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/12/06 17:08:14 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/12/04 17:38:00 | 002,240,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012/12/04 17:38:00 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/12/04 17:38:00 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/12/04 04:41:28 | 000,835,072 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/04 04:41:27 | 020,319,568 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/04 04:41:26 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/04 04:41:26 | 000,965,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/12/04 04:41:26 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/04 04:41:26 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/14 15:55:05 | 014,289,408 | ---- | M] () -- C:\Program Files (x86)\Desura\bin\wxmsw290u_vc_desura.dll
MOD - [2012/09/14 15:55:02 | 018,300,416 | ---- | M] () -- C:\Program Files (x86)\Desura\bin\cef_desura.dll
MOD - [2012/09/14 15:55:01 | 001,577,761 | ---- | M] () -- C:\Program Files (x86)\Desura\bin\avcodec-53.dll
MOD - [2012/09/14 15:55:01 | 000,213,022 | ---- | M] () -- C:\Program Files (x86)\Desura\bin\avformat-53.dll
MOD - [2012/09/14 15:55:01 | 000,134,035 | ---- | M] () -- C:\Program Files (x86)\Desura\bin\avutil-51.dll
MOD - [2012/08/30 09:39:42 | 000,374,120 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/03/14 07:15:01 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/07 13:48:11 | 000,304,640 | ---- | M] () [Auto | Stopped] -- C:\Windows\msisear.exe -- (W32Serv)
SRV - [2012/12/05 09:41:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/04 18:12:39 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/23 16:23:24 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/14 15:55:00 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/08/30 11:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/04/26 14:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/08/22 15:26:10 | 000,057,344 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 07:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/16 06:10:15 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/28 19:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/07/28 19:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/06/09 19:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/31 19:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/10/14 09:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 16:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 16:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 16:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/12/11 00:10:12 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/03/08 12:15:28 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://http://www.ya...ilc=8.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 08 24 EF A2 FD CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....h?fr=mkg030&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B92b0b569-e26f-498e-a85b-66f765c6962b%7D:3.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mkg030&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 17:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/12/04 17:37:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{42F6A681-D341-11E1-8270-B8AC6F996F26}: C:\Users\HexRei\AppData\Local\{42F6A681-D341-11E1-8270-B8AC6F996F26}\

[2012/03/08 12:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HexRei\AppData\Roaming\Mozilla\Extensions
[2012/12/05 22:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\extensions
[2012/12/11 00:10:32 | 000,004,044 | ---- | M] () (No name found) -- C:\Users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\extensions\{92b0b569-e26f-498e-a85b-66f765c6962b}.xpi
[2012/11/23 13:12:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/05 09:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/06 10:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/12/06 10:41:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/06 17:08:14 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/12/06 17:08:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/06 17:08:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/09 00:08:25 | 000,001,473 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 87.236.195.128 www.google-analytics.com.
O1 - Hosts: 87.236.195.128 ad-emea.doubleclick.net.
O1 - Hosts: 87.236.195.128 www.statcounter.com.
O1 - Hosts: 87.236.195.128 connect.facebook.net.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - Startup: C:\Users\HexRei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E533D77-0555-4984-8481-A053D41F7143}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/20 10:15:04 | 000,000,042 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/11 14:47:14 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/12/11 13:50:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/11 13:37:57 | 005,011,065 | R--- | C] (Swearware) -- C:\Users\HexRei\Desktop\ComboFix.exe
[2012/12/11 00:12:25 | 000,000,000 | ---D | C] -- C:\Users\HexRei\Desktop\RK_Quarantine
[2012/12/10 14:28:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HexRei\Desktop\OTL.exe
[2012/12/06 03:15:56 | 064,010,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/12/05 09:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/04 18:12:38 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Local\PunkBuster
[2012/12/04 18:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2012/12/04 17:55:37 | 000,000,000 | ---D | C] -- C:\Users\HexRei\Documents\Baldur's Gate - Enhanced Edition
[2012/12/04 17:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarCry 3
[2012/12/04 17:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012/12/04 17:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FarCry 3
[2012/12/04 17:32:52 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/12/04 17:32:52 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/12/04 17:32:52 | 000,122,904 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/12/04 17:32:52 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/12/04 17:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/12/04 17:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beamdog
[2012/12/04 17:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beamdog
[2012/12/02 00:12:45 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Local\4A Games
[2012/11/24 13:53:05 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Local\SKIDROW
[2012/11/24 13:15:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SQUARE ENIX
[2012/11/21 23:39:37 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Roaming\Skype
[2012/11/21 23:39:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/11/21 23:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/21 23:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/21 23:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/11/16 16:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProcessExplorer
[2012/11/16 16:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/11/15 13:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/11/15 13:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/12 20:44:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/11/12 16:45:34 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Roaming\JAM Software
[2012/11/12 16:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2012/11/12 16:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software
[2012/11/11 22:30:21 | 000,000,000 | ---D | C] -- C:\Users\HexRei\AppData\Local\Origin
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/11 13:38:11 | 005,011,065 | R--- | M] (Swearware) -- C:\Users\HexRei\Desktop\ComboFix.exe
[2012/12/11 00:17:15 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/11 00:17:15 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/11 00:16:07 | 000,780,436 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/11 00:16:07 | 000,661,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/11 00:16:07 | 000,121,518 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/11 00:11:25 | 000,756,224 | ---- | M] () -- C:\Users\HexRei\Desktop\RogueKiller.exe
[2012/12/11 00:10:32 | 000,006,523 | ---- | M] () -- C:\Users\HexRei\AppData\Local\92b0b569-e26f-498e-a85b-66f765c6962b.crx
[2012/12/11 00:10:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/11 00:10:12 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/12/10 23:58:48 | 000,545,819 | ---- | M] () -- C:\Users\HexRei\Desktop\adwcleaner.exe
[2012/12/10 23:57:56 | 000,856,731 | ---- | M] () -- C:\Users\HexRei\Desktop\SecurityCheck.exe
[2012/12/10 21:54:48 | 000,069,667 | ---- | M] () -- C:\Users\HexRei\Desktop\ENGL_235_Final_Report_Peer_Review.rtf
[2012/12/10 14:28:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HexRei\Desktop\OTL.exe
[2012/12/09 21:56:04 | 000,026,739 | ---- | M] () -- C:\Users\HexRei\Desktop\Dan Contract.odt
[2012/12/09 00:08:25 | 000,001,473 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/07 13:48:11 | 000,304,640 | ---- | M] () -- C:\Windows\msisear.exe
[2012/12/07 01:20:13 | 000,002,114 | ---- | M] () -- C:\Users\HexRei\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/12/06 17:08:54 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/06 17:08:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/06 13:05:17 | 000,129,635 | ---- | M] () -- C:\Users\HexRei\Desktop\twc_handout.pdf
[2012/12/06 12:39:57 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/06 12:39:57 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/06 12:35:14 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/04 18:12:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/04 17:32:52 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/12/04 17:32:52 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/12/04 17:32:52 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/12/04 17:32:52 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/12/01 23:10:09 | 000,000,114 | ---- | M] () -- C:\Users\HexRei\Desktop\del.IE.bat
[2012/11/28 16:38:13 | 000,000,748 | ---- | M] () -- C:\Users\HexRei\Desktop\Clark - Shortcut.lnk
[2012/11/25 22:02:40 | 000,000,000 | ---- | M] () -- C:\ctfmon.lnk
[2012/11/11 22:43:01 | 000,772,462 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/11 00:11:21 | 000,756,224 | ---- | C] () -- C:\Users\HexRei\Desktop\RogueKiller.exe
[2012/12/10 23:58:45 | 000,545,819 | ---- | C] () -- C:\Users\HexRei\Desktop\adwcleaner.exe
[2012/12/10 23:57:53 | 000,856,731 | ---- | C] () -- C:\Users\HexRei\Desktop\SecurityCheck.exe
[2012/12/10 21:54:48 | 000,069,667 | ---- | C] () -- C:\Users\HexRei\Desktop\ENGL_235_Final_Report_Peer_Review.rtf
[2012/12/09 13:07:02 | 000,026,739 | ---- | C] () -- C:\Users\HexRei\Desktop\Dan Contract.odt
[2012/12/07 13:48:09 | 000,304,640 | ---- | C] () -- C:\Windows\msisear.exe
[2012/12/06 13:05:17 | 000,129,635 | ---- | C] () -- C:\Users\HexRei\Desktop\twc_handout.pdf
[2012/12/05 22:42:44 | 000,006,523 | ---- | C] () -- C:\Users\HexRei\AppData\Local\92b0b569-e26f-498e-a85b-66f765c6962b.crx
[2012/12/04 18:12:56 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/04 18:12:56 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/04 18:12:45 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/04 18:12:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/25 22:02:40 | 000,000,000 | ---- | C] () -- C:\ctfmon.lnk
[2012/11/15 14:01:18 | 000,000,114 | ---- | C] () -- C:\Users\HexRei\Desktop\del.IE.bat
[2012/11/07 22:23:22 | 000,002,159 | ---- | C] () -- C:\Users\HexRei\AppData\Local\recently-used.xbel
[2012/09/11 09:08:58 | 000,000,210 | ---- | C] () -- C:\Users\HexRei\.java.policy
[2012/08/30 09:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/08/27 10:51:19 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2012/04/10 15:25:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/10 15:25:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/10 15:25:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/10 15:25:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/10 15:25:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/19 17:00:23 | 000,772,462 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/10 13:43:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/03/08 12:15:28 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/03/08 12:13:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012/03/08 12:10:59 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/08 12:10:59 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/08 12:10:59 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/08 12:10:59 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/08 12:10:59 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/08 12:09:24 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



And the darn popup is still there. Still no redirects, but those were fairly infrequent so not sure they're gone yet.

Edited by hexrei, 11 December 2012 - 05:51 PM.

  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I want you to rerun rougekiller and this time after the pre-scan I want you to click on host fix
  • 0

#9
hexrei

hexrei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi, thanks for sticking with me :)

Ran roguekiller again, clicked "fix hosts", restarted browser, still getting the popup. On the other hand, still no more redirects so far :)

Here's the report in case you need it.

RogueKiller V8.3.2 [Dec 10 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : HexRei [Admin rights]
Mode : Scan -- Date : 12/11/2012 17:31:20

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
87.236.195.128 www.google-analytics.com.
87.236.195.128 ad-emea.doubleclick.net.
87.236.195.128 www.statcounter.com.
87.236.195.128 connect.facebook.net.
93.115.241.27 www.google-analytics.com.
93.115.241.27 ad-emea.doubleclick.net.
93.115.241.27 www.statcounter.com.
93.115.241.27 connect.facebook.net.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] f8ea9da12dee6d83a867bb19a48d756d
[BSP] f249397b8509341d4d8d6d485a3c7377 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] f201cac2dfb109a2120dd82c79ee1f94
[BSP] f249397b8509341d4d8d6d485a3c7377 : Windows 7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo

+++++ PhysicalDrive1: WDC WD2002FAEX-007BA0 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[15]_S_12112012_02d1731.txt >>
RKreport[10]_S_12112012_02d1729.txt ; RKreport[11]_D_12112012_02d1729.txt ; RKreport[12]_S_12112012_02d1729.txt ; RKreport[13]_H_12112012_02d1729.txt ; RKreport[14]_S_12112012_02d1729.txt ;
RKreport[15]_S_12112012_02d1731.txt ; RKreport[3]_D_12112012_02d0013.txt ; RKreport[4]_S_12112012_02d1447.txt ; RKreport[5]_D_12112012_02d1501.txt ; RKreport[6]_H_12112012_02d1728.txt ;
RKreport[7]_S_12112012_02d1729.txt ; RKreport[8]_H_12112012_02d1729.txt ; RKreport[9]_S_12112012_02d1729.txt

Edited by hexrei, 11 December 2012 - 07:33 PM.

  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

Advertisements


#11
hexrei

hexrei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

19:03:12.0669 2680 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:03:13.0199 2680 ============================================================
19:03:13.0199 2680 Current date / time: 2012/12/11 19:03:13.0199
19:03:13.0199 2680 SystemInfo:
19:03:13.0199 2680
19:03:13.0199 2680 OS Version: 6.1.7600 ServicePack: 0.0
19:03:13.0199 2680 Product type: Workstation
19:03:13.0199 2680 ComputerName: HIGGSFIELD
19:03:13.0199 2680 UserName: HexRei
19:03:13.0199 2680 Windows directory: C:\Windows
19:03:13.0199 2680 System windows directory: C:\Windows
19:03:13.0199 2680 Running under WOW64
19:03:13.0199 2680 Processor architecture: Intel x64
19:03:13.0199 2680 Number of processors: 4
19:03:13.0199 2680 Page size: 0x1000
19:03:13.0199 2680 Boot type: Normal boot
19:03:13.0199 2680 ============================================================
19:03:15.0695 2680 BG loaded
19:03:15.0929 2680 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:03:15.0929 2680 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3F161, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:03:15.0929 2680 ============================================================
19:03:15.0929 2680 \Device\Harddisk0\DR0:
19:03:15.0929 2680 MBR partitions:
19:03:15.0929 2680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:03:15.0929 2680 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
19:03:15.0929 2680 \Device\Harddisk1\DR1:
19:03:15.0929 2680 GPT partitions:
19:03:15.0929 2680 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {034CC426-2A3E-4B85-9736-1ED1BCDF3F9E}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
19:03:15.0929 2680 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {746B704D-CC0B-43F2-9B6B-2371556B576A}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
19:03:15.0929 2680 MBR partitions:
19:03:15.0929 2680 ============================================================
19:03:15.0976 2680 C: <-> \Device\Harddisk0\DR0\Partition2
19:03:16.0007 2680 D: <-> \Device\Harddisk1\DR1\Partition2
19:03:16.0007 2680 ============================================================
19:03:16.0007 2680 Initialize success
19:03:16.0007 2680 ============================================================
19:03:20.0717 4424 ============================================================
19:03:20.0717 4424 Scan started
19:03:20.0717 4424 Mode: Manual;
19:03:20.0717 4424 ============================================================
19:03:22.0765 4424 ================ Scan system memory ========================
19:03:22.0765 4424 System memory - ok
19:03:22.0766 4424 ================ Scan services =============================
19:03:22.0775 4424 !SASCORE - ok
19:03:22.0834 4424 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:03:22.0835 4424 1394ohci - ok
19:03:22.0838 4424 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
19:03:22.0839 4424 61883 - ok
19:03:22.0844 4424 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:03:22.0846 4424 ACPI - ok
19:03:22.0849 4424 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:03:22.0849 4424 AcpiPmi - ok
19:03:22.0856 4424 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:22.0857 4424 AdobeARMservice - ok
19:03:22.0863 4424 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:03:22.0867 4424 adp94xx - ok
19:03:22.0872 4424 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:03:22.0875 4424 adpahci - ok
19:03:22.0880 4424 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:03:22.0884 4424 adpu320 - ok
19:03:22.0892 4424 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:03:22.0892 4424 AeLookupSvc - ok
19:03:22.0898 4424 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
19:03:22.0900 4424 AFD - ok
19:03:22.0904 4424 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:03:22.0905 4424 agp440 - ok
19:03:22.0909 4424 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:03:22.0911 4424 ALG - ok
19:03:22.0913 4424 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:03:22.0914 4424 aliide - ok
19:03:22.0917 4424 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:03:22.0918 4424 amdide - ok
19:03:22.0920 4424 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:03:22.0922 4424 AmdK8 - ok
19:03:22.0925 4424 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:03:22.0926 4424 AmdPPM - ok
19:03:22.0928 4424 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
19:03:22.0930 4424 amdsata - ok
19:03:22.0933 4424 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:03:22.0936 4424 amdsbs - ok
19:03:22.0938 4424 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
19:03:22.0938 4424 amdxata - ok
19:03:22.0941 4424 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
19:03:22.0942 4424 AppID - ok
19:03:22.0944 4424 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:03:22.0945 4424 AppIDSvc - ok
19:03:22.0947 4424 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
19:03:22.0948 4424 Appinfo - ok
19:03:22.0950 4424 [ 6BE11AD81D4527D299F0CB5F3731AABC ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
19:03:22.0951 4424 AppleCharger - ok
19:03:22.0953 4424 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
19:03:22.0953 4424 AppleChargerSrv - ok
19:03:22.0957 4424 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:03:22.0959 4424 AppMgmt - ok
19:03:22.0962 4424 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:03:22.0963 4424 arc - ok
19:03:22.0965 4424 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:03:22.0966 4424 arcsas - ok
19:03:22.0973 4424 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:03:22.0976 4424 aspnet_state - ok
19:03:22.0979 4424 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:22.0979 4424 AsyncMac - ok
19:03:22.0981 4424 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:03:22.0981 4424 atapi - ok
19:03:22.0988 4424 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:03:22.0991 4424 AudioEndpointBuilder - ok
19:03:22.0997 4424 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:03:23.0000 4424 AudioSrv - ok
19:03:23.0002 4424 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
19:03:23.0003 4424 Avc - ok
19:03:23.0006 4424 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:03:23.0007 4424 AxInstSV - ok
19:03:23.0012 4424 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:03:23.0016 4424 b06bdrv - ok
19:03:23.0020 4424 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:03:23.0022 4424 b57nd60a - ok
19:03:23.0026 4424 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:03:23.0027 4424 BDESVC - ok
19:03:23.0029 4424 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:03:23.0029 4424 Beep - ok
19:03:23.0036 4424 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
19:03:23.0038 4424 BFE - ok
19:03:23.0046 4424 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
19:03:23.0055 4424 BITS - ok
19:03:23.0057 4424 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:03:23.0057 4424 blbdrive - ok
19:03:23.0060 4424 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:03:23.0060 4424 bowser - ok
19:03:23.0062 4424 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:03:23.0063 4424 BrFiltLo - ok
19:03:23.0065 4424 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:03:23.0065 4424 BrFiltUp - ok
19:03:23.0068 4424 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:03:23.0069 4424 BridgeMP - ok
19:03:23.0072 4424 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
19:03:23.0073 4424 Browser - ok
19:03:23.0076 4424 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:03:23.0079 4424 Brserid - ok
19:03:23.0081 4424 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:23.0082 4424 BrSerWdm - ok
19:03:23.0084 4424 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:23.0085 4424 BrUsbMdm - ok
19:03:23.0087 4424 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:23.0088 4424 BrUsbSer - ok
19:03:23.0090 4424 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:03:23.0091 4424 BTHMODEM - ok
19:03:23.0094 4424 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:03:23.0095 4424 bthserv - ok
19:03:23.0097 4424 catchme - ok
19:03:23.0100 4424 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:03:23.0100 4424 cdfs - ok
19:03:23.0103 4424 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:03:23.0104 4424 cdrom - ok
19:03:23.0107 4424 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
19:03:23.0108 4424 CertPropSvc - ok
19:03:23.0110 4424 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:03:23.0111 4424 circlass - ok
19:03:23.0115 4424 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:03:23.0118 4424 CLFS - ok
19:03:23.0122 4424 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:23.0125 4424 clr_optimization_v2.0.50727_32 - ok
19:03:23.0128 4424 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:03:23.0130 4424 clr_optimization_v2.0.50727_64 - ok
19:03:23.0136 4424 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:23.0148 4424 clr_optimization_v4.0.30319_32 - ok
19:03:23.0151 4424 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:03:23.0156 4424 clr_optimization_v4.0.30319_64 - ok
19:03:23.0158 4424 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:23.0159 4424 CmBatt - ok
19:03:23.0161 4424 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:03:23.0161 4424 cmdide - ok
19:03:23.0166 4424 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
19:03:23.0170 4424 CNG - ok
19:03:23.0172 4424 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:03:23.0173 4424 Compbatt - ok
19:03:23.0175 4424 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:03:23.0176 4424 CompositeBus - ok
19:03:23.0177 4424 COMSysApp - ok
19:03:23.0179 4424 cpuz135 - ok
19:03:23.0182 4424 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:03:23.0182 4424 crcdisk - ok
19:03:23.0187 4424 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:03:23.0187 4424 CryptSvc - ok
19:03:23.0193 4424 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
19:03:23.0195 4424 CSC - ok
19:03:23.0202 4424 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
19:03:23.0204 4424 CscService - ok
19:03:23.0206 4424 cxlmzaoe - ok
19:03:23.0213 4424 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:03:23.0215 4424 DcomLaunch - ok
19:03:23.0219 4424 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:03:23.0222 4424 defragsvc - ok
19:03:23.0225 4424 [ 5C9F7E0E93D31F3A8DE6732FD9F7E6FD ] DES2 Service C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
19:03:23.0225 4424 DES2 Service - ok
19:03:23.0228 4424 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
19:03:23.0229 4424 Desura Install Service - ok
19:03:23.0232 4424 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:03:23.0232 4424 DfsC - ok
19:03:23.0237 4424 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
19:03:23.0238 4424 Dhcp - ok
19:03:23.0241 4424 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:03:23.0241 4424 discache - ok
19:03:23.0244 4424 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:03:23.0245 4424 Disk - ok
19:03:23.0248 4424 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:03:23.0249 4424 Dnscache - ok
19:03:23.0253 4424 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
19:03:23.0255 4424 dot3svc - ok
19:03:23.0259 4424 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
19:03:23.0259 4424 DPS - ok
19:03:23.0261 4424 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:03:23.0262 4424 drmkaud - ok
19:03:23.0266 4424 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:03:23.0268 4424 dtsoftbus01 - ok
19:03:23.0276 4424 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:03:23.0280 4424 DXGKrnl - ok
19:03:23.0283 4424 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:03:23.0284 4424 EapHost - ok
19:03:23.0308 4424 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:03:23.0329 4424 ebdrv - ok
19:03:23.0331 4424 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
19:03:23.0332 4424 EFS - ok
19:03:23.0339 4424 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:03:23.0345 4424 ehRecvr - ok
19:03:23.0347 4424 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:03:23.0349 4424 ehSched - ok
19:03:23.0354 4424 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:03:23.0358 4424 elxstor - ok
19:03:23.0361 4424 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:03:23.0361 4424 ErrDev - ok
19:03:23.0364 4424 [ DB6AEC32FAF5BD002D9ED6C38692D42B ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
19:03:23.0365 4424 EtronHub3 - ok
19:03:23.0368 4424 [ 9CC2F24274741E12F9DF92125EA6D6D8 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
19:03:23.0368 4424 EtronXHCI - ok
19:03:23.0374 4424 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:03:23.0376 4424 EventSystem - ok
19:03:23.0379 4424 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:03:23.0381 4424 exfat - ok
19:03:23.0385 4424 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:03:23.0387 4424 fastfat - ok
19:03:23.0393 4424 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
19:03:23.0396 4424 Fax - ok
19:03:23.0399 4424 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:03:23.0399 4424 fdc - ok
19:03:23.0401 4424 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:03:23.0402 4424 fdPHost - ok
19:03:23.0404 4424 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:03:23.0404 4424 FDResPub - ok
19:03:23.0407 4424 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:03:23.0408 4424 FileInfo - ok
19:03:23.0410 4424 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:03:23.0410 4424 Filetrace - ok
19:03:23.0412 4424 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:03:23.0413 4424 flpydisk - ok
19:03:23.0417 4424 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:03:23.0419 4424 FltMgr - ok
19:03:23.0428 4424 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
19:03:23.0433 4424 FontCache - ok
19:03:23.0436 4424 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:03:23.0437 4424 FontCache3.0.0.0 - ok
19:03:23.0440 4424 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:03:23.0441 4424 FsDepends - ok
19:03:23.0443 4424 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:03:23.0443 4424 Fs_Rec - ok
19:03:23.0447 4424 [ AE6F0A6562D3ECCD613DE1FD8612AC4E ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
19:03:23.0449 4424 Futuremark SystemInfo Service - ok
19:03:23.0453 4424 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:03:23.0456 4424 fvevol - ok
19:03:23.0458 4424 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:03:23.0459 4424 gagp30kx - ok
19:03:23.0461 4424 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
19:03:23.0461 4424 gdrv - ok
19:03:23.0469 4424 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
19:03:23.0472 4424 gpsvc - ok
19:03:23.0474 4424 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
19:03:23.0475 4424 GVTDrv64 - ok
19:03:23.0477 4424 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:03:23.0478 4424 hcw85cir - ok
19:03:23.0482 4424 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:03:23.0485 4424 HdAudAddService - ok
19:03:23.0488 4424 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:03:23.0489 4424 HDAudBus - ok
19:03:23.0491 4424 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:03:23.0492 4424 HidBatt - ok
19:03:23.0495 4424 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:03:23.0496 4424 HidBth - ok
19:03:23.0499 4424 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:03:23.0499 4424 HidIr - ok
19:03:23.0502 4424 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:03:23.0502 4424 hidserv - ok
19:03:23.0505 4424 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:03:23.0506 4424 HidUsb - ok
19:03:23.0508 4424 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:03:23.0510 4424 hkmsvc - ok
19:03:23.0513 4424 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:03:23.0516 4424 HomeGroupListener - ok
19:03:23.0519 4424 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:03:23.0520 4424 HomeGroupProvider - ok
19:03:23.0523 4424 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:03:23.0524 4424 HpSAMD - ok
19:03:23.0531 4424 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:03:23.0534 4424 HTTP - ok
19:03:23.0536 4424 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:03:23.0537 4424 hwpolicy - ok
19:03:23.0540 4424 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:03:23.0541 4424 i8042prt - ok
19:03:23.0547 4424 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
19:03:23.0551 4424 iaStorV - ok
19:03:23.0554 4424 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:03:23.0556 4424 IDriverT - ok
19:03:23.0564 4424 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:03:23.0570 4424 idsvc - ok
19:03:23.0653 4424 [ 9937600A1584FF00565D5379EB4C9EDB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:03:23.0695 4424 igfx - ok
19:03:23.0699 4424 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:03:23.0700 4424 iirsp - ok
19:03:23.0708 4424 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
19:03:23.0712 4424 IKEEXT - ok
19:03:23.0734 4424 [ 98F4E841EA43ED5A442F0DC60CAB4326 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:03:23.0745 4424 IntcAzAudAddService - ok
19:03:23.0750 4424 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:03:23.0751 4424 IntcDAud - ok
19:03:23.0753 4424 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:03:23.0754 4424 intelide - ok
19:03:23.0756 4424 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:03:23.0756 4424 intelppm - ok
19:03:23.0759 4424 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:03:23.0760 4424 IPBusEnum - ok
19:03:23.0763 4424 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:23.0764 4424 IpFilterDriver - ok
19:03:23.0770 4424 [ F8E058D17363EC580E4B7232778B6CB5 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
19:03:23.0772 4424 IpHlpSvc - ok
19:03:23.0775 4424 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:03:23.0776 4424 IPMIDRV - ok
19:03:23.0779 4424 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:03:23.0780 4424 IPNAT - ok
19:03:23.0782 4424 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:03:23.0783 4424 IRENUM - ok
19:03:23.0785 4424 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:03:23.0786 4424 isapnp - ok
19:03:23.0789 4424 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:03:23.0791 4424 iScsiPrt - ok
19:03:23.0794 4424 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:03:23.0794 4424 kbdclass - ok
19:03:23.0796 4424 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:03:23.0797 4424 kbdhid - ok
19:03:23.0799 4424 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
19:03:23.0799 4424 KeyIso - ok
19:03:23.0802 4424 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:03:23.0803 4424 KSecDD - ok
19:03:23.0806 4424 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:03:23.0808 4424 KSecPkg - ok
19:03:23.0811 4424 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:03:23.0811 4424 ksthunk - ok
19:03:23.0815 4424 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:03:23.0819 4424 KtmRm - ok
19:03:23.0823 4424 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:03:23.0825 4424 LanmanServer - ok
19:03:23.0827 4424 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:03:23.0829 4424 LanmanWorkstation - ok
19:03:23.0832 4424 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:03:23.0832 4424 lltdio - ok
19:03:23.0836 4424 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:03:23.0839 4424 lltdsvc - ok
19:03:23.0841 4424 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:03:23.0842 4424 lmhosts - ok
19:03:23.0845 4424 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:03:23.0846 4424 LSI_FC - ok
19:03:23.0876 4424 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:03:23.0883 4424 LSI_SAS - ok
19:03:23.0889 4424 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:03:23.0893 4424 LSI_SAS2 - ok
19:03:23.0913 4424 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:03:23.0921 4424 LSI_SCSI - ok
19:03:23.0929 4424 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:03:23.0930 4424 luafv - ok
19:03:23.0935 4424 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:03:23.0938 4424 Mcx2Svc - ok
19:03:23.0944 4424 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:03:23.0952 4424 megasas - ok
19:03:23.0962 4424 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:03:23.0965 4424 MegaSR - ok
19:03:23.0968 4424 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:03:23.0968 4424 MEIx64 - ok
19:03:23.0970 4424 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:03:23.0971 4424 MMCSS - ok
19:03:23.0973 4424 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:03:23.0974 4424 Modem - ok
19:03:23.0976 4424 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:03:23.0977 4424 monitor - ok
19:03:23.0979 4424 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:03:23.0979 4424 mouclass - ok
19:03:23.0982 4424 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:03:23.0982 4424 mouhid - ok
19:03:23.0984 4424 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:03:23.0985 4424 mountmgr - ok
19:03:23.0988 4424 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:03:23.0989 4424 MozillaMaintenance - ok
19:03:23.0994 4424 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:03:23.0997 4424 mpio - ok
19:03:24.0000 4424 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:03:24.0000 4424 mpsdrv - ok
19:03:24.0009 4424 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:03:24.0012 4424 MpsSvc - ok
19:03:24.0015 4424 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:03:24.0017 4424 MRxDAV - ok
19:03:24.0020 4424 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:24.0021 4424 mrxsmb - ok
19:03:24.0025 4424 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:24.0026 4424 mrxsmb10 - ok
19:03:24.0029 4424 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:24.0030 4424 mrxsmb20 - ok
19:03:24.0032 4424 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
19:03:24.0033 4424 msahci - ok
19:03:24.0036 4424 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:03:24.0038 4424 msdsm - ok
19:03:24.0041 4424 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:03:24.0043 4424 MSDTC - ok
19:03:24.0046 4424 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
19:03:24.0048 4424 MSDV - ok
19:03:24.0050 4424 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:03:24.0050 4424 Msfs - ok
19:03:24.0052 4424 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:03:24.0053 4424 mshidkmdf - ok
19:03:24.0055 4424 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:03:24.0055 4424 msisadrv - ok
19:03:24.0058 4424 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:03:24.0060 4424 MSiSCSI - ok
19:03:24.0062 4424 msiserver - ok
19:03:24.0065 4424 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:03:24.0065 4424 MSKSSRV - ok
19:03:24.0068 4424 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:24.0068 4424 MSPCLOCK - ok
19:03:24.0070 4424 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:03:24.0073 4424 MSPQM - ok
19:03:24.0078 4424 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:03:24.0081 4424 MsRPC - ok
19:03:24.0084 4424 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:03:24.0085 4424 mssmbios - ok
19:03:24.0087 4424 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:03:24.0087 4424 MSTEE - ok
19:03:24.0089 4424 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:03:24.0090 4424 MTConfig - ok
19:03:24.0092 4424 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:03:24.0093 4424 Mup - ok
19:03:24.0098 4424 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
19:03:24.0103 4424 napagent - ok
19:03:24.0107 4424 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:03:24.0110 4424 NativeWifiP - ok
19:03:24.0119 4424 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:03:24.0125 4424 NDIS - ok
19:03:24.0128 4424 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:03:24.0129 4424 NdisCap - ok
19:03:24.0131 4424 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:24.0131 4424 NdisTapi - ok
19:03:24.0133 4424 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:24.0134 4424 Ndisuio - ok
19:03:24.0138 4424 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:24.0138 4424 NdisWan - ok
19:03:24.0141 4424 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:03:24.0141 4424 NDProxy - ok
19:03:24.0143 4424 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:03:24.0144 4424 NetBIOS - ok
19:03:24.0148 4424 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:03:24.0149 4424 NetBT - ok
19:03:24.0151 4424 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
19:03:24.0152 4424 Netlogon - ok
19:03:24.0156 4424 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:03:24.0158 4424 Netman - ok
19:03:24.0161 4424 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:24.0164 4424 NetMsmqActivator - ok
19:03:24.0167 4424 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:24.0167 4424 NetPipeActivator - ok
19:03:24.0173 4424 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:03:24.0175 4424 netprofm - ok
19:03:24.0179 4424 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:24.0180 4424 NetTcpActivator - ok
19:03:24.0184 4424 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:03:24.0185 4424 NetTcpPortSharing - ok
19:03:24.0192 4424 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:03:24.0192 4424 nfrd960 - ok
19:03:24.0199 4424 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:03:24.0201 4424 NlaSvc - ok
19:03:24.0207 4424 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:03:24.0207 4424 Npfs - ok
19:03:24.0210 4424 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:03:24.0211 4424 nsi - ok
19:03:24.0213 4424 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:03:24.0213 4424 nsiproxy - ok
19:03:24.0227 4424 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:03:24.0238 4424 Ntfs - ok
19:03:24.0241 4424 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:03:24.0241 4424 Null - ok
19:03:24.0244 4424 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:03:24.0245 4424 NVHDA - ok
19:03:24.0330 4424 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:03:24.0379 4424 nvlddmkm - ok
19:03:24.0384 4424 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
19:03:24.0386 4424 nvraid - ok
19:03:24.0389 4424 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
19:03:24.0391 4424 nvstor - ok
19:03:24.0399 4424 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
19:03:24.0403 4424 nvsvc - ok
19:03:24.0414 4424 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:03:24.0422 4424 nvUpdatusService - ok
19:03:24.0426 4424 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:03:24.0427 4424 nv_agp - ok
19:03:24.0429 4424 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:03:24.0430 4424 ohci1394 - ok
19:03:24.0435 4424 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:03:24.0439 4424 p2pimsvc - ok
19:03:24.0444 4424 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:03:24.0448 4424 p2psvc - ok
19:03:24.0451 4424 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:03:24.0452 4424 Parport - ok
19:03:24.0458 4424 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:03:24.0459 4424 partmgr - ok
19:03:24.0463 4424 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:03:24.0464 4424 PcaSvc - ok
19:03:24.0468 4424 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
19:03:24.0469 4424 pci - ok
19:03:24.0472 4424 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:03:24.0473 4424 pciide - ok
19:03:24.0478 4424 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:03:24.0479 4424 pcmcia - ok
19:03:24.0483 4424 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:03:24.0483 4424 pcw - ok
19:03:24.0489 4424 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:03:24.0492 4424 PEAUTH - ok
19:03:24.0502 4424 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:03:24.0511 4424 PeerDistSvc - ok
19:03:24.0526 4424 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:03:24.0527 4424 PerfHost - ok
19:03:24.0540 4424 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
19:03:24.0550 4424 pla - ok
19:03:24.0555 4424 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:03:24.0557 4424 PlugPlay - ok
19:03:24.0559 4424 PnkBstrA - ok
19:03:24.0562 4424 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:03:24.0563 4424 PNRPAutoReg - ok
19:03:24.0567 4424 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:03:24.0569 4424 PNRPsvc - ok
19:03:24.0574 4424 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:03:24.0577 4424 PolicyAgent - ok
19:03:24.0581 4424 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:03:24.0582 4424 Power - ok
19:03:24.0586 4424 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:03:24.0586 4424 PptpMiniport - ok
19:03:24.0591 4424 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:03:24.0592 4424 Processor - ok
19:03:24.0595 4424 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
19:03:24.0597 4424 ProfSvc - ok
19:03:24.0599 4424 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:03:24.0599 4424 ProtectedStorage - ok
19:03:24.0603 4424 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:03:24.0604 4424 Psched - ok
19:03:24.0617 4424 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:03:24.0627 4424 ql2300 - ok
19:03:24.0630 4424 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:03:24.0632 4424 ql40xx - ok
19:03:24.0636 4424 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:03:24.0639 4424 QWAVE - ok
19:03:24.0643 4424 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:03:24.0644 4424 QWAVEdrv - ok
19:03:24.0647 4424 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:03:24.0647 4424 RasAcd - ok
19:03:24.0650 4424 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:03:24.0651 4424 RasAgileVpn - ok
19:03:24.0654 4424 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:03:24.0656 4424 RasAuto - ok
19:03:24.0660 4424 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:24.0661 4424 Rasl2tp - ok
19:03:24.0665 4424 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
19:03:24.0667 4424 RasMan - ok
19:03:24.0670 4424 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:24.0671 4424 RasPppoe - ok
19:03:24.0675 4424 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:03:24.0675 4424 RasSstp - ok
19:03:24.0680 4424 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:03:24.0681 4424 rdbss - ok
19:03:24.0683 4424 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:03:24.0684 4424 rdpbus - ok
19:03:24.0686 4424 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:24.0687 4424 RDPCDD - ok
19:03:24.0693 4424 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:03:24.0695 4424 RDPDR - ok
19:03:24.0697 4424 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:03:24.0697 4424 RDPENCDD - ok
19:03:24.0702 4424 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:03:24.0702 4424 RDPREFMP - ok
19:03:24.0708 4424 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:03:24.0711 4424 RDPWD - ok
19:03:24.0714 4424 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:03:24.0716 4424 rdyboost - ok
19:03:24.0719 4424 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:03:24.0720 4424 RemoteAccess - ok
19:03:24.0724 4424 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:03:24.0726 4424 RemoteRegistry - ok
19:03:24.0728 4424 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:03:24.0729 4424 RpcEptMapper - ok
19:03:24.0731 4424 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:03:24.0732 4424 RpcLocator - ok
19:03:24.0738 4424 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll
19:03:24.0740 4424 RpcSs - ok
19:03:24.0743 4424 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:03:24.0743 4424 rspndr - ok
19:03:24.0749 4424 [ 0039DE6A0A1293889A3F21ECC473263D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:03:24.0751 4424 RTL8167 - ok
19:03:24.0753 4424 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
19:03:24.0754 4424 s3cap - ok
19:03:24.0756 4424 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
19:03:24.0757 4424 SamSs - ok
19:03:24.0760 4424 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:03:24.0761 4424 sbp2port - ok
19:03:24.0766 4424 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:03:24.0768 4424 SCardSvr - ok
19:03:24.0772 4424 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:03:24.0772 4424 scfilter - ok
19:03:24.0782 4424 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
19:03:24.0786 4424 Schedule - ok
19:03:24.0791 4424 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:03:24.0791 4424 SCPolicySvc - ok
19:03:24.0794 4424 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:03:24.0796 4424 SDRSVC - ok
19:03:24.0800 4424 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:03:24.0801 4424 secdrv - ok
19:03:24.0803 4424 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
19:03:24.0804 4424 seclogon - ok
19:03:24.0806 4424 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:03:24.0807 4424 SENS - ok
19:03:24.0810 4424 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:03:24.0811 4424 SensrSvc - ok
19:03:24.0813 4424 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:03:24.0813 4424 Serenum - ok
19:03:24.0816 4424 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:03:24.0816 4424 Serial - ok
19:03:24.0818 4424 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:03:24.0819 4424 sermouse - ok
19:03:24.0824 4424 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
19:03:24.0826 4424 SessionEnv - ok
19:03:24.0828 4424 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:03:24.0828 4424 sffdisk - ok
19:03:24.0830 4424 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:03:24.0831 4424 sffp_mmc - ok
19:03:24.0833 4424 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:03:24.0834 4424 sffp_sd - ok
19:03:24.0836 4424 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:03:24.0836 4424 sfloppy - ok
19:03:24.0841 4424 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:03:24.0842 4424 SharedAccess - ok
19:03:24.0847 4424 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:03:24.0849 4424 ShellHWDetection - ok
19:03:24.0851 4424 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:03:24.0852 4424 SiSRaid2 - ok
19:03:24.0854 4424 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:03:24.0855 4424 SiSRaid4 - ok
19:03:24.0859 4424 [ D0C0B700152B1F610F10B356483B3401 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:03:24.0859 4424 SkypeUpdate - ok
19:03:24.0863 4424 [ 101556F6216E97F1258D87C38203695F ] Smart TimeLock C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
19:03:24.0863 4424 Smart TimeLock - ok
19:03:24.0866 4424 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:03:24.0867 4424 Smb - ok
19:03:24.0871 4424 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:03:24.0872 4424 SNMPTRAP - ok
19:03:24.0874 4424 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:03:24.0874 4424 spldr - ok
19:03:24.0880 4424 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
19:03:24.0883 4424 Spooler - ok
19:03:24.0906 4424 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
19:03:24.0928 4424 sppsvc - ok
19:03:24.0931 4424 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:03:24.0932 4424 sppuinotify - ok
19:03:24.0938 4424 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:03:24.0940 4424 srv - ok
19:03:24.0945 4424 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:03:24.0946 4424 srv2 - ok
19:03:24.0951 4424 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:03:24.0951 4424 srvnet - ok
19:03:24.0955 4424 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:03:24.0956 4424 SSDPSRV - ok
19:03:24.0959 4424 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:03:24.0960 4424 SstpSvc - ok
19:03:24.0962 4424 Steam Client Service - ok
19:03:24.0968 4424 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:03:24.0970 4424 Stereo Service - ok
19:03:24.0972 4424 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:03:24.0973 4424 stexstor - ok
19:03:24.0980 4424 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
19:03:24.0983 4424 stisvc - ok
19:03:24.0986 4424 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
19:03:24.0986 4424 storflt - ok
19:03:24.0989 4424 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
19:03:24.0990 4424 storvsc - ok
19:03:24.0992 4424 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:03:24.0992 4424 swenum - ok
19:03:24.0997 4424 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:03:25.0000 4424 swprv - ok
19:03:25.0013 4424 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
19:03:25.0020 4424 SysMain - ok
19:03:25.0025 4424 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:03:25.0027 4424 TabletInputService - ok
19:03:25.0031 4424 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
19:03:25.0033 4424 TapiSrv - ok
19:03:25.0036 4424 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:03:25.0038 4424 TBS - ok
19:03:25.0052 4424 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:03:25.0066 4424 Tcpip - ok
19:03:25.0089 4424 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:03:25.0096 4424 TCPIP6 - ok
19:03:25.0100 4424 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:03:25.0101 4424 tcpipreg - ok
19:03:25.0104 4424 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:03:25.0104 4424 TDPIPE - ok
19:03:25.0106 4424 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:03:25.0107 4424 TDTCP - ok
19:03:25.0110 4424 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:03:25.0110 4424 tdx - ok
19:03:25.0113 4424 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:03:25.0113 4424 TermDD - ok
19:03:25.0120 4424 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
19:03:25.0126 4424 TermService - ok
19:03:25.0128 4424 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:03:25.0129 4424 Themes - ok
19:03:25.0131 4424 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:03:25.0132 4424 THREADORDER - ok
19:03:25.0135 4424 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:03:25.0136 4424 TrkWks - ok
19:03:25.0139 4424 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:03:25.0141 4424 TrustedInstaller - ok
19:03:25.0144 4424 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:25.0145 4424 tssecsrv - ok
19:03:25.0147 4424 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:03:25.0148 4424 tunnel - ok
19:03:25.0150 4424 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:03:25.0151 4424 uagp35 - ok
19:03:25.0156 4424 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:03:25.0157 4424 udfs - ok
19:03:25.0161 4424 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:03:25.0162 4424 UI0Detect - ok
19:03:25.0165 4424 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
19:03:25.0165 4424 uliagpkx - ok
19:03:25.0168 4424 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:03:25.0168 4424 umbus - ok
19:03:25.0170 4424 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:03:25.0171 4424 UmPass - ok
19:03:25.0174 4424 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
19:03:25.0176 4424 UmRdpService - ok
19:03:25.0181 4424 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:03:25.0185 4424 upnphost - ok
19:03:25.0188 4424 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:03:25.0189 4424 usbaudio - ok
19:03:25.0192 4424 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:25.0192 4424 usbccgp - ok
19:03:25.0195 4424 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:03:25.0196 4424 usbcir - ok
19:03:25.0199 4424 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:03:25.0200 4424 usbehci - ok
19:03:25.0204 4424 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:03:25.0205 4424 usbhub - ok
19:03:25.0207 4424 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:03:25.0208 4424 usbohci - ok
19:03:25.0210 4424 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:03:25.0210 4424 usbprint - ok
19:03:25.0213 4424 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:25.0214 4424 USBSTOR - ok
19:03:25.0216 4424 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:03:25.0217 4424 usbuhci - ok
19:03:25.0219 4424 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:03:25.0220 4424 UxSms - ok
19:03:25.0222 4424 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
19:03:25.0223 4424 VaultSvc - ok
19:03:25.0225 4424 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
19:03:25.0225 4424 vdrvroot - ok
19:03:25.0230 4424 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
19:03:25.0235 4424 vds - ok
19:03:25.0237 4424 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:25.0238 4424 vga - ok
19:03:25.0240 4424 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:03:25.0240 4424 VgaSave - ok
19:03:25.0243 4424 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:03:25.0245 4424 vhdmp - ok
19:03:25.0247 4424 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
19:03:25.0248 4424 viaide - ok
19:03:25.0252 4424 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
19:03:25.0254 4424 vmbus - ok
19:03:25.0256 4424 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
19:03:25.0257 4424 VMBusHID - ok
19:03:25.0259 4424 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
19:03:25.0260 4424 volmgr - ok
19:03:25.0265 4424 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:03:25.0267 4424 volmgrx - ok
19:03:25.0272 4424 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
19:03:25.0274 4424 volsnap - ok
19:03:25.0278 4424 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:03:25.0280 4424 vsmraid - ok
19:03:25.0292 4424 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
19:03:25.0299 4424 VSS - ok
19:03:25.0302 4424 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:03:25.0303 4424 vwifibus - ok
19:03:25.0308 4424 [ D005D98138138FD12BF808DD41BF547B ] W32Serv C:\Windows\msisear.exe
19:03:25.0309 4424 W32Serv - ok
19:03:25.0314 4424 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:03:25.0318 4424 W32Time - ok
19:03:25.0322 4424 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:03:25.0322 4424 WacomPen - ok
19:03:25.0325 4424 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:03:25.0326 4424 WANARP - ok
19:03:25.0328 4424 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:03:25.0328 4424 Wanarpv6 - ok
19:03:25.0340 4424 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:03:25.0349 4424 WatAdminSvc - ok
19:03:25.0361 4424 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
19:03:25.0372 4424 wbengine - ok
19:03:25.0376 4424 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:03:25.0378 4424 WbioSrvc - ok
19:03:25.0383 4424 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:03:25.0386 4424 wcncsvc - ok
19:03:25.0389 4424 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:03:25.0390 4424 WcsPlugInService - ok
19:03:25.0392 4424 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:03:25.0393 4424 Wd - ok
19:03:25.0399 4424 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:03:25.0404 4424 Wdf01000 - ok
19:03:25.0406 4424 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:03:25.0407 4424 WdiServiceHost - ok
19:03:25.0409 4424 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:03:25.0410 4424 WdiSystemHost - ok
19:03:25.0414 4424 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
19:03:25.0417 4424 WebClient - ok
19:03:25.0420 4424 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:03:25.0423 4424 Wecsvc - ok
19:03:25.0426 4424 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:03:25.0428 4424 wercplsupport - ok
19:03:25.0430 4424 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:03:25.0432 4424 WerSvc - ok
19:03:25.0433 4424 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:25.0434 4424 WfpLwf - ok
19:03:25.0436 4424 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:03:25.0436 4424 WIMMount - ok
19:03:25.0438 4424 WinDefend - ok
19:03:25.0442 4424 WinHttpAutoProxySvc - ok
19:03:25.0448 4424 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:03:25.0449 4424 Winmgmt - ok
19:03:25.0463 4424 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
19:03:25.0477 4424 WinRM - ok
19:03:25.0481 4424 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
19:03:25.0481 4424 WinUSB - ok
19:03:25.0489 4424 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:03:25.0495 4424 Wlansvc - ok
19:03:25.0513 4424 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:03:25.0521 4424 wlidsvc - ok
19:03:25.0524 4424 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:03:25.0524 4424 WmiAcpi - ok
19:03:25.0528 4424 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:03:25.0530 4424 wmiApSrv - ok
19:03:25.0533 4424 WMPNetworkSvc - ok
19:03:25.0538 4424 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
19:03:25.0541 4424 WMZuneComm - ok
19:03:25.0544 4424 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:03:25.0545 4424 WPCSvc - ok
19:03:25.0547 4424 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:03:25.0549 4424 WPDBusEnum - ok
19:03:25.0551 4424 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:03:25.0551 4424 ws2ifsl - ok
19:03:25.0554 4424 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:03:25.0555 4424 wscsvc - ok
19:03:25.0557 4424 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:03:25.0558 4424 WSDPrintDevice - ok
19:03:25.0560 4424 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
19:03:25.0561 4424 WSDScan - ok
19:03:25.0562 4424 WSearch - ok
19:03:25.0581 4424 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:03:25.0597 4424 wuauserv - ok
19:03:25.0600 4424 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:03:25.0601 4424 WudfPf - ok
19:03:25.0604 4424 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:03:25.0605 4424 WUDFRd - ok
19:03:25.0608 4424 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:03:25.0609 4424 wudfsvc - ok
19:03:25.0613 4424 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:03:25.0615 4424 WwanSvc - ok
19:03:25.0670 4424 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
19:03:25.0721 4424 ZuneNetworkSvc - ok
19:03:25.0728 4424 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
19:03:25.0732 4424 ZuneWlanCfgSvc - ok
19:03:25.0733 4424 ================ Scan global ===============================
19:03:25.0735 4424 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:03:25.0739 4424 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
19:03:25.0743 4424 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
19:03:25.0746 4424 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:03:25.0750 4424 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:03:25.0752 4424 [Global] - ok
19:03:25.0753 4424 ================ Scan MBR ==================================
19:03:25.0754 4424 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:03:25.0754 4424 Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:03:25.0755 4424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:03:25.0755 4424 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:03:25.0758 4424 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:03:25.0761 4424 \Device\Harddisk1\DR1 - ok
19:03:25.0761 4424 ================ Scan VBR ==================================
19:03:25.0763 4424 [ 94CE152C8F47A5085F2141EE24F2278D ] \Device\Harddisk0\DR0\Partition1
19:03:25.0764 4424 \Device\Harddisk0\DR0\Partition1 - ok
19:03:25.0765 4424 [ D5ABA7D920E093757FE9CC31440C3CF6 ] \Device\Harddisk0\DR0\Partition2
19:03:25.0766 4424 \Device\Harddisk0\DR0\Partition2 - ok
19:03:25.0767 4424 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
19:03:25.0768 4424 \Device\Harddisk1\DR1\Partition1 - ok
19:03:25.0770 4424 [ 554A8D2AD70AFC0BB9400786B6433F2C ] \Device\Harddisk1\DR1\Partition2
19:03:25.0770 4424 \Device\Harddisk1\DR1\Partition2 - ok
19:03:25.0771 4424 ================ Scan active images ========================
19:03:25.0772 4424 [ 02062C0B390B7729EDC9E69C680A6F3C ] C:\Windows\System32\drivers\atapi.sys
19:03:25.0772 4424 C:\Windows\System32\drivers\atapi.sys - ok
19:03:25.0774 4424 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
19:03:25.0774 4424 C:\Windows\System32\drivers\crashdmp.sys - ok
19:03:25.0776 4424 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
19:03:25.0776 4424 C:\Windows\System32\drivers\Dumpata.sys - ok
19:03:25.0778 4424 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
19:03:25.0778 4424 C:\Windows\System32\drivers\dumpfve.sys - ok
19:03:25.0780 4424 [ 46571ED73AE84469DCA53081D33CF3C8 ] C:\Windows\System32\drivers\dtsoftbus01.sys
19:03:25.0780 4424 C:\Windows\System32\drivers\dtsoftbus01.sys - ok
19:03:25.0782 4424 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
19:03:25.0782 4424 C:\Windows\System32\drivers\beep.sys - ok
19:03:25.0783 4424 [ 83D2D75E1EFB81B3450C18131443F7DB ] C:\Windows\System32\drivers\cdrom.sys
19:03:25.0783 4424 C:\Windows\System32\drivers\cdrom.sys - ok
19:03:25.0785 4424 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
19:03:25.0785 4424 C:\Windows\System32\drivers\null.sys - ok
19:03:25.0787 4424 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
19:03:25.0787 4424 C:\Windows\System32\drivers\RDPCDD.sys - ok
19:03:25.0789 4424 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
19:03:25.0789 4424 C:\Windows\System32\drivers\RDPENCDD.sys - ok
19:03:25.0791 4424 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
19:03:25.0791 4424 C:\Windows\System32\drivers\vga.sys - ok
19:03:25.0793 4424 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
19:03:25.0793 4424 C:\Windows\System32\drivers\videoprt.sys - ok
19:03:25.0795 4424 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
19:03:25.0795 4424 C:\Windows\System32\drivers\watchdog.sys - ok
19:03:25.0797 4424 [ DB9D6C6B2CD95A9CA414D045B627422E ] C:\Windows\System32\drivers\afd.sys
19:03:25.0797 4424 C:\Windows\System32\drivers\afd.sys - ok
19:03:25.0799 4424 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
19:03:25.0799 4424 C:\Windows\System32\drivers\msfs.sys - ok
19:03:25.0801 4424 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
19:03:25.0801 4424 C:\Windows\System32\drivers\npfs.sys - ok
19:03:25.0803 4424 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
19:03:25.0803 4424 C:\Windows\System32\drivers\RDPREFMP.sys - ok
19:03:25.0805 4424 [ 0CA6FE26ACC7FFEE1BD0463F40835F32 ] C:\Windows\System32\drivers\tdi.sys
19:03:25.0805 4424 C:\Windows\System32\drivers\tdi.sys - ok
19:03:25.0807 4424 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] C:\Windows\System32\drivers\tdx.sys
19:03:25.0807 4424 C:\Windows\System32\drivers\tdx.sys - ok
19:03:25.0809 4424 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
19:03:25.0809 4424 C:\Windows\System32\drivers\netbios.sys - ok
19:03:25.0811 4424 [ 9162B273A44AB9DCE5B44362731D062A ] C:\Windows\System32\drivers\netbt.sys
19:03:25.0811 4424 C:\Windows\System32\drivers\netbt.sys - ok
19:03:25.0813 4424 [ EE992183BD8EAEFD9973F352E587A299 ] C:\Windows\System32\drivers\pacer.sys
19:03:25.0813 4424 C:\Windows\System32\drivers\pacer.sys - ok
19:03:25.0815 4424 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] C:\Windows\System32\drivers\serial.sys
19:03:25.0815 4424 C:\Windows\System32\drivers\serial.sys - ok
19:03:25.0817 4424 [ 47CA49400643EFFD3F1C9A27E1D69324 ] C:\Windows\System32\drivers\wanarp.sys
19:03:25.0817 4424 C:\Windows\System32\drivers\wanarp.sys - ok
19:03:25.0818 4424 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
19:03:25.0818 4424 C:\Windows\System32\drivers\wfplwf.sys - ok
19:03:25.0818 4424 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
19:03:25.0818 4424 C:\Windows\System32\drivers\ws2ifsl.sys - ok
19:03:25.0818 4424 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
19:03:25.0818 4424 C:\Windows\System32\drivers\discache.sys - ok
19:03:25.0818 4424 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
19:03:25.0818 4424 C:\Windows\System32\drivers\mssmbios.sys - ok
19:03:25.0818 4424 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
19:03:25.0818 4424 C:\Windows\System32\drivers\nsiproxy.sys - ok
19:03:25.0818 4424 [ 3BAC8142102C15D59A87757C1D41DCE5 ] C:\Windows\System32\drivers\rdbss.sys
19:03:25.0818 4424 C:\Windows\System32\drivers\rdbss.sys - ok
19:03:25.0818 4424 [ C448651339196C0E869A355171875522 ] C:\Windows\System32\drivers\termdd.sys
19:03:25.0818 4424 C:\Windows\System32\drivers\termdd.sys - ok
19:03:25.0818 4424 [ 6BE11AD81D4527D299F0CB5F3731AABC ] C:\Windows\System32\drivers\AppleCharger.sys
19:03:25.0818 4424 C:\Windows\System32\drivers\AppleCharger.sys - ok
19:03:25.0834 4424 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
19:03:25.0834 4424 C:\Windows\System32\drivers\blbdrive.sys - ok
19:03:25.0834 4424 [ 4A6173C2279B498CD8F57CAE504564CB ] C:\Windows\System32\drivers\csc.sys
19:03:25.0834 4424 C:\Windows\System32\drivers\csc.sys - ok
19:03:25.0834 4424 [ 9C253CE7311CA60FC11C774692A13208 ] C:\Windows\System32\drivers\dfsc.sys
19:03:25.0834 4424 C:\Windows\System32\drivers\dfsc.sys - ok
19:03:25.0834 4424 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
19:03:25.0834 4424 C:\Windows\System32\drivers\intelppm.sys - ok
19:03:25.0834 4424 [ 3836171A2CDF3AF8EF10856DB9835A70 ] C:\Windows\System32\drivers\tunnel.sys
19:03:25.0834 4424 C:\Windows\System32\drivers\tunnel.sys - ok
19:03:25.0834 4424 [ 8B7F8E882A649D81CEA1EDE9BBB68FFF ] C:\Windows\System32\autochk.exe
19:03:25.0834 4424 C:\Windows\System32\autochk.exe - ok
19:03:25.0834 4424 [ 68DB778AC4FD7896CE2F153353BA15C8 ] C:\Windows\System32\ntdll.dll
19:03:25.0834 4424 C:\Windows\System32\ntdll.dll - ok
19:03:25.0834 4424 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
19:03:25.0834 4424 C:\Windows\System32\smss.exe - ok
19:03:25.0834 4424 [ BF7A24A71E1932200D864BC1CE15E596 ] C:\Windows\System32\drivers\nvlddmkm.sys
19:03:25.0834 4424 C:\Windows\System32\drivers\nvlddmkm.sys - ok
19:03:25.0849 4424 [ DDBD24DC04DA5FD0EDF45CF72B7C01E2 ] C:\Windows\System32\kernel32.dll
19:03:25.0849 4424 C:\Windows\System32\kernel32.dll - ok
19:03:25.0849 4424 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
19:03:25.0849 4424 C:\Windows\System32\psapi.dll - ok
19:03:25.0849 4424 [ 72D7B3EA16946E8F0CF7458150031CC6 ] C:\Windows\System32\user32.dll
19:03:25.0849 4424 C:\Windows\System32\user32.dll - ok
19:03:25.0849 4424 [ 1633B9ABF52784A1331476397A48CBEF ] C:\Windows\System32\drivers\dxgkrnl.sys
19:03:25.0849 4424 C:\Windows\System32\drivers\dxgkrnl.sys - ok
19:03:25.0849 4424 [ 3238B9078E0766AB5E62DC737A809ADB ] C:\Windows\System32\drivers\dxgmms1.sys
19:03:25.0849 4424 C:\Windows\System32\drivers\dxgmms1.sys - ok
19:03:25.0849 4424 [ 0A49913402747A0B67DE940FB42CBDBB ] C:\Windows\System32\drivers\hdaudbus.sys
19:03:25.0849 4424 C:\Windows\System32\drivers\hdaudbus.sys - ok
19:03:25.0849 4424 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
19:03:25.0849 4424 C:\Windows\System32\lpk.dll - ok
19:03:25.0849 4424 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
19:03:25.0849 4424 C:\Windows\System32\clbcatq.dll - ok
19:03:25.0865 4424 [ E1B1255D3A4B3367FE4E9C71E62E3B5A ] C:\Windows\System32\gdi32.dll
19:03:25.0865 4424 C:\Windows\System32\gdi32.dll - ok
19:03:25.0865 4424 [ 9937600A1584FF00565D5379EB4C9EDB ] C:\Windows\System32\drivers\igdkmd64.sys
19:03:25.0865 4424 C:\Windows\System32\drivers\igdkmd64.sys - ok
19:03:25.0865 4424 [ 1B00662092F9F9568B995902F0CC40D5 ] C:\Windows\System32\drivers\1394ohci.sys
19:03:25.0865 4424 C:\Windows\System32\drivers\1394ohci.sys - ok
19:03:25.0865 4424 [ 1C6E73FC46B509EFF9D0086AA37132DF ] C:\Windows\System32\drivers\HECIx64.sys
19:03:25.0865 4424 C:\Windows\System32\drivers\HECIx64.sys - ok
19:03:25.0865 4424 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] C:\Windows\System32\drivers\usbehci.sys
19:03:25.0865 4424 C:\Windows\System32\drivers\usbehci.sys - ok
19:03:25.0865 4424 [ A91291136D1E70966645252F6B828711 ] C:\Windows\System32\drivers\usbport.sys
19:03:25.0865 4424 C:\Windows\System32\drivers\usbport.sys - ok
19:03:25.0865 4424 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
19:03:25.0865 4424 C:\Windows\System32\drivers\agilevpn.sys - ok
19:03:25.0865 4424 [ F26B3A86F6FA87CA360B879581AB4123 ] C:\Windows\System32\drivers\CompositeBus.sys
19:03:25.0865 4424 C:\Windows\System32\drivers\CompositeBus.sys - ok
19:03:25.0881 4424 [ 9CC2F24274741E12F9DF92125EA6D6D8 ] C:\Windows\System32\drivers\EtronXHCI.sys
19:03:25.0881 4424 C:\Windows\System32\drivers\EtronXHCI.sys - ok
19:03:25.0881 4424 [ 87A6E852A22991580D6D39ADC4790463 ] C:\Windows\System32\drivers\rasl2tp.sys
19:03:25.0881 4424 C:\Windows\System32\drivers\rasl2tp.sys - ok
19:03:25.0881 4424 [ 0039DE6A0A1293889A3F21ECC473263D ] C:\Windows\System32\drivers\Rt64win7.sys
19:03:25.0881 4424 C:\Windows\System32\drivers\Rt64win7.sys - ok
19:03:25.0881 4424 [ CB624C0035412AF0DEBEC78C41F5CA1B ] C:\Windows\System32\drivers\serenum.sys
19:03:25.0881 4424 C:\Windows\System32\drivers\serenum.sys - ok
19:03:25.0881 4424 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
19:03:25.0881 4424 C:\Windows\System32\drivers\wmiacpi.sys - ok
19:03:25.0881 4424 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
19:03:25.0881 4424 C:\Windows\System32\drivers\kbdclass.sys - ok
19:03:25.0881 4424 [ 3E099CC843C4233E5AF147C8EA8BA32B ] C:\Windows\System32\drivers\ks.sys
19:03:25.0881 4424 C:\Windows\System32\drivers\ks.sys - ok
19:03:25.0881 4424 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
19:03:25.0881 4424 C:\Windows\System32\drivers\mouclass.sys - ok
19:03:25.0881 4424 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
19:03:25.0881 4424 C:\Windows\System32\drivers\ndistapi.sys - ok
19:03:25.0896 4424 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] C:\Windows\System32\drivers\ndiswan.sys
19:03:25.0896 4424 C:\Windows\System32\drivers\ndiswan.sys - ok
19:03:25.0896 4424 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
19:03:25.0896 4424 C:\Windows\System32\drivers\raspppoe.sys - ok
19:03:25.0896 4424 [ 27CC19E81BA5E3403C48302127BDA717 ] C:\Windows\System32\drivers\raspptp.sys
19:03:25.0896 4424 C:\Windows\System32\drivers\raspptp.sys - ok
19:03:25.0896 4424 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
19:03:25.0896 4424 C:\Windows\System32\drivers\rassstp.sys - ok
19:03:25.0896 4424 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
19:03:25.0896 4424 C:\Windows\System32\drivers\rdpbus.sys - ok
19:03:25.0896 4424 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
19:03:25.0896 4424 C:\Windows\System32\drivers\swenum.sys - ok
19:03:25.0896 4424 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] C:\Windows\System32\drivers\umbus.sys
19:03:25.0896 4424 C:\Windows\System32\drivers\umbus.sys - ok
19:03:25.0896 4424 [ 15A54626213EBF003F7D4C9D8380A656 ] C:\Windows\System32\imagehlp.dll
19:03:25.0896 4424 C:\Windows\System32\imagehlp.dll - ok
19:03:25.0912 4424 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
19:03:25.0912 4424 C:\Windows\System32\normaliz.dll - ok
19:03:25.0912 4424 [ 7083F463788CB34FCC42F565D56F89E8 ] C:\Windows\System32\ws2_32.dll
19:03:25.0912 4424 C:\Windows\System32\ws2_32.dll - ok
19:03:25.0912 4424 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
19:03:25.0912 4424 C:\Windows\System32\advapi32.dll - ok
19:03:25.0912 4424 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
19:03:25.0912 4424 C:\Windows\System32\nsi.dll - ok
19:03:25.0912 4424 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
19:03:25.0912 4424 C:\Windows\System32\sechost.dll - ok
19:03:25.0912 4424 [ 7F7FE11DF2D67B36DFE5013881619A94 ] C:\Windows\System32\urlmon.dll
19:03:25.0912 4424 C:\Windows\System32\urlmon.dll - ok
19:03:25.0912 4424 [ E5CBF5F8623BBD1DB7B8148A66F6EBA4 ] C:\Windows\System32\Wldap32.dll
19:03:25.0912 4424 C:\Windows\System32\Wldap32.dll - ok
19:03:25.0912 4424 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
19:03:25.0912 4424 C:\Windows\System32\imm32.dll - ok
19:03:25.0912 4424 [ 48CC125A6AB6C72A13E3D3E9C39AD9D9 ] C:\Windows\System32\shell32.dll
19:03:25.0912 4424 C:\Windows\System32\shell32.dll - ok
19:03:25.0927 4424 [ 6A4EA4C29FBF78112AE20013FB71E9C1 ] C:\Windows\System32\setupapi.dll
19:03:25.0927 4424 C:\Windows\System32\setupapi.dll - ok
19:03:25.0927 4424 [ 5F2BDCA5FA0F20A6F452CF0EE2A2B18C ] C:\Windows\System32\usp10.dll
19:03:25.0927 4424 C:\Windows\System32\usp10.dll - ok
19:03:25.0927 4424 [ E10A0704318A6F7E52787D09717D7C2C ] C:\Windows\System32\iertutil.dll
19:03:25.0927 4424 C:\Windows\System32\iertutil.dll - ok
19:03:25.0927 4424 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
19:03:25.0927 4424 C:\Windows\System32\msctf.dll - ok
19:03:25.0927 4424 [ F94B8644F3AFE040EC6E1B6FBC9EFAA9 ] C:\Windows\System32\comdlg32.dll
19:03:25.0927 4424 C:\Windows\System32\comdlg32.dll - ok
19:03:25.0927 4424 [ AC8F79017C5C1FB316930EDEAD0AF517 ] C:\Windows\System32\ole32.dll
19:03:25.0927 4424 C:\Windows\System32\ole32.dll - ok
19:03:25.0927 4424 [ 8EA68FD3780DDDD5072F8CB830B3CB3D ] C:\Windows\System32\wininet.dll
19:03:25.0927 4424 C:\Windows\System32\wininet.dll - ok
19:03:25.0927 4424 [ 579F6AFC6A6561951FA2202EFC3FE485 ] C:\Windows\System32\msvcrt.dll
19:03:25.0927 4424 C:\Windows\System32\msvcrt.dll - ok
19:03:25.0927 4424 [ 48C903068B6BDAB5EF650B9CBEE85295 ] C:\Windows\System32\rpcrt4.dll
19:03:25.0927 4424 C:\Windows\System32\rpcrt4.dll - ok
19:03:25.0943 4424 [ 15BDC173EB5FA4F92B67D9FFB269A6EA ] C:\Windows\System32\shlwapi.dll
19:03:25.0943 4424 C:\Windows\System32\shlwapi.dll - ok
19:03:25.0943 4424 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
19:03:25.0943 4424 C:\Windows\System32\difxapi.dll - ok
19:03:25.0943 4424 [ 2A46451EE42BCD2C842D8AA4923FAC16 ] C:\Windows\System32\oleaut32.dll
19:03:25.0943 4424 C:\Windows\System32\oleaut32.dll - ok
19:03:25.0943 4424 [ D05E03C1B2824236531F5E37334B6A8A ] C:\Windows\System32\cfgmgr32.dll
19:03:25.0943 4424 C:\Windows\System32\cfgmgr32.dll - ok
19:03:25.0943 4424 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
19:03:25.0943 4424 C:\Windows\System32\devobj.dll - ok
19:03:25.0943 4424 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\System32\comctl32.dll
19:03:25.0943 4424 C:\Windows\System32\comctl32.dll - ok
19:03:25.0943 4424 [ FEC6244873AB7981326CAEEC5B5FFF11 ] C:\Windows\System32\wintrust.dll
19:03:25.0943 4424 C:\Windows\System32\wintrust.dll - ok
19:03:25.0943 4424 [ B0B310037A3A9151735E9952D4395C76 ] C:\Windows\System32\crypt32.dll
19:03:25.0943 4424 C:\Windows\System32\crypt32.dll - ok
19:03:25.0943 4424 [ 08B1BDCDF896D38C6E820B9B155E7A17 ] C:\Windows\System32\KernelBase.dll
19:03:25.0943 4424 C:\Windows\System32\KernelBase.dll - ok
19:03:25.0959 4424 [ 98FB7DD3B28A92E3C0E5B4BD9D63EF01 ] C:\Windows\System32\msasn1.dll
19:03:25.0959 4424 C:\Windows\System32\msasn1.dll - ok
19:03:25.0959 4424 [ 4C9042B8DF86C1E8E6240C218B99B39B ] C:\Windows\System32\drivers\usbhub.sys
19:03:25.0959 4424 C:\Windows\System32\drivers\usbhub.sys - ok
19:03:25.0959 4424 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
19:03:25.0959 4424 C:\Windows\SysWOW64\normaliz.dll - ok
19:03:25.0959 4424 [ DB6AEC32FAF5BD002D9ED6C38692D42B ] C:\Windows\System32\drivers\EtronHub3.sys
19:03:25.0959 4424 C:\Windows\System32\drivers\EtronHub3.sys - ok
19:03:25.0959 4424 [ 63C8D74BED9F80F4DD0AA7A3101EB639 ] C:\Windows\System32\drivers\usbd.sys
19:03:25.0959 4424 C:\Windows\System32\drivers\usbd.sys - ok
19:03:25.0959 4424 [ 659B74FB74B86228D6338D643CD3E3CF ] C:\Windows\System32\drivers\ndproxy.sys
19:03:25.0959 4424 C:\Windows\System32\drivers\ndproxy.sys - ok
19:03:25.0959 4424 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
19:03:25.0959 4424 C:\Windows\System32\drivers\drmk.sys - ok
19:03:25.0959 4424 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
19:03:25.0959 4424 C:\Windows\System32\drivers\ksthunk.sys - ok
19:03:25.0959 4424 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] C:\Windows\System32\drivers\nvhda64v.sys
19:03:25.0959 4424 C:\Windows\System32\drivers\nvhda64v.sys - ok
19:03:25.0974 4424 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
19:03:25.0974 4424 C:\Windows\System32\drivers\portcls.sys - ok
19:03:25.0974 4424 [ 98F4E841EA43ED5A442F0DC60CAB4326 ] C:\Windows\System32\drivers\RTKVHD64.sys
19:03:25.0974 4424 C:\Windows\System32\drivers\RTKVHD64.sys - ok
19:03:25.0974 4424 [ FC727061C0F47C8059E88E05D5C8E381 ] C:\Windows\System32\drivers\IntcDAud.sys
19:03:25.0974 4424 C:\Windows\System32\drivers\IntcDAud.sys - ok
19:03:25.0974 4424 [ B26AFB54A534D634523C4FB66765B026 ] C:\Windows\System32\drivers\usbccgp.sys
19:03:25.0974 4424 C:\Windows\System32\drivers\usbccgp.sys - ok
19:03:25.0974 4424 [ 685FEC2407FC121EB937CB658B3C0F35 ] C:\Windows\System32\drivers\hidclass.sys
19:03:25.0974 4424 C:\Windows\System32\drivers\hidclass.sys - ok
19:03:25.0974 4424 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
19:03:25.0974 4424 C:\Windows\System32\drivers\hidparse.sys - ok
19:03:25.0974 4424 [ B3BF6B5B50006DEF50B66306D99FCF6F ] C:\Windows\System32\drivers\hidusb.sys
19:03:25.0974 4424 C:\Windows\System32\drivers\hidusb.sys - ok
19:03:25.0974 4424 [ 77B01BC848298223A95D4EC23E1785A1 ] C:\Windows\System32\drivers\USBAUDIO.sys
19:03:25.0974 4424 C:\Windows\System32\drivers\USBAUDIO.sys - ok
19:03:25.0974 4424 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] C:\Windows\System32\drivers\winusb.sys
19:03:25.0974 4424 C:\Windows\System32\drivers\winusb.sys - ok
19:03:25.0990 4424 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] C:\Windows\System32\drivers\WUDFRd.sys
19:03:25.0990 4424 C:\Windows\System32\drivers\WUDFRd.sys - ok
19:03:25.0990 4424 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
19:03:25.0990 4424 C:\Windows\System32\drivers\dxapi.sys - ok
19:03:25.0990 4424 [ E37C71EA972AD883E7841D07BC6D5F1C ] C:\Windows\System32\win32k.sys
19:03:25.0990 4424 C:\Windows\System32\win32k.sys - ok
19:03:25.0990 4424 [ B8BD2BB284668C84865658C77574381A ] C:\Windows\System32\drivers\cdfs.sys
19:03:25.0990 4424 C:\Windows\System32\drivers\cdfs.sys - ok
19:03:25.0990 4424 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
19:03:25.0990 4424 C:\Windows\System32\basesrv.dll - ok
19:03:25.0990 4424 [ E730EADB8F176DB06A378435BEB2E823 ] C:\Windows\System32\csrsrv.dll
19:03:25.0990 4424 C:\Windows\System32\csrsrv.dll - ok
19:03:25.0990 4424 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
19:03:25.0990 4424 C:\Windows\System32\csrss.exe - ok
19:03:25.0990 4424 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\System32\winsrv.dll
19:03:25.0990 4424 C:\Windows\System32\winsrv.dll - ok
19:03:25.0990 4424 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] C:\Windows\System32\drivers\kbdhid.sys
19:03:25.0990 4424 C:\Windows\System32\drivers\kbdhid.sys - ok
19:03:26.0005 4424 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
19:03:26.0005 4424 C:\Windows\System32\drivers\mouhid.sys - ok
19:03:26.0005 4424 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
19:03:26.0005 4424 C:\Windows\System32\drivers\monitor.sys - ok
19:03:26.0005 4424 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
19:03:26.0005 4424 C:\Windows\System32\sxssrv.dll - ok
19:03:26.0005 4424 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
19:03:26.0005 4424 C:\Windows\System32\tsddd.dll - ok
19:03:26.0005 4424 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
19:03:26.0005 4424 C:\Windows\System32\wininit.exe - ok
19:03:26.0005 4424 [ B9A047D231D32FDF5AF2F281E4326A9D ] C:\Windows\System32\KBDUS.DLL
19:03:26.0005 4424 C:\Windows\System32\KBDUS.DLL - ok
19:03:26.0005 4424 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
19:03:26.0005 4424 C:\Windows\System32\profapi.dll - ok
19:03:26.0005 4424 [ F4389DA7DBDA2E7D292D360CF8E400C7 ] C:\Windows\System32\RpcRtRemote.dll
19:03:26.0005 4424 C:\Windows\System32\RpcRtRemote.dll - ok
19:03:26.0005 4424 [ 100BDF2F89D6056CEE900BB6156DA737 ] C:\Windows\System32\cdd.dll
19:03:26.0005 4424 C:\Windows\System32\cdd.dll - ok
19:03:26.0021 4424 [ 456C92A9D8DB51B9938A6234BBC65FC9 ] C:\Windows\System32\sxs.dll
19:03:26.0021 4424 C:\Windows\System32\sxs.dll - ok
19:03:26.0021 4424 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
19:03:26.0021 4424 C:\Windows\System32\WlS0WndH.dll - ok
19:03:26.0021 4424 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
19:03:26.0021 4424 C:\Windows\System32\cryptbase.dll - ok
19:03:26.0021 4424 [ 01A465AC251BCCF6037DF2EF28AA4292 ] C:\Windows\System32\apphelp.dll
19:03:26.0021 4424 C:\Windows\System32\apphelp.dll - ok
19:03:26.0021 4424 [ 156F6159457D0AA7E59B62681B56EB90 ] C:\Windows\System32\lsass.exe
19:03:26.0021 4424 C:\Windows\System32\lsass.exe - ok
19:03:26.0021 4424 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
19:03:26.0021 4424 C:\Windows\System32\services.exe - ok
19:03:26.0021 4424 [ BFA69408620587AFDEC2E8C12CA60492 ] C:\Windows\System32\lsasrv.dll
19:03:26.0021 4424 C:\Windows\System32\lsasrv.dll - ok
19:03:26.0021 4424 [ 04FCA22B77A2E37332CC8226187AF87B ] C:\Windows\System32\lsm.exe
19:03:26.0021 4424 C:\Windows\System32\lsm.exe - ok
19:03:26.0021 4424 [ 941AF3C8B0DE1B359BE22DD3288A8C8E ] C:\Windows\System32\scesrv.dll
19:03:26.0021 4424 C:\Windows\System32\scesrv.dll - ok
19:03:26.0037 4424 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
19:03:26.0037 4424 C:\Windows\System32\scext.dll - ok
19:03:26.0037 4424 [ 74A0871810BF0F2AA3EB6681E9BECDD3 ] C:\Windows\System32\secur32.dll
19:03:26.0037 4424 C:\Windows\System32\secur32.dll - ok
19:03:26.0037 4424 [ 1F582C6C84D5243692F9C3E04D0A663F ] C:\Windows\System32\sspicli.dll
19:03:26.0037 4424 C:\Windows\System32\sspicli.dll - ok
19:03:26.0037 4424 [ 68EA2513CA68AD8F741FF4F5B8D8590C ] C:\Windows\System32\sspisrv.dll
19:03:26.0037 4424 C:\Windows\System32\sspisrv.dll - ok
19:03:26.0037 4424 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
19:03:26.0037 4424 C:\Windows\System32\sysntfy.dll - ok
19:03:26.0037 4424 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
19:03:26.0037 4424 C:\Windows\System32\wmsgapi.dll - ok
19:03:26.0037 4424 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
19:03:26.0037 4424 C:\Windows\System32\cryptdll.dll - ok
19:03:26.0037 4424 [ B160ADAEFC76031D92C4FBAC0918B033 ] C:\Windows\System32\samsrv.dll
19:03:26.0037 4424 C:\Windows\System32\samsrv.dll - ok
19:03:26.0037 4424 [ D23371AB9607651937C7641A38CD52BC ] C:\Windows\System32\srvcli.dll
19:03:26.0037 4424 C:\Windows\System32\srvcli.dll - ok
19:03:26.0052 4424 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
19:03:26.0052 4424 C:\Windows\System32\wevtapi.dll - ok
19:03:26.0052 4424 [ DA3E2A6FA9660CC75B471530CE88453A ] C:\Windows\System32\winlogon.exe
19:03:26.0052 4424 C:\Windows\System32\winlogon.exe - ok
19:03:26.0052 4424 [ D8C88512BA9544AE1CC2034F50ECFA12 ] C:\Windows\System32\winsta.dll
19:03:26.0052 4424 C:\Windows\System32\winsta.dll - ok
19:03:26.0052 4424 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
19:03:26.0052 4424 C:\Windows\System32\authz.dll - ok
19:03:26.0052 4424 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
19:03:26.0052 4424 C:\Windows\System32\bcrypt.dll - ok
19:03:26.0052 4424 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
19:03:26.0052 4424 C:\Windows\System32\cngaudit.dll - ok
19:03:26.0052 4424 [ 96772B584BD0E667CD7741EF96284ACB ] C:\Windows\System32\kerberos.dll
19:03:26.0052 4424 C:\Windows\System32\kerberos.dll - ok
19:03:26.0068 4424 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
19:03:26.0068 4424 C:\Windows\System32\msprivs.dll - ok
19:03:26.0068 4424 [ E08926B4E52F92FF8852BECC0E2F358A ] C:\Windows\System32\ncrypt.dll
19:03:26.0068 4424 C:\Windows\System32\ncrypt.dll - ok
19:03:26.0068 4424 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
19:03:26.0068 4424 C:\Windows\System32\negoexts.dll - ok
19:03:26.0068 4424 [ B561B451320B0B40908A8BFD81705262 ] C:\Windows\System32\netjoin.dll
19:03:26.0068 4424 C:\Windows\System32\netjoin.dll - ok
19:03:26.0068 4424 [ EFC5353E4F513DEF55ED7B7872363957 ] C:\Windows\System32\atmfd.dll
19:03:26.0068 4424 C:\Windows\System32\atmfd.dll - ok
19:03:26.0068 4424 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
19:03:26.0068 4424 C:\Windows\System32\cryptsp.dll - ok
19:03:26.0068 4424 [ FA4DB05923DDDEDE3196ABD09AE0F1E9 ] C:\Windows\System32\msv1_0.dll
19:03:26.0068 4424 C:\Windows\System32\msv1_0.dll - ok
19:03:26.0068 4424 [ FC76FE3C1E1FDB761244D4F74EF560FD ] C:\Windows\System32\mswsock.dll
19:03:26.0068 4424 C:\Windows\System32\mswsock.dll - ok
19:03:26.0083 4424 [ 956D030D375F207B22FB111E06EF9C35 ] C:\Windows\System32\netlogon.dll
19:03:26.0083 4424 C:\Windows\System32\netlogon.dll - ok
19:03:26.0083 4424 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
19:03:26.0083 4424 C:\Windows\System32\wship6.dll - ok
19:03:26.0083 4424 [ E247E7DEB20C0CF0801A8AC39E9CE1DF ] C:\Windows\System32\dnsapi.dll
19:03:26.0083 4424 C:\Windows\System32\dnsapi.dll - ok
19:03:26.0083 4424 [ 8CE22E63F08613036DF8C7B00FBDF36B ] C:\Windows\System32\logoncli.dll
19:03:26.0083 4424 C:\Windows\System32\logoncli.dll - ok
19:03:26.0083 4424 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
19:03:26.0083 4424 C:\Windows\System32\rsaenh.dll - ok
19:03:26.0083 4424 [ 90B780886BD813882CB382FF3E90E092 ] C:\Windows\System32\schannel.dll
19:03:26.0083 4424 C:\Windows\System32\schannel.dll - ok
19:03:26.0083 4424 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
19:03:26.0083 4424 C:\Windows\System32\wdigest.dll - ok
19:03:26.0099 4424 [ DA090E97E57DCB48888015B5D3C749CD ] C:\Windows\System32\bcryptprimitives.dll
19:03:26.0099 4424 C:\Windows\System32\bcryptprimitives.dll - ok
19:03:26.0099 4424 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
19:03:26.0099 4424 C:\Windows\System32\efslsaext.dll - ok
19:03:26.0099 4424 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
19:03:26.0099 4424 C:\Windows\System32\LIVESSP.DLL - ok
19:03:26.0099 4424 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
19:03:26.0099 4424 C:\Windows\System32\pku2u.dll - ok
19:03:26.0099 4424 [ 0DEFD5FBF801DD8F83BC0ED09861A8EC ] C:\Windows\System32\TSpkg.dll
19:03:26.0099 4424 C:\Windows\System32\TSpkg.dll - ok
19:03:26.0099 4424 [ 9301B8810B2DA4EB6AD55DB75FC1E339 ] C:\Windows\System32\credssp.dll
19:03:26.0099 4424 C:\Windows\System32\credssp.dll - ok
19:03:26.0099 4424 [ 398712DDDAEFB85EDF61DF6A07B65C79 ] C:\Windows\System32\scecli.dll
19:03:26.0099 4424 C:\Windows\System32\scecli.dll - ok
19:03:26.0099 4424 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
19:03:26.0099 4424 C:\Windows\System32\ubpm.dll - ok
19:03:26.0115 4424 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
19:03:26.0115 4424 C:\Windows\System32\svchost.exe - ok
19:03:26.0115 4424 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
19:03:26.0115 4424 C:\Windows\System32\devrtl.dll - ok
19:03:26.0115 4424 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
19:03:26.0115 4424 C:\Windows\System32\gpapi.dll - ok
19:03:26.0115 4424 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
19:03:26.0115 4424 C:\Windows\System32\pcwum.dll - ok
19:03:26.0115 4424 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
19:03:26.0115 4424 C:\Windows\System32\SPInf.dll - ok
19:03:26.0115 4424 [ 98B1721B8718164293B9701B98C52D77 ] C:\Windows\System32\umpnpmgr.dll
19:03:26.0115 4424 C:\Windows\System32\umpnpmgr.dll - ok
19:03:26.0115 4424 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
19:03:26.0115 4424 C:\Windows\System32\umpo.dll - ok
19:03:26.0115 4424 [ 0776CF79590BDEF0A2728B0B9A813B96 ] C:\Windows\System32\userenv.dll
19:03:26.0115 4424 C:\Windows\System32\userenv.dll - ok
19:03:26.0130 4424 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
19:03:26.0130 4424 C:\Windows\System32\drivers\luafv.sys - ok
19:03:26.0130 4424 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
19:03:26.0130 4424 C:\Windows\System32\powrprof.dll - ok
19:03:26.0130 4424 [ 7CADC74271DD6461C452C271B30BD378 ] C:\Windows\System32\drivers\WUDFPf.sys
19:03:26.0130 4424 C:\Windows\System32\drivers\WUDFPf.sys - ok
19:03:26.0130 4424 [ 43F91595049DE14C4B61D1E76436164F ] C:\Windows\System32\nvvsvc.exe
19:03:26.0130 4424 C:\Windows\System32\nvvsvc.exe - ok
19:03:26.0130 4424 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
19:03:26.0130 4424 C:\Windows\System32\wtsapi32.dll - ok
19:03:26.0130 4424 [ A766CCAD980235FF34E7F8089D3175A3 ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:03:26.0130 4424 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - ok
19:03:26.0130 4424 [ DB6DD54A93522CA3572D04B56C5DB890 ] C:\Windows\SysWOW64\ntdll.dll
19:03:26.0130 4424 C:\Windows\SysWOW64\ntdll.dll - ok
19:03:26.0130 4424 [ ADFDF57DC62AE66FE47D5AD1C838131B ] C:\Windows\System32\wow64.dll
19:03:26.0130 4424 C:\Windows\System32\wow64.dll - ok
19:03:26.0146 4424 [ C0A718C7421975E8D25FF78271A8F54A ] C:\Windows\System32\wow64cpu.dll
19:03:26.0146 4424 C:\Windows\System32\wow64cpu.dll - ok
19:03:26.0146 4424 [ E9727C5B096B0722BEBEE269ED841F37 ] C:\Windows\System32\wow64win.dll
19:03:26.0146 4424 C:\Windows\System32\wow64win.dll - ok
19:03:26.0146 4424 [ 4EA99F1644627B1EBAD99D0B93CDEE1C ] C:\Windows\SysWOW64\kernel32.dll
19:03:26.0146 4424 C:\Windows\SysWOW64\kernel32.dll - ok
19:03:26.0146 4424 [ 2BF12696F4AC8AFCFC06EAD6F8D2DB4C ] C:\Windows\SysWOW64\KernelBase.dll
19:03:26.0146 4424 C:\Windows\SysWOW64\KernelBase.dll - ok
19:03:26.0146 4424 [ F8A61B2E713309B4616D107919BDAB6E ] C:\Windows\SysWOW64\msvcrt.dll
19:03:26.0146 4424 C:\Windows\SysWOW64\msvcrt.dll - ok
19:03:26.0146 4424 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
19:03:26.0146 4424 C:\Windows\SysWOW64\version.dll - ok
19:03:26.0146 4424 [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\SysWOW64\setupapi.dll
19:03:26.0146 4424 C:\Windows\SysWOW64\setupapi.dll - ok
19:03:26.0161 4424 [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\SysWOW64\advapi32.dll
19:03:26.0161 4424 C:\Windows\SysWOW64\advapi32.dll - ok
19:03:26.0161 4424 [ E702ED19C332C1F12C1403D100E2F4F3 ] C:\Windows\SysWOW64\cfgmgr32.dll
19:03:26.0161 4424 C:\Windows\SysWOW64\cfgmgr32.dll - ok
19:03:26.0161 4424 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
19:03:26.0161 4424 C:\Windows\SysWOW64\cryptbase.dll - ok
19:03:26.0161 4424 [ FBE1E0B9EF53B5BB7C36763AA6A685CF ] C:\Windows\SysWOW64\gdi32.dll
19:03:26.0161 4424 C:\Windows\SysWOW64\gdi32.dll - ok
19:03:26.0161 4424 [ 90385551B6B3793E949DF310A11D64E7 ] C:\Windows\SysWOW64\rpcrt4.dll
19:03:26.0161 4424 C:\Windows\SysWOW64\rpcrt4.dll - ok
19:03:26.0161 4424 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
19:03:26.0161 4424 C:\Windows\SysWOW64\sechost.dll - ok
19:03:26.0161 4424 [ 351F62085F1D007533B4BB159C9EFDE3 ] C:\Windows\SysWOW64\sspicli.dll
19:03:26.0161 4424 C:\Windows\SysWOW64\sspicli.dll - ok
19:03:26.0161 4424 [ E8B0FFC209E504CB7E79FC24E6C085F0 ] C:\Windows\SysWOW64\user32.dll
19:03:26.0161 4424 C:\Windows\SysWOW64\user32.dll - ok
19:03:26.0177 4424 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
19:03:26.0177 4424 C:\Windows\SysWOW64\lpk.dll - ok
19:03:26.0177 4424 [ 705C210EFC5564BE49EB026BD7AFF27A ] C:\Windows\SysWOW64\oleaut32.dll
19:03:26.0177 4424 C:\Windows\SysWOW64\oleaut32.dll - ok
19:03:26.0177 4424 [ 0BA19F3198C40AC4E8CC66EE02EDA6C6 ] C:\Windows\SysWOW64\usp10.dll
19:03:26.0177 4424 C:\Windows\SysWOW64\usp10.dll - ok
19:03:26.0177 4424 [ 6C9C05D5344B9AB80E9180FC859BC45A ] C:\Windows\SysWOW64\devobj.dll
19:03:26.0177 4424 C:\Windows\SysWOW64\devobj.dll - ok
19:03:26.0177 4424 [ 0DE3069D6E09BA262856EF31C941BEFE ] C:\Windows\SysWOW64\imm32.dll
19:03:26.0177 4424 C:\Windows\SysWOW64\imm32.dll - ok
19:03:26.0177 4424 [ E2C2D8C982316C8ABF800C6CE3F28FAB ] C:\Windows\SysWOW64\ole32.dll
19:03:26.0177 4424 C:\Windows\SysWOW64\ole32.dll - ok
19:03:26.0177 4424 [ 61E02CC3184B63FAFE0B83EAC8B3B8EF ] C:\Windows\SysWOW64\winspool.drv
19:03:26.0177 4424 C:\Windows\SysWOW64\winspool.drv - ok
19:03:26.0177 4424 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
19:03:26.0177 4424 C:\Windows\SysWOW64\atl.dll - ok
19:03:26.0193 4424 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
19:03:26.0193 4424 C:\Windows\SysWOW64\msctf.dll - ok
19:03:26.0193 4424 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
19:03:26.0193 4424 C:\Windows\SysWOW64\nsi.dll - ok
19:03:26.0193 4424 [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\SysWOW64\shlwapi.dll
19:03:26.0193 4424 C:\Windows\SysWOW64\shlwapi.dll - ok
19:03:26.0193 4424 [ 75A97A2C060E72AB49E071E08C7DD2BA ] C:\Windows\SysWOW64\wininet.dll
19:03:26.0193 4424 C:\Windows\SysWOW64\wininet.dll - ok
19:03:26.0193 4424 [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\SysWOW64\ws2_32.dll
19:03:26.0193 4424 C:\Windows\SysWOW64\ws2_32.dll - ok
19:03:26.0193 4424 [ B17ADBBBDC97148D28F995F32C380F2E ] C:\Windows\SysWOW64\iertutil.dll
19:03:26.0193 4424 C:\Windows\SysWOW64\iertutil.dll - ok
19:03:26.0193 4424 [ 667981F2E7C26275F0694B58EEE303B9 ] C:\Windows\SysWOW64\urlmon.dll
19:03:26.0193 4424 C:\Windows\SysWOW64\urlmon.dll - ok
19:03:26.0208 4424 [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\SysWOW64\winmm.dll
19:03:26.0208 4424 C:\Windows\SysWOW64\winmm.dll - ok
19:03:26.0208 4424 [ 2CBC35E872BA9B46474890135B56DD66 ] C:\Windows\SysWOW64\shell32.dll
19:03:26.0208 4424 C:\Windows\SysWOW64\shell32.dll - ok
19:03:26.0208 4424 [ 91B82AFC372093C48D225CB358250325 ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstres.dll
19:03:26.0208 4424 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstres.dll - ok
19:03:26.0208 4424 [ 7FB76BB304C9CE38BDC398707E1EEE74 ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvwl.dll
19:03:26.0208 4424 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvwl.dll - ok
19:03:26.0208 4424 [ 7266972E86890E2B30C0C322E906B027 ] C:\Windows\System32\rpcss.dll
19:03:26.0208 4424 C:\Windows\System32\rpcss.dll - ok
19:03:26.0208 4424 [ 5923DB041C82BD93FE6C54114470CE17 ] C:\Windows\SysWOW64\crypt32.dll
19:03:26.0208 4424 C:\Windows\SysWOW64\crypt32.dll - ok
19:03:26.0208 4424 [ 6380BE4AB7AFA48BAEF321E8CA980ADD ] C:\Windows\SysWOW64\wintrust.dll
19:03:26.0208 4424 C:\Windows\SysWOW64\wintrust.dll - ok
19:03:26.0208 4424 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
19:03:26.0208 4424 C:\Windows\System32\RpcEpMap.dll - ok
19:03:26.0224 4424 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
19:03:26.0224 4424 C:\Windows\System32\WSHTCPIP.DLL - ok
19:03:26.0224 4424 [ 11CDF138552BFEC115B60ED6DC3ACEB6 ] C:\Windows\SysWOW64\devrtl.dll
19:03:26.0224 4424 C:\Windows\SysWOW64\devrtl.dll - ok
19:03:26.0224 4424 [ 4C04900AA8C323F5D4C316A89E976849 ] C:\Windows\SysWOW64\msasn1.dll
19:03:26.0224 4424 C:\Windows\SysWOW64\msasn1.dll - ok
19:03:26.0224 4424 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
19:03:26.0224 4424 C:\Windows\SysWOW64\ntmarta.dll - ok
19:03:26.0224 4424 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\SysWOW64\SPInf.dll
19:03:26.0224 4424 C:\Windows\SysWOW64\SPInf.dll - ok
19:03:26.0224 4424 [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\SysWOW64\Wldap32.dll
19:03:26.0224 4424 C:\Windows\SysWOW64\Wldap32.dll - ok
19:03:26.0224 4424 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
19:03:26.0224 4424 C:\Windows\System32\FirewallAPI.dll - ok
19:03:26.0224 4424 [ 93E6A39B1DB898F7C949FA5567E774CF ] C:\Windows\System32\LogonUI.exe
19:03:26.0224 4424 C:\Windows\System32\LogonUI.exe - ok
19:03:26.0239 4424 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
19:03:26.0239 4424 C:\Windows\System32\version.dll - ok
19:03:26.0239 4424 [ BCF0A980D21711E47D0803BDB0E99CAD ] C:\Windows\System32\authui.dll
19:03:26.0239 4424 C:\Windows\System32\authui.dll - ok
19:03:26.0239 4424 [ 99ABDA9C92EC76CBAF52F00239D909C9 ] C:\Windows\System32\wevtsvc.dll
19:03:26.0239 4424 C:\Windows\System32\wevtsvc.dll - ok
19:03:26.0239 4424 [ DBA90306A721FB922FDACED9E9728C28 ] C:\Windows\System32\cryptui.dll
19:03:26.0239 4424 C:\Windows\System32\cryptui.dll - ok
19:03:26.0239 4424 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
19:03:26.0239 4424 C:\Windows\System32\netprofm.dll - ok
19:03:26.0239 4424 [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll
19:03:26.0239 4424 C:\Program Files\Windows Defender\MpEvMsg.dll - ok
19:03:26.0239 4424 [ 07721A77180EDD4D39CCB865BF63C7FD ] C:\Windows\System32\audiosrv.dll
19:03:26.0239 4424 C:\Windows\System32\audiosrv.dll - ok
19:03:26.0255 4424 [ AECAB449567D1846DAD63ECE49E893E3 ] C:\Windows\System32\MPSSVC.dll
19:03:26.0255 4424 C:\Windows\System32\MPSSVC.dll - ok
19:03:26.0255 4424 [ 113921FC4A80A3DDF646852998B836D0 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
19:03:26.0255 4424 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll - ok
19:03:26.0255 4424 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
19:03:26.0255 4424 C:\Windows\System32\avrt.dll - ok
19:03:26.0255 4424 [ F7866AF72ABBAF84B1FA5AA195378C59 ] C:\Windows\System32\drivers\fltMgr.sys
19:03:26.0255 4424 C:\Windows\System32\drivers\fltMgr.sys - ok
19:03:26.0255 4424 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
19:03:26.0255 4424 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
19:03:26.0255 4424 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
19:03:26.0255 4424 C:\Windows\System32\mmcss.dll - ok
19:03:26.0255 4424 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
19:03:26.0255 4424 C:\Windows\System32\MMDevAPI.dll - ok
19:03:26.0271 4424 [ B27EA141A7E748B607600A8551A44D5A ] C:\Windows\System32\propsys.dll
19:03:26.0271 4424 C:\Windows\System32\propsys.dll - ok
19:03:26.0271 4424 [ 84F8C8B9FB1F12532999D25F5DD7E77C ] C:\Windows\System32\shacct.dll
19:03:26.0271 4424 C:\Windows\System32\shacct.dll - ok
19:03:26.0271 4424 [ 37B68E458C0BC255DF2FB7454D0798D3 ] C:\Windows\System32\WUDFPlatform.dll
19:03:26.0271 4424 C:\Windows\System32\WUDFPlatform.dll - ok
19:03:26.0271 4424 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
19:03:26.0271 4424 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
19:03:26.0271 4424 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
19:03:26.0271 4424 C:\Windows\System32\PSHED.DLL - ok
19:03:26.0271 4424 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
19:03:26.0271 4424 C:\Windows\System32\samlib.dll - ok
19:03:26.0271 4424 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
19:03:26.0271 4424 C:\Windows\System32\uxtheme.dll - ok
19:03:26.0286 4424 [ DD0701DE0AAA010E6EBD0F53B672DCEE ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll
19:03:26.0286 4424 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll - ok
19:03:26.0286 4424 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
19:03:26.0286 4424 C:\Windows\System32\dui70.dll - ok
19:03:26.0286 4424 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
19:03:26.0286 4424 C:\Windows\System32\duser.dll - ok
19:03:26.0286 4424 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
19:03:26.0286 4424 C:\Windows\System32\dwmapi.dll - ok
19:03:26.0286 4424 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
19:03:26.0286 4424 C:\Windows\System32\hid.dll - ok
19:03:26.0286 4424 [ B2E3D4BB3389817FB5E4CD9378BC8791 ] C:\Windows\System32\SndVolSSO.dll
19:03:26.0286 4424 C:\Windows\System32\SndVolSSO.dll - ok
19:03:26.0286 4424 [ D6F630C1FD7F436316093AE500363B19 ] C:\Windows\System32\xmllite.dll
19:03:26.0286 4424 C:\Windows\System32\xmllite.dll - ok
19:03:26.0302 4424 [ EA99F234843BBDDA1ABD2767111ADE25 ] C:\Windows\System32\WindowsCodecs.dll
19:03:26.0302 4424 C:\Windows\System32\WindowsCodecs.dll - ok
19:03:26.0302 4424 [ D152EBC32A23069F8AA1D1F24B15E3F9 ] C:\Windows\System32\audiodg.exe
19:03:26.0302 4424 C:\Windows\System32\audiodg.exe - ok
19:03:26.0302 4424 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
19:03:26.0302 4424 C:\Windows\System32\ntmarta.dll - ok
19:03:26.0302 4424 [ 873FBF927C06E5CEE04DEC617502F8FD ] C:\Windows\System32\cscsvc.dll
19:03:26.0302 4424 C:\Windows\System32\cscsvc.dll - ok
19:03:26.0302 4424 [ FE5AB4525BC2EC68B9119A6E5D40128B ] C:\Windows\System32\gpsvc.dll
19:03:26.0302 4424 C:\Windows\System32\gpsvc.dll - ok
19:03:26.0302 4424 [ 2A381A9740165D7A1405148B6DFB3E38 ] C:\Windows\System32\SmartcardCredentialProvider.dll
19:03:26.0302 4424 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
19:03:26.0302 4424 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
19:03:26.0302 4424 C:\Windows\System32\VaultCredProvider.dll - ok
19:03:26.0302 4424 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
19:03:26.0302 4424 C:\Windows\System32\winbrand.dll - ok
19:03:26.0317 4424 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
19:03:26.0317 4424 C:\Windows\System32\atl.dll - ok
19:03:26.0317 4424 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
19:03:26.0317 4424 C:\Windows\System32\BioCredProv.dll - ok
19:03:26.0317 4424 [ 97D38371502AA797DB14EB1FA5FCE4CD ] C:\Windows\System32\credui.dll
19:03:26.0317 4424 C:\Windows\System32\credui.dll - ok
19:03:26.0317 4424 [ 3C27B50BC43D5FED43081A784DD17190 ] C:\Windows\System32\netapi32.dll
19:03:26.0317 4424 C:\Windows\System32\netapi32.dll - ok
19:03:26.0317 4424 [ 86E3822A34D454032D8E88C72AE8CF2D ] C:\Windows\System32\nlaapi.dll
19:03:26.0317 4424 C:\Windows\System32\nlaapi.dll - ok
19:03:26.0317 4424 [ 29910D50542B1AA0F162EF3339C61B6D ] C:\Windows\System32\PeerDist.dll
19:03:26.0317 4424 C:\Windows\System32\PeerDist.dll - ok
19:03:26.0317 4424 [ F381975E1F4346DE875CB07339CE8D3A ] C:\Windows\System32\profsvc.dll
19:03:26.0317 4424 C:\Windows\System32\profsvc.dll - ok
19:03:26.0317 4424 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
19:03:26.0317 4424 C:\Windows\System32\themeservice.dll - ok
19:03:26.0333 4424 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
19:03:26.0333 4424 C:\Windows\System32\vaultcli.dll - ok
19:03:26.0333 4424 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
19:03:26.0333 4424 C:\Windows\System32\winbio.dll - ok
19:03:26.0333 4424 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
19:03:26.0333 4424 C:\Windows\System32\winmm.dll - ok
19:03:26.0333 4424 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
19:03:26.0333 4424 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
19:03:26.0333 4424 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
19:03:26.0333 4424 C:\Windows\System32\certCredProvider.dll - ok
19:03:26.0333 4424 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
19:03:26.0333 4424 C:\Windows\System32\dsrole.dll - ok
19:03:26.0333 4424 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
19:03:26.0333 4424 C:\Windows\System32\ksuser.dll - ok
19:03:26.0333 4424 [ F66A12ACF2B2DB8C73A2C180F562E3EC ] C:\Windows\System32\mstask.dll
19:03:26.0333 4424 C:\Windows\System32\mstask.dll - ok
19:03:26.0349 4424 [ 4C8C2F987FC397DCE98874D6C9C0736A ] C:\Windows\System32\netutils.dll
19:03:26.0349 4424 C:\Windows\System32\netutils.dll - ok
19:03:26.0349 4424 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
19:03:26.0349 4424 C:\Windows\System32\rasplap.dll - ok
19:03:26.0349 4424 [ A87205FE194B239D8D96E4972B779CC1 ] C:\Windows\System32\samcli.dll
19:03:26.0349 4424 C:\Windows\System32\samcli.dll - ok
19:03:26.0349 4424 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
19:03:26.0349 4424 C:\Windows\System32\slc.dll - ok
19:03:26.0349 4424 [ DC57BAF15064ECB79F6D2CCF352E1D88 ] C:\Windows\System32\taskschd.dll
19:03:26.0349 4424 C:\Windows\System32\taskschd.dll - ok
19:03:26.0349 4424 [ 30F9BACA07F8251D7DD1805A9E919CE0 ] C:\Windows\System32\wdmaud.drv
19:03:26.0349 4424 C:\Windows\System32\wdmaud.drv - ok
19:03:26.0349 4424 [ B33CBD1A8C2A33121321D0FEBD7DD870 ] C:\Windows\System32\wkscli.dll
19:03:26.0349 4424 C:\Windows\System32\wkscli.dll - ok
19:03:26.0349 4424 [ 81D64E8D70E5FBF9F7ABF2D41154F54D ] C:\Windows\System32\AudioSes.dll
19:03:26.0349 4424 C:\Windows\System32\AudioSes.dll - ok
19:03:26.0349 4424 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
19:03:26.0349 4424 C:\Windows\System32\comres.dll - ok
19:03:26.0364 4424 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
19:03:26.0364 4424 C:\Windows\System32\es.dll - ok
19:03:26.0364 4424 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
19:03:26.0364 4424 C:\Windows\System32\rasapi32.dll - ok
19:03:26.0364 4424 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
19:03:26.0364 4424 C:\Windows\System32\rasman.dll - ok
19:03:26.0364 4424 [ F5A61F0A0030C80DF319B0C14A4C8885 ] C:\Windows\System32\rtutils.dll
19:03:26.0364 4424 C:\Windows\System32\rtutils.dll - ok
19:03:26.0364 4424 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
19:03:26.0364 4424 C:\Windows\System32\Sens.dll - ok
19:03:26.0364 4424 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
19:03:26.0364 4424 C:\Windows\System32\uxsms.dll - ok
19:03:26.0364 4424 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
19:03:26.0364 4424 C:\Windows\System32\msacm32.dll - ok
19:03:26.0364 4424 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
19:03:26.0364 4424 C:\Windows\System32\msacm32.drv - ok
19:03:26.0364 4424 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
19:03:26.0380 4424 C:\Windows\System32\UXInit.dll - ok
19:03:26.0380 4424 [ B551D6637AA0E132C18AC6E504F7B79B ] C:\Windows\System32\WUDFSvc.dll
19:03:26.0380 4424 C:\Windows\System32\WUDFSvc.dll - ok
19:03:26.0380 4424 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
19:03:26.0380 4424 C:\Windows\System32\midimap.dll - ok
19:03:26.0380 4424 [ 6103E3D8B9D82A27E417CC0AA8DD18EB ] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
19:03:26.0380 4424 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - ok
19:03:26.0380 4424 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
19:03:26.0380 4424 C:\Windows\System32\AudioEng.dll - ok
19:03:26.0380 4424 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
19:03:26.0380 4424 C:\Windows\System32\AUDIOKSE.dll - ok
19:03:26.0380 4424 [ E05CC5994838C6822E6917819EBBED75 ] C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll
19:03:26.0380 4424 C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll - ok
19:03:26.0380 4424 [ 52D2ECAE9642DB2EB57C56817426391A ] C:\Windows\System32\nvsvc64.dll
19:03:26.0380 4424 C:\Windows\System32\nvsvc64.dll - ok
19:03:26.0380 4424 [ 448E073D8FA3016DBA69EF2421B6F9D9 ] C:\Windows\System32\RtkAPO64.dll
19:03:26.0380 4424 C:\Windows\System32\RtkAPO64.dll - ok
19:03:26.0395 4424 [ 95D498927F74ACA3593D653D42099915 ] C:\Windows\System32\WUDFHost.exe
19:03:26.0395 4424 C:\Windows\System32\WUDFHost.exe - ok
19:03:26.0395 4424 [ 961036B3C6282C646B9ADBC8BB32C983 ] C:\Windows\System32\mscms.dll
19:03:26.0395 4424 C:\Windows\System32\mscms.dll - ok
19:03:26.0395 4424 [ 5D0F03EEF3205F66ECFBE72A7CBBAD1F ] C:\Windows\System32\winusb.dll
19:03:26.0395 4424 C:\Windows\System32\winusb.dll - ok
19:03:26.0395 4424 [ 518A0FD2A0E7BE84589659A948B1FBD6 ] C:\Windows\System32\WUDFx.dll
19:03:26.0395 4424 C:\Windows\System32\WUDFx.dll - ok
19:03:26.0395 4424 [ E7E2FB3C0B21E21C23A700B93FD6CF8A ] C:\Program Files\NVIDIA Corporation\Display\nvui.dll
19:03:26.0395 4424 C:\Program Files\NVIDIA Corporation\Display\nvui.dll - ok
19:03:26.0395 4424 [ 58F622E17C8E37215742B820BF191D6C ] C:\Windows\System32\drivers\UMDF\ZuneDriver.dll
19:03:26.0395 4424 C:\Windows\System32\drivers\UMDF\ZuneDriver.dll - ok
19:03:26.0395 4424 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
19:03:26.0395 4424 C:\Windows\System32\msimg32.dll - ok
19:03:26.0395 4424 [ 10678E1B55E707861C6A3D69F3FECF9E ] C:\Windows\System32\nvapi64.dll
19:03:26.0395 4424 C:\Windows\System32\nvapi64.dll - ok
19:03:26.0395 4424 [ 4552F2FF1FF3720A65619F92965E1ACC ] C:\Windows\System32\winhttp.dll
19:03:26.0395 4424 C:\Windows\System32\winhttp.dll - ok
19:03:26.0411 4424 [ B90443404596E62B2E60A9EEA5FAF5CA ] C:\Windows\System32\R4EED64A.dll
19:03:26.0411 4424 C:\Windows\System32\R4EED64A.dll - ok
19:03:26.0411 4424 [ E0B4052B55114ACD0BFE627AE050E751 ] C:\Windows\System32\R4EEL64A.dll
19:03:26.0411 4424 C:\Windows\System32\R4EEL64A.dll - ok
19:03:26.0411 4424 [ 2196CDBFA4B99BEEDAE300FA21DFE718 ] C:\Windows\System32\webio.dll
19:03:26.0411 4424 C:\Windows\System32\webio.dll - ok
19:03:26.0411 4424 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
19:03:26.0411 4424 C:\Windows\System32\imageres.dll - ok
19:03:26.0411 4424 [ CFD315539589E6A7DD5D30EA0C7BAEF9 ] C:\Windows\System32\nvcpl.dll
19:03:26.0411 4424 C:\Windows\System32\nvcpl.dll - ok
19:03:26.0411 4424 [ 3F99CE52627B83E80719C21671401081 ] C:\Windows\System32\ZuneMTPZ.dll
19:03:26.0411 4424 C:\Windows\System32\ZuneMTPZ.dll - ok
19:03:26.0411 4424 [ 21029B7B4FF9F741BD671F16D716A267 ] C:\Windows\System32\ZuneUsbTransport.dll
19:03:26.0411 4424 C:\Windows\System32\ZuneUsbTransport.dll - ok
19:03:26.0411 4424 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
19:03:26.0411 4424 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll - ok
19:03:26.0427 4424 [ AF28348ED585539C4A33A4341FF23696 ] C:\Windows\System32\oleacc.dll
19:03:26.0427 4424 C:\Windows\System32\oleacc.dll - ok
19:03:26.0427 4424 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
19:03:26.0427 4424 C:\Windows\System32\PortableDeviceTypes.dll - ok
19:03:26.0427 4424 [ 02CDEB5D8B3DD5F6770DEFFBBC0CFAD0 ] C:\Windows\System32\winspool.drv
19:03:26.0427 4424 C:\Windows\System32\winspool.drv - ok
19:03:26.0427 4424 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
19:03:26.0427 4424 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
19:03:26.0427 4424 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
19:03:26.0427 4424 C:\Windows\System32\drivers\lltdio.sys - ok
19:03:26.0427 4424 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
19:03:26.0427 4424 C:\Windows\System32\drivers\rspndr.sys - ok
19:03:26.0427 4424 [ 57FE2CFC2F25C200499D5D934EA24EB5 ] C:\Windows\System32\IPHLPAPI.DLL
19:03:26.0427 4424 C:\Windows\System32\IPHLPAPI.DLL - ok
19:03:26.0427 4424 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
19:03:26.0427 4424 C:\Windows\System32\lmhsvc.dll - ok
19:03:26.0442 4424 [ FD5BA198F7190DFE9BE1947EB8710396 ] C:\Windows\System32\nrpsrv.dll
19:03:26.0442 4424 C:\Windows\System32\nrpsrv.dll - ok
19:03:26.0442 4424 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
19:03:26.0442 4424 C:\Windows\System32\nsisvc.dll - ok
19:03:26.0442 4424 [ 27EA0C9A92E68F1F45CCEFEF459EF526 ] C:\Windows\System32\nvumdshimx.dll
19:03:26.0442 4424 C:\Windows\System32\nvumdshimx.dll - ok
19:03:26.0442 4424 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
19:03:26.0442 4424 C:\Windows\System32\winnsi.dll - ok
19:03:26.0442 4424 [ CE3B9562D997F69B330D181A8875960F ] C:\Windows\System32\dhcpcore.dll
19:03:26.0442 4424 C:\Windows\System32\dhcpcore.dll - ok
19:03:26.0442 4424 [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
19:03:26.0442 4424 C:\Windows\System32\dhcpcore6.dll - ok
19:03:26.0442 4424 [ 00FD84814C11788A619D4417841EEB48 ] C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll
19:03:26.0442 4424 C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll - ok
19:03:26.0442 4424 [ 85CF424C74A1D5EC33533E1DBFF9920A ] C:\Windows\System32\dnsrslvr.dll
19:03:26.0442 4424 C:\Windows\System32\dnsrslvr.dll - ok
19:03:26.0442 4424 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
19:03:26.0442 4424 C:\Windows\System32\FWPUCLNT.DLL - ok
19:03:26.0458 4424 [ DA1222CB9C156A33421B4A88BDEC5D8D ] C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll
19:03:26.0458 4424 C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll - ok
19:03:26.0458 4424 [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
19:03:26.0458 4424 C:\Windows\System32\dhcpcsvc6.dll - ok
19:03:26.0458 4424 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
19:03:26.0458 4424 C:\Windows\System32\dnsext.dll - ok
19:03:26.0458 4424 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] C:\Windows\System32\shsvcs.dll
19:03:26.0458 4424 C:\Windows\System32\shsvcs.dll - ok
19:03:26.0458 4424 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
19:03:26.0458 4424 C:\Windows\System32\dhcpcsvc.dll - ok
19:03:26.0458 4424 [ 624D0F5FF99428BB90A5B8A4123E918E ] C:\Windows\System32\schedsvc.dll
19:03:26.0458 4424 C:\Windows\System32\schedsvc.dll - ok
19:03:26.0458 4424 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
19:03:26.0458 4424 C:\Windows\System32\ktmw32.dll - ok
19:03:26.0458 4424 [ 1B38A0F123FCF1546FACEAF1EFAFAA00 ] C:\Windows\System32\fveapi.dll
19:03:26.0458 4424 C:\Windows\System32\fveapi.dll - ok
19:03:26.0473 4424 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
19:03:26.0473 4424 C:\Windows\System32\fvecerts.dll - ok
19:03:26.0473 4424 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
19:03:26.0473 4424 C:\Windows\System32\tbs.dll - ok
19:03:26.0473 4424 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
19:03:26.0473 4424 C:\Windows\System32\wiarpc.dll - ok
19:03:26.0473 4424 [ 1B547066D0A6CD40EB3BAAC6A9C7E7A9 ] C:\Windows\System32\taskcomp.dll
19:03:26.0473 4424 C:\Windows\System32\taskcomp.dll - ok
19:03:26.0473 4424 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] C:\Windows\System32\drivers\http.sys
19:03:26.0473 4424 C:\Windows\System32\drivers\http.sys - ok
19:03:26.0473 4424 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] C:\Windows\System32\spoolsv.exe
19:03:26.0473 4424 C:\Windows\System32\spoolsv.exe - ok
19:03:26.0473 4424 [ 4992C609A6315671463E30F6512BC022 ] C:\Windows\System32\BFE.DLL
19:03:26.0473 4424 C:\Windows\System32\BFE.DLL - ok
19:03:26.0473 4424 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] C:\Windows\System32\drivers\srvnet.sys
19:03:26.0473 4424 C:\Windows\System32\drivers\srvnet.sys - ok
19:03:26.0473 4424 [ 19D20159708E152267E53B66677A4995 ] C:\Windows\System32\drivers\bowser.sys
19:03:26.0473 4424 C:\Windows\System32\drivers\bowser.sys - ok
19:03:26.0489 4424 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
19:03:26.0489 4424 C:\Windows\System32\drivers\mpsdrv.sys - ok
19:03:26.0489 4424 [ 040D62A9D8AD28922632137ACDD984F2 ] C:\Windows\System32\drivers\mrxsmb.sys
19:03:26.0489 4424 C:\Windows\System32\drivers\mrxsmb.sys - ok
19:03:26.0489 4424 [ F0067552F8F9B33D7C59403AB808A3CB ] C:\Windows\System32\drivers\mrxsmb10.sys
19:03:26.0489 4424 C:\Windows\System32\drivers\mrxsmb10.sys - ok
19:03:26.0489 4424 [ 3C142D31DE9F2F193218A53FE2632051 ] C:\Windows\System32\drivers\mrxsmb20.sys
19:03:26.0489 4424 C:\Windows\System32\drivers\mrxsmb20.sys - ok
19:03:26.0489 4424 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] C:\Windows\System32\drivers\srv.sys
19:03:26.0489 4424 C:\Windows\System32\drivers\srv.sys - ok
19:03:26.0489 4424 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] C:\Windows\System32\drivers\srv2.sys
19:03:26.0489 4424 C:\Windows\System32\drivers\srv2.sys - ok
19:03:26.0489 4424 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
19:03:26.0489 4424 C:\Windows\System32\wfapigp.dll - ok
19:03:26.0489 4424 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] C:\Windows\System32\wkssvc.dll
19:03:26.0489 4424 C:\Windows\System32\wkssvc.dll - ok
19:03:26.0489 4424 [ 6B054C67AAA87843504E8E3C09102009 ] C:\Windows\System32\browser.dll
19:03:26.0489 4424 C:\Windows\System32\browser.dll - ok
19:03:26.0505 4424 [ 4EAE37133B78A26A84EA1649D9B21A1E ] C:\Windows\System32\clusapi.dll
19:03:26.0505 4424 C:\Windows\System32\clusapi.dll - ok
19:03:26.0505 4424 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
19:03:26.0505 4424 C:\Windows\System32\netmsg.dll - ok
19:03:26.0505 4424 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
19:03:26.0505 4424 C:\Windows\System32\resutils.dll - ok
19:03:26.0505 4424 [ 81F1D04D4D0E433099365127375FD501 ] C:\Windows\System32\srvsvc.dll
19:03:26.0505 4424 C:\Windows\System32\srvsvc.dll - ok
19:03:26.0505 4424 [ 836892094209E5D9CF403B4CF2829B5C ] C:\Windows\System32\sscore.dll
19:03:26.0505 4424 C:\Windows\System32\sscore.dll - ok
19:03:26.0505 4424 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
19:03:26.0505 4424 C:\Windows\System32\adtschema.dll - ok
19:03:26.0505 4424 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
19:03:26.0505 4424 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
19:03:26.0505 4424 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:26.0505 4424 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
19:03:26.0505 4424 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
19:03:26.0505 4424 C:\Windows\System32\rasadhlp.dll - ok
19:03:26.0520 4424 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
19:03:26.0520 4424 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
19:03:26.0520 4424 [ 5C9F7E0E93D31F3A8DE6732FD9F7E6FD ] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
19:03:26.0520 4424 C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe - ok
19:03:26.0520 4424 [ C6D332ED6A3BD6060C0F0F5A18C1A3C0 ] C:\Windows\System32\cryptnet.dll
19:03:26.0520 4424 C:\Windows\System32\cryptnet.dll - ok
19:03:26.0520 4424 [ F02786B66375292E58C8777082D4396D ] C:\Windows\System32\cryptsvc.dll
19:03:26.0520 4424 C:\Windows\System32\cryptsvc.dll - ok
19:03:26.0520 4424 [ A261AD1FDC6D6A658A82B81AF81B215F ] C:\Windows\System32\vssapi.dll
19:03:26.0520 4424 C:\Windows\System32\vssapi.dll - ok
19:03:26.0520 4424 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
19:03:26.0520 4424 C:\Windows\System32\vsstrace.dll - ok
19:03:26.0520 4424 [ 95EF67726C2F3B5E6A9AD8A289D5D87D ] C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
19:03:26.0520 4424 C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll - ok
19:03:26.0520 4424 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] C:\Windows\System32\dps.dll
19:03:26.0520 4424 C:\Windows\System32\dps.dll - ok
19:03:26.0536 4424 [ C5B4683680DF085B57BC53E5EF34861F ] C:\Windows\System32\IKEEXT.DLL
19:03:26.0536 4424 C:\Windows\System32\IKEEXT.DLL - ok
19:03:26.0536 4424 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
19:03:26.0536 4424 C:\Windows\System32\netman.dll - ok
19:03:26.0536 4424 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] C:\Windows\System32\nlasvc.dll
19:03:26.0536 4424 C:\Windows\System32\nlasvc.dll - ok
19:03:26.0536 4424 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
19:03:26.0536 4424 C:\Windows\System32\aepic.dll - ok
19:03:26.0536 4424 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
19:03:26.0536 4424 C:\Windows\System32\drivers\PEAuth.sys - ok
19:03:26.0536 4424 [ 107F279517E2A04DB4AC1B1FAF1D573B ] C:\Windows\System32\ncsi.dll
19:03:26.0536 4424 C:\Windows\System32\ncsi.dll - ok
19:03:26.0536 4424 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
19:03:26.0536 4424 C:\Windows\System32\pcasvc.dll - ok
19:03:26.0536 4424 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
19:03:26.0536 4424 C:\Windows\System32\sfc.dll - ok
19:03:26.0536 4424 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
19:03:26.0536 4424 C:\Windows\System32\sfc_os.dll - ok
19:03:26.0536 4424 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
19:03:26.0536 4424 C:\Windows\System32\ssdpapi.dll - ok
19:03:26.0551 4424 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] C:\Windows\SysWOW64\PnkBstrA.exe
19:03:26.0551 4424 C:\Windows\SysWOW64\PnkBstrA.exe - ok
19:03:26.0551 4424 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
19:03:26.0551 4424 C:\Windows\SysWOW64\psapi.dll - ok
19:03:26.0551 4424 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
19:03:26.0551 4424 C:\Windows\SysWOW64\wsock32.dll - ok
19:03:26.0551 4424 [ D0C0B700152B1F610F10B356483B3401 ] C:\Program Files (x86)\Skype\Updater\Updater.exe
19:03:26.0551 4424 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
19:03:26.0551 4424 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
19:03:26.0551 4424 C:\Windows\System32\drivers\secdrv.sys - ok
19:03:26.0551 4424 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] C:\Windows\System32\IPSECSVC.DLL
19:03:26.0551 4424 C:\Windows\System32\IPSECSVC.DLL - ok
19:03:26.0551 4424 [ 463B386EBC70F98DA5DFF85F7E654346 ] C:\Windows\System32\seclogon.dll
19:03:26.0551 4424 C:\Windows\System32\seclogon.dll - ok
19:03:26.0551 4424 [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\SysWOW64\mswsock.dll
19:03:26.0551 4424 C:\Windows\SysWOW64\mswsock.dll - ok
19:03:26.0551 4424 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
19:03:26.0551 4424 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
19:03:26.0567 4424 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
19:03:26.0567 4424 C:\Windows\System32\FwRemoteSvr.dll - ok
19:03:26.0567 4424 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
19:03:26.0567 4424 C:\Windows\SysWOW64\profapi.dll - ok
19:03:26.0567 4424 [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\SysWOW64\userenv.dll
19:03:26.0567 4424 C:\Windows\SysWOW64\userenv.dll - ok
19:03:26.0567 4424 [ E30E5BB0DBA49EFE5BBBAFEA440CFBD9 ] C:\Windows\SysWOW64\wtsapi32.dll
19:03:26.0567 4424 C:\Windows\SysWOW64\wtsapi32.dll - ok
19:03:26.0567 4424 [ 101556F6216E97F1258D87C38203695F ] C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
19:03:26.0567 4424 C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe - ok
19:03:26.0567 4424 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
19:03:26.0567 4424 C:\Windows\SysWOW64\clbcatq.dll - ok
19:03:26.0567 4424 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
19:03:26.0567 4424 C:\Windows\SysWOW64\cryptsp.dll - ok
19:03:26.0567 4424 [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\SysWOW64\RpcRtRemote.dll
19:03:26.0567 4424 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
19:03:26.0567 4424 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
19:03:26.0567 4424 C:\Windows\SysWOW64\rsaenh.dll - ok
19:03:26.0583 4424 [ 76D078AF6F587B162D50210F761EB9ED ] C:\Windows\System32\drivers\tcpipreg.sys
19:03:26.0583 4424 C:\Windows\System32\drivers\tcpipreg.sys - ok
19:03:26.0583 4424 [ 4509387963DF66A6401752A0C631F6E8 ] C:\Windows\System32\httpapi.dll
19:03:26.0583 4424 C:\Windows\System32\httpapi.dll - ok
19:03:26.0583 4424 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
19:03:26.0583 4424 C:\Windows\System32\sstpsvc.dll - ok
19:03:26.0583 4424 [ 3C1284516A62078FB68F768DE4F1A7BE ] C:\Windows\System32\sysmain.dll
19:03:26.0583 4424 C:\Windows\System32\sysmain.dll - ok
19:03:26.0583 4424 [ 884264AC597B690C5707C89723BB8E7B ] C:\Windows\System32\tapisrv.dll
19:03:26.0583 4424 C:\Windows\System32\tapisrv.dll - ok
19:03:26.0583 4424 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] C:\Windows\System32\wiaservc.dll
19:03:26.0583 4424 C:\Windows\System32\wiaservc.dll - ok
19:03:26.0583 4424 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
19:03:26.0583 4424 C:\Windows\System32\wiatrace.dll - ok
19:03:26.0583 4424 [ D005D98138138FD12BF808DD41BF547B ] C:\Windows\msisear.exe
19:03:26.0583 4424 C:\Windows\msisear.exe - ok
19:03:26.0583 4424 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
19:03:26.0583 4424 C:\Windows\System32\trkwks.dll - ok
19:03:26.0598 4424 [ D3EAD1CF16BA729A7F7C9A5D94AA7C05 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
19:03:26.0598 4424 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll - ok
19:03:26.0598 4424 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
19:03:26.0598 4424 C:\Windows\SysWOW64\dsound.dll - ok
19:03:26.0598 4424 [ C10459DBDC2099C5A8428CB7D87DB85F ] C:\Windows\SysWOW64\olepro32.dll
19:03:26.0598 4424 C:\Windows\SysWOW64\olepro32.dll - ok
19:03:26.0598 4424 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:03:26.0598 4424 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
19:03:26.0598 4424 [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
19:03:26.0598 4424 C:\Program Files\Windows Defender\MpSvc.dll - ok
19:03:26.0598 4424 [ FAF9BA81FB0543CB4B7EFFD24CFA815F ] C:\Windows\System32\wbemcomn.dll
19:03:26.0598 4424 C:\Windows\System32\wbemcomn.dll - ok
19:03:26.0598 4424 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
19:03:26.0598 4424 C:\Windows\System32\wbem\WMIsvc.dll - ok
19:03:26.0598 4424 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
19:03:26.0598 4424 C:\Windows\SysWOW64\powrprof.dll - ok
19:03:26.0598 4424 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
19:03:26.0598 4424 C:\Program Files\Windows Defender\MpClient.dll - ok
19:03:26.0614 4424 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
19:03:26.0614 4424 C:\Windows\System32\wbem\fastprox.dll - ok
19:03:26.0614 4424 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
19:03:26.0614 4424 C:\Windows\System32\wbem\WinMgmtR.dll - ok
19:03:26.0614 4424 [ A7582A70802D5B9F28ED3940F6A3E9ED ] C:\Windows\System32\wbem\WmiDcPrv.dll
19:03:26.0614 4424 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
19:03:26.0614 4424 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
19:03:26.0614 4424 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
19:03:26.0614 4424 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
19:03:26.0614 4424 C:\Windows\System32\ntdsapi.dll - ok
19:03:26.0614 4424 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
19:03:26.0614 4424 C:\Windows\System32\SensApi.dll - ok
19:03:26.0614 4424 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
19:03:26.0614 4424 C:\Windows\System32\wbem\wbemprox.dll - ok
19:03:26.0614 4424 [ FE130D15D71AC16EFFDF1397F2AF1653 ] C:\Windows\System32\esent.dll
19:03:26.0614 4424 C:\Windows\System32\esent.dll - ok
19:03:26.0629 4424 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
19:03:26.0629 4424 C:\Windows\System32\wer.dll - ok
19:03:26.0629 4424 [ 22E7431E7DAE8463AF94A79A054276E5 ] C:\Windows\System32\WinSCard.dll
19:03:26.0629 4424 C:\Windows\System32\WinSCard.dll - ok
19:03:26.0629 4424 [ 3B9665D4B8C587A6014B9B8DFF5974A0 ] C:\Windows\System32\wbem\wbemcore.dll
19:03:26.0629 4424 C:\Windows\System32\wbem\wbemcore.dll - ok
19:03:26.0629 4424 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
19:03:26.0629 4424 C:\Windows\System32\wbem\esscli.dll - ok
19:03:26.0629 4424 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
19:03:26.0629 4424 C:\Windows\System32\eappprxy.dll - ok
19:03:26.0629 4424 [ F8E058D17363EC580E4B7232778B6CB5 ] C:\Windows\System32\iphlpsvc.dll
19:03:26.0629 4424 C:\Windows\System32\iphlpsvc.dll - ok
19:03:26.0629 4424 [ 47394ED3D16D053F5906EFE5AB51CC83 ] C:\Windows\System32\rasmans.dll
19:03:26.0629 4424 C:\Windows\System32\rasmans.dll - ok
19:03:26.0629 4424 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
19:03:26.0629 4424 C:\Windows\System32\rastapi.dll - ok
19:03:26.0629 4424 [ 48A6CA43A5C921C465F70D9B42B3EF1A ] C:\Windows\System32\sqmapi.dll
19:03:26.0629 4424 C:\Windows\System32\sqmapi.dll - ok
19:03:26.0645 4424 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
19:03:26.0645 4424 C:\Windows\System32\wbem\wbemsvc.dll - ok
19:03:26.0645 4424 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
19:03:26.0645 4424 C:\Windows\System32\wdscore.dll - ok
19:03:26.0645 4424 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
19:03:26.0645 4424 C:\Windows\System32\hnetcfg.dll - ok
19:03:26.0645 4424 [ 8F6D9A20F1FB06F0602A7D5A82840DBF ] C:\Windows\System32\netcfgx.dll
19:03:26.0645 4424 C:\Windows\System32\netcfgx.dll - ok
19:03:26.0645 4424 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
19:03:26.0645 4424 C:\Windows\System32\tapi32.dll - ok
19:03:26.0645 4424 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
19:03:26.0645 4424 C:\Windows\System32\wbem\repdrvfs.dll - ok
19:03:26.0645 4424 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
19:03:26.0645 4424 C:\Windows\System32\wbem\wmiutils.dll - ok
19:03:26.0645 4424 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
19:03:26.0645 4424 C:\Windows\System32\kmddsp.tsp - ok
19:03:26.0645 4424 [ 6E03C9E362389A768E6C240933352D11 ] C:\Windows\System32\nci.dll
19:03:26.0645 4424 C:\Windows\System32\nci.dll - ok
19:03:26.0661 4424 [ EE25B470C39126B08055A7CB71A67A58 ] C:\Windows\System32\unimdm.tsp
19:03:26.0661 4424 C:\Windows\System32\unimdm.tsp - ok
19:03:26.0661 4424 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
19:03:26.0661 4424 C:\Windows\System32\uniplat.dll - ok
19:03:26.0661 4424 [ 2D62FF2B999A0A38E6438691C246481F ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
19:03:26.0661 4424 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
19:03:26.0661 4424 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
19:03:26.0661 4424 C:\Windows\System32\hidphone.tsp - ok
19:03:26.0661 4424 [ CE07AF86AA72F4AE964239DE0DABE738 ] C:\Windows\System32\msxml3.dll
19:03:26.0661 4424 C:\Windows\System32\msxml3.dll - ok
19:03:26.0661 4424 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
19:03:26.0661 4424 C:\Windows\System32\ncobjapi.dll - ok
19:03:26.0661 4424 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
19:03:26.0661 4424 C:\Windows\System32\ndptsp.tsp - ok
19:03:26.0661 4424 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
19:03:26.0661 4424 C:\Windows\System32\wbem\wbemess.dll - ok
19:03:26.0676 4424 [ 82BC97E5793DEF69691AAD5AB953A200 ] C:\Windows\System32\wbem\WmiPrvSD.dll
19:03:26.0676 4424 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
19:03:26.0676 4424 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
19:03:26.0676 4424 C:\Windows\System32\eappcfg.dll - ok
19:03:26.0676 4424 [ DF627325D25191236BABA895D5A51EF6 ] C:\Windows\System32\rasppp.dll
19:03:26.0676 4424 C:\Windows\System32\rasppp.dll - ok
19:03:26.0676 4424 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
19:03:26.0676 4424 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
19:03:26.0676 4424 [ 1482CC99F7E2DA2FECF59C6A774FED0A ] C:\Windows\System32\raschap.dll
19:03:26.0676 4424 C:\Windows\System32\raschap.dll - ok
19:03:26.0676 4424 [ E3DA135D4DD0D34512D4FEBCB6ED760E ] C:\Windows\System32\vpnike.dll
19:03:26.0676 4424 C:\Windows\System32\vpnike.dll - ok
19:03:26.0676 4424 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
19:03:26.0676 4424 C:\Windows\System32\ipnathlp.dll - ok
19:03:26.0676 4424 [ 114429A77D935053E13A9BF98A8B8CA1 ] C:\Windows\System32\mprapi.dll
19:03:26.0676 4424 C:\Windows\System32\mprapi.dll - ok
19:03:26.0692 4424 [ 66920354B984D4A3848A84B4E66745EA ] C:\Windows\System32\netshell.dll
19:03:26.0692 4424 C:\Windows\System32\netshell.dll - ok
19:03:26.0692 4424 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] C:\Windows\gdrv.sys
19:03:26.0692 4424 C:\Windows\gdrv.sys - ok
19:03:26.0692 4424 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
19:03:26.0692 4424 C:\Windows\System32\hidserv.dll - ok
19:03:26.0692 4424 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
19:03:26.0692 4424 C:\Windows\System32\npmproxy.dll - ok
19:03:26.0692 4424 [ 2E57DDF2880A7E52E76F41C7E96D327B ] C:\Windows\System32\wpdbusenum.dll
19:03:26.0692 4424 C:\Windows\System32\wpdbusenum.dll - ok
19:03:26.0692 4424 [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll
19:03:26.0692 4424 C:\Program Files\Windows Defender\MpRTP.dll - ok
19:03:26.0692 4424 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
19:03:26.0692 4424 C:\Windows\System32\tdh.dll - ok
19:03:26.0692 4424 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
19:03:26.0692 4424 C:\Windows\System32\wdi.dll - ok
19:03:26.0707 4424 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
19:03:26.0707 4424 C:\Windows\System32\Apphlpdm.dll - ok
19:03:26.0707 4424 [ D891293880F2F00AB7BA959910300EF7 ] C:\Windows\System32\diagperf.dll
19:03:26.0707 4424 C:\Windows\System32\diagperf.dll - ok
19:03:26.0707 4424 [ 3F8079887357269BD594A3F3195F1AB6 ] C:\Windows\System32\PortableDeviceApi.dll
19:03:26.0707 4424 C:\Windows\System32\PortableDeviceApi.dll - ok
19:03:26.0707 4424 [ 4D7CD1EA9562B93780423956C84ABA1F ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0BD1946-041F-4081-99F3-F5D97E150A6F}\mpengine.dll
19:03:26.0707 4424 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0BD1946-041F-4081-99F3-F5D97E150A6F}\mpengine.dll - ok
19:03:26.0707 4424 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
19:03:26.0707 4424 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
19:03:26.0707 4424 [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\SysWOW64\perfos.dll
19:03:26.0707 4424 C:\Windows\SysWOW64\perfos.dll - ok
19:03:26.0707 4424 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
19:03:26.0707 4424 C:\Windows\System32\perftrack.dll - ok
19:03:26.0707 4424 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
19:03:26.0707 4424 C:\Windows\System32\pnpts.dll - ok
19:03:26.0723 4424 [ 65AF044B5570D355124DCD1E099AA98F ] C:\Windows\System32\wdiasqmmodule.dll
19:03:26.0723 4424 C:\Windows\System32\wdiasqmmodule.dll - ok
19:03:26.0723 4424 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
19:03:26.0723 4424 C:\Windows\System32\NapiNSP.dll - ok
19:03:26.0723 4424 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
19:03:26.0723 4424 C:\Windows\System32\pnrpnsp.dll - ok
19:03:26.0723 4424 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
19:03:26.0723 4424 C:\Windows\System32\winrnr.dll - ok
19:03:26.0723 4424 [ DF060DFD8EEFC6EE0BEC3B6DF842D31E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0BD1946-041F-4081-99F3-F5D97E150A6F}\mpasbase.vdm
19:03:26.0723 4424 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0BD1946-041F-4081-99F3-F5D97E150A6F}\mpasbase.vdm - ok
19:03:26.0723 4424 [ 43AB9116F178451E2D4D6E3BEAD7560E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0BD1946-041F-4081-99F3-F5D97E150A6F}\mpasdlta.vdm
19:03:26.0723 4424 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0BD1946-041F-4081-99F3-F5D97E150A6F}\mpasdlta.vdm - ok
19:03:26.0723 4424 [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll
19:03:26.0723 4424 C:\Program Files\Windows Defender\MsMpLics.dll - ok
19:03:26.0723 4424 [ 36D31EA14A5014079E335BA73C1C88DA ] C:\Windows\System32\wscapi.dll
19:03:26.0723 4424 C:\Windows\System32\wscapi.dll - ok
19:03:26.0739 4424 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
19:03:26.0739 4424 C:\Windows\System32\wscisvif.dll - ok
19:03:26.0739 4424 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
19:03:26.0739 4424 C:\Windows\System32\wscproxystub.dll - ok
19:03:26.0739 4424 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
19:03:26.0739 4424 C:\Windows\System32\aeevts.dll - ok
19:03:26.0739 4424 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
19:03:26.0739 4424 C:\Windows\System32\dllhost.exe - ok
19:03:26.0739 4424 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
19:03:26.0739 4424 C:\Windows\System32\IDStore.dll - ok
19:03:26.0739 4424 [ 3EEFB971D61EF9638FD21F14C703CA11 ] C:\Windows\System32\taskhost.exe
19:03:26.0739 4424 C:\Windows\System32\taskhost.exe - ok
19:03:26.0739 4424 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
19:03:26.0739 4424 C:\Windows\System32\mpr.dll - ok
19:03:26.0739 4424 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
19:03:26.0739 4424 C:\Windows\System32\PlaySndSrv.dll - ok
19:03:26.0754 4424 [ 2017BFE87CAB3D7EF632CFD2AA08D3F0 ] C:\Windows\System32\umb.dll
19:03:26.0754 4424 C:\Windows\System32\umb.dll - ok
19:03:26.0754 4424 [ 8CFACC72081C21519676BF4AAA1A88A9 ] C:\Windows\System32\localspl.dll
19:03:26.0754 4424 C:\Windows\System32\localspl.dll - ok
19:03:26.0754 4424 [ 6F8F1376A13114CC10C0E69274F5A4DE ] C:\Windows\System32\userinit.exe
19:03:26.0754 4424 C:\Windows\System32\userinit.exe - ok
19:03:26.0754 4424 [ EC98366AD462383659681BDFFD384CED ] C:\Windows\System32\CNBLM4.DLL
19:03:26.0754 4424 C:\Windows\System32\CNBLM4.DLL - ok
19:03:26.0754 4424 [ E582882B9C04C8A255A42F63825E1B87 ] C:\Windows\System32\CNCALAN.DLL
19:03:26.0754 4424 C:\Windows\System32\CNCALAN.DLL - ok
19:03:26.0754 4424 [ 5F9BB0C78173D1923D4725D81E4063FD ] C:\Windows\System32\CNMLMAN.DLL
19:03:26.0754 4424 C:\Windows\System32\CNMLMAN.DLL - ok
19:03:26.0754 4424 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
19:03:26.0754 4424 C:\Windows\System32\dwm.exe - ok
19:03:26.0754 4424 [ 33CC7FFA41F6157592E1578BD253F30E ] C:\Windows\System32\PrintIsolationProxy.dll
19:03:26.0770 4424 C:\Windows\System32\PrintIsolationProxy.dll - ok
19:03:26.0770 4424 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
19:03:26.0770 4424 C:\Windows\System32\spoolss.dll - ok
19:03:26.0770 4424 [ 4A9C54F09772403272770BD2CD72E765 ] C:\Windows\System32\CNMN6PPM.DLL
19:03:26.0770 4424 C:\Windows\System32\CNMN6PPM.DLL - ok
19:03:26.0770 4424 [ 9D8AB964CE511AF81207DF0E1205184C ] C:\Windows\System32\dwmcore.dll
19:03:26.0770 4424 C:\Windows\System32\dwmcore.dll - ok
19:03:26.0770 4424 [ EF184066A851E7838D5BF8C8FAE66CC4 ] C:\Windows\System32\dwmredir.dll
19:03:26.0770 4424 C:\Windows\System32\dwmredir.dll - ok
19:03:26.0770 4424 [ 20BEB8C403C6E28C9B13644787F5177D ] C:\Windows\System32\FXSMON.dll
19:03:26.0770 4424 C:\Windows\System32\FXSMON.dll - ok
19:03:26.0770 4424 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
19:03:26.0770 4424 C:\Windows\System32\snmpapi.dll - ok
19:03:26.0770 4424 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
19:03:26.0770 4424 C:\Windows\System32\tcpmon.dll - ok
19:03:26.0770 4424 [ AD7C70077D4C81558E909D34EF6B995E ] C:\Windows\System32\wsnmp32.dll
19:03:26.0770 4424 C:\Windows\System32\wsnmp32.dll - ok
19:03:26.0785 4424 [ 72D3D64526765C34DBFC7D895B4FBDF6 ] C:\Windows\System32\msxml6.dll
19:03:26.0785 4424 C:\Windows\System32\msxml6.dll - ok
19:03:26.0785 4424 [ 58A0C212ED2ABE462B3A9626F5B96261 ] C:\Windows\System32\d3d10_1.dll
19:03:26.0785 4424 C:\Windows\System32\d3d10_1.dll - ok
19:03:26.0785 4424 [ AFBBC34687FA48A4928B99AF097C1EC0 ] C:\Windows\System32\d3d10_1core.dll
19:03:26.0785 4424 C:\Windows\System32\d3d10_1core.dll - ok
19:03:26.0785 4424 [ D95DB5C915C001F78709C17285109BDC ] C:\Windows\System32\dxgi.dll
19:03:26.0785 4424 C:\Windows\System32\dxgi.dll - ok
19:03:26.0785 4424 [ 9AAAEC8DAC27AA17B053E6352AD233AE ] C:\Windows\explorer.exe
19:03:26.0785 4424 C:\Windows\explorer.exe - ok
19:03:26.0785 4424 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
19:03:26.0785 4424 C:\Windows\System32\usbmon.dll - ok
19:03:26.0785 4424 [ 05FE4A30177E858B51F5E1E970FE9925 ] C:\Windows\System32\WSDApi.dll
19:03:26.0785 4424 C:\Windows\System32\WSDApi.dll - ok
19:03:26.0785 4424 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
19:03:26.0785 4424 C:\Windows\System32\WSDMon.dll - ok
19:03:26.0801 4424 [ 83C637BA1A2E085BFF9C1D660B7D37F9 ] C:\Windows\System32\nvwgf2umx.dll
19:03:26.0801 4424 C:\Windows\System32\nvwgf2umx.dll - ok
19:03:26.0801 4424 [ A3EA403D2B74C5F71B7E8B3DAE92DE1E ] C:\Windows\System32\webservices.dll
19:03:26.0801 4424 C:\Windows\System32\webservices.dll - ok
19:03:26.0801 4424 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
19:03:26.0801 4424 C:\Windows\System32\fdPnp.dll - ok
19:03:26.0801 4424 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
19:03:26.0801 4424 C:\Windows\System32\fundisc.dll - ok
19:03:26.0801 4424 [ 28FAFE145206267159B9283B96143E44 ] C:\Windows\System32\wsdchngr.dll
19:03:26.0801 4424 C:\Windows\System32\wsdchngr.dll - ok
19:03:26.0801 4424 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
19:03:26.0801 4424 C:\Windows\System32\dimsjob.dll - ok
19:03:26.0801 4424 [ 7F37322A489E285CFBCC02F6A53B3F1B ] C:\Windows\System32\HotStartUserAgent.dll
19:03:26.0801 4424 C:\Windows\System32\HotStartUserAgent.dll - ok
19:03:26.0801 4424 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
19:03:26.0801 4424 C:\Windows\System32\MsCtfMonitor.dll - ok
19:03:26.0817 4424 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
19:03:26.0817 4424 C:\Windows\System32\msutb.dll - ok
19:03:26.0817 4424 [ 389B0EEE1FFB490D76A556F04C0B268E ] C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL
19:03:26.0817 4424 C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL - ok
19:03:26.0817 4424 [ 7EDB2BF840ECB14D6E6B11C035708719 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
19:03:26.0817 4424 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
19:03:26.0817 4424 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
19:03:26.0817 4424 C:\Windows\System32\pautoenr.dll - ok
19:03:26.0817 4424 [ D0A7E1621B7AD1FCFE1B94BB0CB9DCDB ] C:\Windows\System32\spool\prtprocs\x64\CNMPDAN.DLL
19:03:26.0817 4424 C:\Windows\System32\spool\prtprocs\x64\CNMPDAN.DLL - ok
19:03:26.0817 4424 [ 79A37AE3806851CB445C475D527CF685 ] C:\Windows\System32\win32spl.dll
19:03:26.0817 4424 C:\Windows\System32\win32spl.dll - ok
19:03:26.0817 4424 [ AAA6D0DF7356BBA706BD67385A103AAB ] C:\Windows\System32\certcli.dll
19:03:26.0817 4424 C:\Windows\System32\certcli.dll - ok
19:03:26.0817 4424 [ 522BD073F617060AFCB9CC5707778DB1 ] C:\Windows\System32\CertEnroll.dll
19:03:26.0817 4424 C:\Windows\System32\CertEnroll.dll - ok
19:03:26.0832 4424 [ 17EAB1AEA937EFFCD107EFBA94FEDB34 ] C:\Windows\System32\inetpp.dll
19:03:26.0832 4424 C:\Windows\System32\inetpp.dll - ok
19:03:26.0832 4424 [ BFEBE1E4B301F44CEA7C1B4021BD0264 ] C:\Windows\System32\cscapi.dll
19:03:26.0832 4424 C:\Windows\System32\cscapi.dll - ok
19:03:26.0832 4424 [ 1C27E145EC99F20BC1B13FD98165A83F ] C:\Windows\System32\ExplorerFrame.dll
19:03:26.0832 4424 C:\Windows\System32\ExplorerFrame.dll - ok
19:03:26.0832 4424 [ FD993C6B2EF22A847C62780E30382B4A ] C:\Windows\System32\spool\drivers\x64\3\CNMCPAN.DLL
19:03:26.0832 4424 C:\Windows\System32\spool\drivers\x64\3\CNMCPAN.DLL - ok
19:03:26.0832 4424 [ 316B87064AE50F522F41483C9729094D ] C:\Windows\System32\spool\drivers\x64\3\CNMLHAN.DLL
19:03:26.0832 4424 C:\Windows\System32\spool\drivers\x64\3\CNMLHAN.DLL - ok
19:03:26.0832 4424 [ 659B7036757FEEBDC4FA2D724B0C858A ] C:\Windows\System32\cscui.dll
19:03:26.0832 4424 C:\Windows\System32\cscui.dll - ok
19:03:26.0832 4424 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
19:03:26.0832 4424 C:\Windows\System32\dssenh.dll - ok
19:03:26.0832 4424 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
19:03:26.0832 4424 C:\Windows\System32\EhStorShell.dll - ok
19:03:26.0832 4424 [ 5B840D903BA3B8E066B47F1221786FD0 ] C:\Windows\System32\cscdll.dll
19:03:26.0832 4424 C:\Windows\System32\cscdll.dll - ok
19:03:26.0848 4424 [ 0DFBB6B13ACFBDEE0E7DF0FD145614AC ] C:\Windows\System32\ntshrui.dll
19:03:26.0848 4424 C:\Windows\System32\ntshrui.dll - ok
19:03:26.0848 4424 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
19:03:26.0848 4424 C:\Windows\System32\IconCodecService.dll - ok
19:03:26.0848 4424 [ D065BE66822847B7F127D1F90158376E ] C:\Windows\System32\appinfo.dll
19:03:26.0848 4424 C:\Windows\System32\appinfo.dll - ok
19:03:26.0848 4424 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
19:03:26.0848 4424 C:\Windows\System32\uDWM.dll - ok
19:03:26.0848 4424 [ 9745E839270E9764CB82133F918D9786 ] C:\Windows\System32\spool\drivers\x64\3\CNCARAN.DLL
19:03:26.0848 4424 C:\Windows\System32\spool\drivers\x64\3\CNCARAN.DLL - ok
19:03:26.0848 4424 [ 6AB6D4DF10EC784CF4A66CBFAF417A11 ] C:\Windows\System32\runonce.exe
19:03:26.0848 4424 C:\Windows\System32\runonce.exe - ok
19:03:26.0848 4424 [ D0C890130CF0BF7CBF82DF739FA5435F ] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
19:03:26.0848 4424 C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe - ok
19:03:26.0848 4424 [ C2DEE00A0AA62F0592CA5A219705A51F ] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMMgr.exe
19:03:26.0848 4424 C:\Program Files\GIGABYTE\SMART6\Recovery\RPMMgr.exe - ok
19:03:26.0863 4424 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
19:03:26.0863 4424 C:\Windows\System32\oledlg.dll - ok
19:03:26.0863 4424 [ A125EFCD1E41A98AB6D37AB42C8435E3 ] C:\Program Files\GIGABYTE\SMART6\Recovery\yccdrv.dll
19:03:26.0863 4424 C:\Program Files\GIGABYTE\SMART6\Recovery\yccdrv.dll - ok
19:03:26.0863 4424 [ 7B8F7848D3C65DD9589A4898CFF3757D ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf\msvcr80.dll
19:03:26.0863 4424 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf\msvcr80.dll - ok
19:03:26.0863 4424 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
19:03:26.0863 4424 C:\Windows\System32\radardt.dll - ok
19:03:26.0863 4424 [ FC187139F8FA1D226F6A66CA646D0074 ] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
19:03:26.0863 4424 C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe - ok
19:03:26.0863 4424 [ 92379908818E86DA166CBFD930EAB1F7 ] C:\Program Files\GIGABYTE\SMART6\Recovery\RescuePlan.dll
19:03:26.0863 4424 C:\Program Files\GIGABYTE\SMART6\Recovery\RescuePlan.dll - ok
19:03:26.0863 4424 [ 8E53BD302F23631BF43691B22F789544 ] C:\Program Files\GIGABYTE\SMART6\Recovery\srpCore.dll
19:03:26.0863 4424 C:\Program Files\GIGABYTE\SMART6\Recovery\srpCore.dll - ok
19:03:26.0863 4424 [ B3E92656F85CADD1A351B321AF0CEBC8 ] C:\Program Files\GIGABYTE\SMART6\Recovery\srpVss.dll
19:03:26.0863 4424 C:\Program Files\GIGABYTE\SMART6\Recovery\srpVss.dll - ok
19:03:26.0879 4424 [ 787898BF9FB6D7BD87A36E2D95C899BA ] C:\Windows\System32\VSSVC.exe
19:03:26.0879 4424 C:\Windows\System32\VSSVC.exe - ok
19:03:26.0879 4424 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
19:03:26.0879 4424 C:\Windows\System32\fltLib.dll - ok
19:03:26.0879 4424 [ BBB44E9207E7F5A8D931AA6C74962C77 ] C:\Windows\System32\virtdisk.dll
19:03:26.0879 4424 C:\Windows\System32\virtdisk.dll - ok
19:03:26.0879 4424 [ 14768274399730DC93EB2BA4E51C507D ] C:\Windows\System32\xolehlp.dll
19:03:26.0879 4424 C:\Windows\System32\xolehlp.dll - ok
19:03:26.0879 4424 [ 3F1AF86909BA7314868477E4E1B76B00 ] C:\Windows\System32\vss_ps.dll
19:03:26.0879 4424 C:\Windows\System32\vss_ps.dll - ok
19:03:26.0879 4424 [ C2F327F7881DCD88F2EF926381B35E65 ] C:\Windows\System32\catsrvut.dll
19:03:26.0879 4424 C:\Windows\System32\catsrvut.dll - ok
19:03:26.0879 4424 [ AA066E1BE74A2C9DA50092E7245BC33C ] C:\Windows\System32\mfcsubs.dll
19:03:26.0879 4424 C:\Windows\System32\mfcsubs.dll - ok
19:03:26.0879 4424 [ E08E46FDD841B7184194011CA1955A0B ] C:\Windows\System32\swprv.dll
19:03:26.0879 4424 C:\Windows\System32\swprv.dll - ok
19:03:26.0895 4424 [ 169F916EFEAA44487E65305B7D2D754B ] C:\Windows\SysWOW64\runonce.exe
19:03:26.0895 4424 C:\Windows\SysWOW64\runonce.exe - ok
19:03:26.0895 4424 [ 4B8DD8541C0E26602005DD0137333615 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
19:03:26.0895 4424 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll - ok
19:03:26.0895 4424 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
19:03:26.0895 4424 C:\Windows\SysWOW64\uxtheme.dll - ok
19:03:26.0895 4424 [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\SysWOW64\propsys.dll
19:03:26.0895 4424 C:\Windows\SysWOW64\propsys.dll - ok
19:03:26.0895 4424 [ C02E3CE20E7776C922B5C8938350B5F1 ] C:\Windows\SysWOW64\apphelp.dll
19:03:26.0895 4424 C:\Windows\SysWOW64\apphelp.dll - ok
19:03:26.0895 4424 [ 8AE6DD9A6D246004DA047F704F0CC487 ] C:\Windows\SysWOW64\cmd.exe
19:03:26.0895 4424 C:\Windows\SysWOW64\cmd.exe - ok
19:03:26.0895 4424 [ 6CC10D9FD128069DBFE476222F097616 ] C:\Windows\SysWOW64\secur32.dll
19:03:26.0895 4424 C:\Windows\SysWOW64\secur32.dll - ok
19:03:26.0895 4424 [ F0D1646162FB07476CCCF62EDB034B8B ] C:\Windows\System32\conhost.exe
19:03:26.0895 4424 C:\Windows\System32\conhost.exe - ok
19:03:26.0895 4424 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
19:03:26.0895 4424 C:\Windows\SysWOW64\winbrand.dll - ok
19:03:26.0910 4424 [ 32E15ECF5854F5610BC895490BC3246A ] C:\Windows\SysWOW64\ieframe.dll
19:03:26.0910 4424 C:\Windows\SysWOW64\ieframe.dll - ok
19:03:26.0910 4424 [ 4D59A5B6EF0AF6F9FDF3D157534380AF ] C:\Windows\SysWOW64\oleacc.dll
19:03:26.0910 4424 C:\Windows\SysWOW64\oleacc.dll - ok
19:03:26.0910 4424 [ E07B77C3BDC82A024E294FB67ABFEDA0 ] C:\Windows\SysWOW64\shdocvw.dll
19:03:26.0910 4424 C:\Windows\SysWOW64\shdocvw.dll - ok
19:03:26.0910 4424 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\HexRei\AppData\Local\Temp\A330E0A1-10D4-40DF-BE3B-6ECA8931AF2A.exe
19:03:26.0910 4424 C:\Users\HexRei\AppData\Local\Temp\A330E0A1-10D4-40DF-BE3B-6ECA8931AF2A.exe - ok
19:03:26.0910 4424 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
19:03:26.0910 4424 C:\Windows\SysWOW64\bcrypt.dll - ok
19:03:26.0910 4424 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
19:03:26.0910 4424 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
19:03:26.0910 4424 [ 97CCB4D737B426B200E5EF90C877DF32 ] C:\Windows\SysWOW64\imagehlp.dll
19:03:26.0910 4424 C:\Windows\SysWOW64\imagehlp.dll - ok
19:03:26.0910 4424 [ 3989BB6998C32753FDD5493879C1835A ] C:\Windows\SysWOW64\ncrypt.dll
19:03:26.0910 4424 C:\Windows\SysWOW64\ncrypt.dll - ok
19:03:26.0926 4424 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
19:03:26.0926 4424 C:\Windows\SysWOW64\gpapi.dll - ok
19:03:26.0926 4424 [ 506C4E1324ABE11CEC172569F5DDAB06 ] C:\Windows\SysWOW64\cryptnet.dll
19:03:26.0926 4424 C:\Windows\SysWOW64\cryptnet.dll - ok
19:03:26.0926 4424 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
19:03:26.0926 4424 C:\Windows\SysWOW64\SensApi.dll - ok
19:03:26.0926 4424 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
19:03:26.0926 4424 C:\Windows\SysWOW64\dwmapi.dll - ok
19:03:26.0926 4424 [ 691C8DFB208227F0CBB5C0897C742ACE ] C:\Windows\SysWOW64\WindowsCodecs.dll
19:03:26.0926 4424 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
19:03:26.0926 4424 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
19:03:26.0926 4424 C:\Windows\SysWOW64\EhStorShell.dll - ok
19:03:26.0926 4424 [ 36333D345062E42E849C0AF00CBEFC97 ] C:\Windows\SysWOW64\ntshrui.dll
19:03:26.0926 4424 C:\Windows\SysWOW64\ntshrui.dll - ok
19:03:26.0926 4424 [ ADD9D33D685DFADDFAD5AFB42CF31A70 ] C:\Windows\SysWOW64\cscapi.dll
19:03:26.0926 4424 C:\Windows\SysWOW64\cscapi.dll - ok
19:03:26.0941 4424 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
19:03:26.0941 4424 C:\Windows\SysWOW64\imageres.dll - ok
19:03:26.0941 4424 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
19:03:26.0941 4424 C:\Windows\SysWOW64\slc.dll - ok
19:03:26.0941 4424 [ 89D840773C9C4358A5031DCC860449EC ] C:\Windows\SysWOW64\srvcli.dll
19:03:26.0941 4424 C:\Windows\SysWOW64\srvcli.dll - ok
19:03:26.0941 4424 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
19:03:26.0941 4424 C:\Windows\System32\aelupsvc.dll - ok
19:03:26.0941 4424 [ F19848A4B795A634CA5492C3E557C6A1 ] C:\Program Files\NVIDIA Corporation\Display\nvsmartmax64.dll
19:03:26.0941 4424 C:\Program Files\NVIDIA Corporation\Display\nvsmartmax64.dll - ok
19:03:26.0941 4424 [ 315CE3F09A3E945A50B1F412CAAE5F14 ] C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
19:03:26.0941 4424 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - ok
19:03:26.0941 4424 [ D73BA2C3C8F2C356711B6E1F965378EC ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
19:03:26.0941 4424 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll - ok
19:03:26.0941 4424 [ 46343C27DDE447AB34E2187F782DDE47 ] C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU64.dll
19:03:26.0941 4424 C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU64.dll - ok
19:03:26.0957 4424 [ 72FC3F6DC1A96F13A62BA34B15C532B6 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll
19:03:26.0957 4424 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll - ok
19:03:26.0957 4424 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
19:03:26.0957 4424 C:\Windows\SysWOW64\mpr.dll - ok
19:03:26.0957 4424 [ C6BB27D9A8AC13D4A44486F528B5C884 ] C:\Windows\SysWOW64\netutils.dll
19:03:26.0957 4424 C:\Windows\SysWOW64\netutils.dll - ok
19:03:26.0957 4424 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
19:03:26.0957 4424 C:\Windows\SysWOW64\sfc.dll - ok
19:03:26.0957 4424 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
19:03:26.0957 4424 C:\Windows\SysWOW64\sfc_os.dll - ok
19:03:26.0957 4424 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
19:03:26.0957 4424 C:\Windows\System32\ie4uinit.exe - ok
19:03:26.0957 4424 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
19:03:26.0957 4424 C:\Windows\System32\iedkcs32.dll - ok
19:03:26.0957 4424 [ C3C32FE6F59BF9863C924C7ED7328834 ] C:\Windows\System32\timedate.cpl
19:03:26.0957 4424 C:\Windows\System32\timedate.cpl - ok
19:03:26.0957 4424 [ D757F59EED634C595727534B60E640B8 ] C:\Windows\SysWOW64\winhttp.dll
19:03:26.0957 4424 C:\Windows\SysWOW64\winhttp.dll - ok
19:03:26.0973 4424 [ 1E4BDDBD5A63059A97063339B4F8986F ] C:\Windows\System32\actxprxy.dll
19:03:26.0973 4424 C:\Windows\System32\actxprxy.dll - ok
19:03:26.0973 4424 [ A86A1C5DF1C662D1C75815BF4794F16D ] C:\Windows\SysWOW64\webio.dll
19:03:26.0973 4424 C:\Windows\SysWOW64\webio.dll - ok
19:03:26.0973 4424 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
19:03:26.0973 4424 C:\Windows\System32\linkinfo.dll - ok
19:03:26.0973 4424 [ FBE8EBF528DC49B3DEB186CA9545D97E ] C:\Windows\System32\shdocvw.dll
19:03:26.0973 4424 C:\Windows\System32\shdocvw.dll - ok
19:03:26.0973 4424 [ 14F5C0DB4B2C47874D6C937A5A1B367C ] C:\Windows\System32\gameux.dll
19:03:26.0973 4424 C:\Windows\System32\gameux.dll - ok
19:03:26.0973 4424 [ 46EDD0A6B42BA5D2044FA0909BE4BE95 ] C:\Windows\System32\msftedit.dll
19:03:26.0973 4424 C:\Windows\System32\msftedit.dll - ok
19:03:26.0973 4424 [ 17A7998CB5DA92020A291B85FF7B3681 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
19:03:26.0973 4424 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
19:03:26.0973 4424 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
19:03:26.0973 4424 C:\Windows\System32\msls31.dll - ok
19:03:26.0973 4424 [ 9C6F3CC6A3BB310D70026AF1B4561F65 ] C:\Windows\System32\ieframe.dll
19:03:26.0973 4424 C:\Windows\System32\ieframe.dll - ok
19:03:26.0988 4424 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
19:03:26.0988 4424 C:\Windows\System32\mlang.dll - ok
19:03:26.0988 4424 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
19:03:26.0988 4424 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
19:03:26.0988 4424 [ A38A290E27AFE18D7D5F3CFD33FEF47D ] C:\Windows\System32\msi.dll
19:03:26.0988 4424 C:\Windows\System32\msi.dll - ok
19:03:26.0988 4424 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
19:03:26.0988 4424 C:\Windows\System32\msiltcfg.dll - ok
19:03:26.0988 4424 [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\SysWOW64\credssp.dll
19:03:26.0988 4424 C:\Windows\SysWOW64\credssp.dll - ok
19:03:26.0988 4424 [ 62390F4ACE9E2B63E3CA26B7F7497897 ] C:\Windows\SysWOW64\dnsapi.dll
19:03:26.0988 4424 C:\Windows\SysWOW64\dnsapi.dll - ok
19:03:26.0988 4424 [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
19:03:26.0988 4424 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
19:03:26.0988 4424 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
19:03:26.0988 4424 C:\Windows\SysWOW64\wship6.dll - ok
19:03:26.0988 4424 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
19:03:26.0988 4424 C:\Windows\SysWOW64\rasadhlp.dll - ok
19:03:27.0004 4424 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
19:03:27.0004 4424 C:\Windows\SysWOW64\winnsi.dll - ok
19:03:27.0004 4424 [ DD76912E8D165C68659D9875256710A3 ] C:\Windows\System32\DeviceCenter.dll
19:03:27.0004 4424 C:\Windows\System32\DeviceCenter.dll - ok
19:03:27.0004 4424 [ 533AAF43F472643E09C3360F5154D1CF ] C:\Windows\System32\hccutils.dll
19:03:27.0004 4424 C:\Windows\System32\hccutils.dll - ok
19:03:27.0004 4424 [ C48EC1A91D61E56EB31BEDC86F93172F ] C:\Windows\System32\igfxtray.exe
19:03:27.0004 4424 C:\Windows\System32\igfxtray.exe - ok
19:03:27.0004 4424 [ 7BC763D4B60AA37874092B828ACDE8D0 ] C:\Windows\System32\hkcmd.exe
19:03:27.0004 4424 C:\Windows\System32\hkcmd.exe - ok
19:03:27.0004 4424 [ 26A760EE2E6E3AF566E2197E9E818264 ] C:\Windows\System32\igfxpers.exe
19:03:27.0004 4424 C:\Windows\System32\igfxpers.exe - ok
19:03:27.0004 4424 [ 8BC7AE7E16458355508ECF5EC3A04E72 ] C:\Windows\System32\networkexplorer.dll
19:03:27.0004 4424 C:\Windows\System32\networkexplorer.dll - ok
19:03:27.0004 4424 [ F468C806267D46B68DB7EB32FBF0A103 ] C:\Windows\System32\thumbcache.dll
19:03:27.0004 4424 C:\Windows\System32\thumbcache.dll - ok
19:03:27.0019 4424 [ A63A4AC2FA9B7A568B579AE2D5B114F3 ] C:\Windows\System32\igfxsrvc.exe
19:03:27.0019 4424 C:\Windows\System32\igfxsrvc.exe - ok
19:03:27.0019 4424 [ 20EAAD688308955DF09DCA40E24FB7EC ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:03:27.0019 4424 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
19:03:27.0019 4424 [ 5E20992CC504102E5460C3D7C73806A9 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
19:03:27.0019 4424 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - ok
19:03:27.0019 4424 [ 0FEBED0093D2FD38DA6C6E5DE1ADA24C ] C:\Program Files\Zune\ZuneLauncher.exe
19:03:27.0019 4424 C:\Program Files\Zune\ZuneLauncher.exe - ok
19:03:27.0019 4424 [ F45595F8553E606CF7D82FB47BC10CFA ] C:\Windows\System32\igfxsrvc.dll
19:03:27.0019 4424 C:\Windows\System32\igfxsrvc.dll - ok
19:03:27.0019 4424 [ 158117F3CF278F01C6F24E89E2141E81 ] C:\Windows\SysWOW64\FWPUCLNT.DLL
19:03:27.0019 4424 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
19:03:27.0019 4424 [ A379B75A6FFE4DFD3184F35F0141CE91 ] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
19:03:27.0019 4424 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe - ok
19:03:27.0019 4424 [ E3CD0A561F3AABE8607BF1474F4AE1DD ] C:\Program Files (x86)\Steam\Steam.exe
19:03:27.0019 4424 C:\Program Files (x86)\Steam\Steam.exe - ok
19:03:27.0035 4424 [ 1A044999D53B26E55B4402EA7FDCD889 ] C:\Windows\System32\igfxdev.dll
19:03:27.0035 4424 C:\Windows\System32\igfxdev.dll - ok
19:03:27.0035 4424 [ B60D6673E934D3034E4D2B08055BD6DC ] C:\Program Files (x86)\Origin\Origin.exe
19:03:27.0035 4424 C:\Program Files (x86)\Origin\Origin.exe - ok
19:03:27.0035 4424 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
19:03:27.0035 4424 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
19:03:27.0035 4424 [ DC34596BFCF0BD472AA1D48449D8A7DF ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
19:03:27.0035 4424 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe - ok
19:03:27.0035 4424 [ 662DBAC36CEB124666E21DB92FEB9140 ] C:\Program Files (x86)\Desura\desura.exe
19:03:27.0035 4424 C:\Program Files (x86)\Desura\desura.exe - ok
19:03:27.0035 4424 [ B3A029E4F539D2EAAB73C7307FE28147 ] C:\Program Files\Zune\ZuneCfg.dll
19:03:27.0035 4424 C:\Program Files\Zune\ZuneCfg.dll - ok
19:03:27.0035 4424 [ F7DCE54077EE9D8A351C4B1FFA866EE7 ] C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
19:03:27.0035 4424 C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ok
19:03:27.0035 4424 [ 2D527814EC65AC91E9BABBE2191DF347 ] C:\Program Files (x86)\Skype\Phone\Skype.exe
19:03:27.0035 4424 C:\Program Files (x86)\Skype\Phone\Skype.exe - ok
19:03:27.0051 4424 [ E366F0C5D6C948B76EEB3BE21762CAF6 ] C:\Program Files\Zune\ZuneShellExt.dll
19:03:27.0051 4424 C:\Program Files\Zune\ZuneShellExt.dll - ok
19:03:27.0051 4424 [ 105CFE016CCB20175BEACEC146F175AB ] C:\Windows\System32\IccLibDll_x64.dll
19:03:27.0051 4424 C:\Windows\System32\IccLibDll_x64.dll - ok
19:03:27.0051 4424 [ D9AA997E169D854C2B8D94EC0B32E14C ] C:\Windows\System32\igfxrenu.lrc
19:03:27.0051 4424 C:\Windows\System32\igfxrenu.lrc - ok
19:03:27.0051 4424 [ 585FED4CDB8034B8B58AEB8008255817 ] C:\Windows\System32\opengl32.dll
19:03:27.0051 4424 C:\Windows\System32\opengl32.dll - ok
19:03:27.0051 4424 [ F2967C0A97C0EA67D79D7F557213950D ] C:\Windows\System32\glu32.dll
19:03:27.0051 4424 C:\Windows\System32\glu32.dll - ok
19:03:27.0051 4424 [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
19:03:27.0051 4424 C:\Windows\System32\ddraw.dll - ok
19:03:27.0051 4424 [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
19:03:27.0051 4424 C:\Windows\System32\dciman32.dll - ok
19:03:27.0066 4424 [ 0805289E121F3E3C458C970B08314EB2 ] C:\Windows\System32\RtkCfg64.dll
19:03:27.0066 4424 C:\Windows\System32\RtkCfg64.dll - ok
19:03:27.0066 4424 [ A0CF76137D2F23C76C860CAD2C605780 ] C:\Windows\AppPatch\AcSpecfc.dll
19:03:27.0066 4424 C:\Windows\AppPatch\AcSpecfc.dll - ok
19:03:27.0066 4424 [ 205B7034B64DE5A68DEB96B47B7E889B ] C:\Windows\SysWOW64\mscms.dll
19:03:27.0066 4424 C:\Windows\SysWOW64\mscms.dll - ok
19:03:27.0066 4424 [ D2AEADFD998706B4216315B2BD3FA79E ] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
19:03:27.0066 4424 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe - ok
19:03:27.0066 4424 [ D3570ACC178180AC0D7C24645461A9D3 ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
19:03:27.0066 4424 C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe - ok
19:03:27.0066 4424 [ 613166769A21CC231605F88A147B27C2 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
19:03:27.0066 4424 C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe - ok
19:03:27.0066 4424 [ 72AB6633E9B39EC7FEBEDF083A9061E5 ] C:\Windows\System32\mscoree.dll
19:03:27.0066 4424 C:\Windows\System32\mscoree.dll - ok
19:03:27.0066 4424 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
19:03:27.0066 4424 C:\Windows\SysWOW64\ddraw.dll - ok
19:03:27.0082 4424 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:03:27.0082 4424 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
19:03:27.0082 4424 [ 35AC4B63CBB9FB6B4472913E9948B517 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
19:03:27.0082 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
19:03:27.0082 4424 [ A223CF703E28CBD7E9E7982141FA403C ] C:\Windows\SysWOW64\comdlg32.dll
19:03:27.0082 4424 C:\Windows\SysWOW64\comdlg32.dll - ok
19:03:27.0082 4424 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
19:03:27.0082 4424 C:\Windows\SysWOW64\dciman32.dll - ok
19:03:27.0082 4424 [ 916A2C4EB028604783FD5EA169236C1D ] C:\Program Files (x86)\QuickTime\QTTask.exe
19:03:27.0082 4424 C:\Program Files (x86)\QuickTime\QTTask.exe - ok
19:03:27.0082 4424 [ AE6AF014B616F53BA762F0BCFD8F7F21 ] C:\Windows\SysWOW64\msi.dll
19:03:27.0082 4424 C:\Windows\SysWOW64\msi.dll - ok
19:03:27.0082 4424 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
19:03:27.0082 4424 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
19:03:27.0082 4424 [ 1351931877DE0C46C4D42DAA26F7B5B1 ] C:\Windows\AppPatch\AcLayers.dll
19:03:27.0082 4424 C:\Windows\AppPatch\AcLayers.dll - ok
19:03:27.0082 4424 [ E4AC9C29A423739C22C1C593A4CBDEF5 ] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
19:03:27.0097 4424 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll - ok
19:03:27.0097 4424 [ 11E8D8272FDBE213ADE3DAD91427CE35 ] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
19:03:27.0097 4424 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe - ok
19:03:27.0097 4424 [ B738C9EB50A94D22A0259B340A97B8A4 ] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
19:03:27.0097 4424 C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe - ok
19:03:27.0097 4424 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
19:03:27.0097 4424 C:\Windows\SysWOW64\msimg32.dll - ok
19:03:27.0097 4424 [ 0470997A5ADC2FCDDCB3461D92073FAA ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll
19:03:27.0097 4424 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll - ok
19:03:27.0097 4424 [ 7459301D21C2E21468823F73042D9F87 ] C:\Windows\SysWOW64\d3d9.dll
19:03:27.0097 4424 C:\Windows\SysWOW64\d3d9.dll - ok
19:03:27.0097 4424 [ 79C7CFAEA6879A8C1A1E8B5FFE8983AA ] C:\Windows\SysWOW64\dbghelp.dll
19:03:27.0097 4424 C:\Windows\SysWOW64\dbghelp.dll - ok
19:03:27.0097 4424 [ AAE25F773B496CAB8E469E886A006547 ] C:\Program Files (x86)\DAEMON Tools Lite\DTCommonRes.dll
19:03:27.0097 4424 C:\Program Files (x86)\DAEMON Tools Lite\DTCommonRes.dll - ok
19:03:27.0097 4424 [ BC83108B18756547013ED443B8CDB31B ] C:\Windows\SysWOW64\msvcp100.dll
19:03:27.0097 4424 C:\Windows\SysWOW64\msvcp100.dll - ok
19:03:27.0113 4424 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
19:03:27.0113 4424 C:\Windows\System32\dsound.dll - ok
19:03:27.0113 4424 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\Windows\SysWOW64\msvcr100.dll
19:03:27.0113 4424 C:\Windows\SysWOW64\msvcr100.dll - ok
19:03:27.0113 4424 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
19:03:27.0113 4424 C:\Windows\SysWOW64\d3d8thk.dll - ok
19:03:27.0113 4424 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
19:03:27.0113 4424 C:\Windows\SysWOW64\msacm32.dll - ok
19:03:27.0113 4424 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
19:03:27.0113 4424 C:\Windows\SysWOW64\shfolder.dll - ok
19:03:27.0113 4424 [ 00D1F89836927C0F2E37321E6B441FCE ] C:\Windows\SysWOW64\msxml3.dll
19:03:27.0113 4424 C:\Windows\SysWOW64\msxml3.dll - ok
19:03:27.0113 4424 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
19:03:27.0113 4424 C:\Windows\SysWOW64\avrt.dll - ok
19:03:27.0113 4424 [ E8132FB3BAC7C0CDBD581485B8BA947F ] C:\Windows\SysWOW64\cryptui.dll
19:03:27.0113 4424 C:\Windows\SysWOW64\cryptui.dll - ok
19:03:27.0113 4424 [ 8B211FFCCC2C08DDC0FD023E70A13DD8 ] C:\Windows\System32\R4EEA64A.dll
19:03:27.0113 4424 C:\Windows\System32\R4EEA64A.dll - ok
19:03:27.0129 4424 [ 76C48F0CD8A526858AB9A4886586942A ] C:\Windows\SysWOW64\schannel.dll
19:03:27.0129 4424 C:\Windows\SysWOW64\schannel.dll - ok
19:03:27.0129 4424 [ 000B3A704234C202D4D788A171B02243 ] C:\Windows\SysWOW64\mapi32.dll
19:03:27.0129 4424 C:\Windows\SysWOW64\mapi32.dll - ok
19:03:27.0129 4424 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
19:03:27.0129 4424 C:\Windows\SysWOW64\wlanapi.dll - ok
19:03:27.0129 4424 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
19:03:27.0129 4424 C:\Windows\SysWOW64\wlanutil.dll - ok
19:03:27.0129 4424 [ DAA165855F08DAF6A9A4328775737190 ] C:\Program Files (x86)\Origin\OriginClient.dll
19:03:27.0129 4424 C:\Program Files (x86)\Origin\OriginClient.dll - ok
19:03:27.0129 4424 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
19:03:27.0129 4424 C:\Windows\SysWOW64\oledlg.dll - ok
19:03:27.0129 4424 [ 84C1DD017059B2AD0C18F014067D191A ] C:\Program Files (x86)\DAEMON Tools Lite\Engine.dll
19:03:27.0129 4424 C:\Program Files (x86)\DAEMON Tools Lite\Engine.dll - ok
19:03:27.0129 4424 [ 5E8E869E1342308752A37A2C90CCA79D ] C:\Windows\SysWOW64\mshtml.dll
19:03:27.0129 4424 C:\Windows\SysWOW64\mshtml.dll - ok
19:03:27.0144 4424 [ 4DE1EBB2314E2F10AC9EC83138193F8B ] C:\Program Files (x86)\DAEMON Tools Lite\imgengine.dll
19:03:27.0144 4424 C:\Program Files (x86)\DAEMON Tools Lite\imgengine.dll - ok
19:03:27.0144 4424 [ 3CA4ADDA47D97DDF412893F1D03EA6F6 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
19:03:27.0144 4424 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
19:03:27.0144 4424 [ E18FB695084BF2D748E977813119CE6F ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
19:03:27.0144 4424 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
19:03:27.0144 4424 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
19:03:27.0144 4424 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
19:03:27.0144 4424 [ ACCBA604D34842844133A731F8045B32 ] C:\Windows\SysWOW64\sxs.dll
19:03:27.0144 4424 C:\Windows\SysWOW64\sxs.dll - ok
19:03:27.0144 4424 [ 8898C95862D03D16B2A06DB4DB6BB6B2 ] C:\Windows\SysWOW64\ExplorerFrame.dll
19:03:27.0144 4424 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
19:03:27.0144 4424 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
19:03:27.0144 4424 C:\Windows\SysWOW64\dui70.dll - ok
19:03:27.0144 4424 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
19:03:27.0144 4424 C:\Windows\SysWOW64\duser.dll - ok
19:03:27.0144 4424 [ E8C99911CAC7668FC70C19BB7DE5CD8F ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.dll
19:03:27.0144 4424 C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.dll - ok
19:03:27.0160 4424 [ D3C8C6B6DB123B0E51ECFFF0F6DF145E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a7b48ad2929bc93362ec42cd4573f87\mscorlib.ni.dll
19:03:27.0160 4424 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a7b48ad2929bc93362ec42cd4573f87\mscorlib.ni.dll - ok
19:03:27.0160 4424 [ C01A5E602E827FD00240370C1B617608 ] C:\Windows\SysWOW64\gameux.dll
19:03:27.0160 4424 C:\Windows\SysWOW64\gameux.dll - ok
19:03:27.0160 4424 [ 17DB2616F860BF58FA1ED086EB356B84 ] C:\Windows\SysWOW64\CNMNPPM.DLL
19:03:27.0160 4424 C:\Windows\SysWOW64\CNMNPPM.DLL - ok
19:03:27.0160 4424 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
19:03:27.0160 4424 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
19:03:27.0160 4424 [ 7BE977A033076D7B34D48C50148C7DF1 ] C:\Windows\twain_32\MX880 series\CISDS.DS
19:03:27.0160 4424 C:\Windows\twain_32\MX880 series\CISDS.DS - ok
19:03:27.0160 4424 [ 7BF5EA753D4CC056B9462A02AC51B160 ] C:\Windows\SysWOW64\xmllite.dll
19:03:27.0160 4424 C:\Windows\SysWOW64\xmllite.dll - ok
19:03:27.0160 4424 [ 8019A904EBB6F8CFBA9E41A76A99604A ] C:\Windows\SysWOW64\wer.dll
19:03:27.0160 4424 C:\Windows\SysWOW64\wer.dll - ok
19:03:27.0160 4424 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
19:03:27.0160 4424 C:\Windows\SysWOW64\linkinfo.dll - ok
19:03:27.0175 4424 [ 8231AC86DDFCE9D05BB3D4448752CAB9 ] C:\Windows\SysWOW64\nvd3dum.dll
19:03:27.0175 4424 C:\Windows\SysWOW64\nvd3dum.dll - ok
19:03:27.0175 4424 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\19617504.sys
19:03:27.0175 4424 C:\Windows\System32\drivers\19617504.sys - ok
19:03:27.0175 4424 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
19:03:27.0175 4424 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
19:03:27.0175 4424 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
19:03:27.0175 4424 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
19:03:27.0175 4424 [ 8C22C6088057A00EAE7D963600F26EEB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
19:03:27.0175 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
19:03:27.0175 4424 [ 67B539D844F804EBAC7A1E3828FDE709 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
19:03:27.0175 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
19:03:27.0175 4424 [ 2DEDC3AFE3C49B5DAE717D0A9BEBF298 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
19:03:27.0175 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
19:03:27.0175 4424 [ 32D78DCABFB942275E01363D5232C77D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
19:03:27.0175 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
19:03:27.0191 4424 [ 62169BDD927A67C360A35F4526429B01 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
19:03:27.0191 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
19:03:27.0191 4424 [ 3BDE52411DF2FE4252C9289F51CB0F7E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
19:03:27.0191 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
19:03:27.0191 4424 [ 9ABB7CDAC0914579C86990048771B1B4 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
19:03:27.0191 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
19:03:27.0191 4424 [ C1648084C395152FBFA1B333D92056BC ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
19:03:27.0191 4424 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
19:03:27.0191 4424 [ D47913F993A0E3A0C9F1E88FD02E98C6 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
19:03:27.0191 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
19:03:27.0191 4424 [ 43A0A24CD12B110DC93462D6B035C961 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
19:03:27.0191 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
19:03:27.0191 4424 [ 3C6FA2F4D58611579B21798E0568F548 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
19:03:27.0191 4424 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
19:03:27.0207 4424 [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\SysWOW64\riched20.dll
19:03:27.0207 4424 C:\Windows\SysWOW64\riched20.dll - ok
19:03:27.0207 4424 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
19:03:27.0207 4424 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
19:03:27.0207 4424 [ 4FB1F2F9B02FA1138CACD2DEA3F5AEC8 ] C:\Windows\System32\riched20.dll
19:03:27.0207 4424 C:\Windows\System32\riched20.dll - ok
19:03:27.0207 4424 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
19:03:27.0207 4424 C:\Windows\System32\UIAnimation.dll - ok
19:03:27.0207 4424 [ 3A2F5C8666F08B31C61DBAE9C297551C ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
19:03:27.0207 4424 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
19:03:27.0207 4424 [ C8FE465986FE1E242C92B6B76CDFEC6F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6ec488b702c100ad5d3e712db0e88554\System.ni.dll
19:03:27.0207 4424 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6ec488b702c100ad5d3e712db0e88554\System.ni.dll - ok
19:03:27.0207 4424 [ 1E25AD0A3203DBEC2F6CF219EBC02CF9 ] C:\Program Files (x86)\Origin\QtXml4.dll
19:03:27.0207 4424 C:\Program Files (x86)\Origin\QtXml4.dll - ok
19:03:27.0207 4424 [ 332C820C6FDE51CBA8C687C64761E2B7 ] C:\Program Files (x86)\Origin\QtCore4.dll
19:03:27.0207 4424 C:\Program Files (x86)\Origin\QtCore4.dll - ok
19:03:27.0222 4424 [ 9CD4ED749E745E336E8407E451943019 ] C:\Program Files (x86)\Origin\QtGui4.dll
19:03:27.0222 4424 C:\Program Files (x86)\Origin\QtGui4.dll - ok
19:03:27.0222 4424 [ DCCB0391C692E2AB64A11B9F195F3F9A ] C:\Windows\System32\CertPolEng.dll
19:03:27.0222 4424 C:\Windows\System32\CertPolEng.dll - ok
19:03:27.0222 4424 [ 2337EC951C4AF6E1AF65D10BD9615BEB ] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
19:03:27.0222 4424 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin - ok
19:03:27.0222 4424 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] C:\Windows\System32\drivers\udfs.sys
19:03:27.0222 4424 C:\Windows\System32\drivers\udfs.sys - ok
19:03:27.0222 4424 [ DD6C73502C5CE772ACA11BF1FE9389DB ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\7cdb4f5d0ff25c672e52a333ee394bb8\WindowsBase.ni.dll
19:03:27.0222 4424 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\7cdb4f5d0ff25c672e52a333ee394bb8\WindowsBase.ni.dll - ok
19:03:27.0222 4424 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
19:03:27.0222 4424 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
19:03:27.0222 4424 [ 651F169718CC46C8A9264880C538D5FF ] C:\Windows\System32\prnfldr.dll
19:03:27.0222 4424 C:\Windows\System32\prnfldr.dll - ok
19:03:27.0222 4424 [ B6C4063297C7D07CD0532BDC3350436C ] C:\Windows\SysWOW64\actxprxy.dll
19:03:27.0222 4424 C:\Windows\SysWOW64\actxprxy.dll - ok
19:03:27.0222 4424 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
19:03:27.0222 4424 C:\Windows\SysWOW64\winrnr.dll - ok
19:03:27.0238 4424 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
19:03:27.0238 4424 C:\Windows\SysWOW64\NapiNSP.dll - ok
19:03:27.0238 4424 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
19:03:27.0238 4424 C:\Windows\SysWOW64\pnrpnsp.dll - ok
19:03:27.0238 4424 [ D5EB3F151B8F28F0A5C8BBB7E13ECD6A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\ea90a194614680a484a25b6ccc4df754\PresentationCore.ni.dll
19:03:27.0238 4424 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\ea90a194614680a484a25b6ccc4df754\PresentationCore.ni.dll - ok
19:03:27.0238 4424 [ BA02F01BE7ED88E8974C798ACB3075F5 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
19:03:27.0238 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
19:03:27.0238 4424 [ 8A6B867FC26B9850D446D2D86E5DB071 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
19:03:27.0238 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
19:03:27.0238 4424 [ 6A53C75D7A09414D901406558B4B6F48 ] C:\Program Files (x86)\Origin\QtNetwork4.dll
19:03:27.0238 4424 C:\Program Files (x86)\Origin\QtNetwork4.dll - ok
19:03:27.0238 4424 [ 57E8C7791AB2596AFB8EE1273C2DF1F8 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
19:03:27.0238 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
19:03:27.0253 4424 [ F6A59C66662AED4890B3D31D0419383F ] C:\Program Files (x86)\Origin\QtWebKit4.dll
19:03:27.0253 4424 C:\Program Files (x86)\Origin\QtWebKit4.dll - ok
19:03:27.0253 4424 [ 8A1CBAE63FC06EDAEDCCE1B23E9C9267 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
19:03:27.0253 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
19:03:27.0253 4424 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\SysWOW64\authz.dll
19:03:27.0253 4424 C:\Windows\SysWOW64\authz.dll - ok
19:03:27.0253 4424 [ 8C680C0E6B3D6711B2B88AC82FE1804E ] C:\Windows\SysWOW64\MMDevAPI.dll
19:03:27.0253 4424 C:\Windows\SysWOW64\MMDevAPI.dll - ok
19:03:27.0253 4424 [ 772F44012DBE49DE894976AE2259A659 ] C:\Windows\SysWOW64\PeerDist.dll
19:03:27.0253 4424 C:\Windows\SysWOW64\PeerDist.dll - ok
19:03:27.0253 4424 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
19:03:27.0253 4424 C:\Windows\SysWOW64\rasapi32.dll - ok
19:03:27.0253 4424 [ 58B61578D5704E9FC8B8A9861A85069D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
19:03:27.0253 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
19:03:27.0269 4424 [ C3C8D359D1FCB72941F75F8A302BFBDE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
19:03:27.0269 4424 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
19:03:27.0269 4424 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
19:03:27.0269 4424 C:\Windows\SysWOW64\rasman.dll - ok
19:03:27.0269 4424 [ 406F7B9C71B99872670EE9A8D52E2FE5 ] C:\Windows\SysWOW64\rtutils.dll
19:03:27.0269 4424 C:\Windows\SysWOW64\rtutils.dll - ok
19:03:27.0269 4424 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
19:03:27.0269 4424 C:\Windows\SysWOW64\netprofm.dll - ok
19:03:27.0269 4424 [ 045DB4EAB4FBD23210E85ECC3F464A2E ] C:\Windows\SysWOW64\nlaapi.dll
19:03:27.0269 4424 C:\Windows\SysWOW64\nlaapi.dll - ok
19:03:27.0269 4424 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
19:03:27.0269 4424 C:\Windows\SysWOW64\npmproxy.dll - ok
19:03:27.0269 4424 [ AFBB5060A2DAD431A2EAEB2C86CFFE81 ] C:\Windows\SysWOW64\AudioSes.dll
19:03:27.0269 4424 C:\Windows\SysWOW64\AudioSes.dll - ok
19:03:27.0269 4424 [ AE5FF948400A51B040F999BF04290373 ] C:\Windows\SysWOW64\winsta.dll
19:03:27.0269 4424 C:\Windows\SysWOW64\winsta.dll - ok
19:03:27.0285 4424 [ A88B79603A0F60AB1BA4B178F15B4A10 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll
19:03:27.0285 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll - ok
19:03:27.0285 4424 [ 6A6B1DF229DB655EFDF83F936710D84C ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\916af5e5c39e1226e0b87a80e3a979f2\PresentationFramework.ni.dll
19:03:27.0285 4424 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\916af5e5c39e1226e0b87a80e3a979f2\PresentationFramework.ni.dll - ok
19:03:27.0285 4424 [ D7CB1EB4BA74D02394409CA6201032A6 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll
19:03:27.0285 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll - ok
19:03:27.0285 4424 [ 2BF84E462EB1D9B4B33B4A78A10A8662 ] C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll
19:03:27.0285 4424 C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll - ok
19:03:27.0285 4424 [ 7CF7934CAA99868E33813652EB185D9C ] C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll
19:03:27.0285 4424 C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll - ok
19:03:27.0285 4424 [ 7492195782E87A3DBEC256906D0492FF ] C:\Program Files (x86)\Origin\libeay32.dll
19:03:27.0285 4424 C:\Program Files (x86)\Origin\libeay32.dll - ok
19:03:27.0285 4424 [ BF3F6446827536A21828C7BFA08AB2C2 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
19:03:27.0285 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll - ok
19:03:27.0285 4424 [ 1684B0CABCF9F3DB7BB5CC47BBA3345F ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
19:03:27.0285 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll - ok
19:03:27.0300 4424 [ C7359644B9528C59F9A28710161C38D5 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll
19:03:27.0300 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll - ok
19:03:27.0300 4424 [ 4C5D8FDF167998969131A2570205E22F ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
19:03:27.0300 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll - ok
19:03:27.0300 4424 [ 84DEE752D7DDDE0A603458A24D064AD5 ] C:\Program Files (x86)\Origin\QtXmlPatterns4.dll
19:03:27.0300 4424 C:\Program Files (x86)\Origin\QtXmlPatterns4.dll - ok
19:03:27.0300 4424 [ 55088C4FDB9E90F1FF9B6742F57A588C ] C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll
19:03:27.0300 4424 C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll - ok
19:03:27.0300 4424 [ FB68F789DDF8C8A39E73ACFB44D6EBCB ] C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll
19:03:27.0300 4424 C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll - ok
19:03:27.0300 4424 [ 81E9339611B22ACE2E2D7B42F76C0F34 ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
19:03:27.0300 4424 C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
19:03:27.0300 4424 [ 0F837E1F7B531A1D960B37B90286E72C ] C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll
19:03:27.0300 4424 C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll - ok
19:03:27.0316 4424 [ 38EA1B0483D6D914CC2896B89AE2CF2A ] C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll
19:03:27.0316 4424 C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll - ok
19:03:27.0316 4424 [ F06DB7F9E36745B10FE94D53533862E9 ] C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll
19:03:27.0316 4424 C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll - ok
19:03:27.0316 4424 [ AD81C715CBD62F6C44FA767781839D76 ] C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll
19:03:27.0316 4424 C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll - ok
19:03:27.0316 4424 [ 62B284883D5CDA8F0D3E27100F42BE0A ] C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll
19:03:27.0316 4424 C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll - ok
19:03:27.0316 4424 [ C9E3763CF851EC28B0718FE79BEA06CF ] C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll
19:03:27.0316 4424 C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll - ok
19:03:27.0316 4424 [ 60CC15392FF14DCB9C29C69B3233741B ] C:\Windows\System32\stobject.dll
19:03:27.0316 4424 C:\Windows\System32\stobject.dll - ok
19:03:27.0316 4424 [ 86B6AC0FD2881B3D20B80F51C7152AE0 ] C:\Windows\System32\batmeter.dll
19:03:27.0316 4424 C:\Windows\System32\batmeter.dll - ok
19:03:27.0331 4424 [ 65E569BCF8277921B012B898CBF59660 ] C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll
19:03:27.0331 4424 C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll - ok
19:03:27.0331 4424 [ 229BCB09E234453D5B84E7F9309D54B6 ] C:\Program Files (x86)\Origin\tufao.dll
19:03:27.0331 4424 C:\Program Files (x86)\Origin\tufao.dll - ok
19:03:27.0331 4424 [ 47DFA152D6C10F9AD429536C10C889D6 ] C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll
19:03:27.0331 4424 C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll - ok
19:03:27.0331 4424 [ 27AB587E5F0696590EF8B83A52952B7B ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
19:03:27.0331 4424 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok
19:03:27.0331 4424 [ 2C09B4159FFA5016F2173A55815409FB ] C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll
19:03:27.0331 4424 C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll - ok
19:03:27.0331 4424 [ 7C0D9937805342530917AC96EF77D27D ] C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll
19:03:27.0331 4424 C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll - ok
19:03:27.0331 4424 [ E955D53DD2CA3BAA00BB92C03D6B501D ] C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll
19:03:27.0331 4424 C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll - ok
19:03:27.0331 4424 [ 62B88005C2E593163D428F30135BDDC2 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\fb0a7c597f43ec6c1fa7eb5c1404cac3\System.Core.ni.dll
19:03:27.0331 4424 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\fb0a7c597f43ec6c1fa7eb5c1404cac3\System.Core.ni.dll - ok
19:03:27.0347 4424 [ 1872B0AA8EE18E9E1EC5AB9005B638F0 ] C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll
19:03:27.0347 4424 C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll - ok
19:03:27.0347 4424 [ DF9D2AAFC0BA8BB30266A1EAEB7AA929 ] C:\Program Files (x86)\Steam\Steam.dll
19:03:27.0347 4424 C:\Program Files (x86)\Steam\Steam.dll - ok
19:03:27.0347 4424 [ D5F40BA181665D76BA27A55EE1A57EAF ] C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll
19:03:27.0347 4424 C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll - ok
19:03:27.0347 4424 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
19:03:27.0347 4424 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
19:03:27.0347 4424 [ 8541447303958819ADB46B557ADD3750 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\dcadcfb938ccdd3f70859fdcdd329ec5\System.Configuration.ni.dll
19:03:27.0347 4424 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\dcadcfb938ccdd3f70859fdcdd329ec5\System.Configuration.ni.dll - ok
19:03:27.0347 4424 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
19:03:27.0347 4424 C:\Windows\System32\rundll32.exe - ok
19:03:27.0347 4424 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
19:03:27.0347 4424 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
19:03:27.0347 4424 [ 96F3F676B4D0DF4DA9C4081358C4662F ] C:\Windows\SysWOW64\wbemcomn.dll
19:03:27.0347 4424 C:\Windows\SysWOW64\wbemcomn.dll - ok
19:03:27.0363 4424 [ A7532E66EA2F168A0970E829D8986423 ] C:\Program Files (x86)\Steam\dbghelp.dll
19:03:27.0363 4424 C:\Program Files (x86)\Steam\dbghelp.dll - ok
19:03:27.0363 4424 [ A0C69A8661CCEB20DB60A4FA35A2FBE4 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\c40cbbdf7af03daedb16f4d9ef1b6f5f\System.Xml.ni.dll
19:03:27.0363 4424 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\c40cbbdf7af03daedb16f4d9ef1b6f5f\System.Xml.ni.dll - ok
19:03:27.0363 4424 [ 173C217E677C4B0C4F8A6D54BA13BF9B ] C:\Program Files (x86)\Steam\CSERHelper.dll
19:03:27.0363 4424 C:\Program Files (x86)\Steam\CSERHelper.dll - ok
19:03:27.0363 4424 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
19:03:27.0363 4424 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
19:03:27.0363 4424 [ 1CEDFE91F527858CACA1B08B04666BC0 ] C:\Windows\SysWOW64\wbem\fastprox.dll
19:03:27.0363 4424 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
19:03:27.0363 4424 [ 9F2271A32B03F13E22C0C1940EDB6FBD ] C:\Program Files (x86)\Steam\SteamUI.dll
19:03:27.0363 4424 C:\Program Files (x86)\Steam\SteamUI.dll - ok
19:03:27.0363 4424 [ AA791614482F7AFBD79B0647784F8986 ] C:\Program Files (x86)\Steam\sdl.dll
19:03:27.0363 4424 C:\Program Files (x86)\Steam\sdl.dll - ok
19:03:27.0363 4424 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
19:03:27.0363 4424 C:\Windows\SysWOW64\ntdsapi.dll - ok
19:03:27.0363 4424 [ DBB1DB40DCC812AE4C6073389631484C ] C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll
19:03:27.0363 4424 C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll - ok
19:03:27.0378 4424 [ 90CE686A96B2F808F2FBEE6AB877A737 ] C:\Program Files (x86)\Steam\tier0_s.dll
19:03:27.0378 4424 C:\Program Files (x86)\Steam\tier0_s.dll - ok
19:03:27.0378 4424 [ 61D617716A5C4F80AA7BB8F8C6191C52 ] C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll
19:03:27.0378 4424 C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll - ok
19:03:27.0378 4424 [ 913C2E4A03201644FC986EDEB5F8A390 ] C:\Windows\System32\DXP.dll
19:03:27.0378 4424 C:\Windows\System32\DXP.dll - ok
19:03:27.0378 4424 [ 4F6CEC400CEAB3B00FF5A99528B8DBB3 ] C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll
19:03:27.0378 4424 C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll - ok
19:03:27.0378 4424 [ 2B2ED462F0E23E36421240FA625F1E42 ] C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll
19:03:27.0378 4424 C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll - ok
19:03:27.0378 4424 [ 668B41FC2DF98B7B817877FFA506194D ] C:\Program Files (x86)\Steam\vstdlib_s.dll
19:03:27.0378 4424 C:\Program Files (x86)\Steam\vstdlib_s.dll - ok
19:03:27.0378 4424 [ A410955742A9DECFA4A91F8B55C4A80B ] C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll
19:03:27.0378 4424 C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll - ok
19:03:27.0378 4424 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
19:03:27.0378 4424 C:\Windows\System32\Syncreg.dll - ok
19:03:27.0394 4424 [ B24ABFAB2D541996A38905369D511953 ] C:\Windows\SysWOW64\wdmaud.drv
19:03:27.0394 4424 C:\Windows\SysWOW64\wdmaud.drv - ok
19:03:27.0394 4424 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
19:03:27.0394 4424 C:\Windows\SysWOW64\ksuser.dll - ok
19:03:27.0394 4424 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\SysWOW64\devenum.dll
19:03:27.0394 4424 C:\Windows\SysWOW64\devenum.dll - ok
19:03:27.0394 4424 [ 70F03B29A62194E69911952B3640D9D2 ] C:\Windows\SysWOW64\msdmo.dll
19:03:27.0394 4424 C:\Windows\SysWOW64\msdmo.dll - ok
19:03:27.0394 4424 [ E24FE90E9DE8D8AE70E59F7B01675DEF ] C:\Windows\SysWOW64\avicap32.dll
19:03:27.0394 4424 C:\Windows\SysWOW64\avicap32.dll - ok
19:03:27.0394 4424 [ 2DEEB96A0957BD058753FF250E85EF49 ] C:\Windows\SysWOW64\msvfw32.dll
19:03:27.0394 4424 C:\Windows\SysWOW64\msvfw32.dll - ok
19:03:27.0394 4424 [ E32B288B38C3182D9F890F45B067A5DB ] C:\Windows\SysWOW64\vfwwdm32.dll
19:03:27.0394 4424 C:\Windows\SysWOW64\vfwwdm32.dll - ok
19:03:27.0394 4424 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\SysWOW64\msacm32.drv
19:03:27.0394 4424 C:\Windows\SysWOW64\msacm32.drv - ok
19:03:27.0409 4424 [ 7DBA2DA71D798C644D59B454374F4049 ] C:\Windows\SysWOW64\qcap.dll
19:03:27.0409 4424 C:\Windows\SysWOW64\qcap.dll - ok
19:03:27.0409 4424 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\SysWOW64\midimap.dll
19:03:27.0409 4424 C:\Windows\SysWOW64\midimap.dll - ok
19:03:27.0409 4424 [ C1D1A067613EB3B066BCC3C6965506C5 ] C:\Program Files (x86)\Steam\crashhandler.dll
19:03:27.0409 4424 C:\Program Files (x86)\Steam\crashhandler.dll - ok
19:03:27.0409 4424 [ 64D757051B5B273E55C93E4503EA4F3E ] C:\Windows\System32\wbem\WmiPrvSE.exe
19:03:27.0409 4424 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
19:03:27.0409 4424 [ EFEA483CB72A27915FA97AF700FDA05C ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6ea40f2da0e2321428a7bdd387e475fd\System.Drawing.ni.dll
19:03:27.0409 4424 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6ea40f2da0e2321428a7bdd387e475fd\System.Drawing.ni.dll - ok
19:03:27.0409 4424 [ C98F72AD86881081ED73217EEBD78DBF ] C:\Program Files (x86)\Steam\bin\FileSystem_Steam.dll
19:03:27.0409 4424 C:\Program Files (x86)\Steam\bin\FileSystem_Steam.dll - ok
19:03:27.0409 4424 [ 680CB6D91914E7722AF9F47C05B46085 ] C:\Program Files (x86)\Steam\bin\vgui2_s.dll
19:03:27.0409 4424 C:\Program Files (x86)\Steam\bin\vgui2_s.dll - ok
19:03:27.0409 4424 [ EE24C42561D40F7AD7C2A7A460287090 ] C:\Windows\System32\wbem\cimwin32.dll
19:03:27.0409 4424 C:\Windows\System32\wbem\cimwin32.dll - ok
19:03:27.0409 4424 [ D1BBE227367ED791D5FCF08E132D2956 ] C:\Windows\SysWOW64\opengl32.dll
19:03:27.0409 4424 C:\Windows\SysWOW64\opengl32.dll - ok
19:03:27.0425 4424 [ DE3897365B04C4DA1CF8FF725577C082 ] C:\Windows\SysWOW64\glu32.dll
19:03:27.0425 4424 C:\Windows\SysWOW64\glu32.dll - ok
19:03:27.0425 4424 [ 18E2D9BAE7504A1FA28B5F9338F318F4 ] C:\Program Files (x86)\Steam\bin\chromehtml.dll
19:03:27.0425 4424 C:\Program Files (x86)\Steam\bin\chromehtml.dll - ok
19:03:27.0425 4424 [ 044CB0374E0DA180A29278901EB259E1 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\ced1d3b0790804426463ad06a61f180e\System.Windows.Forms.ni.dll
19:03:27.0425 4424 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\ced1d3b0790804426463ad06a61f180e\System.Windows.Forms.ni.dll - ok
19:03:27.0425 4424 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
19:03:27.0425 4424 C:\Windows\ehome\ehSSO.dll - ok
19:03:27.0425 4424 [ 5D89D063A4CB036C258685C8E057E768 ] C:\Windows\System32\framedynos.dll
19:03:27.0425 4424 C:\Windows\System32\framedynos.dll - ok
19:03:27.0425 4424 [ 76DC9F4FE66BC3867615F142766B4C50 ] C:\Windows\System32\wmi.dll
19:03:27.0425 4424 C:\Windows\System32\wmi.dll - ok
19:03:27.0425 4424 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
19:03:27.0425 4424 C:\Windows\System32\security.dll - ok
19:03:27.0425 4424 [ 14C6A59904D397C6D85DADA9ACBB6FAB ] C:\Windows\System32\browcli.dll
19:03:27.0425 4424 C:\Windows\System32\browcli.dll - ok
19:03:27.0441 4424 [ 28142AAF1565736CE0E5D7EFCE3CC0F8 ] C:\Windows\System32\schedcli.dll
19:03:27.0441 4424 C:\Windows\System32\schedcli.dll - ok
19:03:27.0441 4424 [ 60BE2CEC0D95BB135D4452F39AAC6805 ] C:\Program Files (x86)\Steam\bin\libcef.dll
19:03:27.0441 4424 C:\Program Files (x86)\Steam\bin\libcef.dll - ok
19:03:27.0441 4424 [ 8B886A0AC14EAA8599142887991A5A2E ] C:\Windows\System32\imapi2.dll
19:03:27.0441 4424 C:\Windows\System32\imapi2.dll - ok
19:03:27.0441 4424 [ B145D7147350E04983FD01CA83B59139 ] C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll
19:03:27.0441 4424 C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll - ok
19:03:27.0441 4424 [ D436FF2CBB5653E376A65F7A8874AC04 ] C:\Windows\SysWOW64\d3d11.dll
19:03:27.0441 4424 C:\Windows\SysWOW64\d3d11.dll - ok
19:03:27.0441 4424 [ 045D0F4F41CA53D4CB22BDC814A22B64 ] C:\Program Files (x86)\Steam\bin\icudt.dll
19:03:27.0441 4424 C:\Program Files (x86)\Steam\bin\icudt.dll - ok
19:03:27.0441 4424 [ 9F9B0AD8804ECFF8CBD279992DCF7210 ] C:\Windows\SysWOW64\DWrite.dll
19:03:27.0441 4424 C:\Windows\SysWOW64\DWrite.dll - ok
19:03:27.0441 4424 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
19:03:27.0441 4424 C:\Windows\System32\AltTab.dll - ok
19:03:27.0456 4424 [ AB01C36BCC34CCFE5B0BB5FFB2605135 ] C:\Windows\System32\WPDShServiceObj.dll
19:03:27.0456 4424 C:\Windows\System32\WPDShServiceObj.dll - ok
19:03:27.0456 4424 [ 18ACB6C886B828EFC64C5A2974B7FB20 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll
19:03:27.0456 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll - ok
19:03:27.0456 4424 [ DD76301614636306414EFA94A9AC5A03 ] C:\Windows\SysWOW64\dxgi.dll
19:03:27.0456 4424 C:\Windows\SysWOW64\dxgi.dll - ok
19:03:27.0456 4424 [ FF42A14203138B2302718483F6907D90 ] C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
19:03:27.0456 4424 C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll - ok
19:03:27.0456 4424 [ AD31942BDF3D594C404874613BC2FE4D ] C:\Windows\System32\SearchIndexer.exe
19:03:27.0456 4424 C:\Windows\System32\SearchIndexer.exe - ok
19:03:27.0456 4424 [ BBA1FE328CEA501FCCE1E5DF16276439 ] C:\Program Files (x86)\Steam\bin\avcodec-53.dll
19:03:27.0456 4424 C:\Program Files (x86)\Steam\bin\avcodec-53.dll - ok
19:03:27.0456 4424 [ 2A8B8A15A58EDF3B443083EC29894E54 ] C:\Program Files (x86)\Steam\bin\avutil-51.dll
19:03:27.0456 4424 C:\Program Files (x86)\Steam\bin\avutil-51.dll - ok
19:03:27.0456 4424 [ C5CCB86CD745746B9908031A54315F90 ] C:\Program Files (x86)\Steam\bin\avformat-53.dll
19:03:27.0456 4424 C:\Program Files (x86)\Steam\bin\avformat-53.dll - ok
19:03:27.0472 4424 [ F11298612DA8DE7D027CB915802BF382 ] C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll
19:03:27.0472 4424 C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll - ok
19:03:27.0472 4424 [ F87A7BB428E4AC68D348DF600F1EA1A2 ] C:\Windows\System32\tquery.dll
19:03:27.0472 4424 C:\Windows\System32\tquery.dll - ok
19:03:27.0472 4424 [ 7C27F5AD651035A99AA84CCF0F6E9B43 ] C:\Program Files (x86)\OpenOffice.org 3\program\saxmi.dll
19:03:27.0472 4424 C:\Program Files (x86)\OpenOffice.org 3\program\saxmi.dll - ok
19:03:27.0472 4424 [ 7C21AE98DF248812E2CE18371EB8800D ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll
19:03:27.0472 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll - ok
19:03:27.0472 4424 [ B5088A34882FB5B43851C31020E9B917 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
19:03:27.0472 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll - ok
19:03:27.0472 4424 [ FD4F95ABDE5603478C929B6CB0BDCFFF ] C:\Windows\System32\pnidui.dll
19:03:27.0472 4424 C:\Windows\System32\pnidui.dll - ok
19:03:27.0472 4424 [ 3C775BACCBE687D9461C24137675C8CE ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll
19:03:27.0472 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll - ok
19:03:27.0472 4424 [ 55AC17D1DDE2AC4833AA173DC63A1A59 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll
19:03:27.0472 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll - ok
19:03:27.0487 4424 [ F386B3DE692195DD097EC3B1DA257695 ] C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll
19:03:27.0487 4424 C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll - ok
19:03:27.0487 4424 [ 3E4F08A13FE8E7C8348CFFA4F4EDD94A ] C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll
19:03:27.0487 4424 C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll - ok
19:03:27.0487 4424 [ 3EDF3F7478494406C00960FC8867447B ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll
19:03:27.0487 4424 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll - ok
19:03:27.0487 4424 [ 7B2AF75C0813FEB2888559DAA4215BA3 ] C:\Windows\SysWOW64\Faultrep.dll
19:03:27.0487 4424 C:\Windows\SysWOW64\Faultrep.dll - ok
19:03:27.0487 4424 [ 78A6501E4E37118C568A606623A275BB ] C:\Windows\System32\mssrch.dll
19:03:27.0487 4424 C:\Windows\System32\mssrch.dll - ok
19:03:27.0487 4424 [ 320A9F47C48BC89390CA1FE3DA9D4FD1 ] C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll
19:03:27.0487 4424 C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll - ok
19:03:27.0487 4424 [ BD03C64C4B1F34D1F330BF6C4AC8113D ] C:\Windows\System32\QUTIL.DLL
19:03:27.0487 4424 C:\Windows\System32\QUTIL.DLL - ok
19:03:27.0487 4424 [ 8A70BFD5A383F2AE9DAAB7E04AD31D3D ] C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll
19:03:27.0487 4424 C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll - ok
19:03:27.0503 4424 [ C3C5B67FF98E1B175A744641E5F77CF9 ] C:\Windows\System32\cscobj.dll
19:03:27.0503 4424 C:\Windows\System32\cscobj.dll - ok
19:03:27.0503 4424 [ 2C5B8A680A90E96B1EC0D6DA0505E685 ] C:\Windows\System32\srchadmin.dll
19:03:27.0503 4424 C:\Windows\System32\srchadmin.dll - ok
19:03:27.0503 4424 [ CE60AB042F6627A736A8A3EFFFBD828F ] C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll
19:03:27.0503 4424 C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll - ok
19:03:27.0503 4424 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
19:03:27.0503 4424 C:\Windows\System32\rasdlg.dll - ok
19:03:27.0503 4424 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
19:03:27.0503 4424 C:\Windows\System32\msidle.dll - ok
19:03:27.0503 4424 [ F7CE11B74529AB6C423FEBF1A407E0FC ] C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll
19:03:27.0503 4424 C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll - ok
19:03:27.0503 4424 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
19:03:27.0503 4424 C:\Windows\System32\mssprxy.dll - ok
19:03:27.0503 4424 [ BB68579E181956E37EB11F9083C01CF3 ] C:\Windows\System32\dot3api.dll
19:03:27.0503 4424 C:\Windows\System32\dot3api.dll - ok
19:03:27.0519 4424 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
19:03:27.0519 4424 C:\Windows\System32\wlanhlp.dll - ok
19:03:27.0519 4424 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
19:03:27.0519 4424 C:\Windows\System32\en-US\tquery.dll.mui - ok
19:03:27.0519 4424 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
19:03:27.0519 4424 C:\Windows\System32\wlanapi.dll - ok
19:03:27.0519 4424 [ D2B0D1C2BE5ECA80387F7CB8626DCAFE ] C:\Windows\System32\onex.dll
19:03:27.0519 4424 C:\Windows\System32\onex.dll - ok
19:03:27.0519 4424 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
19:03:27.0519 4424 C:\Windows\System32\wlanutil.dll - ok
19:03:27.0519 4424 [ BC00505CFDA789ED3BE95D2FF38C4875 ] C:\Windows\System32\FntCache.dll
19:03:27.0519 4424 C:\Windows\System32\FntCache.dll - ok
19:03:27.0519 4424 [ 6941858FD0357D37AABF33D6DF40E520 ] C:\Program Files (x86)\Origin\ssleay32.dll
19:03:27.0519 4424 C:\Program Files (x86)\Origin\ssleay32.dll - ok
19:03:27.0519 4424 [ 524653E9F77067D148F5581B36331B03 ] C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll
19:03:27.0519 4424 C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll - ok
19:03:27.0519 4424 [ 5DE691884C240227B733CC18BBFCA3D8 ] C:\Windows\SysWOW64\netapi32.dll
19:03:27.0519 4424 C:\Windows\SysWOW64\netapi32.dll - ok
19:03:27.0534 4424 [ 7AD12703039056D2A0815F85960E1FA1 ] C:\Windows\SysWOW64\wkscli.dll
19:03:27.0534 4424 C:\Windows\SysWOW64\wkscli.dll - ok
19:03:27.0534 4424 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
19:03:27.0534 4424 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
19:03:27.0534 4424 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
19:03:27.0534 4424 C:\Windows\System32\WWanAPI.dll - ok
19:03:27.0534 4424 [ 738803FFE2404CEFDD6AA134BCB59072 ] C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll
19:03:27.0534 4424 C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll - ok
19:03:27.0534 4424 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
19:03:27.0534 4424 C:\Windows\System32\wwapi.dll - ok
19:03:27.0534 4424 [ 0B9F7D42D745038437FAE70D97F9AD5A ] C:\Windows\System32\QAGENT.DLL
19:03:27.0534 4424 C:\Windows\System32\QAGENT.DLL - ok
19:03:27.0534 4424 [ A83BCA3895A43E48E2CF19C5099A4F2F ] C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll
19:03:27.0534 4424 C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll - ok
19:03:27.0534 4424 [ C71BBB91615EB21556006D37A9CD08E8 ] C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll
19:03:27.0534 4424 C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll - ok
19:03:27.0550 4424 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
19:03:27.0550 4424 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
19:03:27.0550 4424 [ 9BF014C20F91D97055532F2F5496E7BD ] C:\Program Files\Windows Media Player\wmpnetwk.exe
19:03:27.0550 4424 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
19:03:27.0550 4424 [ 92AAF75C3EB344A098DC026BC9DDF42A ] C:\Windows\System32\bthprops.cpl
19:03:27.0550 4424 C:\Windows\System32\bthprops.cpl - ok
19:03:27.0550 4424 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
19:03:27.0550 4424 C:\Windows\System32\wsock32.dll - ok
19:03:27.0550 4424 [ 302B93586DFA480545C320EBA5BA6572 ] C:\Windows\System32\wmdrmdev.dll
19:03:27.0550 4424 C:\Windows\System32\wmdrmdev.dll - ok
19:03:27.0550 4424 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
19:03:27.0550 4424 C:\Windows\System32\drmv2clt.dll - ok
19:03:27.0550 4424 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
19:03:27.0550 4424 C:\Windows\System32\mfplat.dll - ok
19:03:27.0550 4424 [ 399194986B42FE1A2FE40DB98A27C8FB ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv02_64.key
19:03:27.0550 4424 C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv02_64.key - ok
19:03:27.0550 4424 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
19:03:27.0550 4424 C:\Windows\System32\webcheck.dll - ok
19:03:27.0565 4424 [ E6F66F31422C44EDC00D9C9329E7DF60 ] C:\Windows\System32\SyncCenter.dll
19:03:27.0565 4424 C:\Windows\System32\SyncCenter.dll - ok
19:03:27.0565 4424 [ 46EA507EE79269C0272F10BFBE9316C9 ] C:\Windows\System32\upnp.dll
19:03:27.0565 4424 C:\Windows\System32\upnp.dll - ok
19:03:27.0565 4424 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
19:03:27.0565 4424 C:\Windows\System32\ssdpsrv.dll - ok
19:03:27.0565 4424 [ F0AAB2A76A7AF04C70A818E96BAF3E64 ] C:\Windows\System32\hgcpl.dll
19:03:27.0565 4424 C:\Windows\System32\hgcpl.dll - ok
19:03:27.0565 4424 [ 06A7422224D9865A5613710A089987DF ] C:\Windows\System32\provsvc.dll
19:03:27.0565 4424 C:\Windows\System32\provsvc.dll - ok
19:03:27.0565 4424 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
19:03:27.0565 4424 C:\Windows\System32\fdPHost.dll - ok
19:03:27.0565 4424 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
19:03:27.0565 4424 C:\Windows\System32\FDResPub.dll - ok
19:03:27.0565 4424 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
19:03:27.0565 4424 C:\Windows\System32\fdWSD.dll - ok
19:03:27.0581 4424 [ 3DEBA83ECDAF6ED2E72430D238803117 ] C:\Windows\System32\wmp.dll
19:03:27.0581 4424 C:\Windows\System32\wmp.dll - ok
19:03:27.0581 4424 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
19:03:27.0581 4424 C:\Windows\System32\fdSSDP.dll - ok
19:03:27.0581 4424 [ DB8BF64BE3932ADC407505D21C4F2C2C ] C:\Windows\System32\fdProxy.dll
19:03:27.0581 4424 C:\Windows\System32\fdProxy.dll - ok
19:03:27.0581 4424 [ 42EC9065D9BF266ADE924B066C783A56 ] C:\Windows\System32\SearchProtocolHost.exe
19:03:27.0581 4424 C:\Windows\System32\SearchProtocolHost.exe - ok
19:03:27.0581 4424 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
19:03:27.0581 4424 C:\Windows\System32\msshooks.dll - ok
19:03:27.0581 4424 [ 52D56D1013D4F1B99102679314CC5325 ] C:\Windows\System32\SearchFilterHost.exe
19:03:27.0581 4424 C:\Windows\System32\SearchFilterHost.exe - ok
19:03:27.0581 4424 [ 3769462DB8090A43E3071C9AF6F3EBC3 ] C:\Windows\System32\mssvp.dll
19:03:27.0581 4424 C:\Windows\System32\mssvp.dll - ok
19:03:27.0581 4424 [ 2A556E2D703DED03186C596B90AC6869 ] C:\Windows\System32\mapi32.dll
19:03:27.0581 4424 C:\Windows\System32\mapi32.dll - ok
19:03:27.0581 4424 [ 490377569EDE3AA61BAED4A76057C88E ] C:\Program Files (x86)\Origin\imageformats\qsvg4.dll
19:03:27.0581 4424 C:\Program Files (x86)\Origin\imageformats\qsvg4.dll - ok
19:03:27.0597 4424 [ 3205167BA01E2908BED112020D1FD4B8 ] C:\Program Files (x86)\Origin\imageformats\qgif4.dll
19:03:27.0597 4424 C:\Program Files (x86)\Origin\imageformats\qgif4.dll - ok
19:03:27.0597 4424 [ BA7EC41CA58730A485270820F310CD4E ] C:\Windows\System32\NaturalLanguage6.dll
19:03:27.0597 4424 C:\Windows\System32\NaturalLanguage6.dll - ok
19:03:27.0597 4424 [ 781EF5F9691920EE2B1418A9C8A60BEA ] C:\Program Files (x86)\Origin\imageformats\qico4.dll
19:03:27.0597 4424 C:\Program Files (x86)\Origin\imageformats\qico4.dll - ok
19:03:27.0597 4424 [ C3DEBF16EFBA6E314F824E9EFB070507 ] C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll
19:03:27.0597 4424 C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll - ok
19:03:27.0597 4424 [ 999BF933E757906A76C4EA5E547B79C2 ] C:\Program Files (x86)\Origin\imageformats\qmng4.dll
19:03:27.0597 4424 C:\Program Files (x86)\Origin\imageformats\qmng4.dll - ok
19:03:27.0597 4424 [ 61A6934F5A488E19F438EBD4B9C5BB2F ] C:\Program Files (x86)\Origin\imageformats\qtga4.dll
19:03:27.0597 4424 C:\Program Files (x86)\Origin\imageformats\qtga4.dll - ok
19:03:27.0597 4424 [ 3E72AEBDF5FF0E419D292F3C43844F9F ] C:\Program Files (x86)\Origin\imageformats\qtiff4.dll
19:03:27.0597 4424 C:\Program Files (x86)\Origin\imageformats\qtiff4.dll - ok
19:03:27.0597 4424 [ 701D9F5F3F21580936638D5C5F86B460 ] C:\Windows\System32\NlsData0009.dll
19:03:27.0597 4424 C:\Windows\System32\NlsData0009.dll - ok
19:03:27.0612 4424 [ 550BF4ACD6FC3F41DC5A83EF31B9F9B4 ] C:\Windows\System32\wmploc.DLL
19:03:27.0612 4424 C:\Windows\System32\wmploc.DLL - ok
19:03:27.0612 4424 [ 270CBAA170C7905CBA1EA6E94788D44B ] C:\Program Files\Internet Explorer\ieproxy.dll
19:03:27.0612 4424 C:\Program Files\Internet Explorer\ieproxy.dll - ok
19:03:27.0612 4424 [ D7D1DC01D6ADCACEA51017391363F84A ] C:\Program Files (x86)\Steam\steamclient.dll
19:03:27.0612 4424 C:\Program Files (x86)\Steam\steamclient.dll - ok
19:03:27.0612 4424 [ 21894CB605E416D26892DC445507408E ] C:\Windows\SysWOW64\pdh.dll
19:03:27.0612 4424 C:\Windows\SysWOW64\pdh.dll - ok
19:03:27.0612 4424 [ 148A733B93A2AC104280495DA09D3CC2 ] C:\Windows\System32\NlsLexicons0009.dll
19:03:27.0612 4424 C:\Windows\System32\NlsLexicons0009.dll - ok
19:03:27.0612 4424 [ B7E640EEF8A1AB46C75189EAFAB16886 ] C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:03:27.0612 4424 C:\Program Files (x86)\Common Files\Steam\SteamService.exe - ok
19:03:27.0612 4424 [ 2D444C361F758D6CC4B2F51655ECF528 ] C:\Windows\System32\wmpps.dll
19:03:27.0612 4424 C:\Windows\System32\wmpps.dll - ok
19:03:27.0612 4424 [ 1861146A294D61E64B4D9FD057194811 ] C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe
19:03:27.0612 4424 C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe - ok
19:03:27.0612 4424 ============================================================
19:03:27.0612 4424 Scan finished
19:03:27.0612 4424 ============================================================
19:03:27.0628 4416 Detected object count: 1
19:03:27.0628 4416 Actual detected object count: 1
19:09:24.0821 4416 \Device\Harddisk0\DR0\# - copied to quarantine
19:09:24.0821 4416 \Device\Harddisk0\DR0 - copied to quarantine
19:09:24.0858 4416 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:09:24.0860 4416 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:09:24.0863 4416 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:09:24.0867 4416 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:09:24.0880 4416 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:09:24.0887 4416 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:09:24.0888 4416 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:09:24.0888 4416 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:09:24.0889 4416 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:09:24.0891 4416 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:09:24.0892 4416 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:09:24.0893 4416 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:09:24.0893 4416 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:09:24.0894 4416 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:09:24.0904 4416 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:09:24.0906 4416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:09:24.0907 4416 \Device\Harddisk0\DR0 - ok
19:09:24.0980 4416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:09:26.0991 2388 Deinitialize success


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-11 19:12:37
-----------------------------
19:12:37.032 OS Version: Windows x64 6.1.7600
19:12:37.032 Number of processors: 4 586 0x2A07
19:12:37.032 ComputerName: HIGGSFIELD UserName: HexRei
19:12:37.152 Initialize success
19:13:47.881 AVAST engine defs: 12121101
19:14:16.172 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:14:16.175 Disk 0 Vendor: M4-CT128M4SSD2 0309 Size: 122104MB BusType: 3
19:14:16.177 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
19:14:16.179 Disk 1 Vendor: WDC_WD2002FAEX-007BA0 05.01D05 Size: 1907729MB BusType: 3
19:14:16.183 Disk 0 MBR read successfully
19:14:16.186 Disk 0 MBR scan
19:14:16.190 Disk 0 Windows 7 default MBR code
19:14:16.194 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:14:16.199 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
19:14:16.207 Disk 0 scanning C:\Windows\system32\drivers
19:14:18.199 Service scanning
19:14:22.678 Service W32Serv C:\Windows\msisear.exe **INFECTED** Win32:Malware-gen
19:14:23.878 Modules scanning
19:14:23.886 Disk 0 trace - called modules:
19:14:23.893 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:14:23.899 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dc01060]
19:14:23.905 3 CLASSPNP.SYS[fffff8800190443f] -> nt!IofCallDriver -> [0xfffffa800d8b4520]
19:14:23.910 5 ACPI.sys[fffff88000f6d781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800d8ad680]
19:14:24.083 AVAST engine scan C:\Windows
19:14:24.256 File: C:\Windows\msisear.exe **INFECTED** Win32:Malware-gen
19:14:24.593 AVAST engine scan C:\Windows\system32
19:15:22.111 AVAST engine scan C:\Windows\system32\drivers
19:15:24.955 AVAST engine scan C:\Users\HexRei
19:15:36.398 AVAST engine scan C:\ProgramData
19:15:36.404 Scan finished successfully
19:17:35.034 Disk 0 MBR has been saved successfully to "C:\Users\HexRei\Desktop\MBR.dat"
19:17:35.036 The log file has been saved successfully to "C:\Users\HexRei\Desktop\aswMBR.txt"


Still getting the popup, but I think we haven't actually removed what Avast identified yet, right?
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

it should start to get better now

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#13
hexrei

hexrei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok, here's the log output...

ComboFix 12-12-10.01 - HexRei 12/11/2012 21:09:56.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16301.13741 [GMT -8:00]
Running from: c:\users\HexRei\Desktop\ComboFix.exe
Command switches used :: c:\users\HexRei\Desktop\cfscript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-12 to 2012-12-12 )))))))))))))))))))))))))))))))
.
.
2012-12-12 05:16 . 2012-12-12 05:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-12 05:16 . 2012-12-12 05:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-12 05:16 . 2012-12-12 05:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 03:11 . 2012-12-12 03:11 208216 ----a-w- c:\windows\system32\drivers\53184464.sys
2012-12-12 03:09 . 2012-12-12 03:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-12 03:03 . 2012-12-12 03:03 -------- d-----w- c:\users\HexRei\AppData\Local\VirtualStore
2012-12-07 21:48 . 2012-12-07 21:48 304640 ----a-w- c:\windows\msisear.exe
2012-12-05 02:12 . 2012-12-06 20:39 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-05 02:12 . 2012-12-06 20:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-05 02:12 . 2012-12-06 20:39 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-05 02:12 . 2012-12-05 02:12 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-05 02:12 . 2012-12-05 02:12 -------- d-----w- c:\users\HexRei\AppData\Local\PunkBuster
2012-12-05 02:11 . 2012-12-05 02:11 -------- d-----w- c:\programdata\Orbit
2012-12-05 01:37 . 2012-12-07 09:20 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-12-05 01:35 . 2012-12-05 06:08 -------- d-----w- c:\program files (x86)\FarCry 3
2012-12-05 01:32 . 2012-12-05 01:32 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-05 01:32 . 2012-12-05 01:32 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-05 01:32 . 2012-12-05 01:32 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-05 01:32 . 2012-12-05 01:32 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-05 01:32 . 2012-12-05 01:32 -------- d-----w- c:\program files (x86)\OpenAL
2012-12-05 01:25 . 2012-12-05 01:25 -------- d-----w- c:\program files (x86)\Beamdog
2012-12-03 02:14 . 2012-12-03 02:14 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2012-12-02 08:12 . 2012-12-02 08:12 -------- d-----w- c:\users\HexRei\AppData\Local\4A Games
2012-11-24 21:53 . 2012-11-24 21:53 -------- d-----w- c:\users\HexRei\AppData\Local\SKIDROW
2012-11-24 21:15 . 2012-11-24 21:15 -------- d-----w- c:\program files (x86)\SQUARE ENIX
2012-11-22 07:39 . 2012-12-12 03:08 -------- d-----w- c:\users\HexRei\AppData\Roaming\Skype
2012-11-22 07:39 . 2012-11-22 07:39 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-22 07:39 . 2012-11-22 07:39 -------- d-----r- c:\program files (x86)\Skype
2012-11-22 07:39 . 2012-11-22 07:39 -------- d-----w- c:\programdata\Skype
2012-11-17 00:54 . 2012-11-18 22:41 -------- d-----w- c:\program files (x86)\ProcessExplorer
2012-11-17 00:50 . 2012-12-07 01:10 -------- d-----w- c:\program files\Sandboxie
2012-11-15 21:18 . 2012-11-15 21:18 -------- d-----w- c:\program files\CCleaner
2012-11-13 04:44 . 2012-12-10 06:45 -------- d-----w- c:\windows\system32\MpEngineStore
2012-11-13 00:45 . 2012-11-13 00:45 -------- d-----w- c:\users\HexRei\AppData\Roaming\JAM Software
2012-11-13 00:45 . 2012-11-13 00:45 -------- d-----w- c:\program files (x86)\JAM Software
2012-11-12 06:30 . 2012-11-12 06:30 -------- d-----w- c:\users\HexRei\AppData\Local\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 03:10 . 2012-03-08 20:41 25640 ----a-w- c:\windows\gdrv.sys
2012-12-07 01:08 . 2012-06-19 03:12 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-07 01:08 . 2012-03-08 20:36 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 03:54 . 2012-03-16 03:39 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 00:57 . 2012-09-20 00:57 17896 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2012-09-15 19:33 . 2012-09-15 19:33 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-15 19:33 . 2012-08-02 02:09 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-15 19:33 . 2012-03-14 15:14 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe" [2012-06-19 351904]
.
c:\users\HexRei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 cxlmzaoe;cxlmzaoe;c:\windows\system32\drivers\cxlmzaoe.sys [x]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-08-22 57344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-09-14 131912]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-03-08 30528]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-16 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-11 21104]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-16 283200]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 W32Serv;Windows Search Scheduler;c:\windows\msisear.exe [2012-12-07 304640]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 31283336
*NewlyCreated* - 54001735
*NewlyCreated* - 89445915
*NewlyCreated* - ASWMBR
*Deregistered* - 31283336
*Deregistered* - 54001735
*Deregistered* - 89445915
*Deregistered* - aswMBR
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2009-11-25 20:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2009-11-25 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-31 2552320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - ExtSQL: 2012-12-11 00:10; {92b0b569-e26f-498e-a85b-66f765c6962b}; c:\users\HexRei\AppData\Roaming\Mozilla\Firefox\Profiles\xbexrgp0.default\extensions\{92b0b569-e26f-498e-a85b-66f765c6962b}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-22288199.sys
SafeBoot-31283336.sys
AddRemove-Cube Experimental_is1 - c:\program files (x86)\Bethesda Softworks\Fallout 3\unins000.exe
AddRemove-Uplay - c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:50,79,9e,11,2e,6b,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-11 21:17:03
ComboFix-quarantined-files.txt 2012-12-12 05:17
ComboFix2.txt 2012-12-11 21:50
ComboFix3.txt 2012-08-03 17:33
ComboFix4.txt 2012-04-10 23:32
.
Pre-Run: 16,830,525,440 bytes free
Post-Run: 17,133,748,224 bytes free
.
- - End Of File - - FA5DA3394F0157445101EEC762E4084F


Unfortunately popup still happening! this thing is crazy persistent!
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    [2012/12/09 00:08:25 | 000,001,473 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    [resethosts]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

#15
hexrei

hexrei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
File move failed. C:\Windows\SysNative\drivers\etc\hosts scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\HexRei\Desktop\cmd.bat deleted successfully.
C:\Users\HexRei\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: HexRei
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: HexRei
->Flash cache emptied: 23700 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

OTL by OldTimer - Version 3.2.69.0 log created on 12122012_152813

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\drivers\etc\hosts scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Popup still happening :/ Haven't had redirects since yesterday though, those seem fixed :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP