Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Think I have gotten something somewhere [Solved]

Started by mattpreat , Dec 14 2012 04:11 PM

This topic is locked

#1
mattpreat

Posted 14 December 2012 - 04:11 PM

Member

Member
38 posts

Lately my computer has been extremely slow,so im thinking ive gotten some sort of virus that is slowing things down. Normally I Skype and play online games but now whenever i try to load a page while doing this to look up something my call gets dropped and i get disconnected out of the game im playing. This could always just be my terrible internet, but it wasn't this bad before.Also 2 weeks ago or so ive noticed my email was sending messages advertising things to my contacts, so somehow somethings using my email. Ive tried using Malware bytes anti malware to get rid of it but i dont think it did anything.I just finished running a otl quick scan so here it is.

OTL logfile created on: 12/14/2012 1:43:55 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 28.46% Memory free
7.49 Gb Paging File | 4.25 Gb Available in Paging File | 56.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.94 Gb Total Space | 381.35 Gb Free Space | 84.38% Space Free | Partition Type: NTFS
Drive D: | 13.53 Gb Total Space | 1.94 Gb Free Space | 14.32% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 91.85 Mb Free Space | 92.76% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/14 13:43:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL (1).exe
PRC - [2012/10/07 10:56:03 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\java.exe
PRC - [2012/10/03 16:47:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oaui.exe
PRC - [2012/10/03 16:46:04 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\OAsrv.exe
PRC - [2012/10/03 16:42:17 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oahlp.exe
PRC - [2012/10/03 16:41:28 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2010/07/12 14:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/01/26 14:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/04 18:15:15 | 012,456,040 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 18:15:15 | 000,460,904 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 18:15:14 | 004,008,040 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 18:14:29 | 000,587,880 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 18:14:28 | 000,124,520 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 18:14:21 | 000,157,304 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 18:14:20 | 000,275,576 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 18:14:19 | 002,168,952 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/11/02 15:35:33 | 000,193,024 | ---- | M] () -- C:\Users\owner\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
MOD - [2012/11/02 15:35:33 | 000,108,032 | ---- | M] () -- C:\Users\owner\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/10 20:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 10:50:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/01/27 14:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/01/12 15:44:24 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 19:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/03 16:46:04 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012/10/03 16:41:28 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2010/07/12 14:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/10/03 16:49:00 | 000,035,376 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/06/13 07:47:50 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\22198489.sys -- (22198489)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/10 08:32:09 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/10 20:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 19:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/22 13:00:12 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/05 17:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/28 11:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/27 18:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 19:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/08/12 14:52:54 | 000,280,064 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2009/07/22 15:47:06 | 000,199,552 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3)
DRV:64bit: - [2009/07/21 15:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/01/14 14:20:03 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV - [2012/10/03 16:48:59 | 000,040,520 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2012/10/03 16:48:58 | 000,061,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2012/10/03 16:42:23 | 000,062,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{8519594B-D1DB-4927-B020-17B2C833D942}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpl
IE - HKLM\..\SearchScopes\{AD752347-BFEA-4C6F-8513-7E4D1BAB2097}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2680363

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...m/?f=1&a=adknlg
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\HyperCam Toolbar\tbhelper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {F4E7D1B2-FF8B-424F-8811-54EFF7E291C3}
IE - HKCU\..\SearchScopes\{8519594B-D1DB-4927-B020-17B2C833D942}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpl
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=5f78b3e2-ca4f-41cc-b5b9-5d4564b6ac6e&query={searchTerms}
IE - HKCU\..\SearchScopes\{AD752347-BFEA-4C6F-8513-7E4D1BAB2097}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2680363
IE - HKCU\..\SearchScopes\{F4E7D1B2-FF8B-424F-8811-54EFF7E291C3}: "URL" = http://start.funmood...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/04 05:27:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\owner\AppData\Local\PasswordBox\Firefox [2012/11/04 16:20:39 | 000,000,000 | ---D | M]

[2010/09/23 13:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2010/09/23 13:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/03/11 21:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.ca/
CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = http://start.funmood...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.ca/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Skype Click to Call = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: PlayBryte = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnafcdmjnhiobcmehaeakglockogjnfj\1.0_0\

O1 HOSTS File: ([2012/06/14 13:36:50 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63E65799-FD51-4269-9396-3C18653B4EED}: NameServer = 209.91.107.11 209.121.225.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{873F4307-5E1B-4974-A65C-C7355C5EBC85}: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E38CE15D-CC62-41B6-955B-C54C4622D671}: DhcpNameServer = 192.168.0.1 192.168.0.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/10 18:23:23 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\minecraft house
[2012/12/09 15:58:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{CFED528D-4D51-42D0-B953-78830BE314E0}
[2012/12/07 10:58:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{E52E6CD4-F4DA-4B8C-BB84-D708017B9046}
[2012/12/02 08:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/02 08:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/29 14:48:57 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\language arts
[2012/11/28 15:41:03 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{3B06A67D-E058-4171-978B-AE6C37A9DA57}
[2012/11/28 12:54:26 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\science
[2012/11/28 11:45:30 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\social studys
[2012/11/27 12:01:56 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{10453E9C-D75A-4C7F-8FC8-154DE2F82656}
[2012/11/16 13:11:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\TS3Client
[2012/11/16 12:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/08/22 13:32:55 | 000,167,936 | ---- | C] (Alexander Roshal) -- C:\Users\owner\RarExt32.dll
[2012/08/22 13:32:54 | 001,230,848 | ---- | C] (Alexander Roshal) -- C:\Users\owner\WinRAR.exe
[2012/08/22 13:32:54 | 000,196,096 | ---- | C] (Alexander Roshal) -- C:\Users\owner\RarExt.dll
[2012/08/22 13:32:53 | 000,426,496 | ---- | C] (Alexander Roshal) -- C:\Users\owner\Rar.exe
[2012/08/22 13:32:53 | 000,287,744 | ---- | C] (Alexander Roshal) -- C:\Users\owner\UnRAR.exe
[2012/08/22 13:32:53 | 000,135,168 | ---- | C] (Alexander Roshal) -- C:\Users\owner\Uninstall.exe

========== Files - Modified Within 30 Days ==========

[2012/12/14 13:42:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000Core.job
[2012/12/14 13:42:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000UA.job
[2012/12/14 13:10:06 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000UA.job
[2012/12/14 10:50:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/14 10:50:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/14 10:47:48 | 000,725,910 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/14 10:47:48 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/14 10:47:48 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/14 10:42:05 | 000,353,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/14 10:42:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/14 10:41:15 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/13 22:38:53 | 000,000,024 | ---- | M] () -- C:\Users\owner\random.dat
[2012/12/13 22:36:22 | 000,000,023 | ---- | M] () -- C:\Users\owner\jagexappletviewer.preferences
[2012/12/13 22:01:21 | 000,000,032 | ---- | M] () -- C:\Users\owner\jagex_cl_runescape_LIVE.dat
[2012/12/13 16:10:02 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000Core.job
[2012/12/13 11:48:45 | 000,002,487 | ---- | M] () -- C:\Users\owner\Desktop\Google Chrome.lnk
[2012/12/10 18:29:41 | 000,592,571 | ---- | M] () -- C:\Users\owner\Documents\minecraft house.zip
[2012/12/08 10:52:07 | 000,060,075 | ---- | M] () -- C:\Users\owner\Documents\Base123.png
[2012/12/07 21:14:27 | 000,144,415 | ---- | M] () -- C:\Users\owner\Documents\like that.jpg
[2012/12/07 21:13:47 | 001,293,964 | ---- | M] () -- C:\Users\owner\Documents\enrty way.png
[2012/12/04 14:56:14 | 000,070,208 | ---- | M] () -- C:\Users\owner\Documents\6e8c42ae48ebaa7f155e18636f83.jpg
[2012/12/02 09:39:09 | 000,001,863 | ---- | M] () -- C:\Users\owner\Documents\proper cow skin.png
[2012/12/02 09:31:23 | 000,001,388 | ---- | M] () -- C:\Users\owner\Documents\cow skin.png
[2012/12/02 08:31:20 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/01 19:31:44 | 000,000,248 | ---- | M] () -- C:\Users\owner\Documents\Matts skin
[2012/12/01 17:19:09 | 000,306,430 | ---- | M] () -- C:\Users\owner\Documents\MineLittlePony1_4_5_1.zip
[2012/11/19 10:39:16 | 000,241,956 | ---- | M] () -- C:\Users\owner\Documents\[1.4.4]ReiMinimap_v3.2_05.zip
[2012/11/19 10:33:07 | 000,185,718 | ---- | M] () -- C:\Users\owner\Documents\ModLoader.zip
[2012/11/19 10:24:50 | 000,328,586 | ---- | M] () -- C:\Users\owner\Documents\OptiFine_1.4.4_HD_U_D2.zip
[2012/11/16 12:59:16 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

========== Files Created - No Company Name ==========

[2012/12/13 23:23:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/13 23:12:10 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/10 18:29:40 | 000,592,571 | ---- | C] () -- C:\Users\owner\Documents\minecraft house.zip
[2012/12/08 10:52:04 | 000,060,075 | ---- | C] () -- C:\Users\owner\Documents\Base123.png
[2012/12/07 21:14:23 | 000,144,415 | ---- | C] () -- C:\Users\owner\Documents\like that.jpg
[2012/12/07 21:13:22 | 001,293,964 | ---- | C] () -- C:\Users\owner\Documents\enrty way.png
[2012/12/04 14:56:12 | 000,070,208 | ---- | C] () -- C:\Users\owner\Documents\6e8c42ae48ebaa7f155e18636f83.jpg
[2012/12/02 09:39:09 | 000,001,863 | ---- | C] () -- C:\Users\owner\Documents\proper cow skin.png
[2012/12/02 09:31:21 | 000,001,388 | ---- | C] () -- C:\Users\owner\Documents\cow skin.png
[2012/12/01 19:31:35 | 000,000,248 | ---- | C] () -- C:\Users\owner\Documents\Matts skin
[2012/12/01 17:18:51 | 000,306,430 | ---- | C] () -- C:\Users\owner\Documents\MineLittlePony1_4_5_1.zip
[2012/11/19 10:39:15 | 000,241,956 | ---- | C] () -- C:\Users\owner\Documents\[1.4.4]ReiMinimap_v3.2_05.zip
[2012/11/19 10:33:06 | 000,185,718 | ---- | C] () -- C:\Users\owner\Documents\ModLoader.zip
[2012/11/19 10:24:47 | 000,328,586 | ---- | C] () -- C:\Users\owner\Documents\OptiFine_1.4.4_HD_U_D2.zip
[2012/11/16 12:59:16 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/10/14 15:39:12 | 000,000,023 | ---- | C] () -- C:\Users\owner\jagexappletviewer.preferences
[2012/08/22 13:33:06 | 000,000,022 | ---- | C] () -- C:\Users\owner\zipnew.dat
[2012/08/22 13:33:06 | 000,000,020 | ---- | C] () -- C:\Users\owner\rarnew.dat
[2012/08/22 13:32:57 | 000,101,888 | ---- | C] () -- C:\Users\owner\Zip64.SFX
[2012/08/22 13:32:56 | 000,132,096 | ---- | C] () -- C:\Users\owner\Default64.SFX
[2012/08/22 13:32:56 | 000,098,304 | ---- | C] () -- C:\Users\owner\WinCon64.SFX
[2012/08/22 13:32:55 | 000,081,920 | ---- | C] () -- C:\Users\owner\Zip.SFX
[2012/08/22 13:32:54 | 000,279,458 | ---- | C] () -- C:\Users\owner\WinRAR.chm
[2012/08/22 13:32:54 | 000,101,376 | ---- | C] () -- C:\Users\owner\Default.SFX
[2012/08/22 13:32:54 | 000,075,264 | ---- | C] () -- C:\Users\owner\WinCon.SFX
[2012/08/22 13:32:53 | 000,003,266 | ---- | C] () -- C:\Users\owner\Order.htm
[2012/08/22 13:32:53 | 000,001,233 | ---- | C] () -- C:\Users\owner\RarFiles.lst
[2012/08/22 13:32:53 | 000,001,016 | ---- | C] () -- C:\Users\owner\Descript.ion
[2012/08/22 13:32:53 | 000,000,686 | ---- | C] () -- C:\Users\owner\Uninstall.lst
[2012/08/22 13:32:53 | 000,000,487 | ---- | C] () -- C:\Users\owner\File_Id.diz
[2012/08/01 20:58:12 | 000,062,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2012/08/01 20:58:11 | 000,061,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2012/07/02 10:48:37 | 000,741,920 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/26 10:25:06 | 000,000,049 | ---- | C] () -- C:\Users\owner\jagex_cl_runescape_LIVE_BETA.dat
[2012/06/26 10:25:06 | 000,000,024 | ---- | C] () -- C:\Users\owner\random.dat
[2012/04/08 10:56:42 | 003,104,268 | ---- | C] () -- C:\Users\owner\AppData\Roaming\RSBot.db
[2011/11/05 10:15:44 | 000,000,045 | ---- | C] () -- C:\Users\owner\jagex_cl_runescape_LIVE1.dat
[2011/10/25 09:25:38 | 000,000,032 | ---- | C] () -- C:\Users\owner\jagex_cl_runescape_LIVE.dat
[2011/10/21 09:54:30 | 000,000,005 | ---- | C] () -- C:\Users\owner\AppData\Roaming\RSBuddy Login.ini
[2011/05/17 06:51:36 | 000,000,232 | ---- | C] () -- C:\Users\owner\AppData\Roaming\fixpermissions.bat
[2011/05/16 18:03:49 | 000,000,620 | ---- | C] () -- C:\Users\owner\AppData\Roaming\RSBuddy_mafoo.ini
[2011/04/18 17:03:36 | 000,000,154 | ---- | C] () -- C:\Users\owner\AppData\Roaming\RSBot_Accounts.ini
[2010/09/30 13:16:45 | 000,000,732 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2010/08/16 06:04:04 | 000,000,000 | ---- | C] () -- C:\Users\owner\jagex__preferences3.dat
[2010/08/16 06:04:03 | 000,000,129 | ---- | C] () -- C:\Users\owner\jagex_runescape_preferences2.dat
[2010/08/16 06:01:26 | 000,000,046 | ---- | C] () -- C:\Users\owner\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/14 11:12:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.minecraft
[2012/09/09 17:12:07 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.techniclauncher
[2011/09/13 21:16:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FrostWire
[2010/10/04 12:52:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\LimeWire
[2012/08/01 21:03:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OnlineArmor
[2012/01/26 20:31:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ooVoo Details
[2011/03/27 11:16:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Sierra Wireless
[2012/10/27 15:22:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\skyz
[2010/10/13 11:25:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SpinTop
[2010/09/30 13:18:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template
[2012/11/16 19:06:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TS3Client
[2010/10/04 12:54:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TuneAid
[2010/12/06 09:42:07 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:57DC3B52

< End of report >

#2
gringo_pr

Posted 16 December 2012 - 01:30 AM

Trusted Helper

Malware Removal
7,268 posts

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

Download & SAVE to your Desktop RogueKiller or from here
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

Gringo

#3
mattpreat

Posted 16 December 2012 - 07:03 PM

Member

Topic Starter
Member
38 posts

Okay i think ive finished that all. Here is the logs for everything ive done

security check log:
Results of screen317's Security Check version 0.99.56
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 22.0.1229.96
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

ADwcleaner log:
# AdwCleaner v2.101 - Logfile created 12/16/2012 at 17:35:32
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\owner\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
File Deleted : C:\Users\owner\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\HyperCam Toolbar
Folder Deleted : C:\Program Files (x86)\iBryte
Folder Deleted : C:\Program Files (x86)\PricePeep
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\owner\AppData\Local\OpenCandy
Folder Deleted : C:\Users\owner\AppData\LocalLow\iBryte
Folder Deleted : C:\Users\owner\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\SMTTB2009
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2680363
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKU\S-1-5-21-1224556315-3845430375-3325294813-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

-\\ Google Chrome v23.0.1271.97

File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.63] : keyword = "funmoods",
Deleted [l.66] : search_url = "hxxp://start.funmoods.com/results.php?f=4&a=adknlg&q={searchTerms}",

*************************

AdwCleaner[S1].txt - [10908 octets] - [16/12/2012 17:35:32]

########## EOF - C:\AdwCleaner[S1].txt - [10969 octets] ##########

rogue killer report:
RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : owner [Admin rights]
Mode : Remove -- Date : 12/16/2012 17:58:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\22198489 (C:\Windows\system32\DRIVERS\22198489.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\22198489 (C:\Windows\system32\DRIVERS\22198489.sys) -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{63E65799-FD51-4269-9396-3C18653B4EED} : NameServer (209.91.107.11 209.121.225.11�ㅼ) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{63E65799-FD51-4269-9396-3C18653B4EED} : NameServer (209.91.107.11 209.121.225.11�ㅼ) -> NOT REMOVED, USE DNSFIX
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> ERROR [0x5]
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5056GSY SATA Disk Device +++++
--- User ---
[MBR] d3bdb2ad27b8fca4f6fa2bfd349d117b
[BSP] 6c947e747f8e9823e0621a6586749e4f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 462785 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948193280 | Size: 13851 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] a6881ca3379e03dd9fc948086b1e10dc
[BSP] 050737754d512212158d25e8fb870cc6 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 69632 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 143015936 | Size: 400 Mo

Finished : << RKreport[2]_D_12162012_02d1758.txt >>
RKreport[1]_S_12162012_02d1757.txt ; RKreport[2]_D_12162012_02d1758.txt

#4
gringo_pr

Posted 16 December 2012 - 07:12 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

#5
mattpreat

Posted 18 December 2012 - 11:11 AM

Member

Topic Starter
Member
38 posts

Okay so ive gotten that done. The computer is acting normal, still pretty slow though but i havent figured out whats causing that yet, as it could just be my internet connection. So far everything has gone good, through trying to get rid of whatevers on my computer i still could do schoolwork that i need to use my computer for so nothing has gone wrong and the computer is still workable.

Heres the Combofix log:

ComboFix 12-12-17.02 - owner 18/12/2012 9:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3835.2407 [GMT -7:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\owner\AppData\Roaming\RSBot.db
c:\users\owner\Default.SFX
c:\users\owner\Default64.SFX
c:\users\owner\WinCon.SFX
c:\users\owner\WinCon64.SFX
c:\users\owner\WINDOWS
c:\users\owner\WINDOWS\crc32.crc
c:\users\owner\Zip.SFX
c:\users\owner\Zip64.SFX
.
.
((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))
.
.
2012-12-18 16:38 . 2012-12-18 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-18 15:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DDE3ED5B-35D6-447E-98CE-766E1B01A205}\mpengine.dll
2012-12-16 17:29 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-15 22:27 . 2012-12-15 22:29 -------- d-----w- c:\users\owner\NearRealityCache134
2012-12-14 06:23 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-14 06:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-14 06:23 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-14 06:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-14 06:13 . 2012-11-14 06:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-12-14 06:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-14 06:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-14 06:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-14 06:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-14 06:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-14 06:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-14 06:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 18:26 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 18:26 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 18:25 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 18:25 . 2012-11-05 14:17 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 18:25 . 2012-11-05 14:03 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 18:25 . 2012-11-05 16:25 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 18:25 . 2012-11-05 14:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 18:23 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 18:23 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-13 18:23 . 2012-09-06 17:38 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 18:23 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2012-12-13 18:23 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-12-02 15:31 . 2012-12-02 15:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-02 02:36 . 2012-12-02 02:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-12-02 02:36 . 2012-12-02 02:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-12-02 02:35 . 2012-12-02 02:35 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-28 17:19 . 2012-11-28 17:18 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31DB4E04-7DE5-4DA7-B961-51DC99F5EF98}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 22:58 . 2010-08-16 08:16 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 21:20 . 2012-12-13 18:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-12-13 18:23 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-12-13 18:23 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-07 17:56 . 2012-10-07 17:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-07 17:56 . 2012-08-02 00:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-07 17:56 . 2010-08-16 12:39 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-04 16:45 . 2012-12-13 18:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 16:59 . 2012-07-04 01:50 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 01:54 . 2012-08-25 17:02 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-22 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-08-12 280064]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-07-22 199552]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-12-15 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-16 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-11 202752]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-12 92216]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 16:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000Core.job
- c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-28 22:05]
.
2012-12-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000UA.job
- c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-28 22:05]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-16 12:33]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-16 12:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{63E65799-FD51-4269-9396-3C18653B4EED}: NameServer = 209.91.107.11 209.121.225.11
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-HyperCam Toolbar - c:\program files (x86)\HyperCam Toolbar\UninstallToolbar.exe
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-18 09:55:03
ComboFix-quarantined-files.txt 2012-12-18 16:54
.
Pre-Run: 409,465,040,896 bytes free
Post-Run: 409,705,705,472 bytes free
.
- - End Of File - - 43FB48D958D04B91978F28E022BFCB77

#6
gringo_pr

Posted 18 December 2012 - 01:24 PM

Trusted Helper

Malware Removal
7,268 posts

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#7
mattpreat

Posted 18 December 2012 - 03:39 PM

Member

Topic Starter
Member
38 posts

Heres the tdsskiller log, ill have the aswmbr scan done and will post the log for that in a minute.

14:30:57.0513 3488 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:30:58.0215 3488 ============================================================
14:30:58.0215 3488 Current date / time: 2012/12/18 14:30:58.0215
14:30:58.0215 3488 SystemInfo:
14:30:58.0215 3488
14:30:58.0215 3488 OS Version: 6.1.7600 ServicePack: 0.0
14:30:58.0215 3488 Product type: Workstation
14:30:58.0215 3488 ComputerName: OWNER-PC
14:30:58.0215 3488 UserName: owner
14:30:58.0215 3488 Windows directory: C:\Windows
14:30:58.0215 3488 System windows directory: C:\Windows
14:30:58.0215 3488 Running under WOW64
14:30:58.0215 3488 Processor architecture: Intel x64
14:30:58.0215 3488 Number of processors: 2
14:30:58.0215 3488 Page size: 0x1000
14:30:58.0215 3488 Boot type: Normal boot
14:30:58.0215 3488 ============================================================
14:31:00.0898 3488 BG loaded
14:31:01.0632 3488 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:31:01.0788 3488 ============================================================
14:31:01.0788 3488 \Device\Harddisk0\DR0:
14:31:01.0788 3488 MBR partitions:
14:31:01.0788 3488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:31:01.0788 3488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x387E0800
14:31:01.0788 3488 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38844800, BlocksNum 0x1B0D800
14:31:01.0788 3488 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
14:31:01.0788 3488 ============================================================
14:31:01.0819 3488 C: <-> \Device\Harddisk0\DR0\Partition2
14:31:01.0866 3488 D: <-> \Device\Harddisk0\DR0\Partition3
14:31:01.0897 3488 E: <-> \Device\Harddisk0\DR0\Partition4
14:31:01.0897 3488 ============================================================
14:31:01.0897 3488 Initialize success
14:31:01.0897 3488 ============================================================
14:34:24.0337 2252 ============================================================
14:34:24.0337 2252 Scan started
14:34:24.0337 2252 Mode: Manual; SigCheck; TDLFS;
14:34:24.0337 2252 ============================================================
14:34:25.0475 2252 ================ Scan system memory ========================
14:34:25.0475 2252 System memory - ok
14:34:25.0475 2252 ================ Scan services =============================
14:34:25.0616 2252 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:34:25.0756 2252 1394ohci - ok
14:34:25.0787 2252 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
14:34:25.0819 2252 ACPI - ok
14:34:25.0834 2252 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
14:34:25.0897 2252 AcpiPmi - ok
14:34:25.0928 2252 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:34:25.0959 2252 adp94xx - ok
14:34:25.0990 2252 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:34:26.0021 2252 adpahci - ok
14:34:26.0053 2252 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:34:26.0084 2252 adpu320 - ok
14:34:26.0115 2252 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:34:26.0240 2252 AeLookupSvc - ok
14:34:26.0302 2252 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:34:26.0318 2252 AERTFilters - ok
14:34:26.0365 2252 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
14:34:26.0443 2252 AFD - ok
14:34:26.0505 2252 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
14:34:26.0567 2252 AgereModemAudio - ok
14:34:26.0599 2252 [ C98356D813B581E9C425B42A5D146CE0 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
14:34:26.0661 2252 AgereSoftModem - ok
14:34:26.0708 2252 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
14:34:26.0739 2252 agp440 - ok
14:34:26.0770 2252 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:34:26.0848 2252 ALG - ok
14:34:26.0879 2252 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
14:34:26.0911 2252 aliide - ok
14:34:26.0926 2252 [ 0DE7BF2A2E64A841F9ABF9558870D9C4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:34:27.0020 2252 AMD External Events Utility - ok
14:34:27.0035 2252 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
14:34:27.0067 2252 amdide - ok
14:34:27.0082 2252 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:34:27.0160 2252 AmdK8 - ok
14:34:27.0301 2252 [ F284DA3156166B45D02ACC3C228ADE1E ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
14:34:27.0410 2252 amdkmdag - ok
14:34:27.0457 2252 [ 91E1DAF0193BD2AB90B1B35C987237FE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:34:27.0503 2252 amdkmdap - ok
14:34:27.0535 2252 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:34:27.0581 2252 AmdPPM - ok
14:34:27.0613 2252 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
14:34:27.0644 2252 amdsata - ok
14:34:27.0691 2252 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:34:27.0706 2252 amdsbs - ok
14:34:27.0722 2252 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
14:34:27.0737 2252 amdxata - ok
14:34:27.0784 2252 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
14:34:27.0878 2252 AppID - ok
14:34:27.0893 2252 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:34:27.0956 2252 AppIDSvc - ok
14:34:27.0987 2252 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
14:34:28.0034 2252 Appinfo - ok
14:34:28.0112 2252 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:34:28.0127 2252 Apple Mobile Device - ok
14:34:28.0190 2252 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:34:28.0221 2252 arc - ok
14:34:28.0237 2252 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:34:28.0268 2252 arcsas - ok
14:34:28.0299 2252 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:34:28.0393 2252 AsyncMac - ok
14:34:28.0424 2252 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
14:34:28.0439 2252 atapi - ok
14:34:28.0486 2252 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
14:34:28.0549 2252 AtiHdmiService - ok
14:34:28.0564 2252 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:34:28.0595 2252 AtiPcie - ok
14:34:28.0627 2252 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:34:28.0705 2252 AudioEndpointBuilder - ok
14:34:28.0720 2252 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:34:28.0783 2252 AudioSrv - ok
14:34:28.0798 2252 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:34:28.0892 2252 AxInstSV - ok
14:34:28.0923 2252 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:34:29.0001 2252 b06bdrv - ok
14:34:29.0032 2252 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:34:29.0110 2252 b57nd60a - ok
14:34:29.0188 2252 [ 6C95DD14CFD30B0617B91DC6A0B1A1FB ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
14:34:29.0266 2252 BCM43XX - ok
14:34:29.0282 2252 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:34:29.0329 2252 BDESVC - ok
14:34:29.0344 2252 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:34:29.0438 2252 Beep - ok
14:34:29.0469 2252 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
14:34:29.0563 2252 BFE - ok
14:34:29.0609 2252 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
14:34:29.0687 2252 BITS - ok
14:34:29.0719 2252 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:34:29.0750 2252 blbdrive - ok
14:34:29.0812 2252 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:34:29.0843 2252 Bonjour Service - ok
14:34:29.0859 2252 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:34:29.0937 2252 bowser - ok
14:34:29.0953 2252 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:34:29.0999 2252 BrFiltLo - ok
14:34:30.0015 2252 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:34:30.0046 2252 BrFiltUp - ok
14:34:30.0093 2252 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:34:30.0155 2252 BridgeMP - ok
14:34:30.0202 2252 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
14:34:30.0233 2252 Browser - ok
14:34:30.0249 2252 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:34:30.0311 2252 Brserid - ok
14:34:30.0343 2252 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:34:30.0374 2252 BrSerWdm - ok
14:34:30.0389 2252 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:34:30.0436 2252 BrUsbMdm - ok
14:34:30.0467 2252 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:34:30.0499 2252 BrUsbSer - ok
14:34:30.0514 2252 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:34:30.0545 2252 BTHMODEM - ok
14:34:30.0577 2252 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:34:30.0655 2252 bthserv - ok
14:34:30.0701 2252 catchme - ok
14:34:30.0717 2252 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:34:30.0779 2252 cdfs - ok
14:34:30.0826 2252 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:34:30.0873 2252 cdrom - ok
14:34:30.0904 2252 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
14:34:30.0967 2252 CertPropSvc - ok
14:34:30.0998 2252 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:34:31.0029 2252 circlass - ok
14:34:31.0045 2252 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:34:31.0076 2252 CLFS - ok
14:34:31.0138 2252 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:34:31.0154 2252 clr_optimization_v2.0.50727_32 - ok
14:34:31.0201 2252 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:34:31.0216 2252 clr_optimization_v2.0.50727_64 - ok
14:34:31.0294 2252 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:34:31.0357 2252 clr_optimization_v4.0.30319_32 - ok
14:34:31.0388 2252 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:34:31.0403 2252 clr_optimization_v4.0.30319_64 - ok
14:34:31.0435 2252 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:34:31.0466 2252 CmBatt - ok
14:34:31.0481 2252 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
14:34:31.0513 2252 cmdide - ok
14:34:31.0544 2252 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
14:34:31.0575 2252 CNG - ok
14:34:31.0591 2252 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:34:31.0622 2252 Compbatt - ok
14:34:31.0637 2252 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:34:31.0669 2252 CompositeBus - ok
14:34:31.0684 2252 COMSysApp - ok
14:34:31.0715 2252 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:34:31.0747 2252 crcdisk - ok
14:34:31.0778 2252 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:34:31.0856 2252 CryptSvc - ok
14:34:31.0887 2252 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:34:31.0949 2252 DcomLaunch - ok
14:34:31.0996 2252 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:34:32.0043 2252 defragsvc - ok
14:34:32.0074 2252 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:34:32.0137 2252 DfsC - ok
14:34:32.0168 2252 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
14:34:32.0246 2252 Dhcp - ok
14:34:32.0277 2252 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:34:32.0324 2252 discache - ok
14:34:32.0371 2252 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:34:32.0386 2252 Disk - ok
14:34:32.0417 2252 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:34:32.0449 2252 Dnscache - ok
14:34:32.0480 2252 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
14:34:32.0558 2252 dot3svc - ok
14:34:32.0573 2252 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
14:34:32.0636 2252 DPS - ok
14:34:32.0667 2252 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:34:32.0698 2252 drmkaud - ok
14:34:32.0745 2252 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:34:32.0776 2252 DXGKrnl - ok
14:34:32.0807 2252 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:34:32.0870 2252 EapHost - ok
14:34:32.0963 2252 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:34:33.0057 2252 ebdrv - ok
14:34:33.0104 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
14:34:33.0151 2252 EFS - ok
14:34:33.0213 2252 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:34:33.0275 2252 ehRecvr - ok
14:34:33.0291 2252 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:34:33.0338 2252 ehSched - ok
14:34:33.0385 2252 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:34:33.0416 2252 elxstor - ok
14:34:33.0431 2252 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
14:34:33.0463 2252 ErrDev - ok
14:34:33.0525 2252 esgiguard - ok
14:34:33.0572 2252 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:34:33.0634 2252 EventSystem - ok
14:34:33.0650 2252 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:34:33.0712 2252 exfat - ok
14:34:33.0743 2252 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:34:33.0821 2252 fastfat - ok
14:34:33.0868 2252 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
14:34:33.0931 2252 Fax - ok
14:34:33.0962 2252 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:34:33.0993 2252 fdc - ok
14:34:34.0024 2252 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:34:34.0071 2252 fdPHost - ok
14:34:34.0087 2252 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:34:34.0133 2252 FDResPub - ok
14:34:34.0149 2252 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:34:34.0180 2252 FileInfo - ok
14:34:34.0196 2252 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:34:34.0258 2252 Filetrace - ok
14:34:34.0289 2252 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:34:34.0321 2252 flpydisk - ok
14:34:34.0336 2252 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:34:34.0367 2252 FltMgr - ok
14:34:34.0414 2252 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
14:34:34.0492 2252 FontCache - ok
14:34:34.0523 2252 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:34:34.0539 2252 FontCache3.0.0.0 - ok
14:34:34.0555 2252 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:34:34.0586 2252 FsDepends - ok
14:34:34.0617 2252 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
14:34:34.0633 2252 fssfltr - ok
14:34:34.0726 2252 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:34:34.0773 2252 fsssvc - ok
14:34:34.0804 2252 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:34:34.0820 2252 Fs_Rec - ok
14:34:34.0851 2252 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:34:34.0882 2252 fvevol - ok
14:34:34.0913 2252 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:34:34.0945 2252 gagp30kx - ok
14:34:34.0976 2252 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:34:34.0991 2252 GEARAspiWDM - ok
14:34:35.0023 2252 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
14:34:35.0069 2252 gpsvc - ok
14:34:35.0085 2252 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:34:35.0147 2252 hcw85cir - ok
14:34:35.0194 2252 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:34:35.0257 2252 HdAudAddService - ok
14:34:35.0257 2252 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:34:35.0303 2252 HDAudBus - ok
14:34:35.0319 2252 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:34:35.0350 2252 HidBatt - ok
14:34:35.0475 2252 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:34:35.0522 2252 HidBth - ok
14:34:35.0537 2252 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:34:35.0600 2252 HidIr - ok
14:34:35.0631 2252 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:34:35.0693 2252 hidserv - ok
14:34:35.0740 2252 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:34:35.0787 2252 HidUsb - ok
14:34:35.0818 2252 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:34:35.0881 2252 hkmsvc - ok
14:34:35.0927 2252 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:34:35.0990 2252 HomeGroupListener - ok
14:34:36.0037 2252 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:34:36.0068 2252 HomeGroupProvider - ok
14:34:36.0146 2252 [ 3F4ADD4196E2B860019539837BE305F9 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:34:36.0161 2252 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:34:36.0161 2252 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
14:34:36.0208 2252 [ 9ABD12FCE4A62905731C286BB1D66789 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
14:34:36.0239 2252 HP Wireless Assistant Service - ok
14:34:36.0255 2252 [ C7A62D20DC8E7790BA2E788F88377AE4 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:34:36.0271 2252 HPDrvMntSvc.exe - ok
14:34:36.0302 2252 [ E91BFC73B5874484886BC7D0E402ECD8 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:34:36.0333 2252 hpqwmiex - ok
14:34:36.0364 2252 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
14:34:36.0395 2252 HpSAMD - ok
14:34:36.0411 2252 [ DDD6EB8C32AAF5797D71413F2FC7A00F ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:34:36.0458 2252 HPWMISVC ( UnsignedFile.Multi.Generic ) - warning
14:34:36.0458 2252 HPWMISVC - detected UnsignedFile.Multi.Generic (1)
14:34:36.0505 2252 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:34:36.0567 2252 HTTP - ok
14:34:36.0583 2252 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:34:36.0598 2252 hwpolicy - ok
14:34:36.0629 2252 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:34:36.0661 2252 i8042prt - ok
14:34:36.0692 2252 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:34:36.0723 2252 iaStorV - ok
14:34:36.0754 2252 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:34:36.0801 2252 idsvc - ok
14:34:36.0910 2252 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:34:37.0035 2252 igfx - ok
14:34:37.0066 2252 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:34:37.0082 2252 iirsp - ok
14:34:37.0129 2252 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
14:34:37.0191 2252 IKEEXT - ok
14:34:37.0253 2252 [ A3BCBD0F710580A07D1B929D787D36CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:34:37.0316 2252 IntcAzAudAddService - ok
14:34:37.0331 2252 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
14:34:37.0363 2252 intelide - ok
14:34:37.0378 2252 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:34:37.0409 2252 intelppm - ok
14:34:37.0441 2252 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:34:37.0487 2252 IPBusEnum - ok
14:34:37.0503 2252 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:34:37.0581 2252 IpFilterDriver - ok
14:34:37.0612 2252 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:34:37.0675 2252 iphlpsvc - ok
14:34:37.0690 2252 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:34:37.0737 2252 IPMIDRV - ok
14:34:37.0753 2252 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:34:37.0815 2252 IPNAT - ok
14:34:37.0877 2252 [ 3D62FE4FEFE9C67DAFEC52B534DFA1FB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:34:37.0909 2252 iPod Service - ok
14:34:37.0924 2252 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:34:37.0955 2252 IRENUM - ok
14:34:37.0971 2252 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
14:34:37.0987 2252 isapnp - ok
14:34:38.0018 2252 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:34:38.0049 2252 iScsiPrt - ok
14:34:38.0080 2252 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:34:38.0096 2252 kbdclass - ok
14:34:38.0127 2252 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:34:38.0158 2252 kbdhid - ok
14:34:38.0189 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
14:34:38.0221 2252 KeyIso - ok
14:34:38.0252 2252 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:34:38.0267 2252 KSecDD - ok
14:34:38.0283 2252 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:34:38.0314 2252 KSecPkg - ok
14:34:38.0330 2252 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:34:38.0392 2252 ksthunk - ok
14:34:38.0423 2252 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:34:38.0486 2252 KtmRm - ok
14:34:38.0517 2252 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:34:38.0564 2252 LanmanServer - ok
14:34:38.0579 2252 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:34:38.0657 2252 LanmanWorkstation - ok
14:34:38.0720 2252 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:34:38.0735 2252 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:34:38.0735 2252 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:34:38.0782 2252 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:34:38.0845 2252 lltdio - ok
14:34:38.0876 2252 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:34:38.0938 2252 lltdsvc - ok
14:34:38.0954 2252 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:34:39.0001 2252 lmhosts - ok
14:34:39.0032 2252 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:34:39.0063 2252 LSI_FC - ok
14:34:39.0079 2252 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:34:39.0094 2252 LSI_SAS - ok
14:34:39.0125 2252 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:34:39.0141 2252 LSI_SAS2 - ok
14:34:39.0157 2252 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:34:39.0188 2252 LSI_SCSI - ok
14:34:39.0219 2252 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:34:39.0281 2252 luafv - ok
14:34:39.0297 2252 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:34:39.0328 2252 Mcx2Svc - ok
14:34:39.0344 2252 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:34:39.0359 2252 megasas - ok
14:34:39.0375 2252 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:34:39.0406 2252 MegaSR - ok
14:34:39.0422 2252 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:34:39.0484 2252 MMCSS - ok
14:34:39.0484 2252 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:34:39.0547 2252 Modem - ok
14:34:39.0578 2252 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:34:39.0609 2252 monitor - ok
14:34:39.0640 2252 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:34:39.0656 2252 mouclass - ok
14:34:39.0687 2252 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:34:39.0734 2252 mouhid - ok
14:34:39.0765 2252 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:34:39.0781 2252 mountmgr - ok
14:34:39.0843 2252 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:34:39.0874 2252 MpFilter - ok
14:34:39.0890 2252 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
14:34:39.0921 2252 mpio - ok
14:34:39.0952 2252 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:34:39.0999 2252 mpsdrv - ok
14:34:40.0030 2252 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:34:40.0108 2252 MpsSvc - ok
14:34:40.0155 2252 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:34:40.0186 2252 MRxDAV - ok
14:34:40.0217 2252 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:34:40.0264 2252 mrxsmb - ok
14:34:40.0295 2252 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:34:40.0342 2252 mrxsmb10 - ok
14:34:40.0358 2252 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:34:40.0405 2252 mrxsmb20 - ok
14:34:40.0436 2252 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
14:34:40.0451 2252 msahci - ok
14:34:40.0483 2252 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
14:34:40.0498 2252 msdsm - ok
14:34:40.0514 2252 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:34:40.0561 2252 MSDTC - ok
14:34:40.0607 2252 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:34:40.0654 2252 Msfs - ok
14:34:40.0654 2252 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:34:40.0717 2252 mshidkmdf - ok
14:34:40.0732 2252 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
14:34:40.0763 2252 msisadrv - ok
14:34:40.0795 2252 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:34:40.0857 2252 MSiSCSI - ok
14:34:40.0857 2252 msiserver - ok
14:34:40.0888 2252 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:34:40.0935 2252 MSKSSRV - ok
14:34:41.0013 2252 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:34:41.0029 2252 MsMpSvc - ok
14:34:41.0060 2252 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:34:41.0122 2252 MSPCLOCK - ok
14:34:41.0138 2252 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:34:41.0200 2252 MSPQM - ok
14:34:41.0231 2252 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:34:41.0263 2252 MsRPC - ok
14:34:41.0278 2252 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:34:41.0294 2252 mssmbios - ok
14:34:41.0309 2252 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:34:41.0372 2252 MSTEE - ok
14:34:41.0387 2252 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:34:41.0419 2252 MTConfig - ok
14:34:41.0450 2252 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:34:41.0465 2252 Mup - ok
14:34:41.0497 2252 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
14:34:41.0575 2252 napagent - ok
14:34:41.0606 2252 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:34:41.0653 2252 NativeWifiP - ok
14:34:41.0684 2252 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:34:41.0731 2252 NDIS - ok
14:34:41.0746 2252 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:34:41.0793 2252 NdisCap - ok
14:34:41.0840 2252 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:34:41.0887 2252 NdisTapi - ok
14:34:41.0902 2252 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:34:41.0965 2252 Ndisuio - ok
14:34:41.0996 2252 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:34:42.0043 2252 NdisWan - ok
14:34:42.0058 2252 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:34:42.0121 2252 NDProxy - ok
14:34:42.0121 2252 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:34:42.0183 2252 NetBIOS - ok
14:34:42.0199 2252 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:34:42.0261 2252 NetBT - ok
14:34:42.0292 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
14:34:42.0323 2252 Netlogon - ok
14:34:42.0339 2252 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:34:42.0401 2252 Netman - ok
14:34:42.0433 2252 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:34:42.0479 2252 netprofm - ok
14:34:42.0511 2252 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:34:42.0542 2252 NetTcpPortSharing - ok
14:34:42.0651 2252 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
14:34:42.0776 2252 netw5v64 - ok
14:34:42.0823 2252 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:34:42.0838 2252 nfrd960 - ok
14:34:42.0901 2252 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:34:42.0916 2252 NisDrv - ok
14:34:42.0963 2252 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:34:42.0994 2252 NisSrv - ok
14:34:43.0041 2252 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:34:43.0103 2252 NlaSvc - ok
14:34:43.0135 2252 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:34:43.0197 2252 Npfs - ok
14:34:43.0213 2252 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:34:43.0275 2252 nsi - ok
14:34:43.0306 2252 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:34:43.0369 2252 nsiproxy - ok
14:34:43.0415 2252 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:34:43.0478 2252 Ntfs - ok
14:34:43.0525 2252 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
14:34:43.0540 2252 NuidFltr - ok
14:34:43.0556 2252 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:34:43.0618 2252 Null - ok
14:34:43.0665 2252 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:34:43.0696 2252 nvraid - ok
14:34:43.0727 2252 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:34:43.0743 2252 nvstor - ok
14:34:43.0759 2252 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
14:34:43.0790 2252 nv_agp - ok
14:34:43.0837 2252 [ 1A008CBB313F7A6644B883AE1829393B ] OAcat C:\Program Files (x86)\Online Armor\OAcat.exe
14:34:45.0178 2252 OAcat - ok
14:34:45.0319 2252 [ 2C0A8F6920C65C81D9B7B0508D0428CC ] OADevice C:\Windows\SysWow64\Drivers\OADriver.sys
14:34:45.0365 2252 OADevice - ok
14:34:45.0412 2252 [ 677E8520C5F50F7067E44F4A4112A5D8 ] oahlpXX C:\Windows\syswow64\drivers\oahlp64.sys
14:34:45.0443 2252 oahlpXX - ok
14:34:45.0475 2252 [ 8E4A0034285BCAAB359B167C5390DAD6 ] OAmon C:\Windows\SysWOW64\Drivers\OAmon.sys
14:34:45.0521 2252 OAmon - ok
14:34:45.0537 2252 [ 4BFB280CEB67AFA806B7F8A606CCC06D ] OAnet C:\Windows\system32\DRIVERS\oanet.sys
14:34:45.0568 2252 OAnet - ok
14:34:45.0631 2252 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:34:45.0662 2252 odserv - ok
14:34:45.0677 2252 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:34:45.0709 2252 ohci1394 - ok
14:34:45.0740 2252 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:34:45.0755 2252 ose - ok
14:34:45.0787 2252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:34:45.0833 2252 p2pimsvc - ok
14:34:45.0849 2252 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:34:45.0896 2252 p2psvc - ok
14:34:45.0911 2252 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:34:45.0943 2252 Parport - ok
14:34:45.0974 2252 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:34:45.0989 2252 partmgr - ok
14:34:46.0005 2252 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:34:46.0052 2252 PcaSvc - ok
14:34:46.0067 2252 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
14:34:46.0099 2252 pci - ok
14:34:46.0099 2252 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:34:46.0130 2252 pciide - ok
14:34:46.0161 2252 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:34:46.0192 2252 pcmcia - ok
14:34:46.0208 2252 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:34:46.0223 2252 pcw - ok
14:34:46.0239 2252 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:34:46.0301 2252 PEAUTH - ok
14:34:46.0333 2252 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:34:46.0364 2252 PerfHost - ok
14:34:46.0426 2252 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
14:34:46.0504 2252 pla - ok
14:34:46.0535 2252 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:34:46.0598 2252 PlugPlay - ok
14:34:46.0613 2252 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:34:46.0645 2252 PNRPAutoReg - ok
14:34:46.0660 2252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:34:46.0691 2252 PNRPsvc - ok
14:34:46.0723 2252 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:34:46.0785 2252 PolicyAgent - ok
14:34:46.0801 2252 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:34:46.0863 2252 Power - ok
14:34:46.0910 2252 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:34:46.0957 2252 PptpMiniport - ok
14:34:46.0988 2252 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:34:47.0019 2252 Processor - ok
14:34:47.0050 2252 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
14:34:47.0081 2252 ProfSvc - ok
14:34:47.0097 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:34:47.0128 2252 ProtectedStorage - ok
14:34:47.0159 2252 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:34:47.0206 2252 Psched - ok
14:34:47.0253 2252 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:34:47.0300 2252 ql2300 - ok
14:34:47.0315 2252 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:34:47.0347 2252 ql40xx - ok
14:34:47.0378 2252 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:34:47.0409 2252 QWAVE - ok
14:34:47.0425 2252 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:34:47.0471 2252 QWAVEdrv - ok
14:34:47.0503 2252 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:34:47.0549 2252 RasAcd - ok
14:34:47.0581 2252 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:34:47.0627 2252 RasAgileVpn - ok
14:34:47.0643 2252 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:34:47.0705 2252 RasAuto - ok
14:34:47.0737 2252 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:34:47.0783 2252 Rasl2tp - ok
14:34:47.0799 2252 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
14:34:47.0861 2252 RasMan - ok
14:34:47.0877 2252 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:34:47.0939 2252 RasPppoe - ok
14:34:47.0955 2252 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:34:48.0017 2252 RasSstp - ok
14:34:48.0033 2252 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:34:48.0095 2252 rdbss - ok
14:34:48.0111 2252 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:34:48.0158 2252 rdpbus - ok
14:34:48.0173 2252 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:34:48.0220 2252 RDPCDD - ok
14:34:48.0251 2252 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:34:48.0329 2252 RDPENCDD - ok
14:34:48.0345 2252 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:34:48.0407 2252 RDPREFMP - ok
14:34:48.0423 2252 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:34:48.0485 2252 RDPWD - ok
14:34:48.0517 2252 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:34:48.0532 2252 rdyboost - ok
14:34:48.0563 2252 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:34:48.0626 2252 RemoteAccess - ok
14:34:48.0657 2252 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:34:48.0719 2252 RemoteRegistry - ok
14:34:48.0751 2252 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:34:48.0813 2252 RpcEptMapper - ok
14:34:48.0844 2252 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:34:48.0875 2252 RpcLocator - ok
14:34:48.0907 2252 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll
14:34:48.0969 2252 RpcSs - ok
14:34:48.0985 2252 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:34:49.0047 2252 rspndr - ok
14:34:49.0094 2252 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:34:49.0125 2252 RSUSBSTOR - ok
14:34:49.0156 2252 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:34:49.0219 2252 RTL8167 - ok
14:34:49.0234 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
14:34:49.0250 2252 SamSs - ok
14:34:49.0265 2252 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
14:34:49.0297 2252 sbp2port - ok
14:34:49.0328 2252 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:34:49.0375 2252 SCardSvr - ok
14:34:49.0390 2252 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:34:49.0468 2252 scfilter - ok
14:34:49.0515 2252 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
14:34:49.0562 2252 Schedule - ok
14:34:49.0593 2252 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:34:49.0640 2252 SCPolicySvc - ok
14:34:49.0687 2252 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:34:49.0718 2252 sdbus - ok
14:34:49.0733 2252 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:34:49.0780 2252 SDRSVC - ok
14:34:49.0796 2252 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:34:49.0874 2252 secdrv - ok
14:34:49.0889 2252 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
14:34:49.0952 2252 seclogon - ok
14:34:49.0983 2252 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:34:50.0045 2252 SENS - ok
14:34:50.0077 2252 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:34:50.0123 2252 SensrSvc - ok
14:34:50.0155 2252 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:34:50.0186 2252 Serenum - ok
14:34:50.0217 2252 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:34:50.0233 2252 Serial - ok
14:34:50.0248 2252 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:34:50.0279 2252 sermouse - ok
14:34:50.0311 2252 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
14:34:50.0373 2252 SessionEnv - ok
14:34:50.0389 2252 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:34:50.0420 2252 sffdisk - ok
14:34:50.0435 2252 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:34:50.0482 2252 sffp_mmc - ok
14:34:50.0498 2252 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:34:50.0529 2252 sffp_sd - ok
14:34:50.0545 2252 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:34:50.0591 2252 sfloppy - ok
14:34:50.0638 2252 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:34:50.0701 2252 SharedAccess - ok
14:34:50.0732 2252 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:34:50.0779 2252 ShellHWDetection - ok
14:34:50.0825 2252 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:34:50.0841 2252 SiSRaid2 - ok
14:34:50.0857 2252 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:34:50.0888 2252 SiSRaid4 - ok
14:34:50.0966 2252 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:34:50.0981 2252 SkypeUpdate - ok
14:34:51.0028 2252 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:34:51.0091 2252 Smb - ok
14:34:51.0153 2252 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:34:51.0184 2252 SNMPTRAP - ok
14:34:51.0200 2252 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:34:51.0215 2252 spldr - ok
14:34:51.0262 2252 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
14:34:51.0293 2252 Spooler - ok
14:34:51.0371 2252 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
14:34:51.0449 2252 sppsvc - ok
14:34:51.0465 2252 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:34:51.0527 2252 sppuinotify - ok
14:34:51.0559 2252 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:34:51.0605 2252 srv - ok
14:34:51.0637 2252 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:34:51.0668 2252 srv2 - ok
14:34:51.0715 2252 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:34:51.0746 2252 SrvHsfHDA - ok
14:34:51.0777 2252 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:34:51.0855 2252 SrvHsfV92 - ok
14:34:51.0886 2252 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:34:51.0917 2252 SrvHsfWinac - ok
14:34:51.0949 2252 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:34:51.0995 2252 srvnet - ok
14:34:52.0027 2252 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:34:52.0105 2252 SSDPSRV - ok
14:34:52.0136 2252 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:34:52.0183 2252 SstpSvc - ok
14:34:52.0214 2252 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:34:52.0245 2252 stexstor - ok
14:34:52.0276 2252 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
14:34:52.0323 2252 stisvc - ok
14:34:52.0448 2252 [ A54B4FBC24C4EDE34BEB5F8D8974752A ] SvcOnlineArmor C:\Program Files (x86)\Online Armor\oasrv.exe
14:34:52.0541 2252 SvcOnlineArmor - ok
14:34:52.0573 2252 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:34:52.0604 2252 swenum - ok
14:34:52.0635 2252 [ C03779EC476F8F30A9CFCDE046BA6B28 ] swmsflt C:\Windows\system32\DRIVERS\swmsflt.sys
14:34:52.0666 2252 swmsflt - ok
14:34:52.0682 2252 [ 773A241E354DAAECFD0E716462C9BA43 ] SWNC8UA3 C:\Windows\system32\DRIVERS\swnc8ua3.sys
14:34:52.0729 2252 SWNC8UA3 - ok
14:34:52.0760 2252 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:34:52.0822 2252 swprv - ok
14:34:52.0853 2252 SWUMX20 - ok
14:34:52.0885 2252 [ 6149B0691BEB390A0BDA3A8E90787FD4 ] SWUMXA3 C:\Windows\system32\DRIVERS\swumxa3.sys
14:34:52.0916 2252 SWUMXA3 - ok
14:34:52.0978 2252 [ 91853F78B68F9F036670291F5EDD4EAE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:34:52.0994 2252 SynTP - ok
14:34:53.0041 2252 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
14:34:53.0103 2252 SysMain - ok
14:34:53.0119 2252 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:34:53.0165 2252 TabletInputService - ok
14:34:53.0197 2252 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
14:34:53.0259 2252 TapiSrv - ok
14:34:53.0290 2252 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:34:53.0337 2252 TBS - ok
14:34:53.0399 2252 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:34:53.0446 2252 Tcpip - ok
14:34:53.0493 2252 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:34:53.0540 2252 TCPIP6 - ok
14:34:53.0587 2252 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:34:53.0633 2252 tcpipreg - ok
14:34:53.0649 2252 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:34:53.0680 2252 TDPIPE - ok
14:34:53.0711 2252 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:34:53.0758 2252 TDTCP - ok
14:34:53.0789 2252 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:34:53.0836 2252 tdx - ok
14:34:53.0867 2252 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:34:53.0883 2252 TermDD - ok
14:34:53.0930 2252 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
14:34:53.0992 2252 TermService - ok
14:34:54.0008 2252 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:34:54.0055 2252 Themes - ok
14:34:54.0070 2252 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:34:54.0117 2252 THREADORDER - ok
14:34:54.0133 2252 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:34:54.0179 2252 TrkWks - ok
14:34:54.0226 2252 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:34:54.0257 2252 TrustedInstaller - ok
14:34:54.0304 2252 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:34:54.0351 2252 tssecsrv - ok
14:34:54.0382 2252 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:34:54.0445 2252 tunnel - ok
14:34:54.0476 2252 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:34:54.0491 2252 uagp35 - ok
14:34:54.0523 2252 [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:34:54.0569 2252 udfs - ok
14:34:54.0601 2252 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:34:54.0632 2252 UI0Detect - ok
14:34:54.0647 2252 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
14:34:54.0663 2252 uliagpkx - ok
14:34:54.0710 2252 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:34:54.0741 2252 umbus - ok
14:34:54.0772 2252 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:34:54.0788 2252 UmPass - ok
14:34:54.0819 2252 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:34:54.0881 2252 upnphost - ok
14:34:54.0928 2252 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:34:54.0975 2252 USBAAPL64 - ok
14:34:55.0022 2252 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:34:55.0053 2252 usbaudio - ok
14:34:55.0084 2252 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:34:55.0147 2252 usbccgp - ok
14:34:55.0178 2252 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:34:55.0209 2252 usbcir - ok
14:34:55.0256 2252 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:34:55.0287 2252 usbehci - ok
14:34:55.0349 2252 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:34:55.0365 2252 usbfilter - ok
14:34:55.0412 2252 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:34:55.0427 2252 usbhub - ok
14:34:55.0443 2252 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:34:55.0490 2252 usbohci - ok
14:34:55.0521 2252 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:34:55.0552 2252 usbprint - ok
14:34:55.0583 2252 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:34:55.0615 2252 usbscan - ok
14:34:55.0646 2252 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:34:55.0677 2252 USBSTOR - ok
14:34:55.0708 2252 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:34:55.0739 2252 usbuhci - ok
14:34:55.0771 2252 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:34:55.0817 2252 usbvideo - ok
14:34:55.0849 2252 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:34:55.0911 2252 UxSms - ok
14:34:55.0942 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
14:34:55.0958 2252 VaultSvc - ok
14:34:55.0989 2252 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
14:34:56.0020 2252 vdrvroot - ok
14:34:56.0036 2252 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
14:34:56.0083 2252 vds - ok
14:34:56.0114 2252 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:34:56.0145 2252 vga - ok
14:34:56.0161 2252 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:34:56.0223 2252 VgaSave - ok
14:34:56.0254 2252 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
14:34:56.0285 2252 vhdmp - ok
14:34:56.0301 2252 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
14:34:56.0317 2252 viaide - ok
14:34:56.0332 2252 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
14:34:56.0363 2252 volmgr - ok
14:34:56.0379 2252 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:34:56.0410 2252 volmgrx - ok
14:34:56.0441 2252 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:34:56.0473 2252 volsnap - ok
14:34:56.0504 2252 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:34:56.0519 2252 vsmraid - ok
14:34:56.0582 2252 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
14:34:56.0644 2252 VSS - ok
14:34:56.0675 2252 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:34:56.0722 2252 vwifibus - ok
14:34:56.0769 2252 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:34:56.0800 2252 vwififlt - ok
14:34:56.0831 2252 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:34:56.0878 2252 W32Time - ok
14:34:56.0909 2252 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:34:56.0956 2252 WacomPen - ok
14:34:56.0987 2252 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:34:57.0034 2252 WANARP - ok
14:34:57.0050 2252 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:34:57.0097 2252 Wanarpv6 - ok
14:34:57.0159 2252 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:34:57.0206 2252 WatAdminSvc - ok
14:34:57.0268 2252 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
14:34:57.0362 2252 wbengine - ok
14:34:57.0377 2252 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:34:57.0409 2252 WbioSrvc - ok
14:34:57.0440 2252 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:34:57.0487 2252 wcncsvc - ok
14:34:57.0502 2252 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:34:57.0549 2252 WcsPlugInService - ok
14:34:57.0580 2252 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:34:57.0596 2252 Wd - ok
14:34:57.0643 2252 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:34:57.0674 2252 Wdf01000 - ok
14:34:57.0689 2252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:34:57.0721 2252 WdiServiceHost - ok
14:34:57.0736 2252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:34:57.0767 2252 WdiSystemHost - ok
14:34:57.0799 2252 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
14:34:57.0845 2252 WebClient - ok
14:34:57.0877 2252 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:34:57.0939 2252 Wecsvc - ok
14:34:57.0970 2252 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:34:58.0033 2252 wercplsupport - ok
14:34:58.0064 2252 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:34:58.0111 2252 WerSvc - ok
14:34:58.0142 2252 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:34:58.0204 2252 WfpLwf - ok
14:34:58.0220 2252 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:34:58.0251 2252 WIMMount - ok
14:34:58.0267 2252 WinDefend - ok
14:34:58.0282 2252 WinHttpAutoProxySvc - ok
14:34:58.0345 2252 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:34:58.0407 2252 Winmgmt - ok
14:34:58.0469 2252 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
14:34:58.0516 2252 WinRing0_1_2_0 - ok
14:34:58.0579 2252 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
14:34:58.0672 2252 WinRM - ok
14:34:58.0735 2252 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:34:58.0781 2252 WinUsb - ok
14:34:58.0813 2252 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:34:58.0875 2252 Wlansvc - ok
14:34:58.0937 2252 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:34:58.0953 2252 wlcrasvc - ok
14:34:59.0062 2252 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:34:59.0125 2252 wlidsvc - ok
14:34:59.0156 2252 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:34:59.0171 2252 WmiAcpi - ok
14:34:59.0203 2252 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:34:59.0249 2252 wmiApSrv - ok
14:34:59.0281 2252 WMPNetworkSvc - ok
14:34:59.0296 2252 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:34:59.0327 2252 WPCSvc - ok
14:34:59.0343 2252 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:34:59.0390 2252 WPDBusEnum - ok
14:34:59.0421 2252 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:34:59.0468 2252 ws2ifsl - ok
14:34:59.0483 2252 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
14:34:59.0515 2252 wscsvc - ok
14:34:59.0530 2252 WSearch - ok
14:34:59.0608 2252 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:34:59.0671 2252 wuauserv - ok
14:34:59.0702 2252 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:34:59.0733 2252 WudfPf - ok
14:34:59.0764 2252 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:34:59.0795 2252 WUDFRd - ok
14:34:59.0827 2252 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:34:59.0858 2252 wudfsvc - ok
14:34:59.0889 2252 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:34:59.0936 2252 WwanSvc - ok
14:34:59.0998 2252 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
14:35:00.0029 2252 yukonw7 - ok
14:35:00.0061 2252 ================ Scan global ===============================
14:35:00.0076 2252 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:35:00.0107 2252 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
14:35:00.0123 2252 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
14:35:00.0139 2252 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:35:00.0170 2252 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:35:00.0170 2252 [Global] - ok
14:35:00.0170 2252 ================ Scan MBR ==================================
14:35:00.0185 2252 [ E501E2F1A8B07005BADF61BF340926FC ] \Device\Harddisk0\DR0
14:35:01.0012 2252 \Device\Harddisk0\DR0 - ok
14:35:01.0012 2252 ================ Scan VBR ==================================
14:35:01.0028 2252 [ A6014286D366B42B7AD040B5C3F38AE3 ] \Device\Harddisk0\DR0\Partition1
14:35:01.0028 2252 \Device\Harddisk0\DR0\Partition1 - ok
14:35:01.0043 2252 [ 94B861F5ED9CCD1C24DA8B816B1FB5B0 ] \Device\Harddisk0\DR0\Partition2
14:35:01.0043 2252 \Device\Harddisk0\DR0\Partition2 - ok
14:35:01.0075 2252 [ 8B0C394576B6398F2E90F8692B596D8E ] \Device\Harddisk0\DR0\Partition3
14:35:01.0075 2252 \Device\Harddisk0\DR0\Partition3 - ok
14:35:01.0090 2252 [ 490CF57568E97BD1E28B57228656E64B ] \Device\Harddisk0\DR0\Partition4
14:35:01.0090 2252 \Device\Harddisk0\DR0\Partition4 - ok
14:35:01.0090 2252 ================ Scan active images ========================
14:35:01.0106 2252 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
14:35:01.0106 2252 C:\Windows\System32\drivers\crashdmp.sys - ok
14:35:01.0106 2252 [ 20080512F61D3210E449A1256F66A7FD ] C:\Windows\System32\drivers\Diskdump.sys
14:35:01.0106 2252 C:\Windows\System32\drivers\Diskdump.sys - ok
14:35:01.0106 2252 [ 53D8D46D51D390ABDB54ECA623165CB7 ] C:\Windows\System32\drivers\amdsata.sys
14:35:01.0106 2252 C:\Windows\System32\drivers\amdsata.sys - ok
14:35:01.0121 2252 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
14:35:01.0121 2252 C:\Windows\System32\drivers\dumpfve.sys - ok
14:35:01.0121 2252 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
14:35:01.0121 2252 C:\Windows\System32\drivers\beep.sys - ok
14:35:01.0137 2252 [ 83D2D75E1EFB81B3450C18131443F7DB ] C:\Windows\System32\drivers\cdrom.sys
14:35:01.0137 2252 C:\Windows\System32\drivers\cdrom.sys - ok
14:35:01.0137 2252 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
14:35:01.0137 2252 C:\Windows\System32\drivers\null.sys - ok
14:35:01.0137 2252 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
14:35:01.0137 2252 C:\Windows\System32\drivers\vga.sys - ok
14:35:01.0153 2252 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
14:35:01.0153 2252 C:\Windows\System32\drivers\videoprt.sys - ok
14:35:01.0153 2252 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
14:35:01.0153 2252 C:\Windows\System32\drivers\watchdog.sys - ok
14:35:01.0168 2252 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
14:35:01.0168 2252 C:\Windows\System32\drivers\RDPCDD.sys - ok
14:35:01.0168 2252 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
14:35:01.0168 2252 C:\Windows\System32\drivers\RDPENCDD.sys - ok
14:35:01.0168 2252 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
14:35:01.0168 2252 C:\Windows\System32\drivers\RDPREFMP.sys - ok
14:35:01.0184 2252 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
14:35:01.0184 2252 C:\Windows\System32\drivers\msfs.sys - ok
14:35:01.0184 2252 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
14:35:01.0184 2252 C:\Windows\System32\drivers\npfs.sys - ok
14:35:01.0199 2252 [ 0CA6FE26ACC7FFEE1BD0463F40835F32 ] C:\Windows\System32\drivers\tdi.sys
14:35:01.0199 2252 C:\Windows\System32\drivers\tdi.sys - ok
14:35:01.0199 2252 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] C:\Windows\System32\drivers\tdx.sys
14:35:01.0199 2252 C:\Windows\System32\drivers\tdx.sys - ok
14:35:01.0199 2252 [ 8E4A0034285BCAAB359B167C5390DAD6 ] C:\Windows\SysWOW64\drivers\OAmon.sys
14:35:01.0199 2252 C:\Windows\SysWOW64\drivers\OAmon.sys - ok
14:35:01.0215 2252 [ DB9D6C6B2CD95A9CA414D045B627422E ] C:\Windows\System32\drivers\afd.sys
14:35:01.0215 2252 C:\Windows\System32\drivers\afd.sys - ok
14:35:01.0215 2252 [ 9162B273A44AB9DCE5B44362731D062A ] C:\Windows\System32\drivers\netbt.sys
14:35:01.0215 2252 C:\Windows\System32\drivers\netbt.sys - ok
14:35:01.0231 2252 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
14:35:01.0231 2252 C:\Windows\System32\drivers\ws2ifsl.sys - ok
14:35:01.0231 2252 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
14:35:01.0231 2252 C:\Windows\System32\drivers\wfplwf.sys - ok
14:35:01.0231 2252 [ EE992183BD8EAEFD9973F352E587A299 ] C:\Windows\System32\drivers\pacer.sys
14:35:01.0231 2252 C:\Windows\System32\drivers\pacer.sys - ok
14:35:01.0246 2252 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
14:35:01.0246 2252 C:\Windows\System32\drivers\netbios.sys - ok
14:35:01.0246 2252 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
14:35:01.0246 2252 C:\Windows\System32\drivers\vwififlt.sys - ok
14:35:01.0262 2252 [ 47CA49400643EFFD3F1C9A27E1D69324 ] C:\Windows\System32\drivers\wanarp.sys
14:35:01.0262 2252 C:\Windows\System32\drivers\wanarp.sys - ok
14:35:01.0262 2252 [ C448651339196C0E869A355171875522 ] C:\Windows\System32\drivers\termdd.sys
14:35:01.0262 2252 C:\Windows\System32\drivers\termdd.sys - ok
14:35:01.0262 2252 [ 3BAC8142102C15D59A87757C1D41DCE5 ] C:\Windows\System32\drivers\rdbss.sys
14:35:01.0262 2252 C:\Windows\System32\drivers\rdbss.sys - ok
14:35:01.0277 2252 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
14:35:01.0277 2252 C:\Windows\System32\drivers\nsiproxy.sys - ok
14:35:01.0277 2252 [ 2C0A8F6920C65C81D9B7B0508D0428CC ] C:\Windows\SysWOW64\drivers\OADriver.sys
14:35:01.0277 2252 C:\Windows\SysWOW64\drivers\OADriver.sys - ok
14:35:01.0293 2252 [ 677E8520C5F50F7067E44F4A4112A5D8 ] C:\Windows\SysWOW64\drivers\oahlp64.sys
14:35:01.0293 2252 C:\Windows\SysWOW64\drivers\oahlp64.sys - ok
14:35:01.0293 2252 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
14:35:01.0293 2252 C:\Windows\System32\drivers\mssmbios.sys - ok
14:35:01.0293 2252 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
14:35:01.0309 2252 C:\Windows\System32\drivers\discache.sys - ok
14:35:01.0309 2252 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
14:35:01.0309 2252 C:\Windows\System32\drivers\blbdrive.sys - ok
14:35:01.0309 2252 [ 9C253CE7311CA60FC11C774692A13208 ] C:\Windows\System32\drivers\dfsc.sys
14:35:01.0309 2252 C:\Windows\System32\drivers\dfsc.sys - ok
14:35:01.0324 2252 [ 3836171A2CDF3AF8EF10856DB9835A70 ] C:\Windows\System32\drivers\tunnel.sys
14:35:01.0324 2252 C:\Windows\System32\drivers\tunnel.sys - ok
14:35:01.0324 2252 [ 1E56388B3FE0D031C44144EB8C4D6217 ] C:\Windows\System32\drivers\amdppm.sys
14:35:01.0324 2252 C:\Windows\System32\drivers\amdppm.sys - ok
14:35:01.0340 2252 [ 91E1DAF0193BD2AB90B1B35C987237FE ] C:\Windows\System32\drivers\atikmpag.sys
14:35:01.0340 2252 C:\Windows\System32\drivers\atikmpag.sys - ok
14:35:01.0340 2252 [ 68DB778AC4FD7896CE2F153353BA15C8 ] C:\Windows\System32\ntdll.dll
14:35:01.0340 2252 C:\Windows\System32\ntdll.dll - ok
14:35:01.0340 2252 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
14:35:01.0340 2252 C:\Windows\System32\smss.exe - ok
14:35:01.0355 2252 [ F284DA3156166B45D02ACC3C228ADE1E ] C:\Windows\System32\drivers\atipmdag.sys
14:35:01.0355 2252 C:\Windows\System32\drivers\atipmdag.sys - ok
14:35:01.0355 2252 [ 1633B9ABF52784A1331476397A48CBEF ] C:\Windows\System32\drivers\dxgkrnl.sys
14:35:01.0355 2252 C:\Windows\System32\drivers\dxgkrnl.sys - ok
14:35:01.0371 2252 [ 3238B9078E0766AB5E62DC737A809ADB ] C:\Windows\System32\drivers\dxgmms1.sys
14:35:01.0371 2252 C:\Windows\System32\drivers\dxgmms1.sys - ok
14:35:01.0371 2252 [ 0A49913402747A0B67DE940FB42CBDBB ] C:\Windows\System32\drivers\hdaudbus.sys
14:35:01.0371 2252 C:\Windows\System32\drivers\hdaudbus.sys - ok
14:35:01.0371 2252 [ 6C95DD14CFD30B0617B91DC6A0B1A1FB ] C:\Windows\System32\drivers\BCMWL664.SYS
14:35:01.0371 2252 C:\Windows\System32\drivers\BCMWL664.SYS - ok
14:35:01.0387 2252 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
14:35:01.0387 2252 C:\Windows\System32\drivers\vwifibus.sys - ok
14:35:01.0387 2252 [ E403AACF8C7BB11375122D2464560311 ] C:\Windows\System32\drivers\GEARAspiWDM.sys
14:35:01.0387 2252 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
14:35:01.0402 2252 [ 777FC2C418465404E3D8A290DC247D24 ] C:\Windows\System32\drivers\Rt64win7.sys
14:35:01.0402 2252 C:\Windows\System32\drivers\Rt64win7.sys - ok
14:35:01.0402 2252 [ 2C780746DC44A28FE67004DC58173F05 ] C:\Windows\System32\drivers\usbfilter.sys
14:35:01.0402 2252 C:\Windows\System32\drivers\usbfilter.sys - ok
14:35:01.0402 2252 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] C:\Windows\System32\drivers\usbohci.sys
14:35:01.0402 2252 C:\Windows\System32\drivers\usbohci.sys - ok
14:35:01.0418 2252 [ B37C3BF3FFC97177B1A9C016B7C8CDD6 ] C:\Windows\System32\drivers\usbport.sys
14:35:01.0418 2252 C:\Windows\System32\drivers\usbport.sys - ok
14:35:01.0418 2252 [ 3AE12EC776AB9830462E8197FB5C88CF ] C:\Windows\System32\autochk.exe
14:35:01.0418 2252 C:\Windows\System32\autochk.exe - ok
14:35:01.0433 2252 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] C:\Windows\System32\drivers\usbehci.sys
14:35:01.0433 2252 C:\Windows\System32\drivers\usbehci.sys - ok
14:35:01.0433 2252 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
14:35:01.0433 2252 C:\Windows\System32\drivers\i8042prt.sys - ok
14:35:01.0433 2252 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
14:35:01.0433 2252 C:\Windows\System32\drivers\kbdclass.sys - ok
14:35:01.0449 2252 [ 0ADC83218B66A6DB380C330836F3E36D ] C:\Windows\System32\drivers\fastfat.sys
14:35:01.0449 2252 C:\Windows\System32\drivers\fastfat.sys - ok
14:35:01.0449 2252 [ F96F7835C8818895C47F6213E3A01F5D ] C:\Windows\System32\drivers\usbd.sys
14:35:01.0449 2252 C:\Windows\System32\drivers\usbd.sys - ok
14:35:01.0465 2252 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
14:35:01.0465 2252 C:\Windows\System32\drivers\CmBatt.sys - ok
14:35:01.0465 2252 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
14:35:01.0465 2252 C:\Windows\System32\drivers\mouclass.sys - ok
14:35:01.0465 2252 [ 91853F78B68F9F036670291F5EDD4EAE ] C:\Windows\System32\drivers\SynTP.sys
14:35:01.0465 2252 C:\Windows\System32\drivers\SynTP.sys - ok
14:35:01.0480 2252 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
14:35:01.0480 2252 C:\Windows\System32\drivers\agilevpn.sys - ok
14:35:01.0480 2252 [ F26B3A86F6FA87CA360B879581AB4123 ] C:\Windows\System32\drivers\CompositeBus.sys
14:35:01.0480 2252 C:\Windows\System32\drivers\CompositeBus.sys - ok
14:35:01.0496 2252 [ 87A6E852A22991580D6D39ADC4790463 ] C:\Windows\System32\drivers\rasl2tp.sys
14:35:01.0496 2252 C:\Windows\System32\drivers\rasl2tp.sys - ok
14:35:01.0496 2252 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
14:35:01.0496 2252 C:\Windows\System32\drivers\wmiacpi.sys - ok
14:35:01.0496 2252 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
14:35:01.0496 2252 C:\Windows\System32\drivers\ndistapi.sys - ok
14:35:01.0511 2252 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] C:\Windows\System32\drivers\ndiswan.sys
14:35:01.0511 2252 C:\Windows\System32\drivers\ndiswan.sys - ok
14:35:01.0511 2252 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
14:35:01.0511 2252 C:\Windows\System32\drivers\raspppoe.sys - ok
14:35:01.0527 2252 [ 27CC19E81BA5E3403C48302127BDA717 ] C:\Windows\System32\drivers\raspptp.sys
14:35:01.0527 2252 C:\Windows\System32\drivers\raspptp.sys - ok
14:35:01.0527 2252 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
14:35:01.0527 2252 C:\Windows\System32\drivers\rassstp.sys - ok
14:35:01.0527 2252 [ 5C7AF4A20F5BF67042B2E613D123D111 ] C:\Windows\System32\drivers\ks.sys
14:35:01.0527 2252 C:\Windows\System32\drivers\ks.sys - ok
14:35:01.0543 2252 [ 4BFB280CEB67AFA806B7F8A606CCC06D ] C:\Windows\System32\drivers\OAnet.sys
14:35:01.0543 2252 C:\Windows\System32\drivers\OAnet.sys - ok
14:35:01.0543 2252 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
14:35:01.0543 2252 C:\Windows\System32\drivers\swenum.sys - ok
14:35:01.0558 2252 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] C:\Windows\System32\drivers\umbus.sys
14:35:01.0558 2252 C:\Windows\System32\drivers\umbus.sys - ok
14:35:01.0558 2252 [ 6B7A8A99C4A459E73C286A6763EA24CC ] C:\Windows\System32\drivers\usbhub.sys
14:35:01.0558 2252 C:\Windows\System32\drivers\usbhub.sys - ok
14:35:01.0558 2252 [ 659B74FB74B86228D6338D643CD3E3CF ] C:\Windows\System32\drivers\ndproxy.sys
14:35:01.0558 2252 C:\Windows\System32\drivers\ndproxy.sys - ok
14:35:01.0574 2252 [ 77C149E6D702737B2E372DEE166FAEF8 ] C:\Windows\System32\drivers\AtiHdmi.sys
14:35:01.0574 2252 C:\Windows\System32\drivers\AtiHdmi.sys - ok
14:35:01.0574 2252 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
14:35:01.0574 2252 C:\Windows\System32\drivers\drmk.sys - ok
14:35:01.0589 2252 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
14:35:01.0589 2252 C:\Windows\System32\drivers\ksthunk.sys - ok
14:35:01.0589 2252 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
14:35:01.0589 2252 C:\Windows\System32\drivers\portcls.sys - ok
14:35:01.0589 2252 [ A3BCBD0F710580A07D1B929D787D36CE ] C:\Windows\System32\drivers\RTKVHD64.sys
14:35:01.0589 2252 C:\Windows\System32\drivers\RTKVHD64.sys - ok
14:35:01.0605 2252 [ C98356D813B581E9C425B42A5D146CE0 ] C:\Windows\System32\drivers\agrsm64.sys
14:35:01.0605 2252 C:\Windows\System32\drivers\agrsm64.sys - ok
14:35:01.0605 2252 [ 800BA92F7010378B09F9ED9270F07137 ] C:\Windows\System32\drivers\modem.sys
14:35:01.0605 2252 C:\Windows\System32\drivers\modem.sys - ok
14:35:01.0621 2252 [ 5F2BDCA5FA0F20A6F452CF0EE2A2B18C ] C:\Windows\System32\usp10.dll
14:35:01.0621 2252 C:\Windows\System32\usp10.dll - ok
14:35:01.0621 2252 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
14:35:01.0621 2252 C:\Windows\System32\iertutil.dll - ok
14:35:01.0621 2252 [ 6A4EA4C29FBF78112AE20013FB71E9C1 ] C:\Windows\System32\setupapi.dll
14:35:01.0621 2252 C:\Windows\System32\setupapi.dll - ok
14:35:01.0636 2252 [ 15BDC173EB5FA4F92B67D9FFB269A6EA ] C:\Windows\System32\shlwapi.dll
14:35:01.0636 2252 C:\Windows\System32\shlwapi.dll - ok
14:35:01.0636 2252 [ 1DDCACAB8DA5399E5521051923016B18 ] C:\Windows\System32\kernel32.dll
14:35:01.0636 2252 C:\Windows\System32\kernel32.dll - ok
14:35:01.0652 2252 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
14:35:01.0652 2252 C:\Windows\System32\msctf.dll - ok
14:35:01.0652 2252 [ F94B8644F3AFE040EC6E1B6FBC9EFAA9 ] C:\Windows\System32\comdlg32.dll
14:35:01.0652 2252 C:\Windows\System32\comdlg32.dll - ok
14:35:01.0652 2252 [ 7083F463788CB34FCC42F565D56F89E8 ] C:\Windows\System32\ws2_32.dll
14:35:01.0652 2252 C:\Windows\System32\ws2_32.dll - ok
14:35:01.0667 2252 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
14:35:01.0667 2252 C:\Windows\System32\wininet.dll - ok
14:35:01.0667 2252 [ 48C903068B6BDAB5EF650B9CBEE85295 ] C:\Windows\System32\rpcrt4.dll
14:35:01.0667 2252 C:\Windows\System32\rpcrt4.dll - ok
14:35:01.0683 2252 [ 579F6AFC6A6561951FA2202EFC3FE485 ] C:\Windows\System32\msvcrt.dll
14:35:01.0683 2252 C:\Windows\System32\msvcrt.dll - ok
14:35:01.0683 2252 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
14:35:01.0683 2252 C:\Windows\System32\imm32.dll - ok
14:35:01.0683 2252 [ E5CBF5F8623BBD1DB7B8148A66F6EBA4 ] C:\Windows\System32\Wldap32.dll
14:35:01.0683 2252 C:\Windows\System32\Wldap32.dll - ok
14:35:01.0699 2252 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
14:35:01.0699 2252 C:\Windows\System32\clbcatq.dll - ok
14:35:01.0699 2252 [ 72D7B3EA16946E8F0CF7458150031CC6 ] C:\Windows\System32\user32.dll
14:35:01.0699 2252 C:\Windows\System32\user32.dll - ok
14:35:01.0714 2252 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
14:35:01.0714 2252 C:\Windows\System32\normaliz.dll - ok
14:35:01.0714 2252 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
14:35:01.0714 2252 C:\Windows\System32\urlmon.dll - ok
14:35:01.0714 2252 [ 15A54626213EBF003F7D4C9D8380A656 ] C:\Windows\System32\imagehlp.dll
14:35:01.0714 2252 C:\Windows\System32\imagehlp.dll - ok
14:35:01.0730 2252 [ AC8F79017C5C1FB316930EDEAD0AF517 ] C:\Windows\System32\ole32.dll
14:35:01.0730 2252 C:\Windows\System32\ole32.dll - ok
14:35:01.0730 2252 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
14:35:01.0730 2252 C:\Windows\System32\psapi.dll - ok
14:35:01.0730 2252 [ E1B1255D3A4B3367FE4E9C71E62E3B5A ] C:\Windows\System32\gdi32.dll
14:35:01.0730 2252 C:\Windows\System32\gdi32.dll - ok
14:35:01.0745 2252 [ 2A46451EE42BCD2C842D8AA4923FAC16 ] C:\Windows\System32\oleaut32.dll
14:35:01.0745 2252 C:\Windows\System32\oleaut32.dll - ok
14:35:01.0745 2252 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
14:35:01.0745 2252 C:\Windows\System32\advapi32.dll - ok
14:35:01.0761 2252 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
14:35:01.0761 2252 C:\Windows\System32\difxapi.dll - ok
14:35:01.0761 2252 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
14:35:01.0761 2252 C:\Windows\System32\lpk.dll - ok
14:35:01.0761 2252 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
14:35:01.0761 2252 C:\Windows\System32\nsi.dll - ok
14:35:01.0777 2252 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
14:35:01.0777 2252 C:\Windows\System32\sechost.dll - ok
14:35:01.0777 2252 [ 48CC125A6AB6C72A13E3D3E9C39AD9D9 ] C:\Windows\System32\shell32.dll
14:35:01.0777 2252 C:\Windows\System32\shell32.dll - ok
14:35:01.0792 2252 [ D256EB74BF77026FC9A3D7193861C7AD ] C:\Windows\System32\crypt32.dll
14:35:01.0792 2252 C:\Windows\System32\crypt32.dll - ok
14:35:01.0792 2252 [ D05E03C1B2824236531F5E37334B6A8A ] C:\Windows\System32\cfgmgr32.dll
14:35:01.0792 2252 C:\Windows\System32\cfgmgr32.dll - ok
14:35:01.0792 2252 [ BEF628534A47580F5BBF16719CE8DD95 ] C:\Windows\System32\KernelBase.dll
14:35:01.0792 2252 C:\Windows\System32\KernelBase.dll - ok
14:35:01.0808 2252 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
14:35:01.0808 2252 C:\Windows\System32\devobj.dll - ok
14:35:01.0808 2252 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\System32\comctl32.dll
14:35:01.0808 2252 C:\Windows\System32\comctl32.dll - ok
14:35:01.0823 2252 [ 987508ED06FC097E754A91BA8A8AAD0E ] C:\Windows\System32\wintrust.dll
14:35:01.0823 2252 C:\Windows\System32\wintrust.dll - ok
14:35:01.0823 2252 [ 98FB7DD3B28A92E3C0E5B4BD9D63EF01 ] C:\Windows\System32\msasn1.dll
14:35:01.0823 2252 C:\Windows\System32\msasn1.dll - ok
14:35:01.0823 2252 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] C:\Windows\System32\drivers\usbccgp.sys
14:35:01.0823 2252 C:\Windows\System32\drivers\usbccgp.sys - ok
14:35:01.0839 2252 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
14:35:01.0839 2252 C:\Windows\SysWOW64\normaliz.dll - ok
14:35:01.0839 2252 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
14:35:01.0839 2252 C:\Windows\System32\drivers\hidparse.sys - ok
14:35:01.0855 2252 [ 685FEC2407FC121EB937CB658B3C0F35 ] C:\Windows\System32\drivers\hidclass.sys
14:35:01.0855 2252 C:\Windows\System32\drivers\hidclass.sys - ok
14:35:01.0855 2252 [ B3BF6B5B50006DEF50B66306D99FCF6F ] C:\Windows\System32\drivers\hidusb.sys
14:35:01.0855 2252 C:\Windows\System32\drivers\hidusb.sys - ok
14:35:01.0855 2252 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] C:\Windows\System32\drivers\kbdhid.sys
14:35:01.0855 2252 C:\Windows\System32\drivers\kbdhid.sys - ok
14:35:01.0870 2252 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
14:35:01.0870 2252 C:\Windows\System32\drivers\dxapi.sys - ok
14:35:01.0870 2252 [ F8410E860A7250CC7E645C6CA4A4D9E6 ] C:\Windows\System32\win32k.sys
14:35:01.0870 2252 C:\Windows\System32\win32k.sys - ok
14:35:01.0886 2252 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
14:35:01.0886 2252 C:\Windows\System32\basesrv.dll - ok
14:35:01.0886 2252 [ E730EADB8F176DB06A378435BEB2E823 ] C:\Windows\System32\csrsrv.dll
14:35:01.0886 2252 C:\Windows\System32\csrsrv.dll - ok
14:35:01.0886 2252 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
14:35:01.0886 2252 C:\Windows\System32\csrss.exe - ok
14:35:01.0901 2252 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\System32\winsrv.dll
14:35:01.0901 2252 C:\Windows\System32\winsrv.dll - ok
14:35:01.0901 2252 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
14:35:01.0901 2252 C:\Windows\System32\drivers\mouhid.sys - ok
14:35:01.0917 2252 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] C:\Windows\System32\drivers\usbvideo.sys
14:35:01.0917 2252 C:\Windows\System32\drivers\usbvideo.sys - ok
14:35:01.0917 2252 [ 77B01BC848298223A95D4EC23E1785A1 ] C:\Windows\System32\drivers\USBAUDIO.sys
14:35:01.0917 2252 C:\Windows\System32\drivers\USBAUDIO.sys - ok
14:35:01.0917 2252 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
14:35:01.0917 2252 C:\Windows\System32\drivers\monitor.sys - ok
14:35:01.0933 2252 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
14:35:01.0933 2252 C:\Windows\System32\tsddd.dll - ok
14:35:01.0933 2252 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
14:35:01.0933 2252 C:\Windows\System32\profapi.dll - ok
14:35:01.0948 2252 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
14:35:01.0948 2252 C:\Windows\System32\sxssrv.dll - ok
14:35:01.0948 2252 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
14:35:01.0948 2252 C:\Windows\System32\wininit.exe - ok
14:35:01.0948 2252 [ F4389DA7DBDA2E7D292D360CF8E400C7 ] C:\Windows\System32\RpcRtRemote.dll
14:35:01.0948 2252 C:\Windows\System32\RpcRtRemote.dll - ok
14:35:01.0964 2252 [ 100BDF2F89D6056CEE900BB6156DA737 ] C:\Windows\System32\cdd.dll
14:35:01.0964 2252 C:\Windows\System32\cdd.dll - ok
14:35:01.0964 2252 [ 0F5CD07A098D6A5989019CC377722989 ] C:\Windows\System32\KBDCA.DLL
14:35:01.0964 2252 C:\Windows\System32\KBDCA.DLL - ok
14:35:01.0979 2252 [ 283C64A094A763C2F3DE2C926AEAE8CD ] C:\Windows\System32\KBDCAN.DLL
14:35:01.0979 2252 C:\Windows\System32\KBDCAN.DLL - ok
14:35:01.0979 2252 [ B9A047D231D32FDF5AF2F281E4326A9D ] C:\Windows\System32\KBDUS.DLL
14:35:01.0979 2252 C:\Windows\System32\KBDUS.DLL - ok
14:35:01.0979 2252 [ 456C92A9D8DB51B9938A6234BBC65FC9 ] C:\Windows\System32\sxs.dll
14:35:01.0979 2252 C:\Windows\System32\sxs.dll - ok
14:35:01.0995 2252 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
14:35:01.0995 2252 C:\Windows\System32\WlS0WndH.dll - ok
14:35:01.0995 2252 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
14:35:01.0995 2252 C:\Windows\System32\cryptbase.dll - ok
14:35:01.0995 2252 [ 01A465AC251BCCF6037DF2EF28AA4292 ] C:\Windows\System32\apphelp.dll
14:35:01.0995 2252 C:\Windows\System32\apphelp.dll - ok
14:35:02.0011 2252 [ 04FCA22B77A2E37332CC8226187AF87B ] C:\Windows\System32\lsm.exe
14:35:02.0011 2252 C:\Windows\System32\lsm.exe - ok
14:35:02.0011 2252 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
14:35:02.0011 2252 C:\Windows\System32\services.exe - ok
14:35:02.0026 2252 [ BFA69408620587AFDEC2E8C12CA60492 ] C:\Windows\System32\lsasrv.dll
14:35:02.0026 2252 C:\Windows\System32\lsasrv.dll - ok
14:35:02.0026 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] C:\Windows\System32\lsass.exe
14:35:02.0026 2252 C:\Windows\System32\lsass.exe - ok
14:35:02.0026 2252 [ 1F582C6C84D5243692F9C3E04D0A663F ] C:\Windows\System32\sspicli.dll
14:35:02.0026 2252 C:\Windows\System32\sspicli.dll - ok
14:35:02.0042 2252 [ 68EA2513CA68AD8F741FF4F5B8D8590C ] C:\Windows\System32\sspisrv.dll
14:35:02.0042 2252 C:\Windows\System32\sspisrv.dll - ok
14:35:02.0042 2252 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
14:35:02.0042 2252 C:\Windows\System32\sysntfy.dll - ok
14:35:02.0057 2252 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
14:35:02.0057 2252 C:\Windows\System32\wmsgapi.dll - ok
14:35:02.0057 2252 [ B160ADAEFC76031D92C4FBAC0918B033 ] C:\Windows\System32\samsrv.dll
14:35:02.0057 2252 C:\Windows\System32\samsrv.dll - ok
14:35:02.0057 2252 [ 941AF3C8B0DE1B359BE22DD3288A8C8E ] C:\Windows\System32\scesrv.dll
14:35:02.0057 2252 C:\Windows\System32\scesrv.dll - ok
14:35:02.0073 2252 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
14:35:02.0073 2252 C:\Windows\System32\scext.dll - ok
14:35:02.0073 2252 [ 74A0871810BF0F2AA3EB6681E9BECDD3 ] C:\Windows\System32\secur32.dll
14:35:02.0073 2252 C:\Windows\System32\secur32.dll - ok
14:35:02.0089 2252 [ D23371AB9607651937C7641A38CD52BC ] C:\Windows\System32\srvcli.dll
14:35:02.0089 2252 C:\Windows\System32\srvcli.dll - ok
14:35:02.0089 2252 [ 2D066FBE63F7026C43C662C094B98076 ] C:\Windows\System32\bridgeres.dll
14:35:02.0089 2252 C:\Windows\System32\bridgeres.dll - ok
14:35:02.0089 2252 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
14:35:02.0089 2252 C:\Windows\System32\cryptdll.dll - ok
14:35:02.0104 2252 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
14:35:02.0104 2252 C:\Windows\System32\wevtapi.dll - ok
14:35:02.0104 2252 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
14:35:02.0104 2252 C:\Windows\System32\authz.dll - ok
14:35:02.0120 2252 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
14:35:02.0120 2252 C:\Windows\System32\cngaudit.dll - ok
14:35:02.0120 2252 [ E08926B4E52F92FF8852BECC0E2F358A ] C:\Windows\System32\ncrypt.dll
14:35:02.0120 2252 C:\Windows\System32\ncrypt.dll - ok
14:35:02.0120 2252 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
14:35:02.0120 2252 C:\Windows\System32\bcrypt.dll - ok
14:35:02.0135 2252 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
14:35:02.0135 2252 C:\Windows\System32\msprivs.dll - ok
14:35:02.0135 2252 [ B561B451320B0B40908A8BFD81705262 ] C:\Windows\System32\netjoin.dll
14:35:02.0135 2252 C:\Windows\System32\netjoin.dll - ok
14:35:02.0151 2252 [ 00B40A10E3DB79E4D3E127B9C2233A6B ] C:\Windows\System32\kerberos.dll
14:35:02.0151 2252 C:\Windows\System32\kerberos.dll - ok
14:35:02.0151 2252 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
14:35:02.0151 2252 C:\Windows\System32\negoexts.dll - ok
14:35:02.0151 2252 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
14:35:02.0151 2252 C:\Windows\System32\cryptsp.dll - ok
14:35:02.0167 2252 [ FC76FE3C1E1FDB761244D4F74EF560FD ] C:\Windows\System32\mswsock.dll
14:35:02.0167 2252 C:\Windows\System32\mswsock.dll - ok
14:35:02.0167 2252 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
14:35:02.0167 2252 C:\Windows\System32\wship6.dll - ok
14:35:02.0182 2252 [ FA4DB05923DDDEDE3196ABD09AE0F1E9 ] C:\Windows\System32\msv1_0.dll
14:35:02.0182 2252 C:\Windows\System32\msv1_0.dll - ok
14:35:02.0182 2252 [ 956D030D375F207B22FB111E06EF9C35 ] C:\Windows\System32\netlogon.dll
14:35:02.0182 2252 C:\Windows\System32\netlogon.dll - ok
14:35:02.0182 2252 [ E247E7DEB20C0CF0801A8AC39E9CE1DF ] C:\Windows\System32\dnsapi.dll
14:35:02.0182 2252 C:\Windows\System32\dnsapi.dll - ok
14:35:02.0198 2252 [ DA3E2A6FA9660CC75B471530CE88453A ] C:\Windows\System32\winlogon.exe
14:35:02.0198 2252 C:\Windows\System32\winlogon.exe - ok
14:35:02.0198 2252 [ D8C88512BA9544AE1CC2034F50ECFA12 ] C:\Windows\System32\winsta.dll
14:35:02.0198 2252 C:\Windows\System32\winsta.dll - ok
14:35:02.0213 2252 [ 8CE22E63F08613036DF8C7B00FBDF36B ] C:\Windows\System32\logoncli.dll
14:35:02.0213 2252 C:\Windows\System32\logoncli.dll - ok
14:35:02.0213 2252 [ 90B780886BD813882CB382FF3E90E092 ] C:\Windows\System32\schannel.dll
14:35:02.0213 2252 C:\Windows\System32\schannel.dll - ok
14:35:02.0213 2252 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
14:35:02.0213 2252 C:\Windows\System32\rsaenh.dll - ok
14:35:02.0229 2252 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
14:35:02.0229 2252 C:\Windows\System32\wdigest.dll - ok
14:35:02.0229 2252 [ 55C892560C1B42BC57FB61AEFCED2F22 ] C:\Windows\System32\LIVESSP.DLL
14:35:02.0229 2252 C:\Windows\System32\LIVESSP.DLL - ok
14:35:02.0245 2252 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
14:35:02.0245 2252 C:\Windows\System32\pku2u.dll - ok
14:35:02.0245 2252 [ 0DEFD5FBF801DD8F83BC0ED09861A8EC ] C:\Windows\System32\TSpkg.dll
14:35:02.0245 2252 C:\Windows\System32\TSpkg.dll - ok
14:35:02.0245 2252 [ DA090E97E57DCB48888015B5D3C749CD ] C:\Windows\System32\bcryptprimitives.dll
14:35:02.0245 2252 C:\Windows\System32\bcryptprimitives.dll - ok
14:35:02.0260 2252 [ 9301B8810B2DA4EB6AD55DB75FC1E339 ] C:\Windows\System32\credssp.dll
14:35:02.0260 2252 C:\Windows\System32\credssp.dll - ok
14:35:02.0260 2252 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
14:35:02.0260 2252 C:\Windows\System32\efslsaext.dll - ok
14:35:02.0260 2252 [ 398712DDDAEFB85EDF61DF6A07B65C79 ] C:\Windows\System32\scecli.dll
14:35:02.0260 2252 C:\Windows\System32\scecli.dll - ok
14:35:02.0276 2252 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
14:35:02.0276 2252 C:\Windows\System32\ubpm.dll - ok
14:35:02.0276 2252 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
14:35:02.0276 2252 C:\Windows\System32\svchost.exe - ok
14:35:02.0291 2252 [ 98B1721B8718164293B9701B98C52D77 ] C:\Windows\System32\umpnpmgr.dll
14:35:02.0291 2252 C:\Windows\System32\umpnpmgr.dll - ok
14:35:02.0291 2252 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
14:35:02.0291 2252 C:\Windows\System32\devrtl.dll - ok
14:35:02.0291 2252 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
14:35:02.0291 2252 C:\Windows\System32\SPInf.dll - ok
14:35:02.0307 2252 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
14:35:02.0307 2252 C:\Windows\System32\gpapi.dll - ok
14:35:02.0307 2252 [ 0776CF79590BDEF0A2728B0B9A813B96 ] C:\Windows\System32\userenv.dll
14:35:02.0307 2252 C:\Windows\System32\userenv.dll - ok
14:35:02.0323 2252 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
14:35:02.0323 2252 C:\Windows\System32\umpo.dll - ok
14:35:02.0323 2252 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
14:35:02.0323 2252 C:\Windows\System32\pcwum.dll - ok
14:35:02.0323 2252 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
14:35:02.0323 2252 C:\Windows\System32\powrprof.dll - ok
14:35:02.0338 2252 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
14:35:02.0338 2252 C:\Windows\System32\drivers\luafv.sys - ok
14:35:02.0338 2252 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
14:35:02.0338 2252 C:\Windows\System32\drivers\WUDFPf.sys - ok
14:35:02.0354 2252 [ 7266972E86890E2B30C0C322E906B027 ] C:\Windows\System32\rpcss.dll
14:35:02.0354 2252 C:\Windows\System32\rpcss.dll - ok
14:35:02.0354 2252 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
14:35:02.0354 2252 C:\Windows\System32\RpcEpMap.dll - ok
14:35:02.0354 2252 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
14:35:02.0354 2252 C:\Windows\System32\wshqos.dll - ok
14:35:02.0369 2252 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
14:35:02.0369 2252 C:\Windows\System32\WSHTCPIP.DLL - ok
14:35:02.0369 2252 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:35:02.0369 2252 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
14:35:02.0385 2252 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
14:35:02.0385 2252 C:\Windows\System32\FirewallAPI.dll - ok
14:35:02.0385 2252 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
14:35:02.0385 2252 C:\Windows\System32\version.dll - ok
14:35:02.0385 2252 [ BCF8F2758AA5C451F8E366C66A98BBFE ] C:\Program Files\Microsoft Security Client\MpSvc.dll
14:35:02.0385 2252 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
14:35:02.0401 2252 [ 2F67DEE6452EBC9F4A6C97A1CCC232FE ] C:\Program Files\Microsoft Security Client\MpClient.dll
14:35:02.0401 2252 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
14:35:02.0401 2252 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
14:35:02.0401 2252 C:\Windows\System32\wtsapi32.dll - ok
14:35:02.0416 2252 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
14:35:02.0416 2252 C:\Windows\System32\ntmarta.dll - ok
14:35:02.0416 2252 [ 93E6A39B1DB898F7C949FA5567E774CF ] C:\Windows\System32\LogonUI.exe
14:35:02.0416 2252 C:\Windows\System32\LogonUI.exe - ok
14:35:02.0416 2252 [ BCF0A980D21711E47D0803BDB0E99CAD ] C:\Windows\System32\authui.dll
14:35:02.0416 2252 C:\Windows\System32\authui.dll - ok
14:35:02.0432 2252 [ 5F10310A5A9273475AA04930DFE16742 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
14:35:02.0432 2252 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
14:35:02.0432 2252 [ 0DE7BF2A2E64A841F9ABF9558870D9C4 ] C:\Windows\System32\atiesrxx.exe
14:35:02.0432 2252 C:\Windows\System32\atiesrxx.exe - ok
14:35:02.0447 2252 [ 99ABDA9C92EC76CBAF52F00239D909C9 ] C:\Windows\System32\wevtsvc.dll
14:35:02.0447 2252 C:\Windows\System32\wevtsvc.dll - ok
14:35:02.0447 2252 [ BF62F3BC1BE0700804EC394BB77F02C4 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
14:35:02.0447 2252 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
14:35:02.0447 2252 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
14:35:02.0447 2252 C:\Windows\System32\fltLib.dll - ok
14:35:02.0463 2252 [ FF7E814CBFEC3C27922C13BB94667416 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
14:35:02.0463 2252 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
14:35:02.0463 2252 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] C:\Windows\System32\drivers\MpFilter.sys
14:35:02.0463 2252 C:\Windows\System32\drivers\MpFilter.sys - ok
14:35:02.0479 2252 [ 12FD09889C8A6141C8D10F7AE48BBAC8 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
14:35:02.0479 2252 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
14:35:02.0479 2252 [ 07721A77180EDD4D39CCB865BF63C7FD ] C:\Windows\System32\audiosrv.dll
14:35:02.0479 2252 C:\Windows\System32\audiosrv.dll - ok
14:35:02.0479 2252 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
14:35:02.0479 2252 C:\Windows\System32\mmcss.dll - ok
14:35:02.0494 2252 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
14:35:02.0494 2252 C:\Windows\System32\avrt.dll - ok
14:35:02.0494 2252 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
14:35:02.0494 2252 C:\Windows\System32\netprofm.dll - ok
14:35:02.0510 2252 [ D527EF4364D2D00443470940B177EAD4 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD7B8DCC-ECCB-4913-8623-1BE976B53686}\mpengine.dll
14:35:02.0510 2252 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD7B8DCC-ECCB-4913-8623-1BE976B53686}\mpengine.dll - ok
14:35:02.0510 2252 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
14:35:02.0510 2252 C:\Windows\System32\adtschema.dll - ok
14:35:02.0525 2252 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
14:35:02.0525 2252 C:\Windows\System32\MMDevAPI.dll - ok
14:35:02.0525 2252 [ B27EA141A7E748B607600A8551A44D5A ] C:\Windows\System32\propsys.dll
14:35:02.0525 2252 C:\Windows\System32\propsys.dll - ok
14:35:02.0525 2252 [ D152EBC32A23069F8AA1D1F24B15E3F9 ] C:\Windows\System32\audiodg.exe
14:35:02.0525 2252 C:\Windows\System32\audiodg.exe - ok
14:35:02.0541 2252 [ FE5AB4525BC2EC68B9119A6E5D40128B ] C:\Windows\System32\gpsvc.dll
14:35:02.0541 2252 C:\Windows\System32\gpsvc.dll - ok
14:35:02.0541 2252 [ 86E3822A34D454032D8E88C72AE8CF2D ] C:\Windows\System32\nlaapi.dll
14:35:02.0541 2252 C:\Windows\System32\nlaapi.dll - ok
14:35:02.0541 2252 [ 97293447431311C06703368AD0F6C4BE ] C:\Windows\System32\profsvc.dll
14:35:02.0541 2252 C:\Windows\System32\profsvc.dll - ok
14:35:02.0557 2252 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
14:35:02.0557 2252 C:\Windows\System32\atl.dll - ok
14:35:02.0557 2252 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
14:35:02.0557 2252 C:\Windows\System32\themeservice.dll - ok
14:35:02.0572 2252 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
14:35:02.0572 2252 C:\Windows\System32\dsrole.dll - ok
14:35:02.0572 2252 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
14:35:02.0572 2252 C:\Windows\System32\slc.dll - ok
14:35:02.0572 2252 [ DBA90306A721FB922FDACED9E9728C28 ] C:\Windows\System32\cryptui.dll
14:35:02.0572 2252 C:\Windows\System32\cryptui.dll - ok
14:35:02.0588 2252 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
14:35:02.0588 2252 C:\Windows\System32\es.dll - ok
14:35:02.0588 2252 [ 113921FC4A80A3DDF646852998B836D0 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
14:35:02.0588 2252 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll - ok
14:35:02.0603 2252 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
14:35:02.0603 2252 C:\Windows\System32\comres.dll - ok
14:35:02.0603 2252 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
14:35:02.0603 2252 C:\Windows\System32\Sens.dll - ok
14:35:02.0603 2252 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
14:35:02.0603 2252 C:\Windows\System32\uxsms.dll - ok
14:35:02.0619 2252 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
14:35:02.0619 2252 C:\Windows\System32\samlib.dll - ok
14:35:02.0619 2252 [ 84F8C8B9FB1F12532999D25F5DD7E77C ] C:\Windows\System32\shacct.dll
14:35:02.0619 2252 C:\Windows\System32\shacct.dll - ok
14:35:02.0635 2252 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
14:35:02.0635 2252 C:\Windows\System32\uxtheme.dll - ok
14:35:02.0635 2252 [ DD0701DE0AAA010E6EBD0F53B672DCEE ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll
14:35:02.0635 2252 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll - ok
14:35:02.0635 2252 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
14:35:02.0635 2252 C:\Windows\System32\dui70.dll - ok
14:35:02.0650 2252 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
14:35:02.0650 2252 C:\Windows\System32\duser.dll - ok
14:35:02.0650 2252 [ B2E3D4BB3389817FB5E4CD9378BC8791 ] C:\Windows\System32\SndVolSSO.dll
14:35:02.0650 2252 C:\Windows\System32\SndVolSSO.dll - ok
14:35:02.0666 2252 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
14:35:02.0666 2252 C:\Windows\System32\hid.dll - ok
14:35:02.0666 2252 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
14:35:02.0666 2252 C:\Windows\System32\dwmapi.dll - ok
14:35:02.0666 2252 [ 39F91A948E6017B732C4A0B3086A8E32 ] C:\Windows\System32\xmllite.dll
14:35:02.0666 2252 C:\Windows\System32\xmllite.dll - ok
14:35:02.0681 2252 [ EA99F234843BBDDA1ABD2767111ADE25 ] C:\Windows\System32\WindowsCodecs.dll
14:35:02.0681 2252 C:\Windows\System32\WindowsCodecs.dll - ok
14:35:02.0681 2252 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
14:35:02.0681 2252 C:\Windows\System32\winbrand.dll - ok
14:35:02.0697 2252 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
14:35:02.0697 2252 C:\Windows\System32\wlansvc.dll - ok
14:35:02.0697 2252 [ AECAB449567D1846DAD63ECE49E893E3 ] C:\Windows\System32\MPSSVC.dll
14:35:02.0697 2252 C:\Windows\System32\MPSSVC.dll - ok
14:35:02.0697 2252 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
14:35:02.0697 2252 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
14:35:02.0713 2252 [ F7866AF72ABBAF84B1FA5AA195378C59 ] C:\Windows\System32\drivers\fltMgr.sys
14:35:02.0713 2252 C:\Windows\System32\drivers\fltMgr.sys - ok
14:35:02.0713 2252 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
14:35:02.0713 2252 C:\Windows\System32\PSHED.DLL - ok
14:35:02.0728 2252 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
14:35:02.0728 2252 C:\Windows\System32\VaultCredProvider.dll - ok
14:35:02.0728 2252 [ 2A381A9740165D7A1405148B6DFB3E38 ] C:\Windows\System32\SmartcardCredentialProvider.dll
14:35:02.0728 2252 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
14:35:02.0728 2252 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
14:35:02.0728 2252 C:\Windows\System32\BioCredProv.dll - ok
14:35:02.0744 2252 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
14:35:02.0744 2252 C:\Windows\System32\winbio.dll - ok
14:35:02.0744 2252 [ 97D38371502AA797DB14EB1FA5FCE4CD ] C:\Windows\System32\credui.dll
14:35:02.0744 2252 C:\Windows\System32\credui.dll - ok
14:35:02.0759 2252 [ 3C27B50BC43D5FED43081A784DD17190 ] C:\Windows\System32\netapi32.dll
14:35:02.0759 2252 C:\Windows\System32\netapi32.dll - ok
14:35:02.0759 2252 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
14:35:02.0759 2252 C:\Windows\System32\vaultcli.dll - ok
14:35:02.0759 2252 [ 4C8C2F987FC397DCE98874D6C9C0736A ] C:\Windows\System32\netutils.dll
14:35:02.0759 2252 C:\Windows\System32\netutils.dll - ok
14:35:02.0775 2252 [ A87205FE194B239D8D96E4972B779CC1 ] C:\Windows\System32\samcli.dll
14:35:02.0775 2252 C:\Windows\System32\samcli.dll - ok
14:35:02.0775 2252 [ B33CBD1A8C2A33121321D0FEBD7DD870 ] C:\Windows\System32\wkscli.dll
14:35:02.0775 2252 C:\Windows\System32\wkscli.dll - ok
14:35:02.0791 2252 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
14:35:02.0791 2252 C:\Windows\System32\certCredProvider.dll - ok
14:35:02.0791 2252 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
14:35:02.0791 2252 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
14:35:02.0791 2252 [ 7097425051CE67B450EBF2B1390AE492 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
14:35:02.0791 2252 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
14:35:02.0806 2252 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
14:35:02.0806 2252 C:\Windows\System32\rasplap.dll - ok
14:35:02.0806 2252 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
14:35:02.0806 2252 C:\Windows\System32\WUDFSvc.dll - ok
14:35:02.0822 2252 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
14:35:02.0822 2252 C:\Windows\System32\WUDFPlatform.dll - ok
14:35:02.0822 2252 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
14:35:02.0822 2252 C:\Windows\System32\drivers\lltdio.sys - ok
14:35:02.0822 2252 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
14:35:02.0822 2252 C:\Windows\System32\drivers\nwifi.sys - ok
14:35:02.0837 2252 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] C:\Windows\System32\drivers\ndisuio.sys
14:35:02.0837 2252 C:\Windows\System32\drivers\ndisuio.sys - ok
14:35:02.0837 2252 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
14:35:02.0837 2252 C:\Windows\System32\drivers\rspndr.sys - ok
14:35:02.0853 2252 [ 57FE2CFC2F25C200499D5D934EA24EB5 ] C:\Windows\System32\IPHLPAPI.DLL
14:35:02.0853 2252 C:\Windows\System32\IPHLPAPI.DLL - ok
14:35:02.0853 2252 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
14:35:02.0853 2252 C:\Windows\System32\lmhsvc.dll - ok
14:35:02.0853 2252 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
14:35:02.0853 2252 C:\Windows\System32\nsisvc.dll - ok
14:35:02.0869 2252 [ CE3B9562D997F69B330D181A8875960F ] C:\Windows\System32\dhcpcore.dll
14:35:02.0869 2252 C:\Windows\System32\dhcpcore.dll - ok
14:35:02.0869 2252 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
14:35:02.0869 2252 C:\Windows\System32\eapsvc.dll - ok
14:35:02.0884 2252 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
14:35:02.0884 2252 C:\Windows\System32\keyiso.dll - ok
14:35:02.0884 2252 [ FD5BA198F7190DFE9BE1947EB8710396 ] C:\Windows\System32\nrpsrv.dll
14:35:02.0884 2252 C:\Windows\System32\nrpsrv.dll - ok
14:35:02.0884 2252 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
14:35:02.0884 2252 C:\Windows\System32\winnsi.dll - ok
14:35:02.0900 2252 [ 982F5395AD181179320083A4FA7E7CA8 ] C:\Windows\System32\eapphost.dll
14:35:02.0900 2252 C:\Windows\System32\eapphost.dll - ok
14:35:02.0900 2252 [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
14:35:02.0900 2252 C:\Windows\System32\dhcpcore6.dll - ok
14:35:02.0915 2252 [ 85CF424C74A1D5EC33533E1DBFF9920A ] C:\Windows\System32\dnsrslvr.dll
14:35:02.0915 2252 C:\Windows\System32\dnsrslvr.dll - ok
14:35:02.0915 2252 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] C:\Windows\System32\nlasvc.dll
14:35:02.0915 2252 C:\Windows\System32\nlasvc.dll - ok
14:35:02.0915 2252 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
14:35:02.0915 2252 C:\Windows\System32\dhcpcsvc.dll - ok
14:35:02.0931 2252 [ 2017BFE87CAB3D7EF632CFD2AA08D3F0 ] C:\Windows\System32\umb.dll
14:35:02.0931 2252 C:\Windows\System32\umb.dll - ok
14:35:02.0931 2252 [ 48A31B7CF046702059A86836DC21D786 ] C:\Windows\System32\wlanmsm.dll
14:35:02.0931 2252 C:\Windows\System32\wlanmsm.dll - ok
14:35:02.0947 2252 [ 107F279517E2A04DB4AC1B1FAF1D573B ] C:\Windows\System32\ncsi.dll
14:35:02.0947 2252 C:\Windows\System32\ncsi.dll - ok
14:35:02.0947 2252 [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
14:35:02.0947 2252 C:\Windows\System32\dhcpcsvc6.dll - ok
14:35:02.0947 2252 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
14:35:02.0947 2252 C:\Windows\System32\wlansec.dll - ok
14:35:02.0962 2252 [ 0BF0C2A72F2CB0BA4382C392D3E331AF ] C:\Windows\System32\winhttp.dll
14:35:02.0962 2252 C:\Windows\System32\winhttp.dll - ok
14:35:02.0962 2252 [ 2196CDBFA4B99BEEDAE300FA21DFE718 ] C:\Windows\System32\webio.dll
14:35:02.0962 2252 C:\Windows\System32\webio.dll - ok
14:35:02.0978 2252 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
14:35:02.0978 2252 C:\Windows\System32\eappprxy.dll - ok
14:35:02.0978 2252 [ D2B0D1C2BE5ECA80387F7CB8626DCAFE ] C:\Windows\System32\onex.dll
14:35:02.0978 2252 C:\Windows\System32\onex.dll - ok
14:35:02.0978 2252 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
14:35:02.0978 2252 C:\Windows\System32\FWPUCLNT.DLL - ok
14:35:02.0993 2252 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
14:35:02.0993 2252 C:\Windows\System32\dnsext.dll - ok
14:35:02.0993 2252 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
14:35:02.0993 2252 C:\Windows\System32\eappcfg.dll - ok
14:35:03.0009 2252 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
14:35:03.0009 2252 C:\Windows\System32\wlgpclnt.dll - ok
14:35:03.0009 2252 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
14:35:03.0009 2252 C:\Windows\System32\ssdpapi.dll - ok
14:35:03.0009 2252 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
14:35:03.0009 2252 C:\Windows\System32\l2gpstore.dll - ok
14:35:03.0025 2252 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
14:35:03.0025 2252 C:\Windows\System32\wlanutil.dll - ok
14:35:03.0025 2252 [ 22E7431E7DAE8463AF94A79A054276E5 ] C:\Windows\System32\WinSCard.dll
14:35:03.0025 2252 C:\Windows\System32\WinSCard.dll - ok
14:35:03.0040 2252 [ 72D3D64526765C34DBFC7D895B4FBDF6 ] C:\Windows\System32\msxml6.dll
14:35:03.0040 2252 C:\Windows\System32\msxml6.dll - ok
14:35:03.0040 2252 [ 43FAB56AE5F639AD59D7209693F4C4C2 ] C:\Windows\System32\wlanext.exe
14:35:03.0040 2252 C:\Windows\System32\wlanext.exe - ok
14:35:03.0040 2252 [ A19ACD209BC143F8A9CFBCEFA3C564F5 ] C:\Windows\System32\conhost.exe
14:35:03.0040 2252 C:\Windows\System32\conhost.exe - ok
14:35:03.0056 2252 [ 4CCF69A222BE3C85A020AC32DF9FFA8E ] C:\Windows\System32\bcmihvsrv64.dll
14:35:03.0056 2252 C:\Windows\System32\bcmihvsrv64.dll - ok
14:35:03.0056 2252 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
14:35:03.0056 2252 C:\Windows\System32\wlanapi.dll - ok
14:35:03.0056 2252 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] C:\Windows\System32\wwansvc.dll
14:35:03.0056 2252 C:\Windows\System32\wwansvc.dll - ok
14:35:03.0071 2252 [ 76DC9F4FE66BC3867615F142766B4C50 ] C:\Windows\System32\wmi.dll
14:35:03.0071 2252 C:\Windows\System32\wmi.dll - ok
14:35:03.0071 2252 [ 8F6D9A20F1FB06F0602A7D5A82840DBF ] C:\Windows\System32\netcfgx.dll
14:35:03.0071 2252 C:\Windows\System32\netcfgx.dll - ok
14:35:03.0087 2252 [ 1A008CBB313F7A6644B883AE1829393B ] C:\Program Files (x86)\Online Armor\oacat.exe
14:35:03.0087 2252 C:\Program Files (x86)\Online Armor\oacat.exe - ok
14:35:03.0087 2252 [ DB6DD54A93522CA3572D04B56C5DB890 ] C:\Windows\SysWOW64\ntdll.dll
14:35:03.0087 2252 C:\Windows\SysWOW64\ntdll.dll - ok
14:35:03.0087 2252 [ F90C76ED345B71CF5FBDFDEED6E7F3D6 ] C:\Windows\System32\wow64.dll
14:35:03.0087 2252 C:\Windows\System32\wow64.dll - ok
14:35:03.0103 2252 [ E9C7E340941DF96680F1AEC14DF476A0 ] C:\Windows\System32\wow64win.dll
14:35:03.0103 2252 C:\Windows\System32\wow64win.dll - ok
14:35:03.0103 2252 [ F8347C662D2E708323AA348DF8EDE676 ] C:\Windows\System32\wow64cpu.dll
14:35:03.0103 2252 C:\Windows\System32\wow64cpu.dll - ok
14:35:03.0118 2252 [ A6778FC49011313995A4D718F624CC74 ] C:\Windows\SysWOW64\kernel32.dll
14:35:03.0118 2252 C:\Windows\SysWOW64\kernel32.dll - ok
14:35:03.0118 2252 [ D1B5FE2E4EF4B8C6D5B5A9752271457E ] C:\Windows\SysWOW64\KernelBase.dll
14:35:03.0118 2252 C:\Windows\SysWOW64\KernelBase.dll - ok
14:35:03.0118 2252 [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\SysWOW64\advapi32.dll
14:35:03.0118 2252 C:\Windows\SysWOW64\advapi32.dll - ok
14:35:03.0134 2252 [ F8A61B2E713309B4616D107919BDAB6E ] C:\Windows\SysWOW64\msvcrt.dll
14:35:03.0134 2252 C:\Windows\SysWOW64\msvcrt.dll - ok
14:35:03.0134 2252 [ 90385551B6B3793E949DF310A11D64E7 ] C:\Windows\SysWOW64\rpcrt4.dll
14:35:03.0134 2252 C:\Windows\SysWOW64\rpcrt4.dll - ok
14:35:03.0149 2252 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
14:35:03.0149 2252 C:\Windows\SysWOW64\sechost.dll - ok
14:35:03.0149 2252 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
14:35:03.0149 2252 C:\Windows\SysWOW64\cryptbase.dll - ok
14:35:03.0149 2252 [ 351F62085F1D007533B4BB159C9EFDE3 ] C:\Windows\SysWOW64\sspicli.dll
14:35:03.0149 2252 C:\Windows\SysWOW64\sspicli.dll - ok
14:35:03.0165 2252 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
14:35:03.0165 2252 C:\Windows\System32\rasapi32.dll - ok
14:35:03.0165 2252 [ D3EAD1CF16BA729A7F7C9A5D94AA7C05 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
14:35:03.0165 2252 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll - ok
14:35:03.0181 2252 [ FBE1E0B9EF53B5BB7C36763AA6A685CF ] C:\Windows\SysWOW64\gdi32.dll
14:35:03.0181 2252 C:\Windows\SysWOW64\gdi32.dll - ok
14:35:03.0181 2252 [ E8B0FFC209E504CB7E79FC24E6C085F0 ] C:\Windows\SysWOW64\user32.dll
14:35:03.0181 2252 C:\Windows\SysWOW64\user32.dll - ok
14:35:03.0181 2252 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
14:35:03.0181 2252 C:\Windows\SysWOW64\lpk.dll - ok
14:35:03.0196 2252 [ 0BA19F3198C40AC4E8CC66EE02EDA6C6 ] C:\Windows\SysWOW64\usp10.dll
14:35:03.0196 2252 C:\Windows\SysWOW64\usp10.dll - ok
14:35:03.0196 2252 [ 5B8580B819BE32EEC18CE1FEC52A4BCE ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
14:35:03.0196 2252 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
14:35:03.0212 2252 [ 0E7045E24F78351E021D3C01566DBBA3 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
14:35:03.0212 2252 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
14:35:03.0212 2252 [ 5DE691884C240227B733CC18BBFCA3D8 ] C:\Windows\SysWOW64\netapi32.dll
14:35:03.0212 2252 C:\Windows\SysWOW64\netapi32.dll - ok
14:35:03.0212 2252 [ C6BB27D9A8AC13D4A44486F528B5C884 ] C:\Windows\SysWOW64\netutils.dll
14:35:03.0212 2252 C:\Windows\SysWOW64\netutils.dll - ok
14:35:03.0227 2252 [ 89D840773C9C4358A5031DCC860449EC ] C:\Windows\SysWOW64\srvcli.dll
14:35:03.0227 2252 C:\Windows\SysWOW64\srvcli.dll - ok
14:35:03.0227 2252 [ 7AD12703039056D2A0815F85960E1FA1 ] C:\Windows\SysWOW64\wkscli.dll
14:35:03.0227 2252 C:\Windows\SysWOW64\wkscli.dll - ok
14:35:03.0243 2252 [ 64E6A44177ACF348D68255A37F4723DA ] C:\Windows\System32\cabinet.dll
14:35:03.0243 2252 C:\Windows\System32\cabinet.dll - ok
14:35:03.0243 2252 [ E2C2D8C982316C8ABF800C6CE3F28FAB ] C:\Windows\SysWOW64\ole32.dll
14:35:03.0243 2252 C:\Windows\SysWOW64\ole32.dll - ok
14:35:03.0243 2252 [ 742AA02BD9FA3492C9E525BBD427D87D ] C:\Windows\SysWOW64\samcli.dll
14:35:03.0243 2252 C:\Windows\SysWOW64\samcli.dll - ok
14:35:03.0259 2252 [ 705C210EFC5564BE49EB026BD7AFF27A ] C:\Windows\SysWOW64\oleaut32.dll
14:35:03.0259 2252 C:\Windows\SysWOW64\oleaut32.dll - ok
14:35:03.0259 2252 [ 2CBC35E872BA9B46474890135B56DD66 ] C:\Windows\SysWOW64\shell32.dll
14:35:03.0259 2252 C:\Windows\SysWOW64\shell32.dll - ok
14:35:03.0274 2252 [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\SysWOW64\shlwapi.dll
14:35:03.0274 2252 C:\Windows\SysWOW64\shlwapi.dll - ok
14:35:03.0274 2252 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
14:35:03.0274 2252 C:\Windows\System32\rasman.dll - ok
14:35:03.0274 2252 [ F5A61F0A0030C80DF319B0C14A4C8885 ] C:\Windows\System32\rtutils.dll
14:35:03.0274 2252 C:\Windows\System32\rtutils.dll - ok
14:35:03.0290 2252 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
14:35:03.0290 2252 C:\Windows\System32\UXInit.dll - ok
14:35:03.0290 2252 [ CEE3ECBD814B794F7F3C5EED69C8EE22 ] C:\Windows\System32\atieclxx.exe
14:35:03.0290 2252 C:\Windows\System32\atieclxx.exe - ok
14:35:03.0305 2252 [ DF843EBBA76A782FDAA16C3A32B90FBB ] C:\Windows\System32\atiadlxx.dll
14:35:03.0305 2252 C:\Windows\System32\atiadlxx.dll - ok
14:35:03.0305 2252 [ F875C67ACF1DB12AF82D163686FBC6E7 ] C:\Windows\System32\atimuixx.dll
14:35:03.0305 2252 C:\Windows\System32\atimuixx.dll - ok
14:35:03.0305 2252 [ AF28348ED585539C4A33A4341FF23696 ] C:\Windows\System32\oleacc.dll
14:35:03.0305 2252 C:\Windows\System32\oleacc.dll - ok
14:35:03.0321 2252 [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
14:35:03.0321 2252 C:\Windows\System32\UIAutomationCore.dll - ok
14:35:03.0321 2252 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
14:35:03.0321 2252 C:\Windows\System32\msimg32.dll - ok
14:35:03.0321 2252 [ 85409DCE247D97E4D6958B7C5916BE4A ] C:\Windows\System32\wscapi.dll
14:35:03.0337 2252 C:\Windows\System32\wscapi.dll - ok
14:35:03.0337 2252 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
14:35:03.0337 2252 C:\Windows\System32\p2pcollab.dll - ok
14:35:03.0337 2252 [ 4987E079A4530FA737A128BE54B63B12 ] C:\Windows\System32\QAGENTRT.DLL
14:35:03.0337 2252 C:\Windows\System32\QAGENTRT.DLL - ok
14:35:03.0352 2252 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
14:35:03.0352 2252 C:\Windows\System32\fveui.dll - ok
14:35:03.0352 2252 [ CA9E3BD4752FA2C084F5CD35FD8D0025 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
14:35:03.0352 2252 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
14:35:03.0352 2252 [ B7213E92B270761B88B313B62BA0E13B ] C:\Windows\System32\slwga.dll
14:35:03.0368 2252 C:\Windows\System32\slwga.dll - ok
14:35:03.0368 2252 [ 64856DFE10FC7B429E6999380BC3BB62 ] C:\Windows\System32\sppc.dll
14:35:03.0368 2252 C:\Windows\System32\sppc.dll - ok
14:35:03.0368 2252 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
14:35:03.0368 2252 C:\Windows\SysWOW64\version.dll - ok
14:35:03.0383 2252 [ 0DE3069D6E09BA262856EF31C941BEFE ] C:\Windows\SysWOW64\imm32.dll
14:35:03.0383 2252 C:\Windows\SysWOW64\imm32.dll - ok
14:35:03.0383 2252 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
14:35:03.0383 2252 C:\Windows\SysWOW64\msctf.dll - ok
14:35:03.0383 2252 [ E30E5BB0DBA49EFE5BBBAFEA440CFBD9 ] C:\Windows\SysWOW64\wtsapi32.dll
14:35:03.0383 2252 C:\Windows\SysWOW64\wtsapi32.dll - ok
14:35:03.0399 2252 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
14:35:03.0399 2252 C:\Windows\System32\imageres.dll - ok
14:35:03.0399 2252 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
14:35:03.0399 2252 C:\Windows\SysWOW64\cryptsp.dll - ok
14:35:03.0415 2252 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
14:35:03.0415 2252 C:\Windows\SysWOW64\rsaenh.dll - ok
14:35:03.0415 2252 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
14:35:03.0415 2252 C:\Windows\SysWOW64\ntmarta.dll - ok
14:35:03.0415 2252 [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\SysWOW64\Wldap32.dll
14:35:03.0415 2252 C:\Windows\SysWOW64\Wldap32.dll - ok
14:35:03.0430 2252 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
14:35:03.0430 2252 C:\Windows\System32\dllhost.exe - ok
14:35:03.0430 2252 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
14:35:03.0430 2252 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll - ok
14:35:03.0446 2252 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
14:35:03.0446 2252 C:\Windows\System32\IDStore.dll - ok
14:35:03.0446 2252 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
14:35:03.0446 2252 C:\Windows\System32\mpr.dll - ok
14:35:03.0461 2252 [ 6F8F1376A13114CC10C0E69274F5A4DE ] C:\Windows\System32\userinit.exe
14:35:03.0461 2252 C:\Windows\System32\userinit.exe - ok
14:35:03.0461 2252 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
14:35:03.0461 2252 C:\Windows\System32\dwm.exe - ok
14:35:03.0461 2252 [ EF184066A851E7838D5BF8C8FAE66CC4 ] C:\Windows\System32\dwmredir.dll
14:35:03.0461 2252 C:\Windows\System32\dwmredir.dll - ok
14:35:03.0477 2252 [ 9D8AB964CE511AF81207DF0E1205184C ] C:\Windows\System32\dwmcore.dll
14:35:03.0477 2252 C:\Windows\System32\dwmcore.dll - ok
14:35:03.0477 2252 [ 58A0C212ED2ABE462B3A9626F5B96261 ] C:\Windows\System32\d3d10_1.dll
14:35:03.0477 2252 C:\Windows\System32\d3d10_1.dll - ok
14:35:03.0493 2252 [ AFBBC34687FA48A4928B99AF097C1EC0 ] C:\Windows\System32\d3d10_1core.dll
14:35:03.0493 2252 C:\Windows\System32\d3d10_1core.dll - ok
14:35:03.0493 2252 [ D95DB5C915C001F78709C17285109BDC ] C:\Windows\System32\dxgi.dll
14:35:03.0493 2252 C:\Windows\System32\dxgi.dll - ok
14:35:03.0493 2252 [ 6D24703A2A16F5219ED3EE0C02B364A7 ] C:\Windows\System32\atiuxp64.dll
14:35:03.0493 2252 C:\Windows\System32\atiuxp64.dll - ok
14:35:03.0508 2252 [ 0862495E0C825893DB75EF44FAEA8E93 ] C:\Windows\explorer.exe
14:35:03.0508 2252 C:\Windows\explorer.exe - ok
14:35:03.0508 2252 [ 1C27E145EC99F20BC1B13FD98165A83F ] C:\Windows\System32\ExplorerFrame.dll
14:35:03.0508 2252 C:\Windows\System32\ExplorerFrame.dll - ok
14:35:03.0508 2252 [ 322A70B65B9C42207D5F0E6A32CC9AEE ] C:\Windows\System32\atidxx64.dll
14:35:03.0508 2252 C:\Windows\System32\atidxx64.dll - ok
14:35:03.0524 2252 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
14:35:03.0524 2252 C:\Windows\System32\uDWM.dll - ok
14:35:03.0524 2252 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
14:35:03.0524 2252 C:\Windows\System32\EhStorShell.dll - ok
14:35:03.0539 2252 [ 5F917AEEEA363B8A5DC8624795CB1D60 ] C:\Windows\System32\ntshrui.dll
14:35:03.0539 2252 C:\Windows\System32\ntshrui.dll - ok
14:35:03.0539 2252 [ BFEBE1E4B301F44CEA7C1B4021BD0264 ] C:\Windows\System32\cscapi.dll
14:35:03.0539 2252 C:\Windows\System32\cscapi.dll - ok
14:35:03.0555 2252 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
14:35:03.0555 2252 C:\Windows\System32\IconCodecService.dll - ok
14:35:03.0555 2252 [ A54B4FBC24C4EDE34BEB5F8D8974752A ] C:\Program Files (x86)\Online Armor\oasrv.exe
14:35:03.0555 2252 C:\Program Files (x86)\Online Armor\oasrv.exe - ok
14:35:03.0555 2252 [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\SysWOW64\ws2_32.dll
14:35:03.0555 2252 C:\Windows\SysWOW64\ws2_32.dll - ok
14:35:03.0571 2252 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
14:35:03.0571 2252 C:\Windows\SysWOW64\wsock32.dll - ok
14:35:03.0571 2252 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
14:35:03.0571 2252 C:\Windows\SysWOW64\nsi.dll - ok
14:35:03.0571 2252 [ C10459DBDC2099C5A8428CB7D87DB85F ] C:\Windows\SysWOW64\olepro32.dll
14:35:03.0571 2252 C:\Windows\SysWOW64\olepro32.dll - ok
14:35:03.0586 2252 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
14:35:03.0586 2252 C:\Windows\SysWOW64\wininet.dll - ok
14:35:03.0586 2252 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
14:35:03.0586 2252 C:\Windows\SysWOW64\iertutil.dll - ok
14:35:03.0602 2252 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
14:35:03.0602 2252 C:\Windows\SysWOW64\urlmon.dll - ok
14:35:03.0602 2252 [ 7DA089C75B1E92032D0CBE4ADE7C32BC ] C:\Windows\SysWOW64\crypt32.dll
14:35:03.0602 2252 C:\Windows\SysWOW64\crypt32.dll - ok
14:35:03.0602 2252 [ A223CF703E28CBD7E9E7982141FA403C ] C:\Windows\SysWOW64\comdlg32.dll
14:35:03.0602 2252 C:\Windows\SysWOW64\comdlg32.dll - ok
14:35:03.0617 2252 [ 4C04900AA8C323F5D4C316A89E976849 ] C:\Windows\SysWOW64\msasn1.dll
14:35:03.0617 2252 C:\Windows\SysWOW64\msasn1.dll - ok
14:35:03.0617 2252 [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\SysWOW64\winmm.dll
14:35:03.0617 2252 C:\Windows\SysWOW64\winmm.dll - ok
14:35:03.0633 2252 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
14:35:03.0633 2252 C:\Windows\SysWOW64\shfolder.dll - ok
14:35:03.0633 2252 [ 6907C055668EF85BBA6077511A143756 ] C:\Program Files (x86)\Online Armor\EmsiCryptApi.dll
14:35:03.0633 2252 C:\Program Files (x86)\Online Armor\EmsiCryptApi.dll - ok
14:35:03.0633 2252 [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
14:35:03.0633 2252 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
14:35:03.0649 2252 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
14:35:03.0649 2252 C:\Windows\SysWOW64\psapi.dll - ok
14:35:03.0649 2252 [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\SysWOW64\setupapi.dll
14:35:03.0649 2252 C:\Windows\SysWOW64\setupapi.dll - ok
14:35:03.0664 2252 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
14:35:03.0664 2252 C:\Windows\SysWOW64\winnsi.dll - ok
14:35:03.0664 2252 [ E702ED19C332C1F12C1403D100E2F4F3 ] C:\Windows\SysWOW64\cfgmgr32.dll
14:35:03.0664 2252 C:\Windows\SysWOW64\cfgmgr32.dll - ok
14:35:03.0664 2252 [ 6C9C05D5344B9AB80E9180FC859BC45A ] C:\Windows\SysWOW64\devobj.dll
14:35:03.0664 2252 C:\Windows\SysWOW64\devobj.dll - ok
14:35:03.0680 2252 [ 62390F4ACE9E2B63E3CA26B7F7497897 ] C:\Windows\SysWOW64\dnsapi.dll
14:35:03.0680 2252 C:\Windows\SysWOW64\dnsapi.dll - ok
14:35:03.0680 2252 [ 7B2AF75C0813FEB2888559DAA4215BA3 ] C:\Windows\SysWOW64\Faultrep.dll
14:35:03.0680 2252 C:\Windows\SysWOW64\Faultrep.dll - ok
14:35:03.0695 2252 [ E24FE90E9DE8D8AE70E59F7B01675DEF ] C:\Windows\SysWOW64\avicap32.dll
14:35:03.0695 2252 C:\Windows\SysWOW64\avicap32.dll - ok
14:35:03.0695 2252 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll
14:35:03.0695 2252 C:\Windows\SysWOW64\fltLib.dll - ok
14:35:03.0695 2252 [ 2DEEB96A0957BD058753FF250E85EF49 ] C:\Windows\SysWOW64\msvfw32.dll
14:35:03.0695 2252 C:\Windows\SysWOW64\msvfw32.dll - ok
14:35:03.0711 2252 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
14:35:03.0711 2252 C:\Windows\SysWOW64\profapi.dll - ok
14:35:03.0711 2252 [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\SysWOW64\userenv.dll
14:35:03.0711 2252 C:\Windows\SysWOW64\userenv.dll - ok
14:35:03.0727 2252 [ 158117F3CF278F01C6F24E89E2141E81 ] C:\Windows\SysWOW64\FWPUCLNT.DLL
14:35:03.0727 2252 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
14:35:03.0727 2252 [ AE5FF948400A51B040F999BF04290373 ] C:\Windows\SysWOW64\winsta.dll
14:35:03.0727 2252 C:\Windows\SysWOW64\winsta.dll - ok
14:35:03.0727 2252 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] C:\Windows\System32\shsvcs.dll
14:35:03.0727 2252 C:\Windows\System32\shsvcs.dll - ok
14:35:03.0742 2252 [ 624D0F5FF99428BB90A5B8A4123E918E ] C:\Windows\System32\schedsvc.dll
14:35:03.0742 2252 C:\Windows\System32\schedsvc.dll - ok
14:35:03.0742 2252 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
14:35:03.0742 2252 C:\Windows\System32\ktmw32.dll - ok
14:35:03.0758 2252 [ 1B547066D0A6CD40EB3BAAC6A9C7E7A9 ] C:\Windows\System32\taskcomp.dll
14:35:03.0758 2252 C:\Windows\System32\taskcomp.dll - ok
14:35:03.0758 2252 [ 1B38A0F123FCF1546FACEAF1EFAFAA00 ] C:\Windows\System32\fveapi.dll
14:35:03.0758 2252 C:\Windows\System32\fveapi.dll - ok
14:35:03.0758 2252 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
14:35:03.0758 2252 C:\Windows\System32\fvecerts.dll - ok
14:35:03.0773 2252 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
14:35:03.0773 2252 C:\Windows\System32\tbs.dll - ok
14:35:03.0773 2252 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] C:\Windows\System32\drivers\http.sys
14:35:03.0773 2252 C:\Windows\System32\drivers\http.sys - ok
14:35:03.0789 2252 [ 567977DC43CC13C4C35ED7084C0B84D5 ] C:\Windows\System32\spoolsv.exe
14:35:03.0789 2252 C:\Windows\System32\spoolsv.exe - ok
14:35:03.0789 2252 [ 3EEFB971D61EF9638FD21F14C703CA11 ] C:\Windows\System32\taskhost.exe
14:35:03.0789 2252 C:\Windows\System32\taskhost.exe - ok
14:35:03.0789 2252 [ 4992C609A6315671463E30F6512BC022 ] C:\Windows\System32\BFE.DLL
14:35:03.0789 2252 C:\Windows\System32\BFE.DLL - ok
14:35:03.0805 2252 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
14:35:03.0805 2252 C:\Windows\System32\wiarpc.dll - ok
14:35:03.0805 2252 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
14:35:03.0805 2252 C:\Windows\System32\PlaySndSrv.dll - ok
14:35:03.0820 2252 [ 7F37322A489E285CFBCC02F6A53B3F1B ] C:\Windows\System32\HotStartUserAgent.dll
14:35:03.0820 2252 C:\Windows\System32\HotStartUserAgent.dll - ok
14:35:03.0820 2252 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
14:35:03.0820 2252 C:\Windows\System32\MsCtfMonitor.dll - ok
14:35:03.0820 2252 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
14:35:03.0820 2252 C:\Windows\System32\msutb.dll - ok
14:35:03.0836 2252 [ 19D20159708E152267E53B66677A4995 ] C:\Windows\System32\drivers\bowser.sys
14:35:03.0836 2252 C:\Windows\System32\drivers\bowser.sys - ok
14:35:03.0836 2252 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
14:35:03.0836 2252 C:\Windows\System32\drivers\mpsdrv.sys - ok
14:35:03.0851 2252 [ 040D62A9D8AD28922632137ACDD984F2 ] C:\Windows\System32\drivers\mrxsmb.sys
14:35:03.0851 2252 C:\Windows\System32\drivers\mrxsmb.sys - ok
14:35:03.0851 2252 [ F0067552F8F9B33D7C59403AB808A3CB ] C:\Windows\System32\drivers\mrxsmb10.sys
14:35:03.0851 2252 C:\Windows\System32\drivers\mrxsmb10.sys - ok
14:35:03.0851 2252 [ 3C142D31DE9F2F193218A53FE2632051 ] C:\Windows\System32\drivers\mrxsmb20.sys
14:35:03.0851 2252 C:\Windows\System32\drivers\mrxsmb20.sys - ok
14:35:03.0867 2252 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] C:\Windows\System32\wkssvc.dll
14:35:03.0867 2252 C:\Windows\System32\wkssvc.dll - ok
14:35:03.0867 2252 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
14:35:03.0867 2252 C:\Windows\System32\wfapigp.dll - ok
14:35:03.0867 2252 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] C:\Windows\System32\FntCache.dll
14:35:03.0867 2252 C:\Windows\System32\FntCache.dll - ok
14:35:03.0883 2252 [ 961036B3C6282C646B9ADBC8BB32C983 ] C:\Windows\System32\mscms.dll
14:35:03.0883 2252 C:\Windows\System32\mscms.dll - ok
14:35:03.0883 2252 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
14:35:03.0883 2252 C:\Windows\System32\pcasvc.dll - ok
14:35:03.0898 2252 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
14:35:03.0898 2252 C:\Windows\System32\snmptrap.exe - ok
14:35:03.0898 2252 [ D1E343BC00136CE03C4D403194D06A80 ] C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:35:03.0898 2252 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe - ok
14:35:03.0898 2252 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
14:35:03.0898 2252 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
14:35:03.0914 2252 [ B65F8DBA54F251906BBE8611B5A0E7AB ] C:\Program Files\LSI SoftModem\agr64svc.exe
14:35:03.0914 2252 C:\Program Files\LSI SoftModem\agr64svc.exe - ok
14:35:03.0914 2252 [ 06A7422224D9865A5613710A089987DF ] C:\Windows\System32\provsvc.dll
14:35:03.0914 2252 C:\Windows\System32\provsvc.dll - ok
14:35:03.0929 2252 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
14:35:03.0929 2252 C:\Windows\System32\winmm.dll - ok
14:35:03.0929 2252 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
14:35:03.0929 2252 C:\Windows\System32\sstpsvc.dll - ok
14:35:03.0929 2252 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:35:03.0929 2252 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
14:35:03.0945 2252 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
14:35:03.0945 2252 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
14:35:03.0945 2252 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
14:35:03.0945 2252 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
14:35:03.0961 2252 [ 60CAE1FA4888ED41B41AEE91C774E4A2 ] C:\Windows\System32\taskeng.exe
14:35:03.0961 2252 C:\Windows\System32\taskeng.exe - ok
14:35:03.0961 2252 [ DDDD1D04D5F4360371BC99C7C476F70D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
14:35:03.0961 2252 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
14:35:03.0976 2252 [ 91607A5E321CF2B9043DDE0D6681A6C5 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
14:35:03.0976 2252 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
14:35:03.0976 2252 [ CEF20CB83B36EC2DBB99D38DC80FC826 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
14:35:03.0976 2252 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
14:35:03.0976 2252 [ 0EEE814627F4384291687671F76419F6 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
14:35:03.0976 2252 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
14:35:03.0992 2252 [ 554BD99F802FCC7BFE7FA7102384A2D2 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
14:35:03.0992 2252 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
14:35:03.0992 2252 [ C02E3CE20E7776C922B5C8938350B5F1 ] C:\Windows\SysWOW64\apphelp.dll
14:35:03.0992 2252 C:\Windows\SysWOW64\apphelp.dll - ok
14:35:04.0007 2252 [ 437B886611F251BBA0B912A9DA846029 ] C:\Program Files (x86)\Online Armor\oainj.exe
14:35:04.0007 2252 C:\Program Files (x86)\Online Armor\oainj.exe - ok
14:35:04.0007 2252 [ F64A630C746DCEFB640FE724F911D317 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
14:35:04.0007 2252 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
14:35:04.0023 2252 [ 39C821EF59F82FF6CDCCA768E5E36BBE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuin40.dll
14:35:04.0023 2252 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuin40.dll - ok
14:35:04.0023 2252 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
14:35:04.0023 2252 C:\Windows\System32\TSChannel.dll - ok
14:35:04.0023 2252 [ AB24D2A81FC60EC9038FEAD15C5470BF ] C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
14:35:04.0023 2252 C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe - ok
14:35:04.0039 2252 [ 3075B86A8EE385CADA46F69386430FCF ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuuc40.dll
14:35:04.0039 2252 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuuc40.dll - ok
14:35:04.0039 2252 [ DD82EB68D97944B192C7803EB585B03C ] C:\Program Files (x86)\IObit\Game Booster 3\rtl120.bpl
14:35:04.0039 2252 C:\Program Files (x86)\IObit\Game Booster 3\rtl120.bpl - ok
14:35:04.0054 2252 [ 97CCB4D737B426B200E5EF90C877DF32 ] C:\Windows\SysWOW64\imagehlp.dll
14:35:04.0054 2252 C:\Windows\SysWOW64\imagehlp.dll - ok
14:35:04.0054 2252 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
14:35:04.0054 2252 C:\Windows\SysWOW64\mpr.dll - ok
14:35:04.0054 2252 [ 608E159EC424C6B54D04ABFDF2E8F8B0 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt40.dll
14:35:04.0054 2252 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt40.dll - ok
14:35:04.0070 2252 [ 4D59A5B6EF0AF6F9FDF3D157534380AF ] C:\Windows\SysWOW64\oleacc.dll
14:35:04.0070 2252 C:\Windows\SysWOW64\oleacc.dll - ok
14:35:04.0070 2252 [ 773EBD87010A6F644869A59D98792C9C ] C:\Program Files (x86)\IObit\Game Booster 3\vcl120.bpl
14:35:04.0070 2252 C:\Program Files (x86)\IObit\Game Booster 3\vcl120.bpl - ok
14:35:04.0085 2252 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
14:35:04.0085 2252 C:\Windows\SysWOW64\msimg32.dll - ok
14:35:04.0085 2252 [ 4B8DD8541C0E26602005DD0137333615 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
14:35:04.0085 2252 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll - ok
14:35:04.0101 2252 [ 61E02CC3184B63FAFE0B83EAC8B3B8EF ] C:\Windows\SysWOW64\winspool.drv
14:35:04.0101 2252 C:\Windows\SysWOW64\winspool.drv - ok
14:35:04.0101 2252 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
14:35:04.0101 2252 C:\Windows\SysWOW64\oledlg.dll - ok
14:35:04.0101 2252 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
14:35:04.0101 2252 C:\Windows\SysWOW64\dwmapi.dll - ok
14:35:04.0117 2252 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
14:35:04.0117 2252 C:\Windows\SysWOW64\uxtheme.dll - ok
14:35:04.0117 2252 [ F832F1505AD8B83474BD9A5B1B985E01 ] C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:35:04.0117 2252 C:\Program Files (x86)\Bonjour\mDNSResponder.exe - ok
14:35:04.0117 2252 [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\SysWOW64\mswsock.dll
14:35:04.0117 2252 C:\Windows\SysWOW64\mswsock.dll - ok
14:35:04.0132 2252 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
14:35:04.0132 2252 C:\Windows\SysWOW64\powrprof.dll - ok
14:35:04.0132 2252 [ BAF19B633933A9FB4883D27D66C39E9A ] C:\Windows\System32\cryptsvc.dll
14:35:04.0132 2252 C:\Windows\System32\cryptsvc.dll - ok
14:35:04.0148 2252 [ 1C540B6FCD8A6F772650660CFB03A06A ] C:\Windows\System32\efscore.dll
14:35:04.0148 2252 C:\Windows\System32\efscore.dll - ok
14:35:04.0148 2252 [ 0C043B0ABBB5E14E68906AB80365395B ] C:\Windows\System32\efssvc.dll
14:35:04.0148 2252 C:\Windows\System32\efssvc.dll - ok
14:35:04.0148 2252 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
14:35:04.0148 2252 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
14:35:04.0163 2252 [ C7A62D20DC8E7790BA2E788F88377AE4 ] C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:35:04.0163 2252 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe - ok
14:35:04.0163 2252 [ 4FAC55936209B4F3EB78532181C9ED5E ] C:\Windows\System32\cryptnet.dll
14:35:04.0163 2252 C:\Windows\System32\cryptnet.dll - ok
14:35:04.0179 2252 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] C:\Windows\System32\dps.dll
14:35:04.0179 2252 C:\Windows\System32\dps.dll - ok
14:35:04.0179 2252 [ 58283053C781AD3A579C95D7765C1FA0 ] C:\Windows\System32\efsutil.dll
14:35:04.0179 2252 C:\Windows\System32\efsutil.dll - ok
14:35:04.0179 2252 [ 3647DE4600788E181A0ABD7EE7B2C0CE ] C:\Program Files (x86)\Online Armor\oawatch64.dll
14:35:04.0179 2252 C:\Program Files (x86)\Online Armor\oawatch64.dll - ok
14:35:04.0195 2252 [ DC57BAF15064ECB79F6D2CCF352E1D88 ] C:\Windows\System32\taskschd.dll
14:35:04.0195 2252 C:\Windows\System32\taskschd.dll - ok
14:35:04.0195 2252 [ A261AD1FDC6D6A658A82B81AF81B215F ] C:\Windows\System32\vssapi.dll
14:35:04.0195 2252 C:\Windows\System32\vssapi.dll - ok
14:35:04.0210 2252 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
14:35:04.0210 2252 C:\Windows\System32\wsock32.dll - ok
14:35:04.0210 2252 [ 7550D101BF49FDB1F92666A233EE36C4 ] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:35:04.0210 2252 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe - ok
14:35:04.0210 2252 [ C5B4683680DF085B57BC53E5EF34861F ] C:\Windows\System32\IKEEXT.DLL
14:35:04.0210 2252 C:\Windows\System32\IKEEXT.DLL - ok
14:35:04.0226 2252 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
14:35:04.0226 2252 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
14:35:04.0226 2252 [ 334A663962618F7A136FA1F80F773C5F ] C:\Windows\SysWOW64\wintrust.dll
14:35:04.0226 2252 C:\Windows\SysWOW64\wintrust.dll - ok
14:35:04.0241 2252 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
14:35:04.0241 2252 C:\Windows\SysWOW64\wship6.dll - ok
14:35:04.0241 2252 [ 1B2AA330C30062CCF3AC6847D6652FCB ] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
14:35:04.0241 2252 C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll - ok
14:35:04.0241 2252 [ 02CDEB5D8B3DD5F6770DEFFBBC0CFAD0 ] C:\Windows\System32\winspool.drv
14:35:04.0241 2252 C:\Windows\System32\winspool.drv - ok
14:35:04.0257 2252 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
14:35:04.0257 2252 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
14:35:04.0257 2252 [ 5973175F67CAC09A60EE4FDB11CC52E1 ] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
14:35:04.0257 2252 C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll - ok
14:35:04.0273 2252 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] C:\Windows\System32\drivers\NisDrvWFP.sys
14:35:04.0273 2252 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
14:35:04.0273 2252 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
14:35:04.0273 2252 C:\Windows\System32\netman.dll - ok
14:35:04.0273 2252 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
14:35:04.0273 2252 C:\Windows\System32\vsstrace.dll - ok
14:35:04.0288 2252 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
14:35:04.0288 2252 C:\Windows\System32\drivers\PEAuth.sys - ok
14:35:04.0288 2252 [ B96BEC4B15F353EA25B173120662EA61 ] C:\Program Files (x86)\Online Armor\oawatch.dll
14:35:04.0288 2252 C:\Program Files (x86)\Online Armor\oawatch.dll - ok
14:35:04.0304 2252 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] C:\Program Files (x86)\Skype\Updater\Updater.exe
14:35:04.0304 2252 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
14:35:04.0304 2252 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
14:35:04.0304 2252 C:\Windows\System32\aepic.dll - ok
14:35:04.0304 2252 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
14:35:04.0304 2252 C:\Windows\System32\drivers\secdrv.sys - ok
14:35:04.0319 2252 [ 463B386EBC70F98DA5DFF85F7E654346 ] C:\Windows\System32\seclogon.dll
14:35:04.0319 2252 C:\Windows\System32\seclogon.dll - ok
14:35:04.0319 2252 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
14:35:04.0319 2252 C:\Windows\System32\sfc.dll - ok
14:35:04.0335 2252 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
14:35:04.0335 2252 C:\Windows\System32\sfc_os.dll - ok
14:35:04.0335 2252 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] C:\Windows\System32\drivers\srvnet.sys
14:35:04.0335 2252 C:\Windows\System32\drivers\srvnet.sys - ok
14:35:04.0335 2252 [ 4509387963DF66A6401752A0C631F6E8 ] C:\Windows\System32\httpapi.dll
14:35:04.0335 2252 C:\Windows\System32\httpapi.dll - ok
14:35:04.0351 2252 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
14:35:04.0351 2252 C:\Windows\SysWOW64\clbcatq.dll - ok
14:35:04.0351 2252 [ 76D078AF6F587B162D50210F761EB9ED ] C:\Windows\System32\drivers\tcpipreg.sys
14:35:04.0351 2252 C:\Windows\System32\drivers\tcpipreg.sys - ok
14:35:04.0366 2252 [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\SysWOW64\RpcRtRemote.dll
14:35:04.0366 2252 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
14:35:04.0366 2252 [ 3C1284516A62078FB68F768DE4F1A7BE ] C:\Windows\System32\sysmain.dll
14:35:04.0366 2252 C:\Windows\System32\sysmain.dll - ok
14:35:04.0382 2252 [ 884264AC597B690C5707C89723BB8E7B ] C:\Windows\System32\tapisrv.dll
14:35:04.0382 2252 C:\Windows\System32\tapisrv.dll - ok
14:35:04.0382 2252 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] C:\Windows\System32\wiaservc.dll
14:35:04.0382 2252 C:\Windows\System32\wiaservc.dll - ok
14:35:04.0382 2252 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
14:35:04.0382 2252 C:\Windows\System32\wiatrace.dll - ok
14:35:04.0397 2252 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
14:35:04.0397 2252 C:\Windows\System32\aeevts.dll - ok
14:35:04.0397 2252 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
14:35:04.0397 2252 C:\Windows\System32\trkwks.dll - ok
14:35:04.0413 2252 [ 2C64AF297F12582BD95D7D94C18E464C ] C:\Windows\System32\esent.dll
14:35:04.0413 2252 C:\Windows\System32\esent.dll - ok
14:35:04.0413 2252 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
14:35:04.0413 2252 C:\Windows\System32\wbem\WMIsvc.dll - ok
14:35:04.0413 2252 [ FAF9BA81FB0543CB4B7EFFD24CFA815F ] C:\Windows\System32\wbemcomn.dll
14:35:04.0413 2252 C:\Windows\System32\wbemcomn.dll - ok
14:35:04.0429 2252 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:35:04.0429 2252 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
14:35:04.0429 2252 [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
14:35:04.0429 2252 C:\Program Files\Windows Defender\MpSvc.dll - ok
14:35:04.0444 2252 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
14:35:04.0444 2252 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
14:35:04.0444 2252 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
14:35:04.0444 2252 C:\Windows\System32\SensApi.dll - ok
14:35:04.0444 2252 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
14:35:04.0444 2252 C:\Program Files\Windows Defender\MpClient.dll - ok
14:35:04.0460 2252 [ A7582A70802D5B9F28ED3940F6A3E9ED ] C:\Windows\System32\wbem\WmiDcPrv.dll
14:35:04.0460 2252 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
14:35:04.0460 2252 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
14:35:04.0460 2252 C:\Windows\System32\wer.dll - ok
14:35:04.0475 2252 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
14:35:04.0475 2252 C:\Windows\System32\wbem\fastprox.dll - ok
14:35:04.0475 2252 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
14:35:04.0475 2252 C:\Windows\System32\wbem\WinMgmtR.dll - ok
14:35:04.0475 2252 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
14:35:04.0475 2252 C:\Windows\System32\ntdsapi.dll - ok
14:35:04.0491 2252 [ DDD6EB8C32AAF5797D71413F2FC7A00F ] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:35:04.0491 2252 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe - ok
14:35:04.0491 2252 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
14:35:04.0491 2252 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
14:35:04.0507 2252 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
14:35:04.0507 2252 C:\Windows\System32\wbem\wbemprox.dll - ok
14:35:04.0507 2252 [ 63DCDFFCBB7E41540F4D64CCED66536B ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
14:35:04.0507 2252 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
14:35:04.0507 2252 [ F8E058D17363EC580E4B7232778B6CB5 ] C:\Windows\System32\iphlpsvc.dll
14:35:04.0507 2252 C:\Windows\System32\iphlpsvc.dll - ok
14:35:04.0522 2252 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] C:\Windows\System32\drivers\srv2.sys
14:35:04.0522 2252 C:\Windows\System32\drivers\srv2.sys - ok
14:35:04.0522 2252 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] C:\Windows\System32\drivers\srv.sys
14:35:04.0522 2252 C:\Windows\System32\drivers\srv.sys - ok
14:35:04.0538 2252 [ CE07AF86AA72F4AE964239DE0DABE738 ] C:\Windows\System32\msxml3.dll
14:35:04.0538 2252 C:\Windows\System32\msxml3.dll - ok
14:35:04.0538 2252 [ 48A6CA43A5C921C465F70D9B42B3EF1A ] C:\Windows\System32\sqmapi.dll
14:35:04.0538 2252 C:\Windows\System32\sqmapi.dll - ok
14:35:04.0553 2252 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
14:35:04.0553 2252 C:\Windows\System32\wdscore.dll - ok
14:35:04.0553 2252 [ 47394ED3D16D053F5906EFE5AB51CC83 ] C:\Windows\System32\rasmans.dll
14:35:04.0553 2252 C:\Windows\System32\rasmans.dll - ok
14:35:04.0553 2252 [ 81F1D04D4D0E433099365127375FD501 ] C:\Windows\System32\srvsvc.dll
14:35:04.0553 2252 C:\Windows\System32\srvsvc.dll - ok
14:35:04.0569 2252 [ 6B054C67AAA87843504E8E3C09102009 ] C:\Windows\System32\browser.dll
14:35:04.0569 2252 C:\Windows\System32\browser.dll - ok
14:35:04.0569 2252 [ 3B9665D4B8C587A6014B9B8DFF5974A0 ] C:\Windows\System32\wbem\wbemcore.dll
14:35:04.0569 2252 C:\Windows\System32\wbem\wbemcore.dll - ok
14:35:04.0585 2252 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
14:35:04.0585 2252 C:\Windows\System32\wbem\esscli.dll - ok
14:35:04.0585 2252 [ 70A176BF2ED362862944C371838262F8 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
14:35:04.0585 2252 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
14:35:04.0585 2252 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
14:35:04.0585 2252 C:\Windows\System32\wbem\wbemsvc.dll - ok
14:35:04.0600 2252 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
14:35:04.0600 2252 C:\Windows\System32\netmsg.dll - ok
14:35:04.0600 2252 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
14:35:04.0600 2252 C:\Windows\System32\rastapi.dll - ok
14:35:04.0616 2252 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
14:35:04.0616 2252 C:\Windows\System32\tapi32.dll - ok
14:35:04.0616 2252 [ 836892094209E5D9CF403B4CF2829B5C ] C:\Windows\System32\sscore.dll
14:35:04.0616 2252 C:\Windows\System32\sscore.dll - ok
14:35:04.0616 2252 [ 4EAE37133B78A26A84EA1649D9B21A1E ] C:\Windows\System32\clusapi.dll
14:35:04.0616 2252 C:\Windows\System32\clusapi.dll - ok
14:35:04.0631 2252 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
14:35:04.0631 2252 C:\Windows\System32\dssenh.dll - ok
14:35:04.0631 2252 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
14:35:04.0631 2252 C:\Windows\System32\resutils.dll - ok
14:35:04.0647 2252 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
14:35:04.0647 2252 C:\Windows\System32\wbem\wmiutils.dll - ok
14:35:04.0647 2252 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
14:35:04.0647 2252 C:\Windows\System32\wbem\repdrvfs.dll - ok
14:35:04.0647 2252 [ 6E03C9E362389A768E6C240933352D11 ] C:\Windows\System32\nci.dll
14:35:04.0647 2252 C:\Windows\System32\nci.dll - ok
14:35:04.0663 2252 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
14:35:04.0663 2252 C:\Windows\System32\hnetcfg.dll - ok
14:35:04.0663 2252 [ 28AD5E311996A34025CFB07E131058DD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
14:35:04.0663 2252 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
14:35:04.0663 2252 [ EE25B470C39126B08055A7CB71A67A58 ] C:\Windows\System32\unimdm.tsp
14:35:04.0663 2252 C:\Windows\System32\unimdm.tsp - ok
14:35:04.0678 2252 [ C8A2FA2EE9241B8D66F9D7DE9AE34AEE ] C:\Program Files\Bonjour\mdnsNSP.dll
14:35:04.0678 2252 C:\Program Files\Bonjour\mdnsNSP.dll - ok
14:35:04.0678 2252 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
14:35:04.0678 2252 C:\Windows\System32\uniplat.dll - ok
14:35:04.0694 2252 [ 38B48AE24A3AD640FB220D71F3AA8F7C ] C:\Windows\System32\unimdmat.dll
14:35:04.0694 2252 C:\Windows\System32\unimdmat.dll - ok
14:35:04.0694 2252 [ C1446A66BB89FC3AA2485C67562247DA ] C:\Windows\System32\modemui.dll
14:35:04.0694 2252 C:\Windows\System32\modemui.dll - ok
14:35:04.0694 2252 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
14:35:04.0694 2252 C:\Windows\System32\rasadhlp.dll - ok
14:35:04.0709 2252 [ 8CFACC72081C21519676BF4AAA1A88A9 ] C:\Windows\System32\localspl.dll
14:35:04.0709 2252 C:\Windows\System32\localspl.dll - ok
14:35:04.0709 2252 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
14:35:04.0709 2252 C:\Windows\System32\kmddsp.tsp - ok
14:35:04.0725 2252 [ 6D915CA62CDFD757EB00126B82B49817 ] C:\Program Files (x86)\Online Armor\OAReg.exe
14:35:04.0725 2252 C:\Program Files (x86)\Online Armor\OAReg.exe - ok
14:35:04.0725 2252 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
14:35:04.0725 2252 C:\Windows\System32\ndptsp.tsp - ok
14:35:04.0725 2252 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
14:35:04.0725 2252 C:\Windows\System32\hidphone.tsp - ok
14:35:04.0741 2252 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
14:35:04.0741 2252 C:\Windows\System32\spoolss.dll - ok
14:35:04.0741 2252 [ 33CC7FFA41F6157592E1578BD253F30E ] C:\Windows\System32\PrintIsolationProxy.dll
14:35:04.0741 2252 C:\Windows\System32\PrintIsolationProxy.dll - ok
14:35:04.0756 2252 [ 82BC97E5793DEF69691AAD5AB953A200 ] C:\Windows\System32\wbem\WmiPrvSD.dll
14:35:04.0756 2252 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
14:35:04.0756 2252 [ 4977CBC52959FDBD6B2E40BAA1B631C5 ] C:\Windows\System32\hpzllw71.dll
14:35:04.0756 2252 C:\Windows\System32\hpzllw71.dll - ok
14:35:04.0756 2252 [ 20BEB8C403C6E28C9B13644787F5177D ] C:\Windows\System32\FXSMON.dll
14:35:04.0756 2252 C:\Windows\System32\FXSMON.dll - ok
14:35:04.0772 2252 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
14:35:04.0772 2252 C:\Windows\System32\tcpmon.dll - ok
14:35:04.0772 2252 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
14:35:04.0772 2252 C:\Windows\System32\snmpapi.dll - ok
14:35:04.0787 2252 [ AD7C70077D4C81558E909D34EF6B995E ] C:\Windows\System32\wsnmp32.dll
14:35:04.0787 2252 C:\Windows\System32\wsnmp32.dll - ok
14:35:04.0787 2252 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
14:35:04.0787 2252 C:\Windows\System32\ncobjapi.dll - ok
14:35:04.0787 2252 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
14:35:04.0787 2252 C:\Windows\System32\usbmon.dll - ok
14:35:04.0803 2252 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
14:35:04.0803 2252 C:\Windows\System32\WSDMon.dll - ok
14:35:04.0803 2252 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
14:35:04.0803 2252 C:\Windows\System32\wbem\wbemess.dll - ok
14:35:04.0819 2252 [ 05FE4A30177E858B51F5E1E970FE9925 ] C:\Windows\System32\WSDApi.dll
14:35:04.0819 2252 C:\Windows\System32\WSDApi.dll - ok
14:35:04.0819 2252 [ A3EA403D2B74C5F71B7E8B3DAE92DE1E ] C:\Windows\System32\webservices.dll
14:35:04.0819 2252 C:\Windows\System32\webservices.dll - ok
14:35:04.0819 2252 [ DF627325D25191236BABA895D5A51EF6 ] C:\Windows\System32\rasppp.dll
14:35:04.0819 2252 C:\Windows\System32\rasppp.dll - ok
14:35:04.0834 2252 [ E3DA135D4DD0D34512D4FEBCB6ED760E ] C:\Windows\System32\vpnike.dll
14:35:04.0834 2252 C:\Windows\System32\vpnike.dll - ok
14:35:04.0834 2252 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
14:35:04.0834 2252 C:\Windows\System32\fundisc.dll - ok
14:35:04.0850 2252 [ 1482CC99F7E2DA2FECF59C6A774FED0A ] C:\Windows\System32\raschap.dll
14:35:04.0850 2252 C:\Windows\System32\raschap.dll - ok
14:35:04.0850 2252 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
14:35:04.0850 2252 C:\Windows\System32\fdPnp.dll - ok
14:35:04.0850 2252 [ 7EDB2BF840ECB14D6E6B11C035708719 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
14:35:04.0850 2252 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
14:35:04.0865 2252 [ 6FB9BE56891EA4E85B4C9BDD4E9AFA69 ] C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll
14:35:04.0865 2252 C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll - ok
14:35:04.0865 2252 [ 2332BACC2AB09119A14637DE0CB30147 ] C:\Windows\System32\win32spl.dll
14:35:04.0865 2252 C:\Windows\System32\win32spl.dll - ok
14:35:04.0881 2252 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
14:35:04.0881 2252 C:\Windows\System32\ipnathlp.dll - ok
14:35:04.0881 2252 [ 17EAB1AEA937EFFCD107EFBA94FEDB34 ] C:\Windows\System32\inetpp.dll
14:35:04.0881 2252 C:\Windows\System32\inetpp.dll - ok
14:35:04.0881 2252 [ 114429A77D935053E13A9BF98A8B8CA1 ] C:\Windows\System32\mprapi.dll
14:35:04.0881 2252 C:\Windows\System32\mprapi.dll - ok
14:35:04.0897 2252 [ 66920354B984D4A3848A84B4E66745EA ] C:\Windows\System32\netshell.dll
14:35:04.0897 2252 C:\Windows\System32\netshell.dll - ok
14:35:04.0897 2252 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
14:35:04.0897 2252 C:\Windows\System32\wdi.dll - ok
14:35:04.0912 2252 [ D065BE66822847B7F127D1F90158376E ] C:\Windows\System32\appinfo.dll
14:35:04.0912 2252 C:\Windows\System32\appinfo.dll - ok
14:35:04.0912 2252 [ 79E80B10FE8F6662E0C9162A68C43444 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
14:35:04.0912 2252 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
14:35:04.0912 2252 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
14:35:04.0912 2252 C:\Windows\System32\npmproxy.dll - ok
14:35:04.0928 2252 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
14:35:04.0928 2252 C:\Windows\System32\NapiNSP.dll - ok
14:35:04.0928 2252 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
14:35:04.0928 2252 C:\Windows\System32\winrnr.dll - ok
14:35:04.0928 2252 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
14:35:04.0928 2252 C:\Windows\System32\pnrpnsp.dll - ok
14:35:04.0943 2252 [ 132045285DCC8654C14F1CFB4A8DCDA1 ] C:\Program Files\Microsoft Security Client\NisLog.dll
14:35:04.0943 2252 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
14:35:04.0943 2252 [ D06A0B6260D9B6E5C5F6C800E2574267 ] C:\Windows\System32\ntprint.dll
14:35:04.0943 2252 C:\Windows\System32\ntprint.dll - ok
14:35:04.0959 2252 [ D891293880F2F00AB7BA959910300EF7 ] C:\Windows\System32\diagperf.dll
14:35:04.0959 2252 C:\Windows\System32\diagperf.dll - ok
14:35:04.0959 2252 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
14:35:04.0959 2252 C:\Windows\System32\hidserv.dll - ok
14:35:04.0959 2252 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
14:35:04.0959 2252 C:\Windows\System32\perftrack.dll - ok
14:35:04.0975 2252 [ 2E57DDF2880A7E52E76F41C7E96D327B ] C:\Windows\System32\wpdbusenum.dll
14:35:04.0975 2252 C:\Windows\System32\wpdbusenum.dll - ok
14:35:04.0975 2252 [ 5DA7D8934F7AB0884A6A8FC02E8B2AA7 ] C:\Windows\System32\PortableDeviceApi.dll
14:35:04.0975 2252 C:\Windows\System32\PortableDeviceApi.dll - ok
14:35:04.0990 2252 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
14:35:04.0990 2252 C:\Windows\System32\aelupsvc.dll - ok
14:35:04.0990 2252 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] C:\Windows\System32\IPSECSVC.DLL
14:35:04.0990 2252 C:\Windows\System32\IPSECSVC.DLL - ok
14:35:04.0990 2252 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
14:35:04.0990 2252 C:\Windows\System32\pnpts.dll - ok
14:35:05.0006 2252 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
14:35:05.0006 2252 C:\Windows\System32\radardt.dll - ok
14:35:05.0006 2252 [ 65AF044B5570D355124DCD1E099AA98F ] C:\Windows\System32\wdiasqmmodule.dll
14:35:05.0006 2252 C:\Windows\System32\wdiasqmmodule.dll - ok
14:35:05.0021 2252 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
14:35:05.0021 2252 C:\Windows\System32\FwRemoteSvr.dll - ok
14:35:05.0021 2252 [ 6AB6D4DF10EC784CF4A66CBFAF417A11 ] C:\Windows\System32\runonce.exe
14:35:05.0021 2252 C:\Windows\System32\runonce.exe - ok
14:35:05.0021 2252 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
14:35:05.0021 2252 C:\Windows\System32\Apphlpdm.dll - ok
14:35:05.0037 2252 [ 169F916EFEAA44487E65305B7D2D754B ] C:\Windows\SysWOW64\runonce.exe
14:35:05.0037 2252 C:\Windows\SysWOW64\runonce.exe - ok
14:35:05.0037 2252 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
14:35:05.0037 2252 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
14:35:05.0053 2252 [ 20C7F2ADAE249D6708941BC8CDD9735F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31DB4E04-7DE5-4DA7-B961-51DC99F5EF98}\gapaengine.dll
14:35:05.0053 2252 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31DB4E04-7DE5-4DA7-B961-51DC99F5EF98}\gapaengine.dll - ok
14:35:05.0053 2252 [ D729084195C952B7ED14AA6DA4B44DCA ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31DB4E04-7DE5-4DA7-B961-51DC99F5EF98}\nisfull.vdm
14:35:05.0053 2252 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31DB4E04-7DE5-4DA7-B961-51DC99F5EF98}\nisfull.vdm - ok
14:35:05.0068 2252 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
14:35:05.0068 2252 C:\Windows\System32\dimsjob.dll - ok
14:35:05.0068 2252 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
14:35:05.0068 2252 C:\Windows\System32\pautoenr.dll - ok
14:35:05.0068 2252 [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\SysWOW64\propsys.dll
14:35:05.0068 2252 C:\Windows\SysWOW64\propsys.dll - ok
14:35:05.0084 2252 [ AAA6D0DF7356BBA706BD67385A103AAB ] C:\Windows\System32\certcli.dll
14:35:05.0084 2252 C:\Windows\System32\certcli.dll - ok
14:35:05.0084 2252 [ 522BD073F617060AFCB9CC5707778DB1 ] C:\Windows\System32\CertEnroll.dll
14:35:05.0084 2252 C:\Windows\System32\CertEnroll.dll - ok
14:35:05.0099 2252 [ 6CC10D9FD128069DBFE476222F097616 ] C:\Windows\SysWOW64\secur32.dll
14:35:05.0099 2252 C:\Windows\SysWOW64\secur32.dll - ok
14:35:05.0099 2252 [ 8AE6DD9A6D246004DA047F704F0CC487 ] C:\Windows\SysWOW64\cmd.exe
14:35:05.0099 2252 C:\Windows\SysWOW64\cmd.exe - ok
14:35:05.0099 2252 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
14:35:05.0099 2252 C:\Windows\SysWOW64\winbrand.dll - ok
14:35:05.0115 2252 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
14:35:05.0115 2252 C:\Windows\SysWOW64\ieframe.dll - ok
14:35:05.0115 2252 [ E07B77C3BDC82A024E294FB67ABFEDA0 ] C:\Windows\SysWOW64\shdocvw.dll
14:35:05.0115 2252 C:\Windows\SysWOW64\shdocvw.dll - ok
14:35:05.0131 2252 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\owner\AppData\Local\Temp\FC4016FF-18E6-47A7-8163-E20023B10EA1.exe
14:35:05.0131 2252 C:\Users\owner\AppData\Local\Temp\FC4016FF-18E6-47A7-8163-E20023B10EA1.exe - ok
14:35:05.0131 2252 [ 3989BB6998C32753FDD5493879C1835A ] C:\Windows\SysWOW64\ncrypt.dll
14:35:05.0131 2252 C:\Windows\SysWOW64\ncrypt.dll - ok
14:35:05.0131 2252 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
14:35:05.0131 2252 C:\Windows\SysWOW64\bcrypt.dll - ok
14:35:05.0146 2252 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
14:35:05.0146 2252 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
14:35:05.0146 2252 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
14:35:05.0146 2252 C:\Windows\SysWOW64\gpapi.dll - ok
14:35:05.0162 2252 [ 1F778C34C751E1B585E4FC66659BA904 ] C:\Windows\SysWOW64\cryptnet.dll
14:35:05.0162 2252 C:\Windows\SysWOW64\cryptnet.dll - ok
14:35:05.0162 2252 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
14:35:05.0162 2252 C:\Windows\SysWOW64\SensApi.dll - ok
14:35:05.0162 2252 [ CC9BBCFC715FBEDF7AE476106FE653E9 ] C:\Windows\SysWOW64\winhttp.dll
14:35:05.0162 2252 C:\Windows\SysWOW64\winhttp.dll - ok
14:35:05.0177 2252 [ A86A1C5DF1C662D1C75815BF4794F16D ] C:\Windows\SysWOW64\webio.dll
14:35:05.0177 2252 C:\Windows\SysWOW64\webio.dll - ok
14:35:05.0177 2252 [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\SysWOW64\credssp.dll
14:35:05.0177 2252 C:\Windows\SysWOW64\credssp.dll - ok
14:35:05.0177 2252 [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
14:35:05.0177 2252 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
14:35:05.0193 2252 [ C69DBFA61FE3DEA653A9B83C3A2B052B ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
14:35:05.0193 2252 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
14:35:05.0193 2252 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
14:35:05.0193 2252 C:\Windows\SysWOW64\rasadhlp.dll - ok
14:35:05.0209 2252 [ 691C8DFB208227F0CBB5C0897C742ACE ] C:\Windows\SysWOW64\WindowsCodecs.dll
14:35:05.0209 2252 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
14:35:05.0209 2252 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
14:35:05.0209 2252 C:\Windows\SysWOW64\EhStorShell.dll - ok
14:35:05.0224 2252 [ 9141FE8D904CE682A3BDCFAE96BB04EF ] C:\Windows\SysWOW64\ntshrui.dll
14:35:05.0224 2252 C:\Windows\SysWOW64\ntshrui.dll - ok
14:35:05.0224 2252 [ ADD9D33D685DFADDFAD5AFB42CF31A70 ] C:\Windows\SysWOW64\cscapi.dll
14:35:05.0224 2252 C:\Windows\SysWOW64\cscapi.dll - ok
14:35:05.0224 2252 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
14:35:05.0224 2252 C:\Windows\SysWOW64\slc.dll - ok
14:35:05.0240 2252 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
14:35:05.0240 2252 C:\Windows\SysWOW64\imageres.dll - ok
14:35:05.0240 2252 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
14:35:05.0240 2252 C:\Windows\SysWOW64\sfc.dll - ok
14:35:05.0255 2252 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
14:35:05.0255 2252 C:\Windows\SysWOW64\sfc_os.dll - ok
14:35:05.0255 2252 [ 11CDF138552BFEC115B60ED6DC3ACEB6 ] C:\Windows\SysWOW64\devrtl.dll
14:35:05.0255 2252 C:\Windows\SysWOW64\devrtl.dll - ok
14:35:05.0255 2252 [ 550BF4ACD6FC3F41DC5A83EF31B9F9B4 ] C:\Windows\System32\wmploc.DLL
14:35:05.0255 2252 C:\Windows\System32\wmploc.DLL - ok
14:35:05.0271 2252 [ 740304CDCAA54E4312DEDA7F288CEB06 ] C:\Windows\System32\themeui.dll
14:35:05.0271 2252 C:\Windows\System32\themeui.dll - ok
14:35:05.0271 2252 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
14:35:05.0271 2252 C:\Windows\System32\ie4uinit.exe - ok
14:35:05.0287 2252 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
14:35:05.0287 2252 C:\Windows\System32\iedkcs32.dll - ok
14:35:05.0287 2252 [ 18245DC72B65D488A8B2D75A8FE088EA ] C:\Windows\System32\timedate.cpl
14:35:05.0287 2252 C:\Windows\System32\timedate.cpl - ok
14:35:05.0287 2252 [ 1E4BDDBD5A63059A97063339B4F8986F ] C:\Windows\System32\actxprxy.dll
14:35:05.0287 2252 C:\Windows\System32\actxprxy.dll - ok
14:35:05.0302 2252 [ FBE8EBF528DC49B3DEB186CA9545D97E ] C:\Windows\System32\shdocvw.dll
14:35:05.0302 2252 C:\Windows\System32\shdocvw.dll - ok
14:35:05.0302 2252 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
14:35:05.0302 2252 C:\Windows\System32\linkinfo.dll - ok
14:35:05.0318 2252 [ FA752544EE1EE59E8AD938CBB43CAC93 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
14:35:05.0318 2252 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
14:35:05.0318 2252 [ 14F5C0DB4B2C47874D6C937A5A1B367C ] C:\Windows\System32\gameux.dll
14:35:05.0318 2252 C:\Windows\System32\gameux.dll - ok
14:35:05.0318 2252 [ 46EDD0A6B42BA5D2044FA0909BE4BE95 ] C:\Windows\System32\msftedit.dll
14:35:05.0318 2252 C:\Windows\System32\msftedit.dll - ok
14:35:05.0333 2252 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
14:35:05.0333 2252 C:\Windows\System32\msls31.dll - ok
14:35:05.0333 2252 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
14:35:05.0333 2252 C:\Windows\System32\msiltcfg.dll - ok
14:35:05.0349 2252 [ 599EBE6C7EA52B5FF9603F203E8EC080 ] C:\Windows\System32\msi.dll
14:35:05.0349 2252 C:\Windows\System32\msi.dll - ok
14:35:05.0349 2252 [ DD76912E8D165C68659D9875256710A3 ] C:\Windows\System32\DeviceCenter.dll
14:35:05.0349 2252 C:\Windows\System32\DeviceCenter.dll - ok
14:35:05.0349 2252 [ 767EE8126468D91C5119F25714D78DAF ] C:\Windows\System32\dfshim.dll
14:35:05.0349 2252 C:\Windows\System32\dfshim.dll - ok
14:35:05.0365 2252 [ 72AB6633E9B39EC7FEBEDF083A9061E5 ] C:\Windows\System32\mscoree.dll
14:35:05.0365 2252 C:\Windows\System32\mscoree.dll - ok
14:35:05.0365 2252 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
14:35:05.0365 2252 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
14:35:05.0380 2252 [ A0ABBAD8CE99CBF8467D697073B38E87 ] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
14:35:05.0380 2252 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe - ok
14:35:05.0380 2252 [ 20437681A7678D440BBEE38C0453B852 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll
14:35:05.0380 2252 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll - ok
14:35:05.0380 2252 [ 3DBEAEE8645FAF1232CE464C2CAC12EF ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
14:35:05.0380 2252 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll - ok
14:35:05.0396 2252 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\29881432.sys
14:35:05.0396 2252 C:\Windows\System32\drivers\29881432.sys - ok
14:35:05.0396 2252 [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
14:35:05.0396 2252 C:\Windows\System32\msvcr100_clr0400.dll - ok
14:35:05.0411 2252 [ 045DB4EAB4FBD23210E85ECC3F464A2E ] C:\Windows\SysWOW64\nlaapi.dll
14:35:05.0411 2252 C:\Windows\SysWOW64\nlaapi.dll - ok
14:35:05.0411 2252 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\SysWOW64\samlib.dll
14:35:05.0411 2252 C:\Windows\SysWOW64\samlib.dll - ok
14:35:05.0411 2252 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
14:35:05.0411 2252 C:\Windows\SysWOW64\winrnr.dll - ok
14:35:05.0427 2252 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
14:35:05.0427 2252 C:\Windows\SysWOW64\NapiNSP.dll - ok
14:35:05.0427 2252 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
14:35:05.0427 2252 C:\Windows\SysWOW64\pnrpnsp.dll - ok
14:35:05.0443 2252 [ 8BC7AE7E16458355508ECF5EC3A04E72 ] C:\Windows\System32\networkexplorer.dll
14:35:05.0443 2252 C:\Windows\System32\networkexplorer.dll - ok
14:35:05.0443 2252 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
14:35:05.0443 2252 C:\Windows\System32\drprov.dll - ok
14:35:05.0443 2252 [ 7273921B6DDFEFF3A8567B9800C5673A ] C:\Windows\System32\ntlanman.dll
14:35:05.0443 2252 C:\Windows\System32\ntlanman.dll - ok
14:35:05.0458 2252 [ 73A1430ABA9119A2C25892EF9C3CB7A1 ] C:\Windows\System32\davclnt.dll
14:35:05.0458 2252 C:\Windows\System32\davclnt.dll - ok
14:35:05.0458 2252 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
14:35:05.0458 2252 C:\Windows\System32\davhlpr.dll - ok
14:35:05.0458 2252 [ F468C806267D46B68DB7EB32FBF0A103 ] C:\Windows\System32\thumbcache.dll
14:35:05.0458 2252 C:\Windows\System32\thumbcache.dll - ok
14:35:05.0474 2252 [ F1317678AC2FBA9F640279290B2E2988 ] C:\Windows\SysWOW64\msi.dll
14:35:05.0474 2252 C:\Windows\SysWOW64\msi.dll - ok
14:35:05.0474 2252 [ 30F9BACA07F8251D7DD1805A9E919CE0 ] C:\Windows\System32\wdmaud.drv
14:35:05.0474 2252 C:\Windows\System32\wdmaud.drv - ok
14:35:05.0489 2252 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
14:35:05.0489 2252 C:\Windows\System32\ksuser.dll - ok
14:35:05.0489 2252 [ 60CC15392FF14DCB9C29C69B3233741B ] C:\Windows\System32\stobject.dll
14:35:05.0489 2252 C:\Windows\System32\stobject.dll - ok
14:35:05.0489 2252 [ 86B6AC0FD2881B3D20B80F51C7152AE0 ] C:\Windows\System32\batmeter.dll
14:35:05.0489 2252 C:\Windows\System32\batmeter.dll - ok
14:35:05.0505 2252 [ 81D64E8D70E5FBF9F7ABF2D41154F54D ] C:\Windows\System32\AudioSes.dll
14:35:05.0505 2252 C:\Windows\System32\AudioSes.dll - ok
14:35:05.0505 2252 [ 651F169718CC46C8A9264880C538D5FF ] C:\Windows\System32\prnfldr.dll
14:35:05.0505 2252 C:\Windows\System32\prnfldr.dll - ok
14:35:05.0521 2252 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
14:35:05.0521 2252 C:\Windows\System32\msacm32.drv - ok
14:35:05.0521 2252 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
14:35:05.0521 2252 C:\Windows\System32\msacm32.dll - ok
14:35:05.0521 2252 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
14:35:05.0521 2252 C:\Windows\System32\midimap.dll - ok
14:35:05.0536 2252 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
14:35:05.0536 2252 C:\Windows\System32\AudioEng.dll - ok
14:35:05.0536 2252 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
14:35:05.0536 2252 C:\Windows\System32\AUDIOKSE.dll - ok
14:35:05.0552 2252 [ DB8BF64BE3932ADC407505D21C4F2C2C ] C:\Windows\System32\fdProxy.dll
14:35:05.0552 2252 C:\Windows\System32\fdProxy.dll - ok
14:35:05.0552 2252 [ 913C2E4A03201644FC986EDEB5F8A390 ] C:\Windows\System32\DXP.dll
14:35:05.0552 2252 C:\Windows\System32\DXP.dll - ok
14:35:05.0567 2252 [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\SysWOW64\riched20.dll
14:35:05.0567 2252 C:\Windows\SysWOW64\riched20.dll - ok
14:35:05.0567 2252 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
14:35:05.0567 2252 C:\Windows\System32\Syncreg.dll - ok
14:35:05.0567 2252 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
14:35:05.0567 2252 C:\Windows\System32\WMALFXGFXDSP.dll - ok
14:35:05.0583 2252 [ 8898C95862D03D16B2A06DB4DB6BB6B2 ] C:\Windows\SysWOW64\ExplorerFrame.dll
14:35:05.0583 2252 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
14:35:05.0583 2252 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
14:35:05.0583 2252 C:\Windows\ehome\ehSSO.dll - ok
14:35:05.0599 2252 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
14:35:05.0599 2252 C:\Windows\System32\mfplat.dll - ok
14:35:05.0599 2252 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
14:35:05.0599 2252 C:\Windows\SysWOW64\duser.dll - ok
14:35:05.0599 2252 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
14:35:05.0599 2252 C:\Windows\SysWOW64\dui70.dll - ok
14:35:05.0614 2252 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
14:35:05.0614 2252 C:\Windows\System32\AltTab.dll - ok
14:35:05.0614 2252 [ AB01C36BCC34CCFE5B0BB5FFB2605135 ] C:\Windows\System32\WPDShServiceObj.dll
14:35:05.0614 2252 C:\Windows\System32\WPDShServiceObj.dll - ok
14:35:05.0614 2252 [ FD4F95ABDE5603478C929B6CB0BDCFFF ] C:\Windows\System32\pnidui.dll
14:35:05.0614 2252 C:\Windows\System32\pnidui.dll - ok
14:35:05.0630 2252 [ BD03C64C4B1F34D1F330BF6C4AC8113D ] C:\Windows\System32\QUTIL.DLL
14:35:05.0630 2252 C:\Windows\System32\QUTIL.DLL - ok
14:35:05.0630 2252 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
14:35:05.0630 2252 C:\Windows\System32\PortableDeviceTypes.dll - ok
14:35:05.0645 2252 [ 2C5B8A680A90E96B1EC0D6DA0505E685 ] C:\Windows\System32\srchadmin.dll
14:35:05.0645 2252 C:\Windows\System32\srchadmin.dll - ok
14:35:05.0645 2252 [ 8CD2A697B18069A62A035E756E51E934 ] C:\Windows\System32\SearchIndexer.exe
14:35:05.0645 2252 C:\Windows\System32\SearchIndexer.exe - ok
14:35:05.0661 2252 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
14:35:05.0661 2252 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
14:35:05.0661 2252 [ F8F532C7509C3238C9827BAE861A48D7 ] C:\Windows\System32\tquery.dll
14:35:05.0661 2252 C:\Windows\System32\tquery.dll - ok
14:35:05.0661 2252 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
14:35:05.0661 2252 C:\Windows\System32\rasdlg.dll - ok
14:35:05.0677 2252 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
14:35:05.0677 2252 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
14:35:05.0677 2252 [ 8BC00C736E67A75D936E5B440917359B ] C:\Windows\System32\ActionCenter.dll
14:35:05.0677 2252 C:\Windows\System32\ActionCenter.dll - ok
14:35:05.0692 2252 [ 0DC6669BC2B552C0ECC905B6B761F508 ] C:\Program Files\Microsoft Security Client\msseces.exe
14:35:05.0692 2252 C:\Program Files\Microsoft Security Client\msseces.exe - ok
14:35:05.0692 2252 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
14:35:05.0692 2252 C:\Windows\System32\FXSST.dll - ok
14:35:05.0692 2252 [ BA4A19DE93FBDFE6DB5F0EBC99732A06 ] C:\Windows\System32\mssrch.dll
14:35:05.0692 2252 C:\Windows\System32\mssrch.dll - ok
14:35:05.0708 2252 [ 34E6D8C67E7FD7C917BECFECA326B168 ] C:\Windows\System32\FXSAPI.dll
14:35:05.0708 2252 C:\Windows\System32\FXSAPI.dll - ok
14:35:05.0708 2252 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
14:35:05.0708 2252 C:\Windows\System32\FXSRESM.dll - ok
14:35:05.0708 2252 [ BB68579E181956E37EB11F9083C01CF3 ] C:\Windows\System32\dot3api.dll
14:35:05.0708 2252 C:\Windows\System32\dot3api.dll - ok
14:35:05.0723 2252 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
14:35:05.0723 2252 C:\Windows\System32\wlanhlp.dll - ok
14:35:05.0723 2252 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] C:\Windows\System32\FXSSVC.exe
14:35:05.0723 2252 C:\Windows\System32\FXSSVC.exe - ok
14:35:05.0739 2252 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
14:35:05.0739 2252 C:\Windows\System32\msidle.dll - ok
14:35:05.0739 2252 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
14:35:05.0739 2252 C:\Windows\System32\UIAnimation.dll - ok
14:35:05.0739 2252 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
14:35:05.0739 2252 C:\Windows\System32\mssprxy.dll - ok
14:35:05.0755 2252 [ DC5B5D3A1BF59A74ECA9C2EBB34574BE ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
14:35:05.0755 2252 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
14:35:05.0755 2252 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
14:35:05.0755 2252 C:\Windows\System32\en-US\tquery.dll.mui - ok
14:35:05.0770 2252 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
14:35:05.0770 2252 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
14:35:05.0770 2252 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\SqmApi.dll
14:35:05.0770 2252 C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
14:35:05.0770 2252 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
14:35:05.0770 2252 C:\Windows\System32\WWanAPI.dll - ok
14:35:05.0786 2252 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
14:35:05.0786 2252 C:\Windows\System32\wwapi.dll - ok
14:35:05.0786 2252 [ 0B9F7D42D745038437FAE70D97F9AD5A ] C:\Windows\System32\QAGENT.DLL
14:35:05.0786 2252 C:\Windows\System32\QAGENT.DLL - ok
14:35:05.0801 2252 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
14:35:05.0801 2252 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
14:35:05.0801 2252 [ 92AAF75C3EB344A098DC026BC9DDF42A ] C:\Windows\System32\bthprops.cpl
14:35:05.0801 2252 C:\Windows\System32\bthprops.cpl - ok
14:35:05.0817 2252 [ 9BF014C20F91D97055532F2F5496E7BD ] C:\Program Files\Windows Media Player\wmpnetwk.exe
14:35:05.0817 2252 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
14:35:05.0817 2252 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
14:35:05.0817 2252 C:\Windows\System32\ieframe.dll - ok
14:35:05.0817 2252 [ 302B93586DFA480545C320EBA5BA6572 ] C:\Windows\System32\wmdrmdev.dll
14:35:05.0817 2252 C:\Windows\System32\wmdrmdev.dll - ok
14:35:05.0833 2252 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
14:35:05.0833 2252 C:\Windows\System32\drmv2clt.dll - ok
14:35:05.0833 2252 [ 4F20D081F9C9B91730EE5CB84E9AC8C4 ] C:\Windows\System32\blackbox.dll
14:35:05.0833 2252 C:\Windows\System32\blackbox.dll - ok
14:35:05.0848 2252 [ 9E29BC11A70165635CC10D42E64CFEE1 ] C:\Windows\System32\upnp.dll
14:35:05.0848 2252 C:\Windows\System32\upnp.dll - ok
14:35:05.0848 2252 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
14:35:05.0848 2252 C:\Windows\System32\ssdpsrv.dll - ok
14:35:05.0848 2252 [ 3DEBA83ECDAF6ED2E72430D238803117 ] C:\Windows\System32\wmp.dll
14:35:05.0848 2252 C:\Windows\System32\wmp.dll - ok
14:35:05.0864 2252 [ C1D0691BE5DDB0C230D8370BD96BBE8B ] C:\Program Files\Internet Explorer\ieproxy.dll
14:35:05.0864 2252 C:\Program Files\Internet Explorer\ieproxy.dll - ok
14:35:05.0864 2252 [ 2D444C361F758D6CC4B2F51655ECF528 ] C:\Windows\System32\wmpps.dll
14:35:05.0864 2252 C:\Windows\System32\wmpps.dll - ok
14:35:05.0864 2252 [ DD37622A478EDFE1D43DF561A19C02DD ] C:\Windows\System32\wmpmde.dll
14:35:05.0864 2252 C:\Windows\System32\wmpmde.dll - ok
14:35:05.0879 2252 [ EC7EB038EA11E0D04214D143E0CB6002 ] C:\Windows\System32\WinSATAPI.dll
14:35:05.0879 2252 C:\Windows\System32\WinSATAPI.dll - ok
14:35:05.0879 2252 [ B79515AFF098E5A56DFBD316152534DE ] C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
14:35:05.0879 2252 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL - ok
14:35:05.0895 2252 [ 7B8F7848D3C65DD9589A4898CFF3757D ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf\msvcr80.dll
14:35:05.0895 2252 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf\msvcr80.dll - ok
14:35:05.0895 2252 [ 2BF5A09197251572A74C426EE3E35117 ] C:\Windows\System32\MSMPEG2ENC.DLL
14:35:05.0895 2252 C:\Windows\System32\MSMPEG2ENC.DLL - ok
14:35:05.0911 2252 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
14:35:05.0911 2252 C:\Windows\System32\devenum.dll - ok
14:35:05.0911 2252 [ 0B0604BC02CA5F77A1F23C6B0D86AE8C ] C:\Windows\System32\msdmo.dll
14:35:05.0911 2252 C:\Windows\System32\msdmo.dll - ok
14:35:05.0911 2252 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
14:35:05.0911 2252 C:\Windows\System32\webcheck.dll - ok
14:35:05.0926 2252 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
14:35:05.0926 2252 C:\Windows\System32\mlang.dll - ok
14:35:05.0926 2252 [ E6F66F31422C44EDC00D9C9329E7DF60 ] C:\Windows\System32\SyncCenter.dll
14:35:05.0926 2252 C:\Windows\System32\SyncCenter.dll - ok
14:35:05.0942 2252 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
14:35:05.0942 2252 C:\Windows\System32\upnphost.dll - ok
14:35:05.0942 2252 [ 0AEFDADCDA44D8CE3C57BB32B7A3CED5 ] C:\Program Files (x86)\Online Armor\oaui.exe
14:35:05.0942 2252 C:\Program Files (x86)\Online Armor\oaui.exe - ok
14:35:05.0942 2252 [ 8B886A0AC14EAA8599142887991A5A2E ] C:\Windows\System32\imapi2.dll
14:35:05.0942 2252 C:\Windows\System32\imapi2.dll - ok
14:35:05.0957 2252 [ 64D757051B5B273E55C93E4503EA4F3E ] C:\Windows\System32\wbem\WmiPrvSE.exe
14:35:05.0957 2252 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
14:35:05.0957 2252 [ F0AAB2A76A7AF04C70A818E96BAF3E64 ] C:\Windows\System32\hgcpl.dll
14:35:05.0957 2252 C:\Windows\System32\hgcpl.dll - ok
14:35:05.0973 2252 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
14:35:05.0973 2252 C:\Windows\System32\FDResPub.dll - ok
14:35:05.0973 2252 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
14:35:05.0973 2252 C:\Windows\System32\fdPHost.dll - ok
14:35:05.0973 2252 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
14:35:05.0973 2252 C:\Windows\System32\fdWSD.dll - ok
14:35:05.0989 2252 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
14:35:05.0989 2252 C:\Windows\System32\fdSSDP.dll - ok
14:35:05.0989 2252 [ 031C6782F2D50336FC2C72F8D14A4C13 ] C:\Windows\System32\wbem\wmiprov.dll
14:35:05.0989 2252 C:\Windows\System32\wbem\wmiprov.dll - ok
14:35:05.0989 2252 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:35:05.0989 2252 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
14:35:06.0004 2252 [ 046B2673767CA626E2CFB7FDF735E9E8 ] C:\Windows\System32\ListSvc.dll
14:35:06.0004 2252 C:\Windows\System32\ListSvc.dll - ok
14:35:06.0004 2252 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
14:35:06.0004 2252 C:\Windows\System32\P2P.dll - ok
14:35:06.0020 2252 [ 65AB1A3B45B933697F74B53116B46523 ] C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll
14:35:06.0020 2252 C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll - ok
14:35:06.0020 2252 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
14:35:06.0020 2252 C:\Windows\System32\IdListen.dll - ok
14:35:06.0020 2252 [ F07B8AAE1805EF9B12BF8EDFD0D50F0A ] C:\Program Files (x86)\Online Armor\oahlp.exe
14:35:06.0020 2252 C:\Program Files (x86)\Online Armor\oahlp.exe - ok
14:35:06.0035 2252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
14:35:06.0035 2252 C:\Windows\System32\pnrpsvc.dll - ok
14:35:06.0035 2252 [ B9C7F88D85369548A69F2EDD1A40441E ] C:\Windows\System32\hgprint.dll
14:35:06.0035 2252 C:\Windows\System32\hgprint.dll - ok
14:35:06.0051 2252 [ DCCB0391C692E2AB64A11B9F195F3F9A ] C:\Windows\System32\CertPolEng.dll
14:35:06.0051 2252 C:\Windows\System32\CertPolEng.dll - ok
14:35:06.0051 2252 [ E43911A8C5FE61CF9CF17FAFF404A17A ] C:\Program Files (x86)\Online Armor\oaevent.dll
14:35:06.0051 2252 C:\Program Files (x86)\Online Armor\oaevent.dll - ok
14:35:06.0051 2252 [ D2CB14499799E196CB034448BDD898DD ] C:\Windows\System32\SearchFolder.dll
14:35:06.0051 2252 C:\Windows\System32\SearchFolder.dll - ok
14:35:06.0067 2252 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
14:35:06.0067 2252 C:\Windows\System32\p2psvc.dll - ok
14:35:06.0067 2252 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
14:35:06.0067 2252 C:\Windows\System32\P2PGraph.dll - ok
14:35:06.0082 2252 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
14:35:06.0082 2252 C:\Windows\System32\udhisapi.dll - ok
14:35:06.0082 2252 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
14:35:06.0082 2252 C:\Windows\System32\wbem\NCProv.dll - ok
14:35:06.0098 2252 [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll
14:35:06.0098 2252 C:\Windows\System32\drttransport.dll - ok
14:35:06.0098 2252 [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll
14:35:06.0098 2252 C:\Windows\System32\drt.dll - ok
14:35:06.0098 2252 [ 139677BB4CA72DBB99FDF80E74FA0B95 ] C:\Program Files\Windows Media Player\WMPMediaSharing.dll
14:35:06.0098 2252 C:\Program Files\Windows Media Player\WMPMediaSharing.dll - ok
14:35:06.0113 2252 [ BDDCD13F341CBA21775FF66A5C27F59E ] C:\Windows\System32\SearchProtocolHost.exe
14:35:06.0113 2252 C:\Windows\System32\SearchProtocolHost.exe - ok
14:35:06.0113 2252 [ 3206A288014B1207F4E86336385CB41D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
14:35:06.0113 2252 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL - ok
14:35:06.0129 2252 [ 81953836F678A7353A797E3F7DE69B55 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
14:35:06.0129 2252 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll - ok
14:35:06.0129 2252 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
14:35:06.0129 2252 C:\Windows\System32\msshooks.dll - ok
14:35:06.0129 2252 [ F024058C391B99397EC3CCF6F77B7189 ] C:\Windows\System32\SearchFilterHost.exe
14:35:06.0129 2252 C:\Windows\System32\SearchFilterHost.exe - ok
14:35:06.0145 2252 [ 58FAE29A82984E817BBA70D0144E52ED ] C:\Windows\System32\mssph.dll
14:35:06.0145 2252 C:\Windows\System32\mssph.dll - ok
14:35:06.0145 2252 [ 2A556E2D703DED03186C596B90AC6869 ] C:\Windows\System32\mapi32.dll
14:35:06.0145 2252 C:\Windows\System32\mapi32.dll - ok
14:35:06.0160 2252 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:35:06.0160 2252 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
14:35:06.0160 2252 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
14:35:06.0160 2252 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
14:35:06.0160 2252 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\SysWOW64\mscoree.dll
14:35:06.0160 2252 C:\Windows\SysWOW64\mscoree.dll - ok
14:35:06.0176 2252 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:35:06.0176 2252 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
14:35:06.0176 2252 [ 3F4ADD4196E2B860019539837BE305F9 ] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
14:35:06.0176 2252 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe - ok
14:35:06.0191 2252 [ B701CD6DC1659244DE8C1A4C70758F61 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
14:35:06.0191 2252 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
14:35:06.0191 2252 [ FD7467D5D1C921C62E01B8B8C56A4C71 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\05ae3bc162010cd25470c276297f1303\mscorlib.ni.dll
14:35:06.0191 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\05ae3bc162010cd25470c276297f1303\mscorlib.ni.dll - ok
14:35:06.0207 2252 [ 3A2F5C8666F08B31C61DBAE9C297551C ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
14:35:06.0207 2252 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
14:35:06.0207 2252 [ E54E4924E1FD3A0055E581FE0D831E27 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9de65bdc66e79ce80b00c85a1b4ace59\System.ni.dll
14:35:06.0207 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9de65bdc66e79ce80b00c85a1b4ace59\System.ni.dll - ok
14:35:06.0223 2252 [ 5CA53A68F413B011BA976B655A7903CA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\4caf9dcd9ab56ffd9b47fa0e6ac9a704\System.Drawing.ni.dll
14:35:06.0223 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\4caf9dcd9ab56ffd9b47fa0e6ac9a704\System.Drawing.ni.dll - ok
14:35:06.0223 2252 [ 3BE143948300BA876B7EDC5A93843A0B ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\2335170ef8a6a3bee4153f36e2cd2df4\System.Windows.Forms.ni.dll
14:35:06.0223 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\2335170ef8a6a3bee4153f36e2cd2df4\System.Windows.Forms.ni.dll - ok
14:35:06.0238 2252 [ 5F0CFD202ACC8000629EE066008CC435 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\54fb82c01706e38a60d1e49121ac72f2\System.ServiceProcess.ni.dll
14:35:06.0238 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\54fb82c01706e38a60d1e49121ac72f2\System.ServiceProcess.ni.dll - ok
14:35:06.0238 2252 [ AEF5591957580C4AE612D539DA8EEE94 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\b2f0dceeed5c906820bdf5bbff7913e7\System.Runtime.Remoting.ni.dll
14:35:06.0238 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\b2f0dceeed5c906820bdf5bbff7913e7\System.Runtime.Remoting.ni.dll - ok
14:35:06.0254 2252 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
14:35:06.0254 2252 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
14:35:06.0254 2252 [ 4FB1F2F9B02FA1138CACD2DEA3F5AEC8 ] C:\Windows\System32\riched20.dll
14:35:06.0254 2252 C:\Windows\System32\riched20.dll - ok
14:35:06.0254 2252 [ DF83EE5382851C6C33FDA15C2250F39F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\470f2295a6009a7d0646f07a68709fe5\System.Xml.ni.dll
14:35:06.0254 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\470f2295a6009a7d0646f07a68709fe5\System.Xml.ni.dll - ok
14:35:06.0269 2252 [ 9ABD12FCE4A62905731C286BB1D66789 ] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
14:35:06.0269 2252 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe - ok
14:35:06.0269 2252 [ C8AA17D12D926F0DF41F6D80B2ECC052 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\48988da6fc6a40a63f4f71912b02783c\WindowsBase.ni.dll
14:35:06.0269 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\48988da6fc6a40a63f4f71912b02783c\WindowsBase.ni.dll - ok
14:35:06.0285 2252 [ 4BB4E351545FAEC2C9DC7C588911373D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\614ebfc5176ab6f95e6392d0423c9678\System.Core.ni.dll
14:35:06.0285 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\614ebfc5176ab6f95e6392d0423c9678\System.Core.ni.dll - ok
14:35:06.0285 2252 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
14:35:06.0285 2252 C:\Windows\System32\shfolder.dll - ok
14:35:06.0301 2252 [ 5F8DB784F4B58A4B5BB89FB9A654F5A9 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\370a46899f68fa613bdfd77734fd2117\System.Management.ni.dll
14:35:06.0301 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\370a46899f68fa613bdfd77734fd2117\System.Management.ni.dll - ok
14:35:06.0301 2252 [ 913D843498553A1BC8F8DBAD6358E49F ] C:\Windows\System32\sppsvc.exe
14:35:06.0301 2252 C:\Windows\System32\sppsvc.exe - ok
14:35:06.0301 2252 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
14:35:06.0301 2252 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
14:35:06.0316 2252 [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
14:35:06.0316 2252 C:\Windows\System32\drivers\spsys.sys - ok
14:35:06.0316 2252 [ 8F9F3969933C02DA96EB0F84576DB43E ] C:\Windows\System32\wscsvc.dll
14:35:06.0316 2252 C:\Windows\System32\wscsvc.dll - ok
14:35:06.0332 2252 [ A74316B5C28D94AF0825267D8715549F ] C:\Windows\System32\dbghelp.dll
14:35:06.0332 2252 C:\Windows\System32\dbghelp.dll - ok
14:35:06.0332 2252 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
14:35:06.0332 2252 C:\Windows\System32\wuapi.dll - ok
14:35:06.0332 2252 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
14:35:06.0332 2252 C:\Windows\System32\wuaueng.dll - ok
14:35:06.0347 2252 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
14:35:06.0347 2252 C:\Windows\System32\wups.dll - ok
14:35:06.0347 2252 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
14:35:06.0347 2252 C:\Windows\System32\mspatcha.dll - ok
14:35:06.0363 2252 [ 8639237940994AAB9B8E8503F2A551A0 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
14:35:06.0363 2252 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll - ok
14:35:06.0363 2252 [ B7BDBEBC74105E68A3093073C30E3498 ] C:\Windows\System32\sppwinob.dll
14:35:06.0363 2252 C:\Windows\System32\sppwinob.dll - ok
14:35:06.0379 2252 [ E91BFC73B5874484886BC7D0E402ECD8 ] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:35:06.0379 2252 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe - ok
14:35:06.0379 2252 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
14:35:06.0379 2252 C:\Windows\System32\wups2.dll - ok
14:35:06.0394 2252 [ 2F530C1448D4984F2A3F995895F2D532 ] C:\Windows\System32\sppobjs.dll
14:35:06.0394 2252 C:\Windows\System32\sppobjs.dll - ok
14:35:06.0394 2252 [ 374B26395852A9092BDE2E4C8D4D0C8D ] C:\Windows\SysWOW64\wscapi.dll
14:35:06.0394 2252 C:\Windows\SysWOW64\wscapi.dll - ok
14:35:06.0394 2252 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\SysWOW64\wscisvif.dll
14:35:06.0394 2252 C:\Windows\SysWOW64\wscisvif.dll - ok
14:35:06.0410 2252 [ 3F50200237961034FACE602373838980 ] C:\Windows\SysWOW64\FirewallAPI.dll
14:35:06.0410 2252 C:\Windows\SysWOW64\FirewallAPI.dll - ok
14:35:06.0410 2252 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
14:35:06.0410 2252 C:\Windows\System32\wscisvif.dll - ok
14:35:06.0425 2252 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
14:35:06.0425 2252 C:\Windows\System32\wscproxystub.dll - ok
14:35:06.0425 2252 [ 96F3F676B4D0DF4DA9C4081358C4662F ] C:\Windows\SysWOW64\wbemcomn.dll
14:35:06.0425 2252 C:\Windows\SysWOW64\wbemcomn.dll - ok
14:35:06.0425 2252 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
14:35:06.0425 2252 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
14:35:06.0441 2252 [ 1CEDFE91F527858CACA1B08B04666BC0 ] C:\Windows\SysWOW64\wbem\fastprox.dll
14:35:06.0441 2252 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
14:35:06.0441 2252 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
14:35:06.0441 2252 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
14:35:06.0457 2252 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
14:35:06.0457 2252 C:\Windows\SysWOW64\ntdsapi.dll - ok
14:35:06.0457 2252 [ ACCBA604D34842844133A731F8045B32 ] C:\Windows\SysWOW64\sxs.dll
14:35:06.0457 2252 C:\Windows\SysWOW64\sxs.dll - ok
14:35:06.0472 2252 [ E9087CD0BBC48A35CDB98464715993AC ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\788257bab792c2704841588120cf6ad1\System.Configuration.ni.dll
14:35:06.0472 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\788257bab792c2704841588120cf6ad1\System.Configuration.ni.dll - ok
14:35:06.0472 2252 [ EE24C42561D40F7AD7C2A7A460287090 ] C:\Windows\System32\wbem\cimwin32.dll
14:35:06.0472 2252 C:\Windows\System32\wbem\cimwin32.dll - ok
14:35:06.0488 2252 [ 5D89D063A4CB036C258685C8E057E768 ] C:\Windows\System32\framedynos.dll
14:35:06.0488 2252 C:\Windows\System32\framedynos.dll - ok
14:35:06.0488 2252 [ 81252AA3B13743020BCF2089A5A0D911 ] C:\Windows\System32\wscinterop.dll
14:35:06.0488 2252 C:\Windows\System32\wscinterop.dll - ok
14:35:06.0488 2252 [ DF50DAE4C547285E4997A0C61063B632 ] C:\Windows\System32\wscui.cpl
14:35:06.0488 2252 C:\Windows\System32\wscui.cpl - ok
14:35:06.0503 2252 [ C3626E674990EF003B6C94807E82B501 ] C:\Windows\System32\werconcpl.dll
14:35:06.0503 2252 C:\Windows\System32\werconcpl.dll - ok
14:35:06.0503 2252 [ 7E591867422DC788B9E5BD337A669A08 ] C:\Windows\System32\wercplsupport.dll
14:35:06.0503 2252 C:\Windows\System32\wercplsupport.dll - ok
14:35:06.0519 2252 [ 809AE7D4ACE06BBCF621E5C504BF6FC8 ] C:\Windows\System32\hcproviders.dll
14:35:06.0519 2252 C:\Windows\System32\hcproviders.dll - ok
14:35:06.0519 2252 [ B8478AD7D009CDCD1999AA42681606B5 ] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
14:35:06.0519 2252 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe - ok
14:35:06.0535 2252 [ 09A828778A367818C7F899640D188B5C ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3d91cdce6400743bc309a5e39212f1d5\PresentationCore.ni.dll
14:35:06.0535 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\3d91cdce6400743bc309a5e39212f1d5\PresentationCore.ni.dll - ok
14:35:06.0535 2252 [ EA26620837952555A7F8D05118C44112 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\1a53454399e9d28cdcb592a9b7e904bd\PresentationFramework.ni.dll
14:35:06.0535 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\1a53454399e9d28cdcb592a9b7e904bd\PresentationFramework.ni.dll - ok
14:35:06.0535 2252 [ 81E9339611B22ACE2E2D7B42F76C0F34 ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
14:35:06.0535 2252 C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
14:35:06.0550 2252 [ 27AB587E5F0696590EF8B83A52952B7B ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
14:35:06.0550 2252 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok
14:35:06.0550 2252 [ D414D12D450ED4351DD62C3B627729A8 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\60365c7159f18e4eff8f76f8e4912af7\System.Runtime.Serialization.Formatters.Soap.ni.dll
14:35:06.0550 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\60365c7159f18e4eff8f76f8e4912af7\System.Runtime.Serialization.Formatters.Soap.ni.dll - ok
14:35:06.0566 2252 [ A9C25B6F9E5135536E0477151705C8DD ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\e02f7e667527f694500ebda0fb804126\System.Web.ni.dll
14:35:06.0566 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\e02f7e667527f694500ebda0fb804126\System.Web.ni.dll - ok
14:35:06.0566 2252 [ 318285F1590C4484E3253BA2B189D2DF ] C:\Windows\System32\d3d9.dll
14:35:06.0566 2252 C:\Windows\System32\d3d9.dll - ok
14:35:06.0581 2252 [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
14:35:06.0581 2252 C:\Windows\System32\d3d8thk.dll - ok
14:35:06.0581 2252 [ 2579C56028F83CB3B550C1F24C822539 ] C:\Windows\System32\atiu9p64.dll
14:35:06.0581 2252 C:\Windows\System32\atiu9p64.dll - ok
14:35:06.0597 2252 [ A3DDAF248F0620DE7AC76C3E4BA5776D ] C:\Windows\System32\atiumd64.dll
14:35:06.0597 2252 C:\Windows\System32\atiumd64.dll - ok
14:35:06.0597 2252 [ 734F66C87A767935F7A41C55CB5B3663 ] C:\Windows\System32\atiumd6a.dll
14:35:06.0597 2252 C:\Windows\System32\atiumd6a.dll - ok
14:35:06.0597 2252 [ E0033A0577D4496350F6F361BFB41767 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\7985728b9aef67fe0537258dbd9a0cca\PresentationFramework.Aero.ni.dll
14:35:06.0597 2252 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\7985728b9aef67fe0537258dbd9a0cca\PresentationFramework.Aero.ni.dll - ok
14:35:06.0613 2252 [ DDB5F8380F88EE659D519A69BE56A9D5 ] C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
14:35:06.0613 2252 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe - ok
14:35:06.0613 2252 [ A72B46061434F66FA281FA5E51A7E52E ] C:\Program Files (x86)\Online Armor\oadump.exe
14:35:06.0613 2252 C:\Program Files (x86)\Online Armor\oadump.exe - ok
14:35:06.0628 2252 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
14:35:06.0628 2252 C:\Windows\System32\security.dll - ok
14:35:06.0628 2252 [ 14C6A59904D397C6D85DADA9ACBB6FAB ] C:\Windows\System32\browcli.dll
14:35:06.0628 2252 C:\Windows\System32\browcli.dll - ok
14:35:06.0644 2252 [ 28142AAF1565736CE0E5D7EFCE3CC0F8 ] C:\Windows\System32\schedcli.dll
14:35:06.0644 2252 C:\Windows\System32\schedcli.dll - ok
14:35:06.0644 2252 [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll
14:35:06.0644 2252 C:\Windows\System32\wbem\wmipcima.dll - ok
14:35:06.0644 2252 [ 5FBD7BEC6CD3DCAA6A87A7F70CE8AF44 ] C:\Windows\System32\advpack.dll
14:35:06.0644 2252 C:\Windows\System32\advpack.dll - ok
14:35:06.0659 2252 [ 840F7FB849F5887A49BA18C13B2DA920 ] C:\Windows\servicing\TrustedInstaller.exe
14:35:06.0659 2252 C:\Windows\servicing\TrustedInstaller.exe - ok
14:35:06.0659 2252 [ 288ADDED26C80FDC135CAB4340161686 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\CbsCore.dll
14:35:06.0659 2252 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\CbsCore.dll - ok
14:35:06.0675 2252 [ CFF2D779B7068D39FA444A3D54FAE6F9 ] C:\Windows\System32\dpx.dll
14:35:06.0675 2252 C:\Windows\System32\dpx.dll - ok
14:35:06.0675 2252 [ 7957A194B8421BC070FABBF1C55DB68B ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll
14:35:06.0675 2252 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll - ok
14:35:06.0675 2252 [ 9297F004FCE79FB7B26DAC6968FB5FEB ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\DrUpdate.dll
14:35:06.0675 2252 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\DrUpdate.dll - ok
14:35:06.0691 2252 [ FC6C5D860CDB82411DA626821201BDF0 ] C:\Windows\System32\srclient.dll
14:35:06.0691 2252 C:\Windows\System32\srclient.dll - ok
14:35:06.0691 2252 [ 57193858CCEA03BD038FCFE7E396AEC4 ] C:\Windows\System32\spp.dll
14:35:06.0691 2252 C:\Windows\System32\spp.dll - ok
14:35:06.0706 2252 [ 6685DD5CC357D45EEE30FD089E8A111A ] C:\Windows\System32\sxsstore.dll
14:35:06.0706 2252 C:\Windows\System32\sxsstore.dll - ok
14:35:06.0706 2252 [ 943F48CC3A59169E52A054946C2F59B8 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll
14:35:06.0706 2252 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll - ok
14:35:06.0722 2252 [ D485D1BE97777617B186FC8095F58421 ] C:\Windows\servicing\CbsApi.dll
14:35:06.0722 2252 C:\Windows\servicing\CbsApi.dll - ok
14:35:06.0722 2252 [ C1C03EA437EDDA8A7D4D8786E5AE6751 ] C:\Windows\System32\wuauclt.exe
14:35:06.0722 2252 C:\Windows\System32\wuauclt.exe - ok
14:35:06.0722 2252 [ 50EBD31C3527366FAFA468BD609F7352 ] C:\Windows\System32\wucltux.dll
14:35:06.0722 2252 C:\Windows\System32\wucltux.dll - ok
14:35:06.0737 2252 [ BA7EC41CA58730A485270820F310CD4E ] C:\Windows\System32\NaturalLanguage6.dll
14:35:06.0737 2252 C:\Windows\System32\NaturalLanguage6.dll - ok
14:35:06.0737 2252 [ 701D9F5F3F21580936638D5C5F86B460 ] C:\Windows\System32\NlsData0009.dll
14:35:06.0737 2252 C:\Windows\System32\NlsData0009.dll - ok
14:35:06.0753 2252 [ 148A733B93A2AC104280495DA09D3CC2 ] C:\Windows\System32\NlsLexicons0009.dll
14:35:06.0753 2252 C:\Windows\System32\NlsLexicons0009.dll - ok
14:35:06.0753 2252 [ 76D86E65FF7D10292886A1F2DB93A911 ] C:\Windows\System32\ELSCore.dll
14:35:06.0753 2252 C:\Windows\System32\ELSCore.dll - ok
14:35:06.0769 2252 [ B526181E3F6B9F5136B6B7F776B7468B ] C:\Windows\System32\elsTrans.dll
14:35:06.0769 2252 C:\Windows\System32\elsTrans.dll - ok
14:35:06.0769 2252 [ AEE087CF7423BA44CC2DE03CC565E399 ] C:\Windows\System32\elslad.dll
14:35:06.0769 2252 C:\Windows\System32\elslad.dll - ok
14:35:06.0769 2252 [ A42FBC61385A5F5F444209EE94D89F27 ] C:\Windows\System32\NlsData0021.dll
14:35:06.0769 2252 C:\Windows\System32\NlsData0021.dll - ok
14:35:06.0784 2252 [ E5283AFD7590ECC37F8D62C4D6F1FB48 ] C:\Windows\System32\NlsLexicons0021.dll
14:35:06.0784 2252 C:\Windows\System32\NlsLexicons0021.dll - ok
14:35:06.0784 2252 [ 51272A935F4F482A70F2A7D1C3A67AEE ] C:\Windows\System32\NlsData000c.dll
14:35:06.0784 2252 C:\Windows\System32\NlsData000c.dll - ok
14:35:06.0800 2252 [ C2142407A2BE3462247500849B3FF8C7 ] C:\Windows\System32\NlsLexicons000c.dll
14:35:06.0800 2252 C:\Windows\System32\NlsLexicons000c.dll - ok
14:35:06.0800 2252 [ C0CCBA2DDADBB8B068F50D1A832F07EC ] C:\Windows\System32\Query.dll
14:35:06.0800 2252 C:\Windows\System32\Query.dll - ok
14:35:06.0800 2252 [ 7FD58BA8562948EE374E2513C6771EF9 ] C:\Windows\System32\mf.dll
14:35:06.0800 2252 C:\Windows\System32\mf.dll - ok
14:35:06.0815 2252 [ 28943370E3AF1D34D77D22911F891213 ] C:\Windows\System32\NlsData0003.dll
14:35:06.0815 2252 C:\Windows\System32\NlsData0003.dll - ok
14:35:06.0815 2252 [ 4F0429B763D05E721C0DD50693B7EFBE ] C:\Windows\System32\NlsLexicons0003.dll
14:35:06.0815 2252 C:\Windows\System32\NlsLexicons0003.dll - ok
14:35:06.0831 2252 [ 11542EC1F1C53EDB3CCF5AADF4C9972F ] C:\Windows\System32\NlsData0000.dll
14:35:06.0831 2252 C:\Windows\System32\NlsData0000.dll - ok
14:35:06.0831 2252 ============================================================
14:35:06.0831 2252 Scan finished
14:35:06.0831 2252 ============================================================
14:35:06.0847 3660 Detected object count: 3
14:35:06.0847 3660 Actual detected object count: 3
14:36:08.0420 3660 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:36:08.0420 3660 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:36:08.0420 3660 HPWMISVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:36:08.0420 3660 HPWMISVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:36:08.0420 3660 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:36:08.0420 3660 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

#8
mattpreat

Posted 18 December 2012 - 04:18 PM

Member

Topic Starter
Member
38 posts

aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-18 14:40:05
-----------------------------
14:40:05.675 OS Version: Windows x64 6.1.7600
14:40:05.675 Number of processors: 2 586 0x603
14:40:05.675 ComputerName: OWNER-PC UserName: owner
14:40:07.501 Initialize success
14:42:37.476 AVAST engine defs: 12121800
14:42:54.059 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
14:42:54.059 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 11
14:42:54.075 Disk 0 MBR read successfully
14:42:54.075 Disk 0 MBR scan
14:42:54.090 Disk 0 unknown MBR code
14:42:54.090 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:42:54.137 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462785 MB offset 409600
14:42:54.200 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13851 MB offset 948193280
14:42:54.262 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
14:42:54.449 Disk 0 scanning C:\Windows\system32\drivers
14:43:07.990 Service scanning
14:43:49.471 Modules scanning
14:43:49.471 Disk 0 trace - called modules:
14:43:49.502 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
14:43:49.517 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042e7060]
14:43:49.517 3 CLASSPNP.SYS[fffff8800143b43f] -> nt!IofCallDriver -> [0xfffffa8004278040]
14:43:49.517 5 amdxata.sys[fffff880011447a8] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa80042709c0]
14:43:50.812 AVAST engine scan C:\Windows
14:43:56.023 AVAST engine scan C:\Windows\system32
14:49:07.867 AVAST engine scan C:\Windows\system32\drivers
14:49:25.246 AVAST engine scan C:\Users\owner
15:00:54.096 AVAST engine scan C:\ProgramData
15:03:47.100 Scan finished successfully
15:17:22.342 Disk 0 MBR has been saved successfully to "C:\Users\owner\Documents\MBR.dat"
15:17:22.436 The log file has been saved successfully to "C:\Users\owner\Documents\aswMBR.txt"

#9
gringo_pr

Posted 18 December 2012 - 04:55 PM

Trusted Helper

Malware Removal
7,268 posts

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

#10
gringo_pr

Posted 20 December 2012 - 10:47 PM

Trusted Helper

Malware Removal
7,268 posts

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

#11
mattpreat

Posted 23 December 2012 - 12:32 PM

Member

Topic Starter
Member
38 posts

Hello, sorry for not responding untill now, ive been pretty busy with schoolwork and i havent had time to work on this. Lately my internet is faster so it seems the computer is faster although whenever i check on a game my fps is only around 10-20, which compared to alot of my friends is terrible. I ran combofix again and everything went smoothly, although im a bit confused on why were doing this step again. Thanks for the help so far!

combofix log:

ComboFix 12-12-23.01 - owner 23/12/2012 10:44:14.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3835.2834 [GMT -7:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\owner\WINDOWS
c:\users\owner\WINDOWS\crc32.crc
.
.
((((((((((((((((((((((((( Files Created from 2012-11-23 to 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 17:54 . 2012-12-23 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-15 22:27 . 2012-12-15 22:29 -------- d-----w- c:\users\owner\NearRealityCache134
2012-12-14 06:23 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-14 06:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-14 06:23 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-14 06:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-14 06:13 . 2012-11-14 06:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-12-14 06:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-14 06:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-14 06:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-14 06:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-14 06:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-14 06:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-14 06:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 18:26 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 18:26 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 18:25 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 18:25 . 2012-11-05 14:17 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 18:25 . 2012-11-05 14:03 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 18:25 . 2012-11-05 16:25 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 18:25 . 2012-11-05 14:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 18:23 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 18:23 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-13 18:23 . 2012-09-06 17:38 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 18:23 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2012-12-13 18:23 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-12-02 15:31 . 2012-12-02 15:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-02 02:36 . 2012-12-02 02:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-12-02 02:36 . 2012-12-02 02:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-12-02 02:35 . 2012-12-02 02:35 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-28 17:19 . 2012-11-28 17:18 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31DB4E04-7DE5-4DA7-B961-51DC99F5EF98}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 22:58 . 2010-08-16 08:16 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 21:20 . 2012-12-13 18:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-12-13 18:23 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-12-13 18:23 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-07 17:56 . 2012-10-07 17:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-07 17:56 . 2012-08-02 00:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-07 17:56 . 2010-08-16 12:39 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-04 16:45 . 2012-12-13 18:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 16:59 . 2012-07-04 01:50 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 01:54 . 2012-08-25 17:02 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-22 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-08-12 280064]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-07-22 199552]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-12-15 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-16 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-11 202752]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-12 92216]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 16:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000Core.job
- c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-28 22:05]
.
2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000UA.job
- c:\users\owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-28 22:05]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-16 12:33]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224556315-3845430375-3325294813-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-16 12:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{63E65799-FD51-4269-9396-3C18653B4EED}: NameServer = 209.91.107.11 209.121.225.11
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-63711750.sys
AddRemove-HyperCam Toolbar - c:\program files (x86)\HyperCam Toolbar\UninstallToolbar.exe
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-23 11:07:30
ComboFix-quarantined-files.txt 2012-12-23 18:07
ComboFix2.txt 2012-12-18 16:55
.
Pre-Run: 409,360,142,336 bytes free
Post-Run: 409,151,987,712 bytes free
.
- - End Of File - - C7E18B749DA97C4976A95CB02CE9D4B4

#12
gringo_pr

Posted 23 December 2012 - 12:46 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

I would like to see a report that combofix makes.

extra combofix report

push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

click ok

copy and paste the report into this topic for me to review

Gringo

#13
mattpreat

Posted 23 December 2012 - 01:03 PM

Member

Topic Starter
Member
38 posts

Easy enough, here it is

Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3 MUI
Adobe Reader 9.3.3
Adobe Shockwave Player
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink PowerDVD 9
D3DX10
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.287
FileHippo.com Update Checker
FrostWire 4.21.1
Game Booster 3
Google Chrome
HP Advisor
HP Customer Experience Enhancements
HP Power Plan Utility
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0178
HPAsset component for HP Active Support Library
HyperCam 2
HyperCam Toolbar
Java 7 Update 7
Java Auto Updater
Junk Mail filter update
LabelPrint
LightScribe System Software
LimeWire 5.5.14
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Minecraft Launcher
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
MSVCRT
MSVCRT_amd64
PhotoNow!
Power2Go
PowerDirector
Project64 1.6
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RuneScape Launcher 1.2.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sierra Wireless 3G Watcher
Skype Click to Call
Skype™ 6.0
TuneAid 3.51
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft

#14
gringo_pr

Posted 23 December 2012 - 01:59 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

LimeWire 5.5.14
[/list]

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.

Download CCleaner from here http://www.ccleaner.com/
Run the installer to install the application.
When it gives you the option to install Yahoo toolbar uncheck the box next to it.
Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
Click Run Cleaner.
Close CCleaner.

: Malwarebytes' Anti-Malware :

I would like you to rerun MBAM
Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidentally close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo