[Tom629]

Hi. I'm a newbie at computer use, and I seem to have gotten a virus. My brother says you guys are the best help there is, so here goes. When I would try to turn off my computer it saved a whole bunch of files, something it didn't used to do. And when I would start the computer, it scrolled through a bunch of files again. It seems to be something called PUP.bProtector. I ran Windows Security Essentials and Malwarebytes and nothing bad was found. But, when I tried to run Superantispyware it stalled in the middle of the scan and the computer just froze up. That's where I saw PUP.bProtector and PUP bundle installer. I have used the remove program function and also ran Superantispyware in the safe mode and again in the regular mode. PUP doesn't seem to still be on my computer, but I can't be sure. It really didn't seem to like the OTL but I finally got it to run somehow. It still runs a lot slower than it used to and it seems like the volume on music is a lot lower than it should be. Any help will be appreciated.

Here is my OTL log.


OTL Extras logfile created on: 1/6/2013 8:42:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.95 Mb Total Physical Memory | 154.62 Mb Available Physical Memory | 15.28% Memory free
1.99 Gb Paging File | 0.64 Gb Available in Paging File | 32.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 71.71 Gb Free Space | 71.71% Space Free | Partition Type: NTFS
Drive D: | 183.07 Gb Total Space | 182.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00799626-6433-4E77-B752-CBCB984AE41C}" = lport=80 | protocol=6 | dir=in | app=c:\program files\wisharing\p2puimain.exe |
"{04C3A829-A3F5-47EE-8C28-6CC15DA89E20}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%

\system32\svchost.exe |
"{16E46EC3-5B7E-4F61-AAF0-A68038007C7B}" = lport=24501 | protocol=6 | dir=in | name=wisharingport |
"{17133A09-05E7-462A-802D-B165D0133312}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1CB926BA-518D-4301-95B8-2909094DAC66}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%

\system32\svchost.exe |
"{3196661D-311D-4EB0-9B1A-DA8C4AD8CFD4}" = lport=24401 | protocol=6 | dir=in | name=wisharingport |
"{52F83404-2D8F-4650-87F9-6B1A59C938CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%

\system32\svchost.exe |
"{596EF54F-796E-4BAB-810E-0112A9C54886}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform

(upnp) |
"{72DC9C9D-2500-45A6-9B5D-DE0B598B0BFB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%

\system32\svchost.exe |
"{75223DC8-48E7-4E82-9B5C-C55849855704}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7752590F-0288-47CE-BB11-5D20BE2BF27B}" = lport=24601 | protocol=6 | dir=in | name=wisharingport |
"{7EF93033-B36E-4CEA-94F3-3130F2D35853}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform

(ssdp) |
"{943880C6-D602-4AE6-B6BD-4FC391916A70}" = lport=53 | protocol=17 | dir=in | app=c:\program files\wisharing\dcdhcpservice.exe

|
"{9D2875B6-B6CD-40EA-9ACF-8079484ECC1F}" = lport=24501 | protocol=17 | dir=in | name=wisharingport |
"{9D855B6B-588B-4A7E-A576-F9E46508F045}" = lport=24301 | protocol=6 | dir=in | name=wisharingport |
"{A2DA1E79-BAFF-4AF5-9786-7E42A474199A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%

\system32\svchost.exe |
"{AA719BDE-4E29-4EA1-B27A-D0BC939AF5F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C90BECD3-16C5-46E2-ACD7-057B7E39E915}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%

\system32\svchost.exe |
"{D67B95A4-3081-4E08-B784-26146C73E7CD}" = lport=24601 | protocol=17 | dir=in | name=wisharingport |
"{E39C4B18-2912-4E08-8250-AF44F1F6099C}" = lport=24301 | protocol=17 | dir=in | name=wisharingport |
"{FA0B5D64-00D2-4F1A-A051-3B1E4677B175}" = lport=24401 | protocol=17 | dir=in | name=wisharingport |
"{FE31BE50-1048-44BE-AD25-E716E6A24548}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows

\microsoft.net\framework\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0039F126-FC88-414A-B030-EEB753BF95F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B76162A-E626-47E0-98CE-4FDBDC964E88}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{2761821D-4E2B-4B7C-92D3-04D0AAFDFBEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39B7271C-E3E8-428B-96AA-B0717C7DD273}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{44EB4CF9-B192-45E7-A69C-6EA038620EF1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4CC689BA-D753-42AB-8C5E-E7C209F78FF2}" = protocol=6 | dir=out | app=system |
"{5CDAB451-B0E6-4C10-9030-24FBE945AF1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78358194-CA57-4E51-8EDE-B0FD1FA59053}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D0AA4D4-C1FC-4034-8E04-64ECCB96E784}" = protocol=6 | dir=in | app=c:\program files\wisharing\wisharing.exe |
"{87F8D8D3-B393-40D4-BA92-E6DD8D3C2414}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{883B56B3-267E-40D1-B631-3C803ED66BAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4254B38-0141-4DF7-8F48-176A30327135}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD44D08F-8301-4141-9A50-213C9DD1BE0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BF52431E-2C2D-4789-961C-96381E550E42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1DA1D1C-9F4B-4C7E-980B-0054D4C1721E}" = protocol=17 | dir=in | app=c:\program files\wisharing\wisharing.exe |
"{F9934637-2E4E-445F-BC30-FE818369453F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDFFF8D4-ECA5-4FF4-866B-22D96A4BB834}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{072B53D7-DAAD-4562-8764-B528D0ADA7C4}" = Windows Live Family Safety
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = WiSharing
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{670DC8DB-0BE2-464B-A2FE-863BDAECC523}" = Windows Live Family Safety
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for EPC
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8165EFD2-0EB8-4C4F-A0E4-0E641B117ED2}" = USBCharge+
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9042F9FE-43CB-4ACF-9978-F62235127F90}" = ASUS Media Sharing
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C861504E-2F57-4F95-AB0A-C7C7D8E46A4E}" = Windows Live Family Safety
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Eee Docking_is1" = Eee Docking 3.10.5
"Elantech" = ETDWare PS/2-X86 8.0.5.2_WHQL
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2012 10:39:29 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 11/14/2012 11:09:12 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/14/2012 11:09:12 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/14/2012 11:09:12 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/14/2012 11:09:12 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/14/2012 11:09:12 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/14/2012 11:09:12 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 11/15/2012 10:02:48 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/15/2012 10:02:48 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 11/15/2012 10:02:48 AM | Computer Name = Tom-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

[ System Events ]
Error - 12/25/2012 12:47:17 PM | Computer Name = Tom-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.2382.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024001e Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 12/25/2012 12:47:17 PM | Computer Name = Tom-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.2382.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024001e Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 12/27/2012 11:43:56 PM | Computer Name = Tom-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:47:27 PM on ?12/?27/?2012 was unexpected.

Error - 1/3/2013 1:00:54 AM | Computer Name = Tom-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024809

Error - 1/3/2013 1:00:54 AM | Computer Name = Tom-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024809

Error - 1/5/2013 7:29:03 PM | Computer Name = Tom-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:23:48 PM on ?1/?5/?2013 was unexpected.

Error - 1/5/2013 7:29:43 PM | Computer Name = Tom-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Asus
Launcher Service service to connect.

Error - 1/5/2013 7:29:43 PM | Computer Name = Tom-PC | Source = Service Control Manager | ID = 7000
Description = The Asus Launcher Service service failed to start due to the following
error: %%1053

Error - 1/5/2013 7:32:28 PM | Computer Name = Tom-PC | Source = DCOM | ID = 10010
Description =

Error - 1/5/2013 7:32:28 PM | Computer Name = Tom-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = CBS Client initialization failed. Last error: 0x80080005


< End of report >

[Advertisements]

Hello Tom629 and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• GMER log

It would be helpful if you could post each log in separate post using "Add Reply" button

[maliprog]

Hello Tom629 and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• GMER log

It would be helpful if you could post each log in separate post using "Add Reply" button

[Tom629]

Thanks for helping me. Here's the OTL Log

OTL logfile created on: 1/7/2013 6:48:02 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.95 Mb Total Physical Memory | 130.39 Mb Available Physical Memory | 12.89% Memory free
1.99 Gb Paging File | 0.56 Gb Available in Paging File | 28.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 71.66 Gb Free Space | 71.66% Space Free | Partition Type: NTFS
Drive D: | 183.07 Gb Total Space | 182.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/06 20:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/01 14:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/10 06:24:19 | 002,309,656 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012/10/04 09:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/28 16:13:20 | 000,099,792 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\USBChargeSetting\iSeriesCharge.exe
PRC - [2012/02/10 12:54:16 | 000,426,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\SHE\SuperHybridEngine.exe
PRC - [2011/11/30 19:10:34 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files\Asus\InstantOn for EPC\InsOnWMI.exe
PRC - [2011/11/30 19:10:32 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe
PRC - [2011/11/10 15:59:32 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2011/08/19 16:42:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2011/08/08 17:49:08 | 001,263,024 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\HotkeyService\HotkeyService.exe
PRC - [2011/08/08 17:49:00 | 000,101,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\HotkeyService\HotKeyMon.exe
PRC - [2011/08/08 17:48:20 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2011/07/13 21:53:48 | 000,417,456 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\Asus\Eee Docking\Eee Docking.exe
PRC - [2011/03/25 19:55:16 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2011/03/10 09:17:34 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2011/03/10 09:17:32 | 001,813,800 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/15 14:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\Asus\CapsHook\CapsHook.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/25 11:59:08 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/16 10:53:13 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/16 10:52:24 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/16 10:50:21 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/16 10:50:02 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/16 10:49:57 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/16 10:49:21 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/10 06:24:19 | 002,309,656 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012/10/10 06:23:16 | 002,068,504 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2011/08/19 16:42:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2010/09/02 06:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll


========== Services (SafeList) ==========

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/10 06:24:19 | 002,309,656 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 19:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/11/30 19:10:32 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/09/16 01:00:46 | 000,108,544 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\WiSharing\DCDhcpService.exe -- (DCDhcpService)
SRV - [2011/08/08 17:48:20 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2011/03/25 19:55:16 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2013/01/06 21:42:28 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4CAD974-E193-40E3-8E62-6762F9231BE3}\MpKsl5e0ff4b9.sys -- (MpKsl5e0ff4b9)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/07 14:10:18 | 000,014,720 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AiDriver.sys -- (AiDriver)
DRV - [2012/02/27 07:04:44 | 001,344,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2011/11/23 14:14:50 | 002,227,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/11/01 01:36:00 | 000,091,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/09 10:37:54 | 000,278,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/11/20 05:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/08/03 00:20:56 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/06/28 00:24:00 | 000,011,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/20 04:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylo...000446d57c55f0e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000446d57c55f0e
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000446d57c55f0e
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/12 21:48:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/10/11 08:46:31 | 000,000,000 | ---D | M]

[2012/08/12 21:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2012/10/23 09:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\in3lr1ku.default\Extensions
[2012/08/12 21:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/13 19:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/13 19:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 19:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\Asus\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AsusVibeLuncher] C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [iSeriesCharge] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF97060A-C9ED-48BB-A091-84B58B91A493}: DhcpNameServer = 10.0.0.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 20:40:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2013/01/06 07:23:27 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{06B15888-477C-437D-B1BA-A7787173D9D5}
[2013/01/05 18:44:03 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes
[2013/01/05 18:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/05 18:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/05 18:43:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/01/05 18:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/05 18:43:12 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Programs
[2013/01/05 18:07:53 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/05 18:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/01/05 18:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/01/05 18:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/01/05 18:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/07 18:47:28 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/07 18:47:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/07 06:38:32 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/07 06:38:32 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/07 06:24:48 | 000,001,304 | ---- | M] () -- C:\Users\Tom\Desktop\Notepad.lnk
[2013/01/07 06:17:01 | 000,365,568 | ---- | M] () -- C:\ksdsyrhe.exe
[2013/01/06 21:41:14 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 21:40:36 | 795,824,128 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 20:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2013/01/05 21:07:58 | 000,001,098 | ---- | M] () -- C:\Users\Tom\Desktop\Continue PDF Creator Installation.lnk
[2013/01/05 18:43:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/05 18:07:40 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/05 12:05:09 | 000,962,104 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/01/05 12:05:09 | 000,226,096 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/12/25 11:48:32 | 000,259,112 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/12/25 11:46:18 | 000,003,584 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/07 06:24:48 | 000,001,304 | ---- | C] () -- C:\Users\Tom\Desktop\Notepad.lnk
[2013/01/07 06:16:43 | 000,365,568 | ---- | C] () -- C:\ksdsyrhe.exe
[2013/01/05 21:07:58 | 000,001,098 | ---- | C] () -- C:\Users\Tom\Desktop\Continue PDF Creator Installation.lnk
[2013/01/05 18:43:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/05 18:08:20 | 000,000,880 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/05 18:08:17 | 000,000,876 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/05 18:07:40 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/12/25 11:46:18 | 000,003,584 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/13 08:03:03 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2012/04/11 00:19:13 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2012/04/11 00:19:13 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2012/04/11 00:16:34 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2012/04/11 00:16:34 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2012/04/11 00:11:44 | 000,000,873 | ---- | C] () -- C:\windows\Reboot.ini
[2012/04/11 00:06:33 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2012/04/11 00:06:33 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2012/04/11 00:06:28 | 000,003,475 | ---- | C] () -- C:\windows\System32\drivers\RTAIODAT.DAT
[2012/04/05 08:19:10 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2012/04/05 08:19:06 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011/10/10 21:57:43 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/11 00:32:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ASUS WebStorage
[2012/08/12 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Babylon
[2012/04/11 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\E-Cam
[2012/08/12 21:06:24 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/08/13 08:03:06 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\Dz
[2012/08/13 08:03:06 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\Dz

< End of report >

[Tom629]

I am having trouble getting the GMER log to post. I get an error message saying my post is too long. I tried breaking it into two pieces, but half the report is still too long. I can't tell if the report has saved itself repeatedly, so I'm going to clear everything and run GMER again. Sorry for the delay, but I am trying.

[maliprog]

Hi Tom629,

You can also ZIP that log and attach it here for me.

• Right-click that file, point to Send To, and then click Compressed (zipped) Folder.
• A new compressed file is created.
• Please attach that file in your next reply.

How to add an attachment to a new topic or reply

[Tom629]

Ok, we try again. Since my last message, and since running the GMER again, I got an error message saying Windows had recovered from an unexpected shutdown. When I tried to run GMER earlier today I got a shutdown also, so I don't know if this is a complete log or not. From the size of it I suspect it is complete. I zipped the GMER report and it should be attached. Thanks for helping me. I appreciate it very much.

Attached Files

•  Results.zip   35.05KB   84 downloads

[maliprog]

OK. Let's run some fixes.

Step 1

Download the adwCleaner

• Run the Tool
  (Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
• Select the Delete button.
• When the scan completes, it will open a notepad windows.
• Please, copy the content of this file in your next reply.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O20 - AppInit_DLLs: (c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
  O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - File not found
  [2013/01/06 07:23:27 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{06B15888-477C-437D-B1BA-A7787173D9D5}
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
• Check the boxes beside:
  
  
  • Loaded modules
    
    
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Make sure to check:
  
  
  • Services and drivers
  • Boot sectors
  • Loaded modules
  • Verify Driver Digital Signature
  • Detect TDLFS file system
    
    
• then click OK.
• Click the Start Scan button to start the scan.
• If a suspicious object is detected, the default action will be Skip
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected for malicious objects
  
  
• Click Continue then Reboot now to finish the cleaning process.
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.

Step 4

Please don't forget to include these items in your reply:

• adwCleaner log
• OTL fix log
• TDSSKiller log

It would be helpful if you could post each log in separate post using "Add Reply" button

[Tom629]

I was able to run all the scans, but the computer did not seem to want to download adwCleaner. Repeated tries did get it to download and run. Entering text is still iffy. The computer seems to respond slower than I can key, which is slooooooow. Enough of that, here are the logs, starting with adwCleaner:

# AdwCleaner v2.105 - Logfile created 01/08/2013 at 16:14:09
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Tom - TOM-PC
# Boot Mode : Normal
# Running from : C:\Users\Tom\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\user.js
File Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\in3lr1ku.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\in3lr1ku.default\bprotector_prefs.js
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Tom\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Tom\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\586dadeb138be41
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\586dadeb138be41
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110795&tt=120812_bandext_3212_4&babsrc=HP_ss&mntrId=304754b0000000000000446d57c55f0e --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110795&tt=120812_bandext_3212_4&babsrc=NT_ss&mntrId=304754b0000000000000446d57c55f0e --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\in3lr1ku.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

*************************

AdwCleaner[S1].txt - [6078 octets] - [08/01/2013 16:14:09]

########## EOF - C:\AdwCleaner[S1].txt - [6138 octets] ##########

Edited by Tom629, 08 January 2013 - 04:12 PM.

[Tom629]

I entered the wrong OTL log. The correct log is in the next reply

Edited by Tom629, 08 January 2013 - 04:14 PM.

[Tom629]

Oops, wrong OTL log
Here's the correct one:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll deleted successfully.
File c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll deleted successfully.
C:\Users\Tom\AppData\Local\{06B15888-477C-437D-B1BA-A7787173D9D5} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 121064 bytes
->Temporary Internet Files folder emptied: 327990 bytes
->Flash cache emptied: 410 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tom
->Temp folder emptied: 1198519454 bytes
->Temporary Internet Files folder emptied: 47479226 bytes
->FireFox cache emptied: 81530806 bytes
->Flash cache emptied: 7541 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 128293064 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,389.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01082013_163001

Files\Folders moved on Reboot...
C:\windows\temp\HS.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Tom629]

And finally, the TDSSKiller log:

16:50:04.0966 3724 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:50:05.0792 3724 ============================================================
16:50:05.0792 3724 Current date / time: 2013/01/08 16:50:05.0792
16:50:05.0792 3724 SystemInfo:
16:50:05.0792 3724
16:50:05.0792 3724 OS Version: 6.1.7601 ServicePack: 1.0
16:50:05.0792 3724 Product type: Workstation
16:50:05.0792 3724 ComputerName: TOM-PC
16:50:05.0792 3724 UserName: Tom
16:50:05.0792 3724 Windows directory: C:\windows
16:50:05.0792 3724 System windows directory: C:\windows
16:50:05.0792 3724 Processor architecture: Intel x86
16:50:05.0792 3724 Number of processors: 4
16:50:05.0792 3724 Page size: 0x1000
16:50:05.0792 3724 Boot type: Normal boot
16:50:05.0792 3724 ============================================================
16:50:09.0225 3724 BG loaded
16:50:11.0034 3724 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:50:11.0050 3724 ============================================================
16:50:11.0050 3724 \Device\Harddisk0\DR0:
16:50:11.0050 3724 MBR partitions:
16:50:11.0050 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
16:50:11.0050 3724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0x16E26000
16:50:11.0050 3724 ============================================================
16:50:11.0112 3724 C: <-> \Device\Harddisk0\DR0\Partition1
16:50:11.0315 3724 D: <-> \Device\Harddisk0\DR0\Partition2
16:50:11.0315 3724 ============================================================
16:50:11.0315 3724 Initialize success
16:50:11.0315 3724 ============================================================
16:50:59.0348 3328 ============================================================
16:50:59.0348 3328 Scan started
16:50:59.0348 3328 Mode: Manual; SigCheck; TDLFS;
16:50:59.0348 3328 ============================================================
16:51:04.0091 3328 ================ Scan system memory ========================
16:51:04.0091 3328 System memory - ok
16:51:04.0091 3328 ================ Scan services =============================
16:51:06.0072 3328 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
16:51:06.0415 3328 1394ohci - ok
16:51:06.0509 3328 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
16:51:06.0555 3328 ACPI - ok
16:51:06.0602 3328 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
16:51:07.0055 3328 AcpiPmi - ok
16:51:07.0257 3328 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\drivers\adp94xx.sys
16:51:07.0320 3328 adp94xx - ok
16:51:07.0429 3328 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\drivers\adpahci.sys
16:51:07.0476 3328 adpahci - ok
16:51:07.0710 3328 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\drivers\adpu320.sys
16:51:07.0788 3328 adpu320 - ok
16:51:07.0897 3328 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:51:09.0254 3328 AeLookupSvc - ok
16:51:09.0441 3328 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
16:51:09.0613 3328 AFD - ok
16:51:09.0644 3328 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
16:51:09.0691 3328 agp440 - ok
16:51:09.0847 3328 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\drivers\djsvs.sys
16:51:09.0941 3328 aic78xx - ok
16:51:10.0128 3328 [ 68D6075D1FDC90038B0DC5B9D1F17ADF ] AiDriver C:\windows\system32\DRIVERS\AiDriver.sys
16:51:10.0970 3328 AiDriver - ok
16:51:11.0173 3328 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
16:51:11.0407 3328 ALG - ok
16:51:11.0532 3328 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
16:51:11.0594 3328 aliide - ok
16:51:11.0688 3328 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
16:51:11.0750 3328 amdagp - ok
16:51:11.0781 3328 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
16:51:11.0828 3328 amdide - ok
16:51:11.0891 3328 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
16:51:12.0078 3328 AmdK8 - ok
16:51:12.0125 3328 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
16:51:12.0281 3328 AmdPPM - ok
16:51:12.0359 3328 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
16:51:12.0405 3328 amdsata - ok
16:51:12.0468 3328 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\drivers\amdsbs.sys
16:51:12.0499 3328 amdsbs - ok
16:51:12.0561 3328 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
16:51:12.0608 3328 amdxata - ok
16:51:12.0655 3328 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
16:51:12.0764 3328 AppID - ok
16:51:12.0967 3328 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:51:13.0123 3328 AppIDSvc - ok
16:51:13.0170 3328 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
16:51:13.0295 3328 Appinfo - ok
16:51:13.0388 3328 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\drivers\arc.sys
16:51:13.0466 3328 arc - ok
16:51:13.0482 3328 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\drivers\arcsas.sys
16:51:13.0560 3328 arcsas - ok
16:51:13.0653 3328 [ 956C7177DBDA0F02436868AD644CCF31 ] AsIO C:\windows\system32\drivers\AsIO.sys
16:51:13.0716 3328 AsIO - ok
16:51:13.0981 3328 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:51:14.0262 3328 aspnet_state - ok
16:51:14.0324 3328 [ A9A565C669786C402752F609AFDD0DD5 ] AsUpIO C:\windows\system32\drivers\AsUpIO.sys
16:51:14.0402 3328 AsUpIO - ok
16:51:14.0558 3328 [ 8165C8825C726A7D5EFDF863A2D1C28F ] ASUS InstantOn C:\Program Files\ASUS\InstantOn for EPC\InsOnSrv.exe
16:51:14.0621 3328 ASUS InstantOn - ok
16:51:14.0730 3328 [ 689CA2A0C7ABA6C091FEEEE9439C83DB ] AsusService C:\windows\system32\AsusService.exe
16:51:14.0808 3328 AsusService - ok
16:51:14.0870 3328 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:51:15.0463 3328 AsyncMac - ok
16:51:15.0635 3328 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
16:51:15.0681 3328 atapi - ok
16:51:15.0915 3328 [ 274C792DBE80437452F6FC110E4DA742 ] athr C:\windows\system32\DRIVERS\athr.sys
16:51:16.0243 3328 athr - ok
16:51:16.0399 3328 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:51:16.0571 3328 AudioEndpointBuilder - ok
16:51:16.0617 3328 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
16:51:16.0742 3328 Audiosrv - ok
16:51:16.0789 3328 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
16:51:17.0319 3328 AxInstSV - ok
16:51:17.0397 3328 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\drivers\bxvbdx.sys
16:51:17.0507 3328 b06bdrv - ok
16:51:17.0631 3328 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
16:51:17.0725 3328 b57nd60x - ok
16:51:17.0819 3328 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:51:17.0881 3328 BBSvc - ok
16:51:17.0943 3328 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
16:51:18.0115 3328 BDESVC - ok
16:51:18.0193 3328 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
16:51:18.0349 3328 Beep - ok
16:51:18.0443 3328 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
16:51:18.0552 3328 BFE - ok
16:51:18.0583 3328 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
16:51:18.0770 3328 BITS - ok
16:51:18.0817 3328 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:51:18.0864 3328 blbdrive - ok
16:51:18.0942 3328 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:51:19.0035 3328 bowser - ok
16:51:19.0067 3328 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
16:51:19.0207 3328 BrFiltLo - ok
16:51:19.0254 3328 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
16:51:19.0363 3328 BrFiltUp - ok
16:51:19.0410 3328 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
16:51:19.0488 3328 Browser - ok
16:51:19.0566 3328 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:51:19.0753 3328 Brserid - ok
16:51:19.0784 3328 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:51:19.0893 3328 BrSerWdm - ok
16:51:19.0925 3328 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:51:19.0987 3328 BrUsbMdm - ok
16:51:19.0987 3328 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:51:20.0065 3328 BrUsbSer - ok
16:51:20.0127 3328 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
16:51:20.0486 3328 BthEnum - ok
16:51:20.0533 3328 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
16:51:20.0595 3328 BTHMODEM - ok
16:51:20.0705 3328 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
16:51:20.0783 3328 BthPan - ok
16:51:20.0923 3328 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
16:51:21.0017 3328 BTHPORT - ok
16:51:21.0063 3328 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
16:51:21.0188 3328 bthserv - ok
16:51:21.0235 3328 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
16:51:21.0313 3328 BTHUSB - ok
16:51:21.0375 3328 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:51:21.0485 3328 cdfs - ok
16:51:21.0531 3328 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys
16:51:21.0641 3328 cdrom - ok
16:51:21.0719 3328 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
16:51:21.0812 3328 CertPropSvc - ok
16:51:21.0875 3328 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\drivers\circlass.sys
16:51:21.0999 3328 circlass - ok
16:51:22.0046 3328 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
16:51:22.0093 3328 CLFS - ok
16:51:22.0249 3328 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:22.0389 3328 clr_optimization_v2.0.50727_32 - ok
16:51:22.0499 3328 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:51:22.0857 3328 clr_optimization_v4.0.30319_32 - ok
16:51:22.0873 3328 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:51:22.0982 3328 CmBatt - ok
16:51:23.0060 3328 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
16:51:23.0107 3328 cmdide - ok
16:51:23.0154 3328 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
16:51:23.0263 3328 CNG - ok
16:51:23.0513 3328 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\drivers\compbatt.sys
16:51:23.0575 3328 Compbatt - ok
16:51:23.0622 3328 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
16:51:23.0684 3328 CompositeBus - ok
16:51:23.0700 3328 COMSysApp - ok
16:51:23.0747 3328 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
16:51:23.0809 3328 crcdisk - ok
16:51:23.0856 3328 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
16:51:23.0949 3328 CryptSvc - ok
16:51:24.0059 3328 [ 6578F71F4A6FBF197AE4EC7DC03E9538 ] DCDhcpService C:\Program Files\WiSharing\DCDhcpService.exe
16:51:24.0371 3328 DCDhcpService ( UnsignedFile.Multi.Generic ) - warning
16:51:24.0371 3328 DCDhcpService - detected UnsignedFile.Multi.Generic (1)
16:51:24.0417 3328 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
16:51:24.0542 3328 DcomLaunch - ok
16:51:24.0605 3328 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
16:51:24.0714 3328 defragsvc - ok
16:51:24.0729 3328 Suspicious service (Hidden): DETECT PS2:
16:51:24.0823 3328 [ 22236C0BEE8A83381F8540774031515C ] DETECT PS2: C:\Program Files\ASUS\LiveUpdate\DetectSys.sys
16:51:24.0823 3328 DETECT PS2: ( HiddenService.Multi.Generic ) - warning
16:51:24.0823 3328 DETECT PS2: - detected HiddenService.Multi.Generic (1)
16:51:24.0870 3328 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:51:24.0979 3328 DfsC - ok
16:51:25.0088 3328 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
16:51:25.0197 3328 Dhcp - ok
16:51:25.0244 3328 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
16:51:25.0369 3328 discache - ok
16:51:25.0463 3328 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
16:51:25.0587 3328 Dnscache - ok
16:51:25.0681 3328 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
16:51:25.0806 3328 dot3svc - ok
16:51:25.0853 3328 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
16:51:25.0993 3328 DPS - ok
16:51:26.0055 3328 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:51:26.0118 3328 drmkaud - ok
16:51:26.0196 3328 [ 21916CA2F0F46B1E813F8FDEF4ABE37A ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:51:26.0274 3328 DXGKrnl - ok
16:51:26.0336 3328 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
16:51:26.0477 3328 EapHost - ok
16:51:26.0695 3328 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\drivers\evbdx.sys
16:51:26.0898 3328 ebdrv - ok
16:51:26.0960 3328 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
16:51:27.0038 3328 EFS - ok
16:51:27.0163 3328 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\drivers\elxstor.sys
16:51:27.0225 3328 elxstor - ok
16:51:27.0241 3328 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
16:51:27.0303 3328 ErrDev - ok
16:51:27.0413 3328 [ 09E105E3997C2E6E126726EE5DDFAFB6 ] ETD C:\windows\system32\DRIVERS\ETD.sys
16:51:27.0475 3328 ETD - ok
16:51:27.0569 3328 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
16:51:27.0709 3328 EventSystem - ok
16:51:27.0740 3328 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
16:51:27.0834 3328 exfat - ok
16:51:27.0881 3328 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
16:51:28.0005 3328 fastfat - ok
16:51:28.0099 3328 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
16:51:28.0317 3328 Fax - ok
16:51:28.0364 3328 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\drivers\fdc.sys
16:51:28.0442 3328 fdc - ok
16:51:28.0489 3328 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
16:51:28.0614 3328 fdPHost - ok
16:51:28.0629 3328 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
16:51:28.0739 3328 FDResPub - ok
16:51:28.0770 3328 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:51:28.0817 3328 FileInfo - ok
16:51:28.0848 3328 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:51:28.0988 3328 Filetrace - ok
16:51:29.0035 3328 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\drivers\flpydisk.sys
16:51:29.0113 3328 flpydisk - ok
16:51:29.0175 3328 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:51:29.0253 3328 FltMgr - ok
16:51:29.0331 3328 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
16:51:29.0643 3328 FontCache - ok
16:51:29.0721 3328 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:51:29.0737 3328 FontCache3.0.0.0 - ok
16:51:29.0784 3328 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:51:29.0831 3328 FsDepends - ok
16:51:29.0877 3328 [ BFAAA92861526BB0ADCD01E964AB6609 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
16:51:29.0924 3328 fssfltr - ok
16:51:30.0252 3328 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:51:30.0455 3328 fsssvc - ok
16:51:30.0501 3328 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:51:30.0548 3328 Fs_Rec - ok
16:51:30.0611 3328 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:51:30.0689 3328 fvevol - ok
16:51:30.0751 3328 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
16:51:30.0782 3328 gagp30kx - ok
16:51:30.0845 3328 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
16:51:30.0938 3328 gpsvc - ok
16:51:31.0047 3328 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:51:31.0110 3328 gupdate - ok
16:51:31.0141 3328 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:51:31.0172 3328 gupdatem - ok
16:51:31.0203 3328 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:51:31.0375 3328 hcw85cir - ok
16:51:31.0469 3328 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:51:31.0547 3328 HdAudAddService - ok
16:51:31.0593 3328 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
16:51:31.0687 3328 HDAudBus - ok
16:51:31.0718 3328 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\drivers\HidBatt.sys
16:51:31.0765 3328 HidBatt - ok
16:51:31.0812 3328 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\drivers\hidbth.sys
16:51:31.0874 3328 HidBth - ok
16:51:31.0921 3328 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\drivers\hidir.sys
16:51:32.0015 3328 HidIr - ok
16:51:32.0077 3328 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
16:51:32.0186 3328 hidserv - ok
16:51:32.0249 3328 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
16:51:32.0311 3328 HidUsb - ok
16:51:32.0342 3328 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
16:51:32.0420 3328 hkmsvc - ok
16:51:32.0467 3328 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:51:32.0576 3328 HomeGroupListener - ok
16:51:32.0607 3328 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:51:32.0701 3328 HomeGroupProvider - ok
16:51:32.0748 3328 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
16:51:32.0795 3328 HpSAMD - ok
16:51:32.0826 3328 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
16:51:32.0919 3328 HTTP - ok
16:51:32.0966 3328 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:51:32.0997 3328 hwpolicy - ok
16:51:33.0044 3328 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
16:51:33.0107 3328 i8042prt - ok
16:51:33.0185 3328 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\windows\system32\drivers\iaStor.sys
16:51:33.0231 3328 iaStor - ok
16:51:33.0278 3328 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:51:33.0341 3328 iaStorV - ok
16:51:33.0481 3328 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:51:33.0621 3328 idsvc - ok
16:51:33.0746 3328 [ 331096A7DE63A05C22F5B96074A88E9A ] igddim32 C:\windows\system32\DRIVERS\igddim32.sys
16:51:33.0840 3328 igddim32 - ok
16:51:33.0902 3328 [ F9A1B5B17202897B2A9046A0DD7E6F5D ] igdkmd32 C:\windows\system32\DRIVERS\igdkmd32.sys
16:51:33.0965 3328 igdkmd32 - ok
16:51:34.0058 3328 [ F9A1B5B17202897B2A9046A0DD7E6F5D ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
16:51:34.0121 3328 igfx - ok
16:51:34.0183 3328 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\drivers\iirsp.sys
16:51:34.0261 3328 iirsp - ok
16:51:34.0448 3328 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
16:51:34.0651 3328 IKEEXT - ok
16:51:34.0994 3328 [ C281E19D77C6B0B0DB5459E7C317CF76 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
16:51:35.0259 3328 IntcAzAudAddService - ok
16:51:35.0322 3328 [ 8F4D251F1EA15FA97E8399128A72CC83 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
16:51:35.0447 3328 IntcDAud - ok
16:51:35.0493 3328 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
16:51:35.0540 3328 intelide - ok
16:51:35.0603 3328 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
16:51:35.0649 3328 intelppm - ok
16:51:35.0696 3328 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:51:35.0837 3328 IPBusEnum - ok
16:51:35.0915 3328 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:51:36.0055 3328 IpFilterDriver - ok
16:51:36.0133 3328 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
16:51:36.0289 3328 iphlpsvc - ok
16:51:36.0320 3328 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
16:51:36.0414 3328 IPMIDRV - ok
16:51:36.0445 3328 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:51:36.0570 3328 IPNAT - ok
16:51:36.0648 3328 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
16:51:36.0819 3328 IRENUM - ok
16:51:36.0882 3328 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
16:51:36.0975 3328 isapnp - ok
16:51:37.0038 3328 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
16:51:37.0100 3328 iScsiPrt - ok
16:51:37.0131 3328 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
16:51:37.0178 3328 kbdclass - ok
16:51:37.0241 3328 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
16:51:37.0350 3328 kbdhid - ok
16:51:37.0428 3328 [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr C:\windows\system32\DRIVERS\kbfiltr.sys
16:51:37.0459 3328 kbfiltr - ok
16:51:37.0490 3328 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
16:51:37.0599 3328 KeyIso - ok
16:51:37.0631 3328 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:51:37.0693 3328 KSecDD - ok
16:51:37.0755 3328 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:51:37.0787 3328 KSecPkg - ok
16:51:37.0849 3328 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
16:51:37.0974 3328 KtmRm - ok
16:51:38.0114 3328 [ 2D60DFAD37C101E35520E38F12B59770 ] L1C C:\windows\system32\DRIVERS\L1C62x86.sys
16:51:38.0255 3328 L1C - ok
16:51:38.0348 3328 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
16:51:38.0535 3328 LanmanServer - ok
16:51:38.0613 3328 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:51:38.0738 3328 LanmanWorkstation - ok
16:51:38.0847 3328 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:51:38.0941 3328 lltdio - ok
16:51:39.0019 3328 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
16:51:39.0113 3328 lltdsvc - ok
16:51:39.0159 3328 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
16:51:39.0253 3328 lmhosts - ok
16:51:39.0331 3328 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
16:51:39.0378 3328 LSI_FC - ok
16:51:39.0425 3328 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
16:51:39.0503 3328 LSI_SAS - ok
16:51:39.0612 3328 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
16:51:39.0659 3328 LSI_SAS2 - ok
16:51:39.0690 3328 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
16:51:39.0799 3328 LSI_SCSI - ok
16:51:40.0064 3328 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
16:51:40.0251 3328 luafv - ok
16:51:40.0329 3328 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
16:51:40.0392 3328 MBAMProtector - ok
16:51:40.0517 3328 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:51:40.0563 3328 MBAMScheduler - ok
16:51:40.0673 3328 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:51:40.0766 3328 MBAMService - ok
16:51:40.0813 3328 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\drivers\megasas.sys
16:51:40.0891 3328 megasas - ok
16:51:40.0922 3328 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
16:51:40.0985 3328 MegaSR - ok
16:51:41.0063 3328 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
16:51:41.0219 3328 MMCSS - ok
16:51:41.0250 3328 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
16:51:41.0343 3328 Modem - ok
16:51:41.0421 3328 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:51:41.0577 3328 monitor - ok
16:51:41.0718 3328 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
16:51:41.0780 3328 mouclass - ok
16:51:41.0811 3328 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
16:51:41.0874 3328 mouhid - ok
16:51:41.0921 3328 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:51:41.0999 3328 mountmgr - ok
16:51:42.0092 3328 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:51:42.0170 3328 MozillaMaintenance - ok
16:51:42.0404 3328 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
16:51:42.0560 3328 MpFilter - ok
16:51:42.0591 3328 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
16:51:42.0654 3328 mpio - ok
16:51:42.0794 3328 MpKsld7ddd53e - ok
16:51:42.0857 3328 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:51:42.0950 3328 mpsdrv - ok
16:51:43.0075 3328 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
16:51:43.0215 3328 MpsSvc - ok
16:51:43.0325 3328 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:51:43.0465 3328 MRxDAV - ok
16:51:43.0481 3328 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:51:43.0761 3328 mrxsmb - ok
16:51:43.0871 3328 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:51:43.0995 3328 mrxsmb10 - ok
16:51:44.0058 3328 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:51:44.0229 3328 mrxsmb20 - ok
16:51:44.0261 3328 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
16:51:44.0339 3328 msahci - ok
16:51:44.0417 3328 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
16:51:44.0479 3328 msdsm - ok
16:51:44.0526 3328 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
16:51:44.0604 3328 MSDTC - ok
16:51:44.0651 3328 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
16:51:44.0775 3328 Msfs - ok
16:51:44.0822 3328 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:51:44.0931 3328 mshidkmdf - ok
16:51:44.0978 3328 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
16:51:45.0009 3328 msisadrv - ok
16:51:45.0165 3328 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:51:45.0321 3328 MSiSCSI - ok
16:51:45.0353 3328 msiserver - ok
16:51:45.0415 3328 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:51:45.0571 3328 MSKSSRV - ok
16:51:46.0055 3328 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:51:46.0101 3328 MsMpSvc - ok
16:51:46.0195 3328 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:51:46.0351 3328 MSPCLOCK - ok
16:51:46.0413 3328 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:51:46.0569 3328 MSPQM - ok
16:51:46.0647 3328 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:51:46.0679 3328 MsRPC - ok
16:51:46.0725 3328 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
16:51:46.0788 3328 mssmbios - ok
16:51:46.0850 3328 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:51:46.0975 3328 MSTEE - ok
16:51:47.0037 3328 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\drivers\MTConfig.sys
16:51:47.0178 3328 MTConfig - ok
16:51:47.0240 3328 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
16:51:47.0287 3328 Mup - ok
16:51:47.0334 3328 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
16:51:47.0459 3328 napagent - ok
16:51:47.0568 3328 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:51:47.0895 3328 NativeWifiP - ok
16:51:48.0005 3328 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
16:51:48.0083 3328 NDIS - ok
16:51:48.0129 3328 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:51:48.0239 3328 NdisCap - ok
16:51:48.0285 3328 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:51:48.0395 3328 NdisTapi - ok
16:51:48.0441 3328 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:51:48.0535 3328 Ndisuio - ok
16:51:48.0597 3328 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:51:48.0707 3328 NdisWan - ok
16:51:48.0753 3328 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:51:48.0863 3328 NDProxy - ok
16:51:48.0909 3328 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:51:49.0003 3328 NetBIOS - ok
16:51:49.0081 3328 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:51:49.0221 3328 NetBT - ok
16:51:49.0253 3328 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
16:51:49.0299 3328 Netlogon - ok
16:51:49.0346 3328 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
16:51:49.0440 3328 Netman - ok
16:51:49.0518 3328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:51:49.0627 3328 NetMsmqActivator - ok
16:51:49.0643 3328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:51:49.0674 3328 NetPipeActivator - ok
16:51:49.0783 3328 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
16:51:49.0877 3328 netprofm - ok
16:51:49.0923 3328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:51:49.0955 3328 NetTcpActivator - ok
16:51:49.0986 3328 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:51:50.0033 3328 NetTcpPortSharing - ok
16:51:50.0064 3328 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
16:51:50.0111 3328 nfrd960 - ok
16:51:50.0173 3328 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
16:51:50.0220 3328 NisDrv - ok
16:51:50.0251 3328 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
16:51:50.0313 3328 NisSrv - ok
16:51:50.0391 3328 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
16:51:50.0485 3328 NlaSvc - ok
16:51:50.0532 3328 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
16:51:50.0625 3328 Npfs - ok
16:51:50.0672 3328 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
16:51:50.0781 3328 nsi - ok
16:51:50.0813 3328 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:51:50.0922 3328 nsiproxy - ok
16:51:51.0062 3328 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:51:51.0187 3328 Ntfs - ok
16:51:51.0234 3328 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
16:51:51.0327 3328 Null - ok
16:51:51.0374 3328 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
16:51:51.0421 3328 nvraid - ok
16:51:51.0437 3328 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
16:51:51.0468 3328 nvstor - ok
16:51:51.0499 3328 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
16:51:51.0530 3328 nv_agp - ok
16:51:51.0546 3328 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
16:51:51.0608 3328 ohci1394 - ok
16:51:51.0686 3328 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:51:51.0827 3328 p2pimsvc - ok
16:51:51.0920 3328 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
16:51:51.0967 3328 p2psvc - ok
16:51:52.0014 3328 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\drivers\parport.sys
16:51:52.0092 3328 Parport - ok
16:51:52.0185 3328 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
16:51:52.0248 3328 partmgr - ok
16:51:52.0279 3328 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\drivers\parvdm.sys
16:51:52.0404 3328 Parvdm - ok
16:51:52.0451 3328 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
16:51:52.0529 3328 PcaSvc - ok
16:51:52.0560 3328 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
16:51:52.0607 3328 pci - ok
16:51:52.0685 3328 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
16:51:52.0731 3328 pciide - ok
16:51:52.0778 3328 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
16:51:52.0825 3328 pcmcia - ok
16:51:52.0841 3328 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
16:51:52.0872 3328 pcw - ok
16:51:52.0919 3328 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:51:53.0028 3328 PEAUTH - ok
16:51:53.0168 3328 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
16:51:53.0324 3328 pla - ok
16:51:53.0418 3328 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:51:53.0543 3328 PlugPlay - ok
16:51:53.0699 3328 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:51:53.0933 3328 PNRPAutoReg - ok
16:51:54.0151 3328 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:51:54.0213 3328 PNRPsvc - ok
16:51:54.0650 3328 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:51:54.0978 3328 PolicyAgent - ok
16:51:55.0056 3328 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
16:51:55.0165 3328 Power - ok
16:51:55.0259 3328 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:51:55.0352 3328 PptpMiniport - ok
16:51:55.0399 3328 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\drivers\processr.sys
16:51:55.0446 3328 Processor - ok
16:51:55.0477 3328 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
16:51:55.0539 3328 ProfSvc - ok
16:51:55.0571 3328 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
16:51:55.0602 3328 ProtectedStorage - ok
16:51:55.0633 3328 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:51:55.0727 3328 Psched - ok
16:51:55.0789 3328 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\drivers\ql2300.sys
16:51:55.0898 3328 ql2300 - ok
16:51:55.0929 3328 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
16:51:55.0961 3328 ql40xx - ok
16:51:56.0101 3328 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
16:51:56.0195 3328 QWAVE - ok
16:51:56.0257 3328 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:51:56.0319 3328 QWAVEdrv - ok
16:51:56.0335 3328 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:51:56.0429 3328 RasAcd - ok
16:51:56.0460 3328 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:51:56.0538 3328 RasAgileVpn - ok
16:51:56.0569 3328 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
16:51:56.0678 3328 RasAuto - ok
16:51:56.0725 3328 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:51:56.0819 3328 Rasl2tp - ok
16:51:56.0881 3328 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
16:51:56.0990 3328 RasMan - ok
16:51:57.0021 3328 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:51:57.0115 3328 RasPppoe - ok
16:51:57.0177 3328 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:51:57.0255 3328 RasSstp - ok
16:51:57.0302 3328 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:51:57.0411 3328 rdbss - ok
16:51:57.0458 3328 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\drivers\rdpbus.sys
16:51:57.0583 3328 rdpbus - ok
16:51:57.0614 3328 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:51:57.0724 3328 RDPCDD - ok
16:51:57.0770 3328 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:51:57.0848 3328 RDPENCDD - ok
16:51:57.0926 3328 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:51:58.0036 3328 RDPREFMP - ok
16:51:58.0098 3328 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:51:58.0223 3328 RDPWD - ok
16:51:58.0254 3328 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:51:58.0316 3328 rdyboost - ok
16:51:58.0379 3328 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
16:51:58.0472 3328 RemoteAccess - ok
16:51:58.0519 3328 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:51:58.0675 3328 RemoteRegistry - ok
16:51:58.0753 3328 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
16:51:58.0862 3328 RFCOMM - ok
16:51:58.0940 3328 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:51:59.0034 3328 RpcEptMapper - ok
16:51:59.0096 3328 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
16:51:59.0206 3328 RpcLocator - ok
16:51:59.0252 3328 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
16:51:59.0362 3328 RpcSs - ok
16:51:59.0408 3328 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:51:59.0502 3328 rspndr - ok
16:51:59.0533 3328 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
16:51:59.0580 3328 SamSs - ok
16:51:59.0642 3328 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
16:51:59.0689 3328 sbp2port - ok
16:51:59.0767 3328 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
16:51:59.0876 3328 SCardSvr - ok
16:51:59.0908 3328 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:51:59.0986 3328 scfilter - ok
16:52:00.0142 3328 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
16:52:00.0282 3328 Schedule - ok
16:52:00.0313 3328 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
16:52:00.0454 3328 SCPolicySvc - ok
16:52:00.0516 3328 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:52:00.0610 3328 SDRSVC - ok
16:52:00.0656 3328 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:52:00.0719 3328 SeaPort - ok
16:52:00.0781 3328 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
16:52:00.0890 3328 secdrv - ok
16:52:00.0953 3328 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
16:52:01.0046 3328 seclogon - ok
16:52:01.0078 3328 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
16:52:01.0202 3328 SENS - ok
16:52:01.0249 3328 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\drivers\serenum.sys
16:52:01.0312 3328 Serenum - ok
16:52:01.0374 3328 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\drivers\serial.sys
16:52:01.0452 3328 Serial - ok
16:52:01.0483 3328 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\drivers\sermouse.sys
16:52:01.0546 3328 sermouse - ok
16:52:01.0624 3328 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
16:52:01.0717 3328 SessionEnv - ok
16:52:01.0764 3328 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
16:52:01.0826 3328 sffdisk - ok
16:52:01.0842 3328 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
16:52:01.0904 3328 sffp_mmc - ok
16:52:01.0936 3328 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
16:52:02.0138 3328 sffp_sd - ok
16:52:02.0185 3328 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
16:52:02.0248 3328 sfloppy - ok
16:52:02.0310 3328 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
16:52:02.0419 3328 SharedAccess - ok
16:52:02.0466 3328 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:52:02.0591 3328 ShellHWDetection - ok
16:52:02.0638 3328 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
16:52:02.0669 3328 sisagp - ok
16:52:02.0700 3328 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
16:52:02.0731 3328 SiSRaid2 - ok
16:52:02.0762 3328 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
16:52:02.0794 3328 SiSRaid4 - ok
16:52:02.0825 3328 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
16:52:02.0934 3328 Smb - ok
16:52:03.0012 3328 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:52:03.0090 3328 SNMPTRAP - ok
16:52:03.0121 3328 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
16:52:03.0168 3328 spldr - ok
16:52:03.0230 3328 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
16:52:03.0340 3328 Spooler - ok
16:52:03.0511 3328 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
16:52:03.0792 3328 sppsvc - ok
16:52:03.0823 3328 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:52:03.0948 3328 sppuinotify - ok
16:52:04.0010 3328 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
16:52:04.0088 3328 srv - ok
16:52:04.0120 3328 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:52:04.0198 3328 srv2 - ok
16:52:04.0213 3328 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:52:04.0260 3328 srvnet - ok
16:52:04.0322 3328 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:52:04.0447 3328 SSDPSRV - ok
16:52:04.0478 3328 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
16:52:04.0572 3328 SstpSvc - ok
16:52:04.0619 3328 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\drivers\stexstor.sys
16:52:04.0650 3328 stexstor - ok
16:52:04.0712 3328 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
16:52:04.0868 3328 StiSvc - ok
16:52:04.0900 3328 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
16:52:04.0931 3328 swenum - ok
16:52:04.0962 3328 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
16:52:05.0071 3328 swprv - ok
16:52:05.0180 3328 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
16:52:05.0305 3328 SysMain - ok
16:52:05.0368 3328 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
16:52:05.0430 3328 TabletInputService - ok
16:52:05.0461 3328 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
16:52:05.0570 3328 TapiSrv - ok
16:52:05.0586 3328 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
16:52:05.0680 3328 TBS - ok
16:52:05.0758 3328 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:52:05.0851 3328 Tcpip - ok
16:52:05.0960 3328 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:52:06.0038 3328 TCPIP6 - ok
16:52:06.0085 3328 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:52:06.0194 3328 tcpipreg - ok
16:52:06.0241 3328 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:52:06.0304 3328 TDPIPE - ok
16:52:06.0319 3328 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:52:06.0366 3328 TDTCP - ok
16:52:06.0397 3328 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:52:06.0491 3328 tdx - ok
16:52:06.0522 3328 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
16:52:06.0569 3328 TermDD - ok
16:52:06.0631 3328 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
16:52:06.0725 3328 TermService - ok
16:52:06.0756 3328 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
16:52:06.0818 3328 Themes - ok
16:52:06.0850 3328 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
16:52:06.0928 3328 THREADORDER - ok
16:52:06.0974 3328 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
16:52:07.0068 3328 TrkWks - ok
16:52:07.0130 3328 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:52:07.0255 3328 TrustedInstaller - ok
16:52:07.0302 3328 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:52:07.0411 3328 tssecsrv - ok
16:52:07.0458 3328 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
16:52:07.0598 3328 TsUsbFlt - ok
16:52:07.0754 3328 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
16:52:07.0832 3328 TsUsbGD - ok
16:52:07.0879 3328 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:52:07.0973 3328 tunnel - ok
16:52:08.0020 3328 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\drivers\uagp35.sys
16:52:08.0082 3328 uagp35 - ok
16:52:08.0144 3328 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:52:08.0300 3328 udfs - ok
16:52:08.0378 3328 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:52:08.0441 3328 UI0Detect - ok
16:52:08.0472 3328 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
16:52:08.0519 3328 uliagpkx - ok
16:52:08.0534 3328 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\DRIVERS\umbus.sys
16:52:08.0597 3328 umbus - ok
16:52:08.0644 3328 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\drivers\umpass.sys
16:52:08.0690 3328 UmPass - ok
16:52:08.0737 3328 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
16:52:08.0846 3328 upnphost - ok
16:52:08.0909 3328 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:52:08.0956 3328 usbccgp - ok
16:52:08.0987 3328 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
16:52:09.0049 3328 usbcir - ok
16:52:09.0080 3328 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
16:52:09.0112 3328 usbehci - ok
16:52:09.0143 3328 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:52:09.0190 3328 usbhub - ok
16:52:09.0252 3328 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys
16:52:09.0330 3328 usbohci - ok
16:52:09.0377 3328 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\drivers\usbprint.sys
16:52:09.0439 3328 usbprint - ok
16:52:09.0486 3328 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
16:52:09.0611 3328 USBSTOR - ok
16:52:09.0642 3328 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
16:52:09.0720 3328 usbuhci - ok
16:52:09.0782 3328 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
16:52:09.0876 3328 usbvideo - ok
16:52:09.0907 3328 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
16:52:10.0016 3328 UxSms - ok
16:52:10.0032 3328 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
16:52:10.0079 3328 VaultSvc - ok
16:52:10.0126 3328 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
16:52:10.0157 3328 vdrvroot - ok
16:52:10.0235 3328 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
16:52:10.0391 3328 vds - ok
16:52:10.0469 3328 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:52:10.0547 3328 vga - ok
16:52:10.0609 3328 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
16:52:10.0750 3328 VgaSave - ok
16:52:10.0796 3328 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
16:52:10.0843 3328 vhdmp - ok
16:52:10.0874 3328 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
16:52:10.0906 3328 viaagp - ok
16:52:10.0968 3328 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\drivers\viac7.sys
16:52:11.0030 3328 ViaC7 - ok
16:52:11.0046 3328 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
16:52:11.0093 3328 viaide - ok
16:52:11.0186 3328 [ C37CE43FB54066FFB540729C6E6E194E ] VideAceWindowsService C:\ExpressGateUtil\VAWinService.exe
16:52:13.0542 3328 VideAceWindowsService - ok
16:52:13.0604 3328 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
16:52:13.0651 3328 volmgr - ok
16:52:13.0667 3328 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:52:13.0745 3328 volmgrx - ok
16:52:13.0807 3328 [ C37AEE5966EB5929E2051AC7409B5730 ] volsnap C:\windows\system32\drivers\volsnap.sys
16:52:13.0916 3328 volsnap - ok
16:52:13.0979 3328 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
16:52:14.0041 3328 vsmraid - ok
16:52:14.0135 3328 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
16:52:14.0275 3328 VSS - ok
16:52:14.0306 3328 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:52:14.0369 3328 vwifibus - ok
16:52:14.0431 3328 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:52:14.0509 3328 vwififlt - ok
16:52:14.0634 3328 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
16:52:14.0759 3328 W32Time - ok
16:52:14.0852 3328 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\drivers\wacompen.sys
16:52:14.0946 3328 WacomPen - ok
16:52:14.0993 3328 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:52:15.0102 3328 WANARP - ok
16:52:15.0133 3328 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:52:15.0211 3328 Wanarpv6 - ok
16:52:15.0352 3328 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
16:52:15.0523 3328 wbengine - ok
16:52:15.0586 3328 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
16:52:15.0679 3328 WbioSrvc - ok
16:52:15.0726 3328 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
16:52:15.0804 3328 wcncsvc - ok
16:52:15.0835 3328 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:52:15.0929 3328 WcsPlugInService - ok
16:52:15.0960 3328 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\drivers\wd.sys
16:52:15.0991 3328 Wd - ok
16:52:16.0085 3328 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
16:52:16.0163 3328 Wdf01000 - ok
16:52:16.0241 3328 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
16:52:16.0366 3328 WdiServiceHost - ok
16:52:16.0412 3328 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
16:52:16.0459 3328 WdiSystemHost - ok
16:52:16.0490 3328 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
16:52:16.0584 3328 WebClient - ok
16:52:16.0646 3328 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
16:52:16.0756 3328 Wecsvc - ok
16:52:16.0818 3328 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
16:52:16.0927 3328 wercplsupport - ok
16:52:17.0005 3328 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
16:52:17.0146 3328 WerSvc - ok
16:52:17.0192 3328 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
16:52:17.0302 3328 WfpLwf - ok
16:52:17.0333 3328 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
16:52:17.0364 3328 WIMMount - ok
16:52:17.0504 3328 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:52:17.0816 3328 WinDefend - ok
16:52:18.0066 3328 WinHttpAutoProxySvc - ok
16:52:18.0581 3328 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
16:52:18.0815 3328 Winmgmt - ok
16:52:19.0267 3328 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
16:52:19.0423 3328 WinRM - ok
16:52:19.0610 3328 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
16:52:19.0938 3328 Wlansvc - ok
16:52:20.0312 3328 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:52:20.0468 3328 wlcrasvc - ok
16:52:20.0671 3328 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:52:20.0796 3328 wlidsvc - ok
16:52:20.0890 3328 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
16:52:21.0061 3328 WmiAcpi - ok
16:52:21.0092 3328 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
16:52:21.0217 3328 wmiApSrv - ok
16:52:21.0373 3328 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:52:21.0638 3328 WMPNetworkSvc - ok
16:52:21.0732 3328 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
16:52:21.0904 3328 WPCSvc - ok
16:52:21.0950 3328 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
16:52:22.0138 3328 WPDBusEnum - ok
16:52:22.0231 3328 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
16:52:22.0356 3328 ws2ifsl - ok
16:52:22.0434 3328 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
16:52:22.0559 3328 wscsvc - ok
16:52:22.0606 3328 WSearch - ok
16:52:22.0886 3328 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
16:52:23.0058 3328 wuauserv - ok
16:52:23.0183 3328 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
16:52:23.0417 3328 WudfPf - ok
16:52:23.0573 3328 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
16:52:23.0682 3328 WUDFRd - ok
16:52:23.0947 3328 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
16:52:24.0088 3328 wudfsvc - ok
16:52:24.0150 3328 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
16:52:24.0244 3328 WwanSvc - ok
16:52:24.0368 3328 ================ Scan global ===============================
16:52:24.0478 3328 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
16:52:24.0634 3328 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\windows\system32\winsrv.dll
16:52:24.0680 3328 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\windows\system32\winsrv.dll
16:52:24.0727 3328 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
16:52:24.0774 3328 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
16:52:24.0790 3328 [Global] - ok
16:52:24.0790 3328 ================ Scan MBR ==================================
16:52:24.0805 3328 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:52:29.0189 3328 \Device\Harddisk0\DR0 - ok
16:52:29.0204 3328 ================ Scan VBR ==================================
16:52:29.0220 3328 [ C4261563CC553AC3C34F6528267C6C8E ] \Device\Harddisk0\DR0\Partition1
16:52:29.0236 3328 \Device\Harddisk0\DR0\Partition1 - ok
16:52:29.0282 3328 [ 5227DB24F17502F97DBE952E1B66BC39 ] \Device\Harddisk0\DR0\Partition2
16:52:29.0314 3328 \Device\Harddisk0\DR0\Partition2 - ok
16:52:29.0314 3328 ================ Scan active images ========================
16:52:29.0329 3328 [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
16:52:29.0329 3328 C:\Windows\System32\drivers\crashdmp.sys - ok
16:52:29.0345 3328 [ F4037A3FEDB92DD97C95F320766EA5C9 ] C:\Windows\System32\drivers\iaStor.sys
16:52:29.0345 3328 C:\Windows\System32\drivers\iaStor.sys - ok
16:52:29.0360 3328 [ 62A63EF2F3053B461CB327E4D69AAA74 ] C:\Windows\System32\drivers\dumpfve.sys
16:52:29.0360 3328 C:\Windows\System32\drivers\dumpfve.sys - ok
16:52:29.0376 3328 [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
16:52:29.0376 3328 C:\Windows\System32\drivers\null.sys - ok
16:52:29.0392 3328 [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
16:52:29.0392 3328 C:\Windows\System32\drivers\beep.sys - ok
16:52:29.0407 3328 [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
16:52:29.0407 3328 C:\Windows\System32\drivers\vga.sys - ok
16:52:29.0423 3328 [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
16:52:29.0423 3328 C:\Windows\System32\drivers\videoprt.sys - ok
16:52:29.0438 3328 [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
16:52:29.0438 3328 C:\Windows\System32\drivers\watchdog.sys - ok
16:52:29.0454 3328 [ 23DAE03F29D253AE74C44F99E515F9A1 ] C:\Windows\System32\drivers\RDPCDD.sys
16:52:29.0454 3328 C:\Windows\System32\drivers\RDPCDD.sys - ok
16:52:29.0470 3328 [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
16:52:29.0470 3328 C:\Windows\System32\drivers\RDPENCDD.sys - ok
16:52:29.0485 3328 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
16:52:29.0485 3328 C:\Windows\System32\drivers\RDPREFMP.sys - ok
16:52:29.0501 3328 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
16:52:29.0501 3328 C:\Windows\System32\drivers\msfs.sys - ok
16:52:29.0516 3328 [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
16:52:29.0516 3328 C:\Windows\System32\drivers\npfs.sys - ok
16:52:29.0532 3328 [ 2F885864D5BC8A16C86BEE595969A48A ] C:\Windows\System32\drivers\tdi.sys
16:52:29.0532 3328 C:\Windows\System32\drivers\tdi.sys - ok
16:52:29.0548 3328 [ B459575348C20E8121D6039DA063C704 ] C:\Windows\System32\drivers\tdx.sys
16:52:29.0548 3328 C:\Windows\System32\drivers\tdx.sys - ok
16:52:29.0563 3328 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] C:\Windows\System32\drivers\afd.sys
16:52:29.0563 3328 C:\Windows\System32\drivers\afd.sys - ok
16:52:29.0579 3328 [ 280122DDCF04B378EDD1AD54D71C1E54 ] C:\Windows\System32\drivers\netbt.sys
16:52:29.0579 3328 C:\Windows\System32\drivers\netbt.sys - ok
16:52:29.0594 3328 [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys
16:52:29.0594 3328 C:\Windows\System32\drivers\wfplwf.sys - ok
16:52:29.0610 3328 [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys
16:52:29.0610 3328 C:\Windows\System32\drivers\pacer.sys - ok
16:52:29.0626 3328 [ 7090D3436EEB4E7DA3373090A23448F7 ] C:\Windows\System32\drivers\vwififlt.sys
16:52:29.0626 3328 C:\Windows\System32\drivers\vwififlt.sys - ok
16:52:29.0641 3328 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys
16:52:29.0641 3328 C:\Windows\System32\drivers\netbios.sys - ok
16:52:29.0657 3328 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] C:\Windows\System32\drivers\wanarp.sys
16:52:29.0657 3328 C:\Windows\System32\drivers\wanarp.sys - ok
16:52:29.0672 3328 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] C:\Windows\System32\drivers\termdd.sys
16:52:29.0672 3328 C:\Windows\System32\drivers\termdd.sys - ok
16:52:29.0704 3328 [ D528BC58A489409BA40334EBF96A311B ] C:\Windows\System32\drivers\rdbss.sys
16:52:29.0704 3328 C:\Windows\System32\drivers\rdbss.sys - ok
16:52:29.0719 3328 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys
16:52:29.0719 3328 C:\Windows\System32\drivers\nsiproxy.sys - ok
16:52:29.0735 3328 [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys
16:52:29.0735 3328 C:\Windows\System32\drivers\mssmbios.sys - ok
16:52:29.0750 3328 [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys
16:52:29.0750 3328 C:\Windows\System32\drivers\discache.sys - ok
16:52:29.0766 3328 [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys
16:52:29.0766 3328 C:\Windows\System32\drivers\blbdrive.sys - ok
16:52:29.0782 3328 [ F024449C97EC1E464AAFFDA18593DB88 ] C:\Windows\System32\drivers\dfsc.sys
16:52:29.0782 3328 C:\Windows\System32\drivers\dfsc.sys - ok
16:52:29.0797 3328 [ A9A565C669786C402752F609AFDD0DD5 ] C:\Windows\System32\drivers\AsUpIO.sys
16:52:29.0797 3328 C:\Windows\System32\drivers\AsUpIO.sys - ok
16:52:29.0813 3328 [ 956C7177DBDA0F02436868AD644CCF31 ] C:\Windows\System32\drivers\AsIO.sys
16:52:29.0813 3328 C:\Windows\System32\drivers\AsIO.sys - ok
16:52:29.0828 3328 [ B2FA25D9B17A68BB93D58B0556E8C90D ] C:\Windows\System32\drivers\tunnel.sys
16:52:29.0828 3328 C:\Windows\System32\drivers\tunnel.sys - ok
16:52:29.0844 3328 [ C30A91ADE8C9CB91E4281EC83C4500C6 ] C:\Windows\System32\ntdll.dll
16:52:29.0844 3328 C:\Windows\System32\ntdll.dll - ok
16:52:29.0860 3328 [ 16742790895960690237A5143CEDEC8B ] C:\Windows\System32\smss.exe
16:52:29.0860 3328 C:\Windows\System32\smss.exe - ok
16:52:29.0875 3328 [ F9A1B5B17202897B2A9046A0DD7E6F5D ] C:\Windows\System32\drivers\igdkmd32.sys
16:52:29.0875 3328 C:\Windows\System32\drivers\igdkmd32.sys - ok
16:52:29.0891 3328 [ F88A52EB62019D6A62FDD9E08034DBD8 ] C:\Windows\System32\autochk.exe
16:52:29.0891 3328 C:\Windows\System32\autochk.exe - ok
16:52:29.0906 3328 [ 331096A7DE63A05C22F5B96074A88E9A ] C:\Windows\System32\drivers\igddim32.sys
16:52:29.0906 3328 C:\Windows\System32\drivers\igddim32.sys - ok
16:52:29.0922 3328 [ 21916CA2F0F46B1E813F8FDEF4ABE37A ] C:\Windows\System32\drivers\dxgkrnl.sys
16:52:29.0922 3328 C:\Windows\System32\drivers\dxgkrnl.sys - ok
16:52:29.0938 3328 [ 61BA1252FF12A2F0824B1D43D5442274 ] C:\Windows\System32\drivers\dxgmms1.sys
16:52:29.0938 3328 C:\Windows\System32\drivers\dxgmms1.sys - ok
16:52:29.0953 3328 [ 9036377B8A6C15DC2EEC53E489D159B5 ] C:\Windows\System32\drivers\hdaudbus.sys
16:52:29.0953 3328 C:\Windows\System32\drivers\hdaudbus.sys - ok
16:52:29.0969 3328 [ 274C792DBE80437452F6FC110E4DA742 ] C:\Windows\System32\drivers\athr.sys
16:52:29.0969 3328 C:\Windows\System32\drivers\athr.sys - ok
16:52:29.0984 3328 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] C:\Windows\System32\drivers\vwifibus.sys
16:52:29.0984 3328 C:\Windows\System32\drivers\vwifibus.sys - ok
16:52:30.0000 3328 [ 2D60DFAD37C101E35520E38F12B59770 ] C:\Windows\System32\drivers\L1C62x86.sys
16:52:30.0000 3328 C:\Windows\System32\drivers\L1C62x86.sys - ok
16:52:30.0016 3328 [ 68D6075D1FDC90038B0DC5B9D1F17ADF ] C:\Windows\System32\drivers\AiDriver.sys
16:52:30.0016 3328 C:\Windows\System32\drivers\AiDriver.sys - ok
16:52:30.0031 3328 [ 3AA940AA9AC3055FE32FF2D3D20CCD28 ] C:\Windows\System32\drivers\usbport.sys
16:52:30.0031 3328 C:\Windows\System32\drivers\usbport.sys - ok
16:52:30.0047 3328 [ 68DF884CF41CDADA664BEB01DAF67E3D ] C:\Windows\System32\drivers\usbuhci.sys
16:52:30.0047 3328 C:\Windows\System32\drivers\usbuhci.sys - ok
16:52:30.0078 3328 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] C:\Windows\System32\drivers\i8042prt.sys
16:52:30.0078 3328 C:\Windows\System32\drivers\i8042prt.sys - ok
16:52:30.0078 3328 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] C:\Windows\System32\drivers\usbehci.sys
16:52:30.0078 3328 C:\Windows\System32\drivers\usbehci.sys - ok
16:52:30.0094 3328 [ 3EB803312987FF44265C87CB960DF6AB ] C:\Windows\System32\drivers\kbfiltr.sys
16:52:30.0094 3328 C:\Windows\System32\drivers\kbfiltr.sys - ok
16:52:30.0109 3328 [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys
16:52:30.0109 3328 C:\Windows\System32\drivers\kbdclass.sys - ok
16:52:30.0125 3328 [ 09E105E3997C2E6E126726EE5DDFAFB6 ] C:\Windows\System32\drivers\ETD.sys
16:52:30.0125 3328 C:\Windows\System32\drivers\ETD.sys - ok
16:52:30.0140 3328 [ DEA805815E587DAD1DD2C502220B5616 ] C:\Windows\System32\drivers\CmBatt.sys
16:52:30.0140 3328 C:\Windows\System32\drivers\CmBatt.sys - ok
16:52:30.0156 3328 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys
16:52:30.0156 3328 C:\Windows\System32\drivers\mouclass.sys - ok
16:52:30.0172 3328 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] C:\Windows\System32\drivers\intelppm.sys
16:52:30.0172 3328 C:\Windows\System32\drivers\intelppm.sys - ok
16:52:30.0187 3328 [ 0217679B8FCA58714C3BF2726D2CA84E ] C:\Windows\System32\drivers\wmiacpi.sys
16:52:30.0187 3328 C:\Windows\System32\drivers\wmiacpi.sys - ok
16:52:30.0203 3328 [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys
16:52:30.0203 3328 C:\Windows\System32\drivers\agilevpn.sys - ok
16:52:30.0218 3328 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] C:\Windows\System32\drivers\CompositeBus.sys
16:52:30.0218 3328 C:\Windows\System32\drivers\CompositeBus.sys - ok
16:52:30.0234 3328 [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys
16:52:30.0234 3328 C:\Windows\System32\drivers\rasl2tp.sys - ok
16:52:30.0250 3328 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys
16:52:30.0250 3328 C:\Windows\System32\drivers\ndistapi.sys - ok
16:52:30.0265 3328 [ 38FBE267E7E6983311179230FACB1017 ] C:\Windows\System32\drivers\ndiswan.sys
16:52:30.0265 3328 C:\Windows\System32\drivers\ndiswan.sys - ok
16:52:30.0281 3328 [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys
16:52:30.0281 3328 C:\Windows\System32\drivers\raspppoe.sys - ok
16:52:30.0296 3328 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys
16:52:30.0296 3328 C:\Windows\System32\drivers\raspptp.sys - ok
16:52:30.0312 3328 [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys
16:52:30.0312 3328 C:\Windows\System32\drivers\rassstp.sys - ok
16:52:30.0328 3328 [ 5DCEF0C32BE0F33277326586FA503689 ] C:\Windows\System32\drivers\ks.sys
16:52:30.0328 3328 C:\Windows\System32\drivers\ks.sys - ok
16:52:30.0343 3328 [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys
16:52:30.0343 3328 C:\Windows\System32\drivers\swenum.sys - ok
16:52:30.0359 3328 [ D295BED4B898F0FD999FCFA9B32B071B ] C:\Windows\System32\drivers\umbus.sys
16:52:30.0359 3328 C:\Windows\System32\drivers\umbus.sys - ok
16:52:30.0359 3328 [ 4A8E2F20809CC161107FAA94F6CF2685 ] C:\Windows\System32\imm32.dll
16:52:30.0359 3328 C:\Windows\System32\imm32.dll - ok
16:52:30.0374 3328 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\System32\iertutil.dll
16:52:30.0374 3328 C:\Windows\System32\iertutil.dll - ok
16:52:30.0390 3328 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] C:\Windows\System32\drivers\usbhub.sys
16:52:30.0390 3328 C:\Windows\System32\drivers\usbhub.sys - ok
16:52:30.0406 3328 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\System32\urlmon.dll
16:52:30.0406 3328 C:\Windows\System32\urlmon.dll - ok
16:52:30.0421 3328 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\System32\ws2_32.dll
16:52:30.0421 3328 C:\Windows\System32\ws2_32.dll - ok
16:52:30.0437 3328 [ 6400774E903729ADD0A62A24A334EE56 ] C:\Windows\System32\rpcrt4.dll
16:52:30.0437 3328 C:\Windows\System32\rpcrt4.dll - ok
16:52:30.0452 3328 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\System32\comdlg32.dll
16:52:30.0452 3328 C:\Windows\System32\comdlg32.dll - ok
16:52:30.0468 3328 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\System32\imagehlp.dll
16:52:30.0468 3328 C:\Windows\System32\imagehlp.dll - ok
16:52:30.0484 3328 [ F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 ] C:\Windows\System32\user32.dll
16:52:30.0484 3328 C:\Windows\System32\user32.dll - ok
16:52:30.0499 3328 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] C:\Windows\System32\drivers\ndproxy.sys
16:52:30.0499 3328 C:\Windows\System32\drivers\ndproxy.sys - ok
16:52:30.0515 3328 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\System32\msvcrt.dll
16:52:30.0515 3328 C:\Windows\System32\msvcrt.dll - ok
16:52:30.0530 3328 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\System32\oleaut32.dll
16:52:30.0530 3328 C:\Windows\System32\oleaut32.dll - ok
16:52:30.0546 3328 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll
16:52:30.0546 3328 C:\Windows\System32\psapi.dll - ok
16:52:30.0562 3328 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\System32\setupapi.dll
16:52:30.0562 3328 C:\Windows\System32\setupapi.dll - ok
16:52:30.0577 3328 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\System32\shell32.dll
16:52:30.0577 3328 C:\Windows\System32\shell32.dll - ok
16:52:30.0593 3328 [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll
16:52:30.0593 3328 C:\Windows\System32\lpk.dll - ok
16:52:30.0608 3328 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
16:52:30.0608 3328 C:\Windows\System32\msctf.dll - ok
16:52:30.0624 3328 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\System32\wininet.dll
16:52:30.0624 3328 C:\Windows\System32\wininet.dll - ok
16:52:30.0640 3328 [ 3ED262888758E350C29E02207AF9AC59 ] C:\Windows\System32\kernel32.dll
16:52:30.0640 3328 C:\Windows\System32\kernel32.dll - ok
16:52:30.0655 3328 [ E87F5393F7D8CE2FACC4DFF703531392 ] C:\Windows\System32\gdi32.dll
16:52:30.0655 3328 C:\Windows\System32\gdi32.dll - ok
16:52:30.0671 3328 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
16:52:30.0671 3328 C:\Windows\System32\sechost.dll - ok
16:52:30.0686 3328 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\System32\advapi32.dll
16:52:30.0686 3328 C:\Windows\System32\advapi32.dll - ok
16:52:30.0702 3328 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll
16:52:30.0702 3328 C:\Windows\System32\normaliz.dll - ok
16:52:30.0718 3328 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll
16:52:30.0718 3328 C:\Windows\System32\nsi.dll - ok
16:52:30.0733 3328 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\System32\Wldap32.dll
16:52:30.0733 3328 C:\Windows\System32\Wldap32.dll - ok
16:52:30.0749 3328 [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
16:52:30.0764 3328 C:\Windows\System32\difxapi.dll - ok
16:52:30.0764 3328 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\System32\usp10.dll
16:52:30.0764 3328 C:\Windows\System32\usp10.dll - ok
16:52:30.0780 3328 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\System32\shlwapi.dll
16:52:30.0780 3328 C:\Windows\System32\shlwapi.dll - ok
16:52:30.0796 3328 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\System32\ole32.dll
16:52:30.0796 3328 C:\Windows\System32\ole32.dll - ok
16:52:30.0811 3328 [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll
16:52:30.0811 3328 C:\Windows\System32\clbcatq.dll - ok
16:52:30.0842 3328 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\System32\crypt32.dll
16:52:30.0842 3328 C:\Windows\System32\crypt32.dll - ok
16:52:30.0858 3328 [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
16:52:30.0858 3328 C:\Windows\System32\devobj.dll - ok
16:52:30.0858 3328 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\System32\wintrust.dll
16:52:30.0858 3328 C:\Windows\System32\wintrust.dll - ok
16:52:30.0874 3328 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\System32\comctl32.dll
16:52:30.0874 3328 C:\Windows\System32\comctl32.dll - ok
16:52:30.0889 3328 [ 3FFAEA12666E565FF51BF2FCA674F543 ] C:\Windows\System32\cfgmgr32.dll
16:52:30.0889 3328 C:\Windows\System32\cfgmgr32.dll - ok
16:52:30.0905 3328 [ E40ADC3B848650F1D5A932FD7DE0D018 ] C:\Windows\System32\KernelBase.dll
16:52:30.0905 3328 C:\Windows\System32\KernelBase.dll - ok
16:52:30.0920 3328 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\System32\msasn1.dll
16:52:30.0920 3328 C:\Windows\System32\msasn1.dll - ok
16:52:30.0936 3328 [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys
16:52:30.0936 3328 C:\Windows\System32\drivers\drmk.sys - ok
16:52:30.0952 3328 [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys
16:52:30.0952 3328 C:\Windows\System32\drivers\portcls.sys - ok
16:52:30.0967 3328 [ C281E19D77C6B0B0DB5459E7C317CF76 ] C:\Windows\System32\drivers\RTKVHDA.sys
16:52:30.0967 3328 C:\Windows\System32\drivers\RTKVHDA.sys - ok
16:52:30.0983 3328 [ 8F4D251F1EA15FA97E8399128A72CC83 ] C:\Windows\System32\drivers\IntcDAud.sys
16:52:30.0983 3328 C:\Windows\System32\drivers\IntcDAud.sys - ok
16:52:30.0998 3328 [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
16:52:30.0998 3328 C:\Windows\System32\drivers\dxapi.sys - ok
16:52:31.0014 3328 [ 46538741E0230731D3635D12DF85A7B5 ] C:\Windows\System32\win32k.sys
16:52:31.0014 3328 C:\Windows\System32\win32k.sys - ok
16:52:31.0030 3328 [ 6C062EA09313872D2235027EF7A4554E ] C:\Windows\System32\csrsrv.dll
16:52:31.0030 3328 C:\Windows\System32\csrsrv.dll - ok
16:52:31.0045 3328 [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
16:52:31.0045 3328 C:\Windows\System32\csrss.exe - ok
16:52:31.0061 3328 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\System32\basesrv.dll
16:52:31.0061 3328 C:\Windows\System32\basesrv.dll - ok
16:52:31.0076 3328 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\System32\winsrv.dll
16:52:31.0076 3328 C:\Windows\System32\winsrv.dll - ok
16:52:31.0092 3328 [ 5787196F32D043572EC6565C0EF1B8E0 ] C:\Windows\System32\drivers\usbd.sys
16:52:31.0092 3328 C:\Windows\System32\drivers\usbd.sys - ok
16:52:31.0108 3328 [ BD9C55D7023C5DE374507ACC7A14E2AC ] C:\Windows\System32\drivers\usbccgp.sys
16:52:31.0108 3328 C:\Windows\System32\drivers\usbccgp.sys - ok
16:52:31.0123 3328 [ 6C26122F1931D4D7810240F32DDCE890 ] C:\Windows\System32\drivers\hidparse.sys
16:52:31.0123 3328 C:\Windows\System32\drivers\hidparse.sys - ok
16:52:31.0139 3328 [ 931A1DF1520ABC6E84BA4A75E6957025 ] C:\Windows\System32\drivers\hidclass.sys
16:52:31.0139 3328 C:\Windows\System32\drivers\hidclass.sys - ok
16:52:31.0139 3328 [ 10C19F8290891AF023EAEC0832E1EB4D ] C:\Windows\System32\drivers\hidusb.sys
16:52:31.0139 3328 C:\Windows\System32\drivers\hidusb.sys - ok
16:52:31.0154 3328 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] C:\Windows\System32\drivers\mouhid.sys
16:52:31.0154 3328 C:\Windows\System32\drivers\mouhid.sys - ok
16:52:31.0170 3328 [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
16:52:31.0170 3328 C:\Windows\System32\drivers\monitor.sys - ok
16:52:31.0186 3328 [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
16:52:31.0186 3328 C:\Windows\System32\tsddd.dll - ok
16:52:31.0201 3328 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
16:52:31.0201 3328 C:\Windows\System32\sxssrv.dll - ok
16:52:31.0217 3328 [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
16:52:31.0217 3328 C:\Windows\System32\wininit.exe - ok
16:52:31.0232 3328 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
16:52:31.0232 3328 C:\Windows\System32\profapi.dll - ok
16:52:31.0248 3328 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\System32\RpcRtRemote.dll
16:52:31.0248 3328 C:\Windows\System32\RpcRtRemote.dll - ok
16:52:31.0264 3328 [ CAEF9CD6C10B1017E2C298D849CD31DB ] C:\Windows\System32\cdd.dll
16:52:31.0264 3328 C:\Windows\System32\cdd.dll - ok
16:52:31.0279 3328 [ 357B990A4249D7F7485B230C0CC8825A ] C:\Windows\System32\KBDUS.DLL
16:52:31.0279 3328 C:\Windows\System32\KBDUS.DLL - ok
16:52:31.0295 3328 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] C:\Windows\System32\drivers\usbvideo.sys
16:52:31.0295 3328 C:\Windows\System32\drivers\usbvideo.sys - ok
16:52:31.0310 3328 [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
16:52:31.0310 3328 C:\Windows\System32\WlS0WndH.dll - ok
16:52:31.0326 3328 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\System32\sxs.dll
16:52:31.0326 3328 C:\Windows\System32\sxs.dll - ok
16:52:31.0342 3328 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
16:52:31.0342 3328 C:\Windows\System32\cryptbase.dll - ok
16:52:31.0357 3328 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\System32\apphelp.dll
16:52:31.0357 3328 C:\Windows\System32\apphelp.dll - ok
16:52:31.0373 3328 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe
16:52:31.0373 3328 C:\Windows\System32\services.exe - ok
16:52:31.0388 3328 [ 81951F51E318AECC2D68559E47485CC4 ] C:\Windows\System32\lsass.exe
16:52:31.0388 3328 C:\Windows\System32\lsass.exe - ok
16:52:31.0404 3328 [ 8AEA9A37C1A3565A204D37C5E72AB791 ] C:\Windows\System32\lsm.exe
16:52:31.0404 3328 C:\Windows\System32\lsm.exe - ok
16:52:31.0420 3328 [ E361AE3010EA4B3123DAB5BDAE21798F ] C:\Windows\System32\sspisrv.dll
16:52:31.0420 3328 C:\Windows\System32\sspisrv.dll - ok
16:52:31.0435 3328 [ C95CA687D32DDAB1C91E1122E80D5E16 ] C:\Windows\System32\lsasrv.dll
16:52:31.0435 3328 C:\Windows\System32\lsasrv.dll - ok
16:52:31.0451 3328 [ 4A054C853031616D161A84BECF281F47 ] C:\Windows\System32\sspicli.dll
16:52:31.0451 3328 C:\Windows\System32\sspicli.dll - ok
16:52:31.0466 3328 [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
16:52:31.0466 3328 C:\Windows\System32\scext.dll - ok
16:52:31.0482 3328 [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
16:52:31.0482 3328 C:\Windows\System32\sysntfy.dll - ok
16:52:31.0498 3328 [ 69678722290C78D5D7198C60B5A4E3E8 ] C:\Windows\System32\secur32.dll
16:52:31.0498 3328 C:\Windows\System32\secur32.dll - ok
16:52:31.0513 3328 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
16:52:31.0513 3328 C:\Windows\System32\wmsgapi.dll - ok
16:52:31.0529 3328 [ 250AA41DE690561AF1282D598914564C ] C:\Windows\System32\scesrv.dll
16:52:31.0529 3328 C:\Windows\System32\scesrv.dll - ok
16:52:31.0544 3328 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\System32\srvcli.dll
16:52:31.0544 3328 C:\Windows\System32\srvcli.dll - ok
16:52:31.0560 3328 [ 245F4691314F42D4D1BC06442F0B2086 ] C:\Windows\System32\samsrv.dll
16:52:31.0560 3328 C:\Windows\System32\samsrv.dll - ok
16:52:31.0576 3328 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
16:52:31.0576 3328 C:\Windows\System32\cryptdll.dll - ok
16:52:31.0591 3328 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
16:52:31.0591 3328 C:\Windows\System32\wevtapi.dll - ok
16:52:31.0607 3328 [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
16:52:31.0607 3328 C:\Windows\System32\cngaudit.dll - ok
16:52:31.0638 3328 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
16:52:31.0638 3328 C:\Windows\System32\authz.dll - ok
16:52:31.0654 3328 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\System32\ncrypt.dll
16:52:31.0654 3328 C:\Windows\System32\ncrypt.dll - ok
16:52:31.0669 3328 [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
16:52:31.0669 3328 C:\Windows\System32\bcrypt.dll - ok
16:52:31.0669 3328 [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
16:52:31.0669 3328 C:\Windows\System32\msprivs.dll - ok
16:52:31.0685 3328 [ E343CABBD8D600ABAF3F11625D33B3D0 ] C:\Windows\System32\netjoin.dll
16:52:31.0685 3328 C:\Windows\System32\netjoin.dll - ok
16:52:31.0700 3328 [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
16:52:31.0700 3328 C:\Windows\System32\negoexts.dll - ok
16:52:31.0716 3328 [ 6D13E1406F50C66E2A95D97F22C47560 ] C:\Windows\System32\winlogon.exe
16:52:31.0716 3328 C:\Windows\System32\winlogon.exe - ok
16:52:31.0732 3328 [ BDA0B954A30498B5A7EDC6204CBA07ED ] C:\Windows\System32\kerberos.dll
16:52:31.0732 3328 C:\Windows\System32\kerberos.dll - ok
16:52:31.0747 3328 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\System32\winsta.dll
16:52:31.0747 3328 C:\Windows\System32\winsta.dll - ok
16:52:31.0763 3328 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
16:52:31.0763 3328 C:\Windows\System32\cryptsp.dll - ok
16:52:31.0778 3328 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\System32\mswsock.dll
16:52:31.0778 3328 C:\Windows\System32\mswsock.dll - ok
16:52:31.0794 3328 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
16:52:31.0794 3328 C:\Windows\System32\wship6.dll - ok
16:52:31.0810 3328 [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\System32\msv1_0.dll
16:52:31.0810 3328 C:\Windows\System32\msv1_0.dll - ok
16:52:31.0825 3328 [ C1809B9907ADEDAF16F50C894100883B ] C:\Windows\System32\netlogon.dll
16:52:31.0825 3328 C:\Windows\System32\netlogon.dll - ok
16:52:31.0856 3328 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\System32\dnsapi.dll
16:52:31.0856 3328 C:\Windows\System32\dnsapi.dll - ok
16:52:31.0856 3328 [ FD1D6C73E6333BE727CBCC6054247654 ] C:\Windows\System32\drivers\TsUsbFlt.sys
16:52:31.0856 3328 C:\Windows\System32\drivers\TsUsbFlt.sys - ok
16:52:31.0872 3328 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\System32\logoncli.dll
16:52:31.0872 3328 C:\Windows\System32\logoncli.dll - ok
16:52:31.0888 3328 [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\System32\schannel.dll
16:52:31.0888 3328 C:\Windows\System32\schannel.dll - ok
16:52:31.0903 3328 [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
16:52:31.0903 3328 C:\Windows\System32\wdigest.dll - ok
16:52:31.0919 3328 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
16:52:31.0919 3328 C:\Windows\System32\rsaenh.dll - ok
16:52:31.0934 3328 [ D29E45078CF4020CE0AAC82EC652D1EA ] C:\Windows\System32\TSpkg.dll
16:52:31.0934 3328 C:\Windows\System32\TSpkg.dll - ok
16:52:31.0950 3328 [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
16:52:31.0950 3328 C:\Windows\System32\pku2u.dll - ok
16:52:31.0966 3328 [ 9EDE13F62E7BE92DBA561218EDDC4E21 ] C:\Windows\System32\LIVESSP.DLL
16:52:31.0966 3328 C:\Windows\System32\LIVESSP.DLL - ok
16:52:31.0997 3328 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
16:52:31.0997 3328 C:\Windows\System32\bcryptprimitives.dll - ok
16:52:31.0997 3328 [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
16:52:31.0997 3328 C:\Windows\System32\efslsaext.dll - ok
16:52:32.0012 3328 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\System32\credssp.dll
16:52:32.0012 3328 C:\Windows\System32\credssp.dll - ok
16:52:32.0028 3328 [ 8124944EC89D6A1815E4E53F5B96AAF4 ] C:\Windows\System32\scecli.dll
16:52:32.0028 3328 C:\Windows\System32\scecli.dll - ok
16:52:32.0044 3328 [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
16:52:32.0044 3328 C:\Windows\System32\ubpm.dll - ok
16:52:32.0059 3328 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
16:52:32.0059 3328 C:\Windows\System32\svchost.exe - ok
16:52:32.0075 3328 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] C:\Windows\System32\umpnpmgr.dll
16:52:32.0075 3328 C:\Windows\System32\umpnpmgr.dll - ok
16:52:32.0090 3328 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
16:52:32.0090 3328 C:\Windows\System32\SPInf.dll - ok
16:52:32.0106 3328 [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
16:52:32.0106 3328 C:\Windows\System32\devrtl.dll - ok
16:52:32.0122 3328 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
16:52:32.0122 3328 C:\Windows\System32\gpapi.dll - ok
16:52:32.0137 3328 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\System32\userenv.dll
16:52:32.0137 3328 C:\Windows\System32\userenv.dll - ok
16:52:32.0153 3328 [ F87D30E72E03D579A5199CCB3831D6EA ] C:\Windows\System32\umpo.dll
16:52:32.0153 3328 C:\Windows\System32\umpo.dll - ok
16:52:32.0168 3328 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
16:52:32.0168 3328 C:\Windows\System32\pcwum.dll - ok
16:52:32.0184 3328 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
16:52:32.0184 3328 C:\Windows\System32\powrprof.dll - ok
16:52:32.0200 3328 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
16:52:32.0200 3328 C:\Windows\System32\drivers\luafv.sys - ok
16:52:32.0200 3328 [ 629CABB0421668C9D3D402A3C3D77E14 ] C:\Windows\System32\drivers\mbam.sys
16:52:32.0200 3328 C:\Windows\System32\drivers\mbam.sys - ok
16:52:32.0215 3328 [ 7660F01D3B38ACA1747E397D21D790AF ] C:\Windows\System32\rpcss.dll
16:52:32.0215 3328 C:\Windows\System32\rpcss.dll - ok
16:52:32.0231 3328 [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
16:52:32.0231 3328 C:\Windows\System32\RpcEpMap.dll - ok
16:52:32.0246 3328 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
16:52:32.0246 3328 C:\Windows\System32\WSHTCPIP.DLL - ok
16:52:32.0262 3328 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
16:52:32.0262 3328 C:\Windows\System32\wshqos.dll - ok
16:52:32.0278 3328 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:52:32.0278 3328 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
16:52:32.0293 3328 [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
16:52:32.0293 3328 C:\Windows\System32\FirewallAPI.dll - ok
16:52:32.0309 3328 [ 9AC7F31404F784753C4C04296E48CFAB ] C:\Program Files\Microsoft Security Client\MpSvc.dll
16:52:32.0309 3328 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
16:52:32.0324 3328 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
16:52:32.0324 3328 C:\Windows\System32\version.dll - ok
16:52:32.0340 3328 [ 3EF0D8AB08385AAB5802E773511A2E6A ] C:\Windows\System32\LogonUI.exe
16:52:32.0340 3328 C:\Windows\System32\LogonUI.exe - ok
16:52:32.0356 3328 [ CDD35C1CE1EBFE80C055691CDC8DF443 ] C:\Windows\System32\authui.dll
16:52:32.0356 3328 C:\Windows\System32\authui.dll - ok
16:52:32.0371 3328 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\System32\wtsapi32.dll
16:52:32.0371 3328 C:\Windows\System32\wtsapi32.dll - ok
16:52:32.0387 3328 [ 84204FDA617A3611D510A1DCBAE64004 ] C:\Program Files\Microsoft Security Client\MpClient.dll
16:52:32.0387 3328 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
16:52:32.0402 3328 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
16:52:32.0402 3328 C:\Windows\System32\ntmarta.dll - ok
16:52:32.0418 3328 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\System32\cryptui.dll
16:52:32.0418 3328 C:\Windows\System32\cryptui.dll - ok
16:52:32.0434 3328 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
16:52:32.0434 3328 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
16:52:32.0449 3328 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
16:52:32.0449 3328 C:\Windows\System32\samlib.dll - ok
16:52:32.0465 3328 [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\System32\shacct.dll
16:52:32.0465 3328 C:\Windows\System32\shacct.dll - ok
16:52:32.0465 3328 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\System32\propsys.dll
16:52:32.0465 3328 C:\Windows\System32\propsys.dll - ok
16:52:32.0480 3328 [ 241E015DD809CFB23242F890B1FC575B ] C:\Windows\System32\wevtsvc.dll
16:52:32.0480 3328 C:\Windows\System32\wevtsvc.dll - ok
16:52:32.0496 3328 [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
16:52:32.0496 3328 C:\Windows\System32\uxtheme.dll - ok
16:52:32.0621 3328 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
16:52:32.0621 3328 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
16:52:32.0636 3328 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] C:\Windows\System32\audiosrv.dll
16:52:32.0636 3328 C:\Windows\System32\audiosrv.dll - ok
16:52:32.0652 3328 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
16:52:32.0652 3328 C:\Windows\System32\netprofm.dll - ok
16:52:32.0668 3328 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
16:52:32.0668 3328 C:\Windows\System32\avrt.dll - ok
16:52:32.0683 3328 [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
16:52:32.0683 3328 C:\Windows\System32\mmcss.dll - ok
16:52:32.0699 3328 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
16:52:32.0699 3328 C:\Windows\System32\dui70.dll - ok
16:52:32.0714 3328 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\System32\MMDevAPI.dll
16:52:32.0714 3328 C:\Windows\System32\MMDevAPI.dll - ok
16:52:32.0730 3328 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
16:52:32.0730 3328 C:\Windows\System32\duser.dll - ok
16:52:32.0746 3328 [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\System32\SndVolSSO.dll
16:52:32.0746 3328 C:\Windows\System32\SndVolSSO.dll - ok
16:52:32.0746 3328 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
16:52:32.0761 3328 C:\Windows\System32\hid.dll - ok
16:52:32.0761 3328 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
16:52:32.0761 3328 C:\Windows\System32\dwmapi.dll - ok
16:52:32.0777 3328 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\System32\xmllite.dll
16:52:32.0777 3328 C:\Windows\System32\xmllite.dll - ok
16:52:32.0792 3328 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\System32\WindowsCodecs.dll
16:52:32.0792 3328 C:\Windows\System32\WindowsCodecs.dll - ok
16:52:32.0808 3328 [ 0DBEE38060475A4C3E04D3B908AEC0B9 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
16:52:32.0808 3328 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
16:52:32.0824 3328 [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
16:52:32.0824 3328 C:\Windows\System32\adtschema.dll - ok
16:52:32.0839 3328 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
16:52:32.0839 3328 C:\Windows\System32\winbrand.dll - ok
16:52:32.0855 3328 [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
16:52:32.0855 3328 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
16:52:32.0870 3328 [ 7C29BC74635524E13FAA556A5FD48968 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
16:52:32.0870 3328 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
16:52:32.0886 3328 [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
16:52:32.0886 3328 C:\Windows\System32\VaultCredProvider.dll - ok
16:52:32.0902 3328 [ CADEFAC453040E370A1BDFF3973BE00D ] C:\Windows\System32\profsvc.dll
16:52:32.0902 3328 C:\Windows\System32\profsvc.dll - ok
16:52:32.0917 3328 [ 05BF975CA428E04B462FB90841B37C95 ] C:\Windows\System32\SmartcardCredentialProvider.dll
16:52:32.0917 3328 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
16:52:32.0933 3328 [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
16:52:32.0933 3328 C:\Windows\System32\drivers\fltMgr.sys - ok
16:52:32.0948 3328 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\System32\fltLib.dll
16:52:32.0948 3328 C:\Windows\System32\fltLib.dll - ok
16:52:32.0964 3328 [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
16:52:32.0964 3328 C:\Windows\System32\BioCredProv.dll - ok
16:52:32.0980 3328 [ 00A0231FCA55C815853B957767E34B02 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
16:52:32.0980 3328 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
16:52:33.0011 3328 [ 9835584E999D25004E1EE8E5F3E3B881 ] C:\Windows\System32\MPSSVC.dll
16:52:33.0011 3328 C:\Windows\System32\MPSSVC.dll - ok
16:52:33.0026 3328 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] C:\Windows\System32\drivers\MpFilter.sys
16:52:33.0026 3328 C:\Windows\System32\drivers\MpFilter.sys - ok
16:52:33.0042 3328 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\System32\credui.dll
16:52:33.0042 3328 C:\Windows\System32\credui.dll - ok
16:52:33.0058 3328 [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
16:52:33.0058 3328 C:\Windows\System32\winbio.dll - ok
16:52:33.0073 3328 [ 2EF4E53ACB0DF0B34091335BB26C2BC2 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
16:52:33.0073 3328 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
16:52:33.0089 3328 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\System32\netapi32.dll
16:52:33.0089 3328 C:\Windows\System32\netapi32.dll - ok
16:52:33.0104 3328 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\System32\netutils.dll
16:52:33.0104 3328 C:\Windows\System32\netutils.dll - ok
16:52:33.0120 3328 [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
16:52:33.0120 3328 C:\Windows\System32\PSHED.DLL - ok
16:52:33.0136 3328 [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
16:52:33.0136 3328 C:\Windows\System32\vaultcli.dll - ok
16:52:33.0151 3328 [ F68194F74350D4A2ADE98961E33F884C ] C:\Windows\System32\audiodg.exe
16:52:33.0151 3328 C:\Windows\System32\audiodg.exe - ok
16:52:33.0167 3328 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\System32\samcli.dll
16:52:33.0167 3328 C:\Windows\System32\samcli.dll - ok
16:52:33.0182 3328 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\System32\wkscli.dll
16:52:33.0182 3328 C:\Windows\System32\wkscli.dll - ok
16:52:33.0198 3328 [ 16935C98FF639D185086A3529B1F2067 ] C:\Windows\System32\wlansvc.dll
16:52:33.0198 3328 C:\Windows\System32\wlansvc.dll - ok
16:52:33.0214 3328 [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
16:52:33.0214 3328 C:\Windows\System32\certCredProvider.dll - ok
16:52:33.0229 3328 [ 11F06C27DAD83CD5E907D664CA591805 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A3D30D3-0DF8-4750-9564-4B5477370DBF}\mpengine.dll
16:52:33.0229 3328 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A3D30D3-0DF8-4750-9564-4B5477370DBF}\mpengine.dll - ok
16:52:33.0245 3328 [ B230D1B54017C2B56DAFE311DFEB0102 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDCREDPROV.DLL
16:52:33.0245 3328 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDCREDPROV.DLL - ok
16:52:33.0260 3328 [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
16:52:33.0260 3328 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
16:52:33.0260 3328 [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
16:52:33.0260 3328 C:\Windows\System32\rasplap.dll - ok
16:52:33.0276 3328 [ E897EAF5ED6BA41E081060C9B447A673 ] C:\Windows\System32\gpsvc.dll
16:52:33.0276 3328 C:\Windows\System32\gpsvc.dll - ok
16:52:33.0292 3328 [ 50E0DD0A5B8D8BC353578F2F73926697 ] C:\Windows\System32\nlaapi.dll
16:52:33.0292 3328 C:\Windows\System32\nlaapi.dll - ok
16:52:33.0307 3328 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
16:52:33.0307 3328 C:\Windows\System32\rasapi32.dll - ok
16:52:33.0323 3328 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
16:52:33.0323 3328 C:\Windows\System32\themeservice.dll - ok
16:52:33.0338 3328 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
16:52:33.0338 3328 C:\Windows\System32\atl.dll - ok
16:52:33.0354 3328 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
16:52:33.0354 3328 C:\Windows\System32\rasman.dll - ok
16:52:33.0385 3328 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\System32\rtutils.dll
16:52:33.0385 3328 C:\Windows\System32\rtutils.dll - ok
16:52:33.0385 3328 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
16:52:33.0385 3328 C:\Windows\System32\dsrole.dll - ok
16:52:33.0401 3328 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
16:52:33.0416 3328 C:\Windows\System32\slc.dll - ok
16:52:33.0416 3328 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\System32\winmm.dll
16:52:33.0416 3328 C:\Windows\System32\winmm.dll - ok
16:52:33.0448 3328 [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
16:52:33.0448 3328 C:\Windows\System32\UXInit.dll - ok
16:52:33.0463 3328 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
16:52:33.0463 3328 C:\Windows\System32\es.dll - ok
16:52:33.0479 3328 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
16:52:33.0479 3328 C:\Windows\System32\ksuser.dll - ok
16:52:33.0494 3328 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\System32\wdmaud.drv
16:52:33.0494 3328 C:\Windows\System32\wdmaud.drv - ok
16:52:33.0510 3328 [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
16:52:33.0510 3328 C:\Windows\System32\comres.dll - ok
16:52:33.0526 3328 [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
16:52:33.0526 3328 C:\Windows\System32\Sens.dll - ok
16:52:33.0541 3328 [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
16:52:33.0541 3328 C:\Windows\System32\uxsms.dll - ok
16:52:33.0557 3328 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
16:52:33.0557 3328 C:\Windows\System32\drivers\lltdio.sys - ok
16:52:33.0572 3328 [ 26384429FCD85D83746F63E798AB1480 ] C:\Windows\System32\drivers\nwifi.sys
16:52:33.0572 3328 C:\Windows\System32\drivers\nwifi.sys - ok
16:52:33.0588 3328 [ D8A65DAFB3EB41CBB622745676FCD072 ] C:\Windows\System32\drivers\ndisuio.sys
16:52:33.0588 3328 C:\Windows\System32\drivers\ndisuio.sys - ok
16:52:33.0604 3328 [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
16:52:33.0604 3328 C:\Windows\System32\drivers\rspndr.sys - ok
16:52:33.0619 3328 [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
16:52:33.0619 3328 C:\Windows\System32\lmhsvc.dll - ok
16:52:33.0635 3328 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\System32\IPHLPAPI.DLL
16:52:33.0635 3328 C:\Windows\System32\IPHLPAPI.DLL - ok
16:52:33.0650 3328 [ D2A937964199F647B1C3BC435712E5D9 ] C:\Windows\System32\nrpsrv.dll
16:52:33.0650 3328 C:\Windows\System32\nrpsrv.dll - ok
16:52:33.0666 3328 [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
16:52:33.0666 3328 C:\Windows\System32\nsisvc.dll - ok
16:52:33.0682 3328 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
16:52:33.0682 3328 C:\Windows\System32\winnsi.dll - ok
16:52:33.0697 3328 [ E9E01EB683C132F7FA27CD607B8A2B63 ] C:\Windows\System32\dhcpcore.dll
16:52:33.0697 3328 C:\Windows\System32\dhcpcore.dll - ok
16:52:33.0713 3328 [ EF71BA5DF59034962B0C62314A71351A ] C:\Windows\System32\dhcpcore6.dll
16:52:33.0713 3328 C:\Windows\System32\dhcpcore6.dll - ok
16:52:33.0728 3328 [ 33EF4861F19A0736B11314AAD9AE28D0 ] C:\Windows\System32\dnsrslvr.dll
16:52:33.0728 3328 C:\Windows\System32\dnsrslvr.dll - ok
16:52:33.0744 3328 [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\System32\keyiso.dll
16:52:33.0744 3328 C:\Windows\System32\keyiso.dll - ok
16:52:33.0760 3328 [ 8600142FA91C1B96367D3300AD0F3F3A ] C:\Windows\System32\eapsvc.dll
16:52:33.0760 3328 C:\Windows\System32\eapsvc.dll - ok
16:52:33.0775 3328 [ 9A892B3439884C62B04718F0303A49E9 ] C:\Windows\System32\eapphost.dll
16:52:33.0775 3328 C:\Windows\System32\eapphost.dll - ok
16:52:33.0791 3328 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\System32\FWPUCLNT.DLL
16:52:33.0791 3328 C:\Windows\System32\FWPUCLNT.DLL - ok
16:52:33.0791 3328 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\System32\AudioSes.dll
16:52:33.0791 3328 C:\Windows\System32\AudioSes.dll - ok
16:52:33.0806 3328 [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
16:52:33.0806 3328 C:\Windows\System32\dnsext.dll - ok
16:52:33.0822 3328 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
16:52:33.0822 3328 C:\Windows\System32\msacm32.dll - ok
16:52:33.0838 3328 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
16:52:33.0838 3328 C:\Windows\System32\msacm32.drv - ok
16:52:33.0853 3328 [ D33E95C0A2754061233B58DC41F8094C ] C:\Windows\System32\umb.dll
16:52:33.0853 3328 C:\Windows\System32\umb.dll - ok
16:52:33.0869 3328 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
16:52:33.0869 3328 C:\Windows\System32\dhcpcsvc.dll - ok
16:52:33.0884 3328 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
16:52:33.0884 3328 C:\Windows\System32\midimap.dll - ok
16:52:33.0900 3328 [ 3C9035085141162416A0DD34DBF3F3C1 ] C:\Windows\System32\wlanmsm.dll
16:52:33.0900 3328 C:\Windows\System32\wlanmsm.dll - ok
16:52:33.0916 3328 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\System32\dhcpcsvc6.dll
16:52:33.0916 3328 C:\Windows\System32\dhcpcsvc6.dll - ok
16:52:33.0931 3328 [ 20C06A50DFC097E134BC6FA8444CA9BC ] C:\Windows\System32\wlansec.dll
16:52:33.0931 3328 C:\Windows\System32\wlansec.dll - ok
16:52:33.0947 3328 [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll
16:52:33.0947 3328 C:\Windows\System32\AudioEng.dll - ok
16:52:33.0978 3328 [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\System32\onex.dll
16:52:33.0978 3328 C:\Windows\System32\onex.dll - ok
16:52:33.0978 3328 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
16:52:33.0978 3328 C:\Windows\System32\eappcfg.dll - ok
16:52:34.0009 3328 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
16:52:34.0009 3328 C:\Windows\System32\eappprxy.dll - ok
16:52:34.0009 3328 [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll
16:52:34.0009 3328 C:\Windows\System32\AUDIOKSE.dll - ok
16:52:34.0040 3328 [ 749F9795F01C35EEBE100A87D82B9681 ] C:\Windows\System32\wlgpclnt.dll
16:52:34.0040 3328 C:\Windows\System32\wlgpclnt.dll - ok
16:52:34.0040 3328 [ C1585EAA67C37A05BF6F93726FAFC069 ] C:\Windows\System32\l2gpstore.dll
16:52:34.0040 3328 C:\Windows\System32\l2gpstore.dll - ok
16:52:34.0072 3328 [ 657CFC3ED79EFC5530457518299A9AE6 ] C:\Windows\System32\RtkAPO.dll
16:52:34.0072 3328 C:\Windows\System32\RtkAPO.dll - ok
16:52:34.0072 3328 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
16:52:34.0072 3328 C:\Windows\System32\wlanutil.dll - ok
16:52:34.0087 3328 [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\System32\WinSCard.dll
16:52:34.0087 3328 C:\Windows\System32\WinSCard.dll - ok
16:52:34.0103 3328 [ D9A9702E43A5859896F34898D5FD3FEC ] C:\Windows\System32\msxml6.dll
16:52:34.0103 3328 C:\Windows\System32\msxml6.dll - ok
16:52:34.0118 3328 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
16:52:34.0118 3328 C:\Windows\System32\imageres.dll - ok
16:52:34.0134 3328 [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\System32\shsvcs.dll
16:52:34.0134 3328 C:\Windows\System32\shsvcs.dll - ok
16:52:34.0150 3328 [ A04BB13F8A72F8B6E8B4071723E4E336 ] C:\Windows\System32\schedsvc.dll
16:52:34.0150 3328 C:\Windows\System32\schedsvc.dll - ok
16:52:34.0165 3328 [ 6F44F5C0BC6B210FE5F5A1C8D899AD0A ] C:\Windows\System32\wlanext.exe
16:52:34.0165 3328 C:\Windows\System32\wlanext.exe - ok
16:52:34.0181 3328 [ 310E9119D0A1CFDF1DA897089B533D81 ] C:\Windows\System32\conhost.exe
16:52:34.0181 3328 C:\Windows\System32\conhost.exe - ok
16:52:34.0196 3328 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
16:52:34.0196 3328 C:\Windows\System32\ktmw32.dll - ok
16:52:34.0212 3328 [ E6D90DC604F407B3B5E0FD285E46B2A0 ] C:\Windows\System32\fveapi.dll
16:52:34.0212 3328 C:\Windows\System32\fveapi.dll - ok
16:52:34.0228 3328 [ 4E30ED3E551E867ADD1C8D58F5EDD9DF ] C:\Windows\System32\WMALFXGFXDSP.dll
16:52:34.0228 3328 C:\Windows\System32\WMALFXGFXDSP.dll - ok
16:52:34.0243 3328 [ 3520310EA962E10D77E226C1DC163D6B ] C:\Program Files\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
16:52:34.0243 3328 C:\Program Files\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll - ok
16:52:34.0259 3328 [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
16:52:34.0259 3328 C:\Windows\System32\fvecerts.dll - ok
16:52:34.0274 3328 [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
16:52:34.0274 3328 C:\Windows\System32\tbs.dll - ok
16:52:34.0290 3328 [ E2D56AE1D40E3725084054CD8E9CFBB1 ] C:\Windows\System32\wiarpc.dll
16:52:34.0290 3328 C:\Windows\System32\wiarpc.dll - ok
16:52:34.0306 3328 [ 1C3E8371377E988B683797A132EFFE1B ] C:\Windows\System32\taskcomp.dll
16:52:34.0306 3328 C:\Windows\System32\taskcomp.dll - ok
16:52:34.0321 3328 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
16:52:34.0321 3328 C:\Windows\System32\mfplat.dll - ok
16:52:34.0321 3328 [ 871917B07A141BFF43D76D8844D48106 ] C:\Windows\System32\drivers\http.sys
16:52:34.0321 3328 C:\Windows\System32\drivers\http.sys - ok
16:52:34.0337 3328 [ 4F2659160AFCCA990305816946F69407 ] C:\Windows\System32\taskeng.exe
16:52:34.0352 3328 C:\Windows\System32\taskeng.exe - ok
16:52:34.0352 3328 [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
16:52:34.0352 3328 C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
16:52:34.0384 3328 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
16:52:34.0384 3328 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
16:52:34.0384 3328 [ 9AEA093B8F9C37CF45538382CABA2475 ] C:\Windows\System32\spoolsv.exe
16:52:34.0384 3328 C:\Windows\System32\spoolsv.exe - ok
16:52:34.0415 3328 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
16:52:34.0415 3328 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
16:52:34.0430 3328 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
16:52:34.0430 3328 C:\Windows\System32\wlanapi.dll - ok
16:52:34.0446 3328 [ F8B7EE4127E4FE3BB5BBB6ABD6FC340A ] C:\Program Files\Qualcomm Atheros WiFi Driver Installation\AthIhvWpaP2p.dll
16:52:34.0446 3328 C:\Program Files\Qualcomm Atheros WiFi Driver Installation\AthIhvWpaP2p.dll - ok
16:52:34.0462 3328 [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\System32\TSChannel.dll
16:52:34.0462 3328 C:\Windows\System32\TSChannel.dll - ok
16:52:34.0477 3328 [ 1E2BAC209D184BB851E1A187D8A29136 ] C:\Windows\System32\BFE.DLL
16:52:34.0477 3328 C:\Windows\System32\BFE.DLL - ok
16:52:34.0493 3328 [ A3901CD2E276484003C2944F78BEB80E ] C:\Windows\System32\lpksetup.exe
16:52:34.0493 3328 C:\Windows\System32\lpksetup.exe - ok
16:52:34.0508 3328 [ 0C0DF0F05BAEA320FA301F34E256E08B ] C:\Windows\System32\dpx.dll
16:52:34.0508 3328 C:\Windows\System32\dpx.dll - ok
16:52:34.0508 3328 [ ED12110CD5BFE686F645E145A7DD28C5 ] C:\Windows\System32\comsvcs.dll
16:52:34.0508 3328 C:\Windows\System32\comsvcs.dll - ok
16:52:34.0540 3328 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] C:\Windows\System32\drivers\bowser.sys
16:52:34.0540 3328 C:\Windows\System32\drivers\bowser.sys - ok
16:52:34.0555 3328 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] C:\Windows\System32\drivers\mpsdrv.sys
16:52:34.0555 3328 C:\Windows\System32\drivers\mpsdrv.sys - ok
16:52:34.0571 3328 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] C:\Windows\System32\drivers\mrxsmb.sys
16:52:34.0571 3328 C:\Windows\System32\drivers\mrxsmb.sys - ok
16:52:34.0586 3328 [ 6D17A4791ACA19328C685D256349FEFC ] C:\Windows\System32\drivers\mrxsmb10.sys
16:52:34.0586 3328 C:\Windows\System32\drivers\mrxsmb10.sys - ok
16:52:34.0602 3328 [ 1FF7E4F548C7C372C804938F0D5B36AE ] C:\Windows\System32\netcfgx.dll
16:52:34.0602 3328 C:\Windows\System32\netcfgx.dll - ok
16:52:34.0618 3328 [ B81F204D146000BE76651A50670A5E9E ] C:\Windows\System32\drivers\mrxsmb20.sys
16:52:34.0618 3328 C:\Windows\System32\drivers\mrxsmb20.sys - ok
16:52:34.0633 3328 [ 019C372B1A9DA73A22D0D35A4D40F5C9 ] C:\Windows\System32\wfapigp.dll
16:52:34.0633 3328 C:\Windows\System32\wfapigp.dll - ok
16:52:34.0649 3328 [ 58405E4F68BA8E4057C6E914F326ABA2 ] C:\Windows\System32\wkssvc.dll
16:52:34.0649 3328 C:\Windows\System32\wkssvc.dll - ok
16:52:34.0649 3328 [ 61E6487189D68BD8D6D68A4CD4290846 ] C:\Windows\System32\lpksetupproxyserv.dll
16:52:34.0664 3328 C:\Windows\System32\lpksetupproxyserv.dll - ok
16:52:34.0664 3328 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\System32\mscms.dll
16:52:34.0664 3328 C:\Windows\System32\mscms.dll - ok
16:52:34.0680 3328 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
16:52:34.0680 3328 C:\Windows\System32\drivers\parport.sys - ok
16:52:34.0696 3328 [ 8165C8825C726A7D5EFDF863A2D1C28F ] C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe
16:52:34.0696 3328 C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe - ok
16:52:34.0711 3328 [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
16:52:34.0711 3328 C:\Windows\System32\pcasvc.dll - ok
16:52:34.0727 3328 [ 6A984831644ECA1A33FFEAE4126F4F37 ] C:\Windows\System32\snmptrap.exe
16:52:34.0727 3328 C:\Windows\System32\snmptrap.exe - ok
16:52:34.0742 3328 [ F845CB13B1D1FC68C97900FEF94D03CC ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
16:52:34.0742 3328 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
16:52:34.0758 3328 [ 24CAEDCD73B5B0E22226283B7B2468C7 ] C:\Windows\System32\mfc42u.dll
16:52:34.0758 3328 C:\Windows\System32\mfc42u.dll - ok
16:52:34.0774 3328 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\System32\odbc32.dll
16:52:34.0774 3328 C:\Windows\System32\odbc32.dll - ok
16:52:34.0789 3328 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\System32\odbcint.dll
16:52:34.0789 3328 C:\Windows\System32\odbcint.dll - ok
16:52:34.0805 3328 [ 689CA2A0C7ABA6C091FEEEE9439C83DB ] C:\Windows\System32\AsusService.exe
16:52:34.0805 3328 C:\Windows\System32\AsusService.exe - ok
16:52:34.0820 3328 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\System32\wbemcomn.dll
16:52:34.0820 3328 C:\Windows\System32\wbemcomn.dll - ok
16:52:34.0836 3328 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
16:52:34.0836 3328 C:\Windows\System32\wbem\wbemprox.dll - ok
16:52:34.0852 3328 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\System32\winspool.drv
16:52:34.0852 3328 C:\Windows\System32\winspool.drv - ok
16:52:34.0867 3328 [ 96C0E38905CFD788313BE8E11DAE3F2F ] C:\Windows\System32\cryptsvc.dll
16:52:34.0867 3328 C:\Windows\System32\cryptsvc.dll - ok
16:52:34.0883 3328 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] C:\Windows\System32\dps.dll
16:52:34.0883 3328 C:\Windows\System32\dps.dll - ok
16:52:34.0898 3328 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\System32\taskschd.dll
16:52:34.0898 3328 C:\Windows\System32\taskschd.dll - ok
16:52:34.0914 3328 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\System32\cryptnet.dll
16:52:34.0914 3328 C:\Windows\System32\cryptnet.dll - ok
16:52:34.0930 3328 [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\System32\vssapi.dll
16:52:34.0930 3328 C:\Windows\System32\vssapi.dll - ok
16:52:34.0945 3328 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
16:52:34.0945 3328 C:\Windows\System32\vsstrace.dll - ok
16:52:34.0961 3328 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:52:34.0961 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
16:52:34.0976 3328 [ 8624E0E2418413614EE1FECDB7B76B88 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
16:52:34.0976 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
16:52:34.0992 3328 [ E223D2851906B84F52E1B75EA16198F9 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
16:52:34.0992 3328 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll - ok
16:52:35.0008 3328 [ D4467A285C91752018F67CDBA8680BAB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
16:52:35.0008 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
16:52:35.0023 3328 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\System32\provsvc.dll
16:52:35.0023 3328 C:\Windows\System32\provsvc.dll - ok
16:52:35.0039 3328 [ D318F23BE45D5E3A107469EB64815B50 ] C:\Windows\System32\sstpsvc.dll
16:52:35.0039 3328 C:\Windows\System32\sstpsvc.dll - ok
16:52:35.0054 3328 [ FC5372FD2DEB28E847C8394C58BC76FA ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
16:52:35.0054 3328 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
16:52:35.0070 3328 [ CA461A203EF40A98C1C23DE3CBEE68B2 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
16:52:35.0070 3328 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
16:52:35.0086 3328 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:52:35.0086 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
16:52:35.0101 3328 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\System32\wscapi.dll
16:52:35.0101 3328 C:\Windows\System32\wscapi.dll - ok
16:52:35.0117 3328 [ 4BE1DCAD76BE96D1EC887A41E570C404 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
16:52:35.0117 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
16:52:35.0132 3328 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
16:52:35.0132 3328 C:\Windows\System32\mpr.dll - ok
16:52:35.0148 3328 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] C:\Windows\System32\drivers\NisDrvWFP.sys
16:52:35.0148 3328 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
16:52:35.0164 3328 [ 374071043F9E4231EE43BE2BB48DD36D ] C:\Windows\System32\nlasvc.dll
16:52:35.0164 3328 C:\Windows\System32\nlasvc.dll - ok
16:52:35.0179 3328 [ 140D9F911182357626165EA0BEB98C4F ] C:\Windows\System32\ncsi.dll
16:52:35.0179 3328 C:\Windows\System32\ncsi.dll - ok
16:52:35.0195 3328 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\System32\winhttp.dll
16:52:35.0195 3328 C:\Windows\System32\winhttp.dll - ok
16:52:35.0210 3328 [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
16:52:35.0210 3328 C:\Windows\System32\drivers\PEAuth.sys - ok
16:52:35.0226 3328 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\System32\webio.dll
16:52:35.0226 3328 C:\Windows\System32\webio.dll - ok
16:52:35.0226 3328 [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
16:52:35.0226 3328 C:\Windows\System32\ssdpapi.dll - ok
16:52:35.0242 3328 [ CC781378E7EDA615D2CDCA3B17829FA4 ] C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:52:35.0242 3328 C:\Program Files\Microsoft\BingBar\SeaPort.EXE - ok
16:52:35.0257 3328 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll
16:52:35.0257 3328 C:\Windows\System32\SensApi.dll - ok
16:52:35.0273 3328 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
16:52:35.0273 3328 C:\Windows\System32\drivers\secdrv.sys - ok
16:52:35.0288 3328 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] C:\Windows\System32\drivers\srvnet.sys
16:52:35.0288 3328 C:\Windows\System32\drivers\srvnet.sys - ok
16:52:35.0304 3328 [ 36650D618CA34C9D357DFD3D89B2C56F ] C:\Windows\System32\sysmain.dll
16:52:35.0304 3328 C:\Windows\System32\sysmain.dll - ok
16:52:35.0320 3328 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] C:\Windows\System32\drivers\tcpipreg.sys
16:52:35.0320 3328 C:\Windows\System32\drivers\tcpipreg.sys - ok
16:52:35.0335 3328 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll
16:52:35.0335 3328 C:\Windows\System32\trkwks.dll - ok
16:52:35.0351 3328 [ D2F7A0ADC2EE0F65AB1F19D2E00C16B8 ] C:\Windows\System32\sc.exe
16:52:35.0351 3328 C:\Windows\System32\sc.exe - ok
16:52:35.0366 3328 [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\System32\cabinet.dll
16:52:35.0366 3328 C:\Windows\System32\cabinet.dll - ok
16:52:35.0382 3328 [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\System32\p2pcollab.dll
16:52:35.0382 3328 C:\Windows\System32\p2pcollab.dll - ok
16:52:35.0398 3328 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] C:\Windows\System32\QAGENTRT.DLL
16:52:35.0398 3328 C:\Windows\System32\QAGENTRT.DLL - ok
16:52:35.0413 3328 [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2 ] C:\Windows\System32\fveui.dll
16:52:35.0413 3328 C:\Windows\System32\fveui.dll - ok
16:52:35.0429 3328 [ 3B47E60E1012B23873ED2E4A9B4F2310 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
16:52:35.0429 3328 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
16:52:35.0444 3328 [ 19F75D71E4256F5113D64CE2BB66B838 ] C:\Windows\System32\slwga.dll
16:52:35.0444 3328 C:\Windows\System32\slwga.dll - ok
16:52:35.0460 3328 [ 8E4B58E12B3FA65ED1462846906E0B59 ] C:\Windows\System32\sppc.dll
16:52:35.0460 3328 C:\Windows\System32\sppc.dll - ok
16:52:35.0476 3328 [ C37CE43FB54066FFB540729C6E6E194E ] C:\ExpressGateUtil\VAWinService.exe
16:52:35.0476 3328 C:\ExpressGateUtil\VAWinService.exe - ok
16:52:35.0491 3328 [ DA13D85DBF19B518EA82FEA3E438A882 ] C:\ExpressGateUtil\libexpat.dll
16:52:35.0491 3328 C:\ExpressGateUtil\libexpat.dll - ok
16:52:35.0507 3328 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
16:52:35.0507 3328 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE - ok
16:52:35.0522 3328 [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll
16:52:35.0522 3328 C:\Windows\System32\wbem\WMIsvc.dll - ok
16:52:35.0538 3328 [ 701C9EB15E1E23D22F7C7184C0506673 ] C:\Windows\System32\wbem\WmiDcPrv.dll
16:52:35.0538 3328 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
16:52:35.0554 3328 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\System32\wbem\fastprox.dll
16:52:35.0554 3328 C:\Windows\System32\wbem\fastprox.dll - ok
16:52:35.0569 3328 [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll
16:52:35.0569 3328 C:\Windows\System32\wbem\WinMgmtR.dll - ok
16:52:35.0585 3328 [ E4AC680E216688965B10A86D6E28A89E ] C:\ExpressGateUtil\netProfileDatabase.dll
16:52:35.0585 3328 C:\ExpressGateUtil\netProfileDatabase.dll - ok
16:52:35.0600 3328 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL
16:52:35.0600 3328 C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL - ok
16:52:35.0616 3328 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll
16:52:35.0616 3328 C:\Windows\System32\ntdsapi.dll - ok
16:52:35.0632 3328 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\System32\mscoree.dll
16:52:35.0632 3328 C:\Windows\System32\mscoree.dll - ok
16:52:35.0647 3328 [ 585EB475E7AF55C9065256E8FFB751A1 ] C:\Windows\System32\wbem\wbemcore.dll
16:52:35.0647 3328 C:\Windows\System32\wbem\wbemcore.dll - ok
16:52:35.0663 3328 [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll
16:52:35.0663 3328 C:\Windows\System32\wbem\esscli.dll - ok
16:52:35.0678 3328 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\System32\wer.dll
16:52:35.0678 3328 C:\Windows\System32\wer.dll - ok
16:52:35.0694 3328 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll
16:52:35.0694 3328 C:\Windows\System32\wbem\wbemsvc.dll - ok
16:52:35.0710 3328 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll
16:52:35.0710 3328 C:\Windows\System32\wbem\wmiutils.dll - ok
16:52:35.0725 3328 [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll
16:52:35.0725 3328 C:\Windows\System32\wbem\repdrvfs.dll - ok
16:52:35.0741 3328 [ D34A527493F39AF4491B3E909DC697CA ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
16:52:35.0741 3328 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll - ok
16:52:35.0756 3328 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
16:52:35.0756 3328 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
16:52:35.0772 3328 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] C:\Windows\System32\iphlpsvc.dll
16:52:35.0772 3328 C:\Windows\System32\iphlpsvc.dll - ok
16:52:35.0788 3328 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] C:\Windows\System32\drivers\srv2.sys
16:52:35.0788 3328 C:\Windows\System32\drivers\srv2.sys - ok
16:52:35.0803 3328 [ 8B92BED5B8D4A8480E7AA631F35A6F35 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
16:52:35.0803 3328 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
16:52:35.0819 3328 [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\System32\sqmapi.dll
16:52:35.0819 3328 C:\Windows\System32\sqmapi.dll - ok
16:52:35.0834 3328 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] C:\Windows\System32\drivers\srv.sys
16:52:35.0834 3328 C:\Windows\System32\drivers\srv.sys - ok
16:52:35.0850 3328 [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\System32\wdscore.dll
16:52:35.0850 3328 C:\Windows\System32\wdscore.dll - ok
16:52:35.0866 3328 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] C:\Windows\System32\browser.dll
16:52:35.0866 3328 C:\Windows\System32\browser.dll - ok
16:52:35.0881 3328 [ D64AF876D53ECA3668BB97B51B4E70AB ] C:\Windows\System32\srvsvc.dll
16:52:35.0881 3328 C:\Windows\System32\srvsvc.dll - ok
16:52:35.0897 3328 [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
16:52:35.0897 3328 C:\Windows\System32\netmsg.dll - ok
16:52:35.0897 3328 [ 89E783711AF91AF09E1EF30EF3107446 ] C:\Windows\System32\sscore.dll
16:52:35.0897 3328 C:\Windows\System32\sscore.dll - ok
16:52:35.0912 3328 [ AE9898D5600A232CD8AE3298692162E5 ] C:\Windows\System32\clusapi.dll
16:52:35.0912 3328 C:\Windows\System32\clusapi.dll - ok
16:52:35.0928 3328 [ 2AF094C822BD6094F14A8E85FB51D52A ] C:\Windows\System32\resutils.dll
16:52:35.0928 3328 C:\Windows\System32\resutils.dll - ok
16:52:35.0944 3328 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
16:52:35.0944 3328 C:\Windows\System32\hnetcfg.dll - ok
16:52:35.0959 3328 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\System32\msxml3.dll
16:52:35.0959 3328 C:\Windows\System32\msxml3.dll - ok
16:52:35.0975 3328 [ 45D9F6CD2469CDB6A640DD4BD2B01471 ] C:\Windows\System32\nci.dll
16:52:35.0975 3328 C:\Windows\System32\nci.dll - ok
16:52:35.0990 3328 [ 3CDE2911462FEC80064A409C07710C06 ] C:\Windows\System32\wbem\WmiPrvSD.dll
16:52:35.0990 3328 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
16:52:36.0006 3328 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll
16:52:36.0006 3328 C:\Windows\System32\ncobjapi.dll - ok
16:52:36.0022 3328 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
16:52:36.0022 3328 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
16:52:36.0037 3328 [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll
16:52:36.0037 3328 C:\Windows\System32\wbem\wbemess.dll - ok
16:52:36.0053 3328 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
16:52:36.0053 3328 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
16:52:36.0068 3328 [ C649F293B8B047A2694F3C615D09BF17 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
16:52:36.0068 3328 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE - ok
16:52:36.0084 3328 [ 31D59387099070963EAD4CE14C5B5F04 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
16:52:36.0084 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll - ok
16:52:36.0100 3328 [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\System32\wbem\WmiPrvSE.exe
16:52:36.0100 3328 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
16:52:36.0115 3328 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
16:52:36.0115 3328 C:\Windows\System32\rasadhlp.dll - ok
16:52:36.0131 3328 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
16:52:36.0131 3328 C:\Windows\System32\npmproxy.dll - ok
16:52:36.0146 3328 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll
16:52:36.0146 3328 C:\Windows\System32\wdi.dll - ok
16:52:36.0162 3328 [ 2C49B175AEE1D4364B91B531417FE583 ] C:\Windows\servicing\TrustedInstaller.exe
16:52:36.0162 3328 C:\Windows\servicing\TrustedInstaller.exe - ok
16:52:36.0178 3328 [ 3B846434055F80D9E89D0742F3ADAD34 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
16:52:36.0178 3328 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
16:52:36.0193 3328 [ C6B0509AA89F656247694E2D6ABF7255 ] C:\Windows\System32\wbem\wmiprov.dll
16:52:36.0193 3328 C:\Windows\System32\wbem\wmiprov.dll - ok
16:52:36.0209 3328 [ 6E9E439517D89EDC9A6CB1E94489620A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
16:52:36.0209 3328 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
16:52:36.0224 3328 [ 4C6CA0F172E264B432666A81E4B466AB ] C:\Program Files\Microsoft Security Client\NisLog.dll
16:52:36.0224 3328 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
16:52:36.0240 3328 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\System32\dbghelp.dll
16:52:36.0240 3328 C:\Windows\System32\dbghelp.dll - ok
16:52:36.0256 3328 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
16:52:36.0256 3328 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
16:52:36.0271 3328 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\System32\riched20.dll
16:52:36.0271 3328 C:\Windows\System32\riched20.dll - ok
16:52:36.0287 3328 [ 5B3D1C528CD6674FF6BD1F6720F5A686 ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll
16:52:36.0287 3328 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll - ok
16:52:36.0302 3328 [ AA53356D60AF47EACC85BC617A4F3F66 ] C:\Windows\System32\wpdbusenum.dll
16:52:36.0302 3328 C:\Windows\System32\wpdbusenum.dll - ok
16:52:36.0318 3328 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] C:\Windows\System32\hidserv.dll
16:52:36.0318 3328 C:\Windows\System32\hidserv.dll - ok
16:52:36.0334 3328 [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\System32\PortableDeviceApi.dll
16:52:36.0334 3328 C:\Windows\System32\PortableDeviceApi.dll - ok
16:52:36.0349 3328 [ 53946B69BA0836BD95B03759530C81EC ] C:\Windows\System32\IPSECSVC.DLL
16:52:36.0349 3328 C:\Windows\System32\IPSECSVC.DLL - ok
16:52:36.0365 3328 [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll
16:52:36.0365 3328 C:\Windows\System32\perftrack.dll - ok
16:52:36.0380 3328 [ ECF036299AA554B5E0455262857B39D0 ] C:\Windows\System32\diagperf.dll
16:52:36.0380 3328 C:\Windows\System32\diagperf.dll - ok
16:52:36.0396 3328 [ 8896EF6DEBA34C5507A488729A1D3AF2 ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wcp.dll
16:52:36.0396 3328 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wcp.dll - ok
16:52:36.0412 3328 [ DB603D3FD090C66F9709EF6493C26BA3 ] C:\Windows\System32\FwRemoteSvr.dll
16:52:36.0412 3328 C:\Windows\System32\FwRemoteSvr.dll - ok
16:52:36.0427 3328 [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
16:52:36.0427 3328 C:\Windows\System32\aepic.dll - ok
16:52:36.0443 3328 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
16:52:36.0443 3328 C:\Windows\System32\sfc.dll - ok
16:52:36.0458 3328 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
16:52:36.0458 3328 C:\Windows\System32\sfc_os.dll - ok
16:52:36.0458 3328 [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll
16:52:36.0474 3328 C:\Windows\System32\pnpts.dll - ok
16:52:36.0474 3328 [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll
16:52:36.0474 3328 C:\Windows\System32\Apphlpdm.dll - ok
16:52:36.0490 3328 [ 0F4267A774BF94DFEAB3872028286DAC ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC86E7AF-B1A9-4F3C-9037-0192BF16FBDE}\gapaengine.dll
16:52:36.0490 3328 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC86E7AF-B1A9-4F3C-9037-0192BF16FBDE}\gapaengine.dll - ok
16:52:36.0505 3328 [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
16:52:36.0505 3328 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
16:52:36.0521 3328 [ D729084195C952B7ED14AA6DA4B44DCA ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC86E7AF-B1A9-4F3C-9037-0192BF16FBDE}\nisfull.vdm
16:52:36.0521 3328 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC86E7AF-B1A9-4F3C-9037-0192BF16FBDE}\nisfull.vdm - ok
16:52:36.0536 3328 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
16:52:36.0536 3328 C:\Windows\System32\NapiNSP.dll - ok
16:52:36.0552 3328 [ F0016853FA3F38F55FD868FF74C0359B ] C:\Windows\System32\wdiasqmmodule.dll
16:52:36.0552 3328 C:\Windows\System32\wdiasqmmodule.dll - ok
16:52:36.0568 3328 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
16:52:36.0568 3328 C:\Windows\System32\pnrpnsp.dll - ok
16:52:36.0583 3328 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
16:52:36.0583 3328 C:\Windows\System32\winrnr.dll - ok
16:52:36.0599 3328 [ AC122407B29378FF9646F03404AC7C54 ] C:\Windows\System32\wshbth.dll
16:52:36.0599 3328 C:\Windows\System32\wshbth.dll - ok
16:52:36.0614 3328 [ 75BCC4043512E41D83C8F224B168039C ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
16:52:36.0614 3328 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
16:52:36.0630 3328 [ 7FA8BA5A780E4757964AC9D4238302B9 ] C:\Windows\System32\taskhost.exe
16:52:36.0630 3328 C:\Windows\System32\taskhost.exe - ok
16:52:36.0646 3328 [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll
16:52:36.0646 3328 C:\Windows\System32\dimsjob.dll - ok
16:52:36.0661 3328 [ 20308CF0675AD7CE5AAA6712DB823216 ] C:\Program Files\Windows Defender\MpClient.dll
16:52:36.0661 3328 C:\Program Files\Windows Defender\MpClient.dll - ok
16:52:36.0677 3328 [ F7FE730CE31B54145DEE1F1482BCCDD7 ] C:\Windows\System32\ndiscapCfg.dll
16:52:36.0677 3328 C:\Windows\System32\ndiscapCfg.dll - ok
16:52:36.0692 3328 [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\System32\mprapi.dll
16:52:36.0692 3328 C:\Windows\System32\mprapi.dll - ok
16:52:36.0708 3328 [ 761A3A4038C1FD4F5795427907C28484 ] C:\Windows\System32\rascfg.dll
16:52:36.0708 3328 C:\Windows\System32\rascfg.dll - ok
16:52:36.0724 3328 [ 9A7B54D57594233EEB17892BAD309970 ] C:\Windows\System32\mprmsg.dll
16:52:36.0724 3328 C:\Windows\System32\mprmsg.dll - ok
16:52:36.0739 3328 [ CAFC0B884E5590B5E80D84F592388B3D ] C:\Windows\System32\tcpipcfg.dll
16:52:36.0739 3328 C:\Windows\System32\tcpipcfg.dll - ok
16:52:36.0755 3328 [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\System32\pautoenr.dll
16:52:36.0755 3328 C:\Windows\System32\pautoenr.dll - ok
16:52:36.0770 3328 [ 61B1ED5F429EFAC7E2036769870AB93E ] C:\Windows\System32\certcli.dll
16:52:36.0770 3328 C:\Windows\System32\certcli.dll - ok
16:52:36.0786 3328 [ 4CCF86AAD1B67168FB51A477307EC288 ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\DrUpdate.dll
16:52:36.0786 3328 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\DrUpdate.dll - ok
16:52:36.0802 3328 [ 29BC473072568C072EC8B176498DE996 ] C:\Windows\System32\CertEnroll.dll
16:52:36.0802 3328 C:\Windows\System32\CertEnroll.dll - ok
16:52:36.0817 3328 [ 971A36C4827AD1AE2A54E6407478921A ] C:\Windows\System32\spp.dll
16:52:36.0817 3328 C:\Windows\System32\spp.dll - ok
16:52:36.0833 3328 [ AA376FE53D239EC404AD28AA14F33564 ] C:\Windows\System32\srclient.dll
16:52:36.0833 3328 C:\Windows\System32\srclient.dll - ok
16:52:36.0848 3328 [ C9B89E87CB6D87FA4CC3F04EBC9F3D1C ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wrpint.dll
16:52:36.0848 3328 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wrpint.dll - ok
16:52:36.0864 3328 [ BBED6A14692C48279F88B3127206A1BA ] C:\Windows\System32\sxsstore.dll
16:52:36.0864 3328 C:\Windows\System32\sxsstore.dll - ok
16:52:36.0880 3328 [ 78DE417B7921DACA072059E6BF410FC7 ] C:\Windows\System32\wshnetbs.dll
16:52:36.0880 3328 C:\Windows\System32\wshnetbs.dll - ok
16:52:36.0895 3328 [ 665748B8F1770EFE09AC75D8EC020100 ] C:\Windows\servicing\CbsApi.dll
16:52:36.0895 3328 C:\Windows\servicing\CbsApi.dll - ok
16:52:36.0911 3328 [ 6F6759407B843B99E0367036632EC798 ] C:\Windows\System32\HelpPaneProxy.dll
16:52:36.0911 3328 C:\Windows\System32\HelpPaneProxy.dll - ok
16:52:36.0926 3328 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
16:52:36.0926 3328 C:\Windows\System32\dllhost.exe - ok
16:52:36.0942 3328 [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
16:52:36.0942 3328 C:\Windows\System32\IDStore.dll - ok
16:52:36.0958 3328 [ 8D82A1DB500C559B0128256444B588E3 ] C:\Program Files\Asus\InstantOn for EPC\InsOnWMI.exe
16:52:36.0958 3328 C:\Program Files\Asus\InstantOn for EPC\InsOnWMI.exe - ok
16:52:36.0973 3328 [ 7853D2AB445C10F97610B2B05FA4CF0A ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
16:52:36.0973 3328 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
16:52:36.0989 3328 [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
16:52:36.0989 3328 C:\Windows\System32\PlaySndSrv.dll - ok
16:52:37.0004 3328 [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
16:52:37.0004 3328 C:\Windows\System32\MsCtfMonitor.dll - ok
16:52:37.0020 3328 [ 61AC3EFDFACFDD3F0F11DD4FD4044223 ] C:\Windows\System32\userinit.exe
16:52:37.0020 3328 C:\Windows\System32\userinit.exe - ok
16:52:37.0036 3328 [ 56CEED370508F69A1BA04939BD1BADDA ] C:\Windows\System32\msutb.dll
16:52:37.0036 3328 C:\Windows\System32\msutb.dll - ok
16:52:37.0051 3328 [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll
16:52:37.0051 3328 C:\Windows\System32\radardt.dll - ok
16:52:37.0067 3328 [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
16:52:37.0067 3328 C:\Windows\System32\dwm.exe - ok
16:52:37.0082 3328 [ 754AFC50022C95DA7C86B7020DB78136 ] C:\Windows\System32\dwmredir.dll
16:52:37.0082 3328 C:\Windows\System32\dwmredir.dll - ok
16:52:37.0098 3328 [ 497E59D9F01C6F247E72222A61835119 ] C:\Windows\System32\dwmcore.dll
16:52:37.0098 3328 C:\Windows\System32\dwmcore.dll - ok
16:52:37.0114 3328 [ 8B88EBBB05A0E56B7DCC708498C02B3E ] C:\Windows\explorer.exe
16:52:37.0114 3328 C:\Windows\explorer.exe - ok
16:52:37.0129 3328 [ 2DE90400A63818FA38C4C5C9ADB166BF ] C:\Windows\System32\d3d10_1.dll
16:52:37.0129 3328 C:\Windows\System32\d3d10_1.dll - ok
16:52:37.0145 3328 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\System32\ExplorerFrame.dll
16:52:37.0145 3328 C:\Windows\System32\ExplorerFrame.dll - ok
16:52:37.0160 3328 [ 9C36A3CA80F9B204C670336D344F5DF8 ] C:\Windows\System32\d3d10_1core.dll
16:52:37.0160 3328 C:\Windows\System32\d3d10_1core.dll - ok
16:52:37.0176 3328 [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\System32\dxgi.dll
16:52:37.0176 3328 C:\Windows\System32\dxgi.dll - ok
16:52:37.0192 3328 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\System32\cmd.exe
16:52:37.0192 3328 C:\Windows\System32\cmd.exe - ok
16:52:37.0207 3328 [ F36B7461FECDCF763FDEFA3A3352CD45 ] C:\Windows\System32\cscript.exe
16:52:37.0207 3328 C:\Windows\System32\cscript.exe - ok
16:52:37.0223 3328 [ 4071D132E66ACDA3776F1FEAD19E6E01 ] C:\Windows\System32\vbscript.dll
16:52:37.0223 3328 C:\Windows\System32\vbscript.dll - ok
16:52:37.0238 3328 [ C5413BC4F10CEB4C3070BBF04D324117 ] C:\Windows\System32\msisip.dll
16:52:37.0238 3328 C:\Windows\System32\msisip.dll - ok
16:52:37.0254 3328 [ E8F6851E4600CD3674422487EE240941 ] C:\Windows\System32\wshext.dll
16:52:37.0254 3328 C:\Windows\System32\wshext.dll - ok
16:52:37.0270 3328 [ D4DAFC3E4E08905F43081216E30523CF ] C:\PROGRA~1\Asus\ASUSWE~1\30108~1.222\AsusWSShellExt.dll
16:52:37.0270 3328 C:\PROGRA~1\Asus\ASUSWE~1\30108~1.222\AsusWSShellExt.dll - ok
16:52:37.0285 3328 [ 2D542FEEEE1644365BCE3327E91A5798 ] C:\Windows\System32\scrobj.dll
16:52:37.0285 3328 C:\Windows\System32\scrobj.dll - ok
16:52:37.0285 3328 [ 244C6722289F4869068992FD7D8A8832 ] C:\Windows\System32\wbem\wbemdisp.dll
16:52:37.0301 3328 C:\Windows\System32\wbem\wbemdisp.dll - ok
16:52:37.0301 3328 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
16:52:37.0301 3328 C:\Windows\System32\EhStorShell.dll - ok
16:52:37.0316 3328 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\System32\ntshrui.dll
16:52:37.0316 3328 C:\Windows\System32\ntshrui.dll - ok
16:52:37.0332 3328 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\System32\cscapi.dll
16:52:37.0332 3328 C:\Windows\System32\cscapi.dll - ok
16:52:37.0348 3328 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
16:52:37.0348 3328 C:\Windows\System32\IconCodecService.dll - ok
16:52:37.0363 3328 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\System32\runonce.exe
16:52:37.0363 3328 C:\Windows\System32\runonce.exe - ok
16:52:37.0379 3328 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll
16:52:37.0379 3328 C:\Windows\System32\aelupsvc.dll - ok
16:52:37.0394 3328 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\System32\ieframe.dll
16:52:37.0394 3328 C:\Windows\System32\ieframe.dll - ok
16:52:37.0410 3328 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\System32\oleacc.dll
16:52:37.0410 3328 C:\Windows\System32\oleacc.dll - ok
16:52:37.0426 3328 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\System32\shdocvw.dll
16:52:37.0426 3328 C:\Windows\System32\shdocvw.dll - ok
16:52:37.0441 3328 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
16:52:37.0441 3328 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
16:52:37.0457 3328 [ 74AF6AA2E8B3180AADAE5FE8813CB1CD ] C:\Windows\System32\localspl.dll
16:52:37.0457 3328 C:\Windows\System32\localspl.dll - ok
16:52:37.0472 3328 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
16:52:37.0472 3328 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
16:52:37.0488 3328 [ 629181C26A78EB66B0B4E774E5AC2882 ] C:\Windows\System32\spoolss.dll
16:52:37.0488 3328 C:\Windows\System32\spoolss.dll - ok
16:52:37.0504 3328 [ 03CF941D031F30272D3063E5A4D686F5 ] C:\Windows\System32\PrintIsolationProxy.dll
16:52:37.0504 3328 C:\Windows\System32\PrintIsolationProxy.dll - ok
16:52:37.0519 3328 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\System32\msi.dll
16:52:37.0519 3328 C:\Windows\System32\msi.dll - ok
16:52:37.0535 3328 [ 126F8331BD023178C7F0EF2F5EDE16B3 ] C:\Windows\System32\FXSMON.dll
16:52:37.0535 3328 C:\Windows\System32\FXSMON.dll - ok
16:52:37.0550 3328 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\System32\dssenh.dll
16:52:37.0550 3328 C:\Windows\System32\dssenh.dll - ok
16:52:37.0566 3328 [ B390C1D825C7687493BEDE237C6C2F25 ] C:\Windows\System32\tcpmon.dll
16:52:37.0566 3328 C:\Windows\System32\tcpmon.dll - ok
16:52:37.0582 3328 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\System32\snmpapi.dll
16:52:37.0582 3328 C:\Windows\System32\snmpapi.dll - ok
16:52:37.0597 3328 [ 6357E2B68753A1F5CF4A68A25C4FD14A ] C:\Windows\System32\wsnmp32.dll
16:52:37.0597 3328 C:\Windows\System32\wsnmp32.dll - ok
16:52:37.0613 3328 [ 923CDD30092DB73EC4A0EBCDDD16C686 ] C:\Windows\System32\usbmon.dll
16:52:37.0613 3328 C:\Windows\System32\usbmon.dll - ok
16:52:37.0628 3328 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
16:52:37.0628 3328 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
16:52:37.0644 3328 [ A8EB761DE499242BECF153B2B34F020E ] C:\Windows\System32\WSDMon.dll
16:52:37.0644 3328 C:\Windows\System32\WSDMon.dll - ok
16:52:37.0660 3328 [ 73F6C5223F7E9B5780DD4A6C30FCF569 ] C:\Windows\System32\WSDApi.dll
16:52:37.0660 3328 C:\Windows\System32\WSDApi.dll - ok
16:52:37.0675 3328 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\System32\mstask.dll
16:52:37.0675 3328 C:\Windows\System32\mstask.dll - ok
16:52:37.0691 3328 [ DB846EECA70EE9D2E2FF31147C57B0F4 ] C:\Windows\System32\webservices.dll
16:52:37.0691 3328 C:\Windows\System32\webservices.dll - ok
16:52:37.0706 3328 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Tom\AppData\Local\Temp\604718B9-A7C4-48AE-A311-08CAF19CEFE9.exe
16:52:37.0706 3328 C:\Users\Tom\AppData\Local\Temp\604718B9-A7C4-48AE-A311-08CAF19CEFE9.exe - ok
16:52:37.0722 3328 [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\System32\fundisc.dll
16:52:37.0722 3328 C:\Windows\System32\fundisc.dll - ok
16:52:37.0738 3328 [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\System32\fdPnp.dll
16:52:37.0738 3328 C:\Windows\System32\fdPnp.dll - ok
16:52:37.0753 3328 [ CD72C6406BA561BED6D42CB145E55307 ] C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
16:52:37.0753 3328 C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll - ok
16:52:37.0769 3328 [ BE3953C7DAE4ECC89134CF64A903F8ED ] C:\Windows\System32\win32spl.dll
16:52:37.0769 3328 C:\Windows\System32\win32spl.dll - ok
16:52:37.0784 3328 [ 7E0AB74553476622FB6AE36F73D97D35 ] C:\Windows\System32\drivers\fastfat.sys
16:52:37.0784 3328 C:\Windows\System32\drivers\fastfat.sys - ok
16:52:37.0784 3328 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
16:52:37.0784 3328 C:\Windows\System32\ie4uinit.exe - ok
16:52:37.0800 3328 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
16:52:37.0816 3328 C:\Windows\System32\iedkcs32.dll - ok
16:52:37.0816 3328 [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\System32\timedate.cpl
16:52:37.0816 3328 C:\Windows\System32\timedate.cpl - ok
16:52:37.0831 3328 [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\System32\actxprxy.dll
16:52:37.0831 3328 C:\Windows\System32\actxprxy.dll - ok
16:52:37.0847 3328 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
16:52:37.0847 3328 C:\Windows\System32\linkinfo.dll - ok
16:52:37.0862 3328 [ 661CEEDE98A2E0E5CDD7DE239EB38353 ] C:\PROGRA~1\WIC4A1~1\MESSEN~1\msgslang.dll
16:52:37.0862 3328 C:\PROGRA~1\WIC4A1~1\MESSEN~1\msgslang.dll - ok
16:52:37.0878 3328 [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\System32\msftedit.dll
16:52:37.0878 3328 C:\Windows\System32\msftedit.dll - ok
16:52:37.0894 3328 [ 19BC13711AC403FEB830522E4831701B ] C:\Windows\System32\gameux.dll
16:52:37.0894 3328 C:\Windows\System32\gameux.dll - ok
16:52:37.0909 3328 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\System32\msls31.dll
16:52:37.0909 3328 C:\Windows\System32\msls31.dll - ok
16:52:37.0925 3328 [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
16:52:37.0925 3328 C:\Windows\System32\aeevts.dll - ok
16:52:37.0940 3328 [ D1AB72DB2BEDD2F255D35DA3DA0D4B16 ] C:\Windows\System32\wscript.exe
16:52:37.0940 3328 C:\Windows\System32\wscript.exe - ok
16:52:37.0956 3328 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll
16:52:37.0956 3328 C:\Windows\System32\msiltcfg.dll - ok
16:52:37.0972 3328 [ 452FA961163EF4AEE4815796A13AB2CF ] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
16:52:37.0972 3328 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
16:52:37.0987 3328 [ 2A39F32E0067CBF221611FE1FA8C6D8F ] C:\Windows\System32\DeviceCenter.dll
16:52:37.0987 3328 C:\Windows\System32\DeviceCenter.dll - ok
16:52:38.0003 3328 [ 0F230731D5C7423A78E4D948D192CDC7 ] C:\Windows\System32\AsusSender.exe
16:52:38.0003 3328 C:\Windows\System32\AsusSender.exe - ok
16:52:38.0018 3328 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
16:52:38.0018 3328 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
16:52:38.0034 3328 [ B5D4429FBBF86A05AC2E3A247E32E97F ] C:\Windows\System32\wshom.ocx
16:52:38.0034 3328 C:\Windows\System32\wshom.ocx - ok
16:52:38.0050 3328 [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\System32\networkexplorer.dll
16:52:38.0050 3328 C:\Windows\System32\networkexplorer.dll - ok
16:52:38.0065 3328 [ 9C727D8EC69EA0F0B4BCB4F26EF5688E ] C:\Program Files\Asus\HotkeyService\HotKeyMon.exe
16:52:38.0065 3328 C:\Program Files\Asus\HotkeyService\HotKeyMon.exe - ok
16:52:38.0081 3328 [ 69A1D7C29CFF256BECBD4E39E2159636 ] C:\Windows\System32\scrrun.dll
16:52:38.0081 3328 C:\Windows\System32\scrrun.dll - ok
16:52:38.0096 3328 [ CE5D8B9FD7E811279E3D768D123502D4 ] C:\Program Files\Asus\HotkeyService\HotkeyService.exe
16:52:38.0096 3328 C:\Program Files\Asus\HotkeyService\HotkeyService.exe - ok
16:52:38.0112 3328 [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\System32\drprov.dll
16:52:38.0112 3328 C:\Windows\System32\drprov.dll - ok
16:52:38.0128 3328 [ 382B9E735145F20FB4EDFD81A7E06BBE ] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
16:52:38.0128 3328 C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe - ok
16:52:38.0143 3328 [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\System32\ntlanman.dll
16:52:38.0143 3328 C:\Windows\System32\ntlanman.dll - ok
16:52:38.0159 3328 [ 292E7763BE5097CFA942A0A174231383 ] C:\Program Files\Asus\Eee Docking\Eee Docking.exe
16:52:38.0159 3328 C:\Program Files\Asus\Eee Docking\Eee Docking.exe - ok
16:52:38.0174 3328 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\17826655.sys
16:52:38.0174 3328 C:\Windows\System32\drivers\17826655.sys - ok
16:52:38.0190 3328 [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\System32\davclnt.dll
16:52:38.0190 3328 C:\Windows\System32\davclnt.dll - ok
16:52:38.0206 3328 [ 6D5D995980C430E9FA81039A869737FB ] C:\Program Files\Asus\SHE\SuperHybridEngine.exe
16:52:38.0206 3328 C:\Program Files\Asus\SHE\SuperHybridEngine.exe - ok
16:52:38.0221 3328 [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\System32\davhlpr.dll
16:52:38.0221 3328 C:\Windows\System32\davhlpr.dll - ok
16:52:38.0237 3328 [ D398A7354368DD84CA749D09C03A314D ] C:\Program Files\Asus\CapsHook\CapsHook.exe
16:52:38.0252 3328 C:\Program Files\Asus\CapsHook\CapsHook.exe - ok
16:52:38.0252 3328 [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\System32\thumbcache.dll
16:52:38.0252 3328 C:\Windows\System32\thumbcache.dll - ok
16:52:38.0284 3328 [ 83BC28AC2BFE8CE1717A55AC14E9463E ] C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe
16:52:38.0284 3328 C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe - ok
16:52:38.0284 3328 [ 9C17DCD6DDFEB1A012544FAF4F2789F6 ] C:\Windows\AppPatch\AcGenral.dll
16:52:38.0284 3328 C:\Windows\AppPatch\AcGenral.dll - ok
16:52:38.0299 3328 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\System32\oledlg.dll
16:52:38.0299 3328 C:\Windows\System32\oledlg.dll - ok
16:52:38.0315 3328 [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\System32\esent.dll
16:52:38.0315 3328 C:\Windows\System32\esent.dll - ok
16:52:38.0330 3328 [ 658C60F9EFFF1BF03355C0562CC22CE8 ] C:\Program Files\Asus\CapsHook\Hook.dll
16:52:38.0330 3328 C:\Program Files\Asus\CapsHook\Hook.dll - ok
16:52:38.0346 3328 [ F148865E4AC4F715E322EA06E6E21D84 ] C:\Windows\System32\wbem\NCProv.dll
16:52:38.0346 3328 C:\Windows\System32\wbem\NCProv.dll - ok
16:52:38.0362 3328 [ B9A4DAC2192FD78CDA097BFA79F6E7B2 ] C:\Windows\System32\net.exe
16:52:38.0362 3328 C:\Windows\System32\net.exe - ok
16:52:38.0377 3328 [ 6F4785A8BEFCA2BA6DE09859E5296EAB ] C:\ExpressGateUtil\VAWinAgent.exe
16:52:38.0377 3328 C:\ExpressGateUtil\VAWinAgent.exe - ok
16:52:38.0393 3328 [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\System32\stobject.dll
16:52:38.0393 3328 C:\Windows\System32\stobject.dll - ok
16:52:38.0408 3328 [ 72910F1DEB838E6E08A9017BFB7D4F0B ] C:\Windows\System32\browcli.dll
16:52:38.0408 3328 C:\Windows\System32\browcli.dll - ok
16:52:38.0424 3328 [ 2DA29104E8745CA34E265EE727B7008E ] C:\Program Files\Asus\CapsHook\win7Mes.dll
16:52:38.0424 3328 C:\Program Files\Asus\CapsHook\win7Mes.dll - ok
16:52:38.0440 3328 [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\System32\batmeter.dll
16:52:38.0440 3328 C:\Windows\System32\batmeter.dll - ok
16:52:38.0455 3328 [ 521E1B7A750660A0C7FEF668AA6F60BD ] C:\Windows\System32\igfxtray.exe
16:52:38.0455 3328 C:\Windows\System32\igfxtray.exe - ok
16:52:38.0471 3328 [ 2041012726EF7C95ED51C15C56545A7F ] C:\Windows\System32\net1.exe
16:52:38.0471 3328 C:\Windows\System32\net1.exe - ok
16:52:38.0486 3328 [ 6EB354A815DD94FE9B6A753E519ED771 ] C:\Windows\System32\hccutils.dll
16:52:38.0486 3328 C:\Windows\System32\hccutils.dll - ok
16:52:38.0502 3328 [ 3F6126D5EDF79E4223580FF6ED9A4E66 ] C:\Windows\System32\hkcmd.exe
16:52:38.0502 3328 C:\Windows\System32\hkcmd.exe - ok
16:52:38.0518 3328 [ A790401C6DAA98A1BDC99D982EACF299 ] C:\Program Files\Asus\LiveUpdate\Win7.dll
16:52:38.0518 3328 C:\Program Files\Asus\LiveUpdate\Win7.dll - ok
16:52:38.0533 3328 [ 57BC4D3A4FE98D9114F7C8E5EE7F5E82 ] C:\Windows\System32\igfxpers.exe
16:52:38.0533 3328 C:\Windows\System32\igfxpers.exe - ok
16:52:38.0549 3328 [ 3977E6AB25446D645487F313E5E14E06 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
16:52:38.0549 3328 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe - ok
16:52:38.0564 3328 [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\System32\prnfldr.dll
16:52:38.0564 3328 C:\Windows\System32\prnfldr.dll - ok
16:52:38.0580 3328 [ 373744D6ECDA3A1ADD07C0293336A0BC ] C:\Windows\System32\igfxsrvc.exe
16:52:38.0580 3328 C:\Windows\System32\igfxsrvc.exe - ok
16:52:38.0596 3328 [ B3D7415F3B70719D18AF64A1E38B0A9B ] C:\Program Files\Asus\HotkeyService\ETD8\ETDApi.dll
16:52:38.0596 3328 C:\Program Files\Asus\HotkeyService\ETD8\ETDApi.dll - ok
16:52:38.0611 3328 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:52:38.0611 3328 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - ok
16:52:38.0627 3328 [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\System32\fdProxy.dll
16:52:38.0627 3328 C:\Windows\System32\fdProxy.dll - ok
16:52:38.0642 3328 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\System32\dsound.dll
16:52:38.0642 3328 C:\Windows\System32\dsound.dll - ok
16:52:38.0658 3328 [ 186183EC3308BDF07B7DFE8963B4DBDE ] C:\Program Files\Elantech\ETDCtrl.exe
16:52:38.0658 3328 C:\Program Files\Elantech\ETDCtrl.exe - ok
16:52:38.0674 3328 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
16:52:38.0674 3328 C:\Windows\System32\msimg32.dll - ok
16:52:38.0689 3328 [ ADDB05C93272A62606599B24730BD645 ] C:\Windows\System32\DXP.dll
16:52:38.0689 3328 C:\Windows\System32\DXP.dll - ok
16:52:38.0705 3328 [ 6D6596E046CA6A61DE250AD3A281A1AF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
16:52:38.0705 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll - ok
16:52:38.0720 3328 [ 24F581A1DF204B8B99E60D94365FEE88 ] C:\Windows\System32\igfxsrvc.dll
16:52:38.0720 3328 C:\Windows\System32\igfxsrvc.dll - ok
16:52:38.0736 3328 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
16:52:38.0736 3328 C:\Windows\System32\Syncreg.dll - ok
16:52:38.0752 3328 [ 7C745B8D7B6117049993AC3F356272A3 ] C:\Windows\System32\igfxdev.dll
16:52:38.0752 3328 C:\Windows\System32\igfxdev.dll - ok
16:52:38.0767 3328 [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\System32\netshell.dll
16:52:38.0767 3328 C:\Windows\System32\netshell.dll - ok
16:52:38.0783 3328 [ 69E3FD7E997786B1F1CD8623CCD49FD1 ] C:\Program Files\Elantech\ETDFavorite.dll
16:52:38.0783 3328 C:\Program Files\Elantech\ETDFavorite.dll - ok
16:52:38.0798 3328 [ 2A72853494912BB034AF7AC1C86EC04E ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
16:52:38.0798 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll - ok
16:52:38.0814 3328 [ 8C13EB96AAE5F2AA73A2625F3D6F2809 ] C:\Program Files\Elantech\ETDApix.dll
16:52:38.0814 3328 C:\Program Files\Elantech\ETDApix.dll - ok
16:52:38.0830 3328 [ 82685F1428D91993698FAA35D388CD59 ] C:\Windows\System32\RTCOM\RtkCfg.dll
16:52:38.0830 3328 C:\Windows\System32\RTCOM\RtkCfg.dll - ok
16:52:38.0845 3328 [ 909F7E4E596E3AECF98FD8F8F3D938F9 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4170589952ce47191488bce500678b00\PresentationFontCache.ni.exe
16:52:38.0845 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4170589952ce47191488bce500678b00\PresentationFontCache.ni.exe - ok
16:52:38.0861 3328 [ 72A487988ADCACD6A89B5F1B68D8DA33 ] C:\Program Files\Elantech\ETDCmds.dll
16:52:38.0861 3328 C:\Program Files\Elantech\ETDCmds.dll - ok
16:52:38.0876 3328 [ 86D3BEA2B995DCEA877D25725D77DC5E ] C:\Program Files\Asus\APRP\aprp.exe
16:52:38.0876 3328 C:\Program Files\Asus\APRP\aprp.exe - ok
16:52:38.0876 3328 [ AC6A3801F3CDE7EB41B3F52E9B0A1C2B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
16:52:38.0876 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll - ok
16:52:38.0892 3328 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
16:52:38.0892 3328 C:\Windows\System32\AltTab.dll - ok
16:52:38.0908 3328 [ E29AB6E82F33ECCD8C35BDCA309DD07F ] C:\Windows\System32\igfxrenu.lrc
16:52:38.0908 3328 C:\Windows\System32\igfxrenu.lrc - ok
16:52:38.0923 3328 [ 68CE18072E9CDFE63DD2E083868C7433 ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
16:52:38.0939 3328 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
16:52:38.0939 3328 [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\System32\WPDShServiceObj.dll
16:52:38.0939 3328 C:\Windows\System32\WPDShServiceObj.dll - ok
16:52:38.0970 3328 [ 30B94A855F4C86212F98BB184A30CA96 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
16:52:38.0970 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll - ok
16:52:38.0970 3328 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
16:52:38.0970 3328 C:\Windows\System32\PortableDeviceTypes.dll - ok
16:52:39.0001 3328 [ 2F03490092C032392FB6FF635222B9B2 ] C:\Windows\System32\apisetschema.dll
16:52:39.0001 3328 C:\Windows\System32\apisetschema.dll - ok
16:52:39.0001 3328 [ E62925E3D5DA0D7EDB665A0DF39D2406 ] C:\Windows\System32\GfxUI.exe
16:52:39.0001 3328 C:\Windows\System32\GfxUI.exe - ok
16:52:39.0032 3328 [ F4EF0EB258A9755B92DA45466F0ED4F4 ] C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe
16:52:39.0032 3328 C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe - ok
16:52:39.0048 3328 [ 858716CED10DBBF0BC5748F71ED2F59D ] C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
16:52:39.0048 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll - ok
16:52:39.0064 3328 [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\System32\pnidui.dll
16:52:39.0064 3328 C:\Windows\System32\pnidui.dll - ok
16:52:39.0079 3328 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\System32\shfolder.dll
16:52:39.0079 3328 C:\Windows\System32\shfolder.dll - ok
16:52:39.0095 3328 [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\System32\QUTIL.DLL
16:52:39.0095 3328 C:\Windows\System32\QUTIL.DLL - ok
16:52:39.0095 3328 [ 43104328E99680FCF282E71CC45CB5D2 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
16:52:39.0095 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll - ok
16:52:39.0110 3328 [ 9170C065FC76758E5D317B8FBA884F0C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
16:52:39.0110 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll - ok
16:52:39.0126 3328 [ CC4AFC9516DD3BBC3B4478B256F2167D ] C:\Windows\System32\igfxress.dll
16:52:39.0126 3328 C:\Windows\System32\igfxress.dll - ok
16:52:39.0142 3328 [ AEDDFD540E3E6BECDB14C30D1F12B78A ] C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
16:52:39.0142 3328 C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
16:52:39.0157 3328 [ 40B28FBD1E4DEF0910E2AC3EAE4D43CF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
16:52:39.0157 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll - ok
16:52:39.0173 3328 [ DDFBFD8959F32AC0CF3947F36BAC3081 ] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
16:52:39.0173 3328 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll - ok
16:52:39.0188 3328 [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\System32\srchadmin.dll
16:52:39.0188 3328 C:\Windows\System32\srchadmin.dll - ok
16:52:39.0204 3328 [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\System32\bthprops.cpl
16:52:39.0204 3328 C:\Windows\System32\bthprops.cpl - ok
16:52:39.0220 3328 [ 7E1B0C85B7347D9391FE60F6DADFDDF0 ] C:\Program Files\Microsoft Security Client\msseces.exe
16:52:39.0220 3328 C:\Program Files\Microsoft Security Client\msseces.exe - ok
16:52:39.0235 3328 [ 972DCC74D4CDCB64086E7CFACBDB74CB ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
16:52:39.0235 3328 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
16:52:39.0251 3328 [ E5CFEBA7AACE574A932E22D39F05B4D8 ] C:\Program Files\Elantech\ETDCtrlHelper.exe
16:52:39.0251 3328 C:\Program Files\Elantech\ETDCtrlHelper.exe - ok
16:52:39.0266 3328 [ F32CBBB62256899E253E6A0A87FEF238 ] C:\Program Files\Asus\USBChargeSetting\iSeriesCharge.exe
16:52:39.0266 3328 C:\Program Files\Asus\USBChargeSetting\iSeriesCharge.exe - ok
16:52:39.0282 3328 [ 08E420D873E4FD85241EE2421B02C4A4 ] C:\Windows\System32\wersvc.dll
16:52:39.0282 3328 C:\Windows\System32\wersvc.dll - ok
16:52:39.0298 3328 [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\System32\SearchIndexer.exe
16:52:39.0298 3328 C:\Windows\System32\SearchIndexer.exe - ok
16:52:39.0313 3328 [ 9A39A2A5F443A756C568C6ED5748AFE4 ] C:\Windows\System32\ActionCenter.dll
16:52:39.0313 3328 C:\Windows\System32\ActionCenter.dll - ok
16:52:39.0344 3328 [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
16:52:39.0344 3328 C:\Windows\System32\FXSST.dll - ok
16:52:39.0344 3328 [ 96C70BD48D49B87475F4572DEDC62EB9 ] C:\Windows\AppPatch\AcLayers.dll
16:52:39.0344 3328 C:\Windows\AppPatch\AcLayers.dll - ok
16:52:39.0360 3328 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\System32\security.dll
16:52:39.0360 3328 C:\Windows\System32\security.dll - ok
16:52:39.0376 3328 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
16:52:39.0376 3328 C:\Windows\System32\FXSAPI.dll - ok
16:52:39.0391 3328 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
16:52:39.0391 3328 C:\Windows\System32\FXSRESM.dll - ok
16:52:39.0407 3328 [ 0DCA6A11D09D4C2CBE6B898B897EA915 ] C:\Windows\System32\UIAnimation.dll
16:52:39.0407 3328 C:\Windows\System32\UIAnimation.dll - ok
16:52:39.0422 3328 [ 967EA5B213E9984CBE270205DF37755B ] C:\Windows\System32\FXSSVC.exe
16:52:39.0422 3328 C:\Windows\System32\FXSSVC.exe - ok
16:52:39.0438 3328 [ 21A797406C0D2EDC9DE08BDBBE2EEFB9 ] C:\Program Files\Asus\AsusVibe\AsusVibe2.0.exe
16:52:39.0438 3328 C:\Program Files\Asus\AsusVibe\AsusVibe2.0.exe - ok
16:52:39.0454 3328 [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\System32\tquery.dll
16:52:39.0454 3328 C:\Windows\System32\tquery.dll - ok
16:52:39.0469 3328 [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\System32\mssrch.dll
16:52:39.0469 3328 C:\Windows\System32\mssrch.dll - ok
16:52:39.0485 3328 [ CB67C2B94302DC94BC15ED6553A5C1C7 ] C:\Windows\System32\wbem\cimwin32.dll
16:52:39.0485 3328 C:\Windows\System32\wbem\cimwin32.dll - ok
16:52:39.0500 3328 [ 84FA403E67CCF1A031FAEB39A091A7C0 ] C:\Windows\System32\en-US\cmd.exe.mui
16:52:39.0500 3328 C:\Windows\System32\en-US\cmd.exe.mui - ok
16:52:39.0516 3328 [ D0481FB85BEEDD30A0884BE327880F80 ] C:\Windows\System32\framedynos.dll
16:52:39.0516 3328 C:\Windows\System32\framedynos.dll - ok
16:52:39.0532 3328 [ 0CAED8C2A5A594AFC49EDB74D241EC9F ] C:\Windows\System32\en-US\KernelBase.dll.mui
16:52:39.0532 3328 C:\Windows\System32\en-US\KernelBase.dll.mui - ok
16:52:39.0547 3328 [ A45CB10FC8C4DCA23F96FE4D334F64FE ] C:\Windows\System32\msxml3r.dll
16:52:39.0547 3328 C:\Windows\System32\msxml3r.dll - ok
16:52:39.0563 3328 [ 6C224341DA1C2F05A1E4A08D0973619C ] C:\Windows\System32\en-US\cscript.exe.mui
16:52:39.0563 3328 C:\Windows\System32\en-US\cscript.exe.mui - ok
16:52:39.0578 3328 [ B39B8CC163C41B12FE83E777199F3378 ] C:\Windows\System32\tzres.dll
16:52:39.0578 3328 C:\Windows\System32\tzres.dll - ok
16:52:39.0594 3328 [ CE9191729CD550E871494CBA6ADCA112 ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
16:52:39.0594 3328 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
16:52:39.0610 3328 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
16:52:39.0610 3328 C:\Windows\System32\netman.dll - ok
16:52:39.0625 3328 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\System32\msidle.dll
16:52:39.0625 3328 C:\Windows\System32\msidle.dll - ok
16:52:39.0641 3328 [ 5EDD0DCAA03E6DD4477A9F2D9C7D6FD3 ] C:\Program Files\Microsoft Security Client\en-us\MsMpRes.dll.mui
16:52:39.0641 3328 C:\Program Files\Microsoft Security Client\en-us\MsMpRes.dll.mui - ok
16:52:39.0656 3328 [ 907281ED4AD35D41B29FFDC211EBAD80 ] C:\Windows\System32\wmi.dll
16:52:39.0656 3328 C:\Windows\System32\wmi.dll - ok
16:52:39.0672 3328 [ 647665442048D8FE581BF3D42ABBF49A ] C:\Windows\System32\en-US\shell32.dll.mui
16:52:39.0672 3328 C:\Windows\System32\en-US\shell32.dll.mui - ok
16:52:39.0688 3328 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
16:52:39.0688 3328 C:\Windows\System32\rasdlg.dll - ok
16:52:39.0703 3328 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\System32\mssprxy.dll
16:52:39.0703 3328 C:\Windows\System32\mssprxy.dll - ok
16:52:39.0719 3328 [ 9ABDDAECCA28054BAEA1A4A1912F6819 ] C:\Windows\System32\en-US\conhost.exe.mui
16:52:39.0719 3328 C:\Windows\System32\en-US\conhost.exe.mui - ok
16:52:39.0734 3328 [ A42E7748BE906434C5FD17161D168C20 ] C:\Windows\System32\schedcli.dll
16:52:39.0734 3328 C:\Windows\System32\schedcli.dll - ok
16:52:39.0750 3328 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft Security Client\SqmApi.dll
16:52:39.0750 3328 C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
16:52:39.0766 3328 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\System32\en-US\tquery.dll.mui
16:52:39.0766 3328 C:\Windows\System32\en-US\tquery.dll.mui - ok
16:52:39.0781 3328 [ 04B88428A872390D235BE52D38A9D4EF ] C:\Windows\System32\dot3api.dll
16:52:39.0781 3328 C:\Windows\System32\dot3api.dll - ok
16:52:39.0797 3328 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
16:52:39.0797 3328 C:\Windows\System32\wlanhlp.dll - ok
16:52:39.0812 3328 [ 4201B963DB8A56DF7CEDFC9182E1CA29 ] C:\Windows\System32\wbem\wbemdisp.tlb
16:52:39.0812 3328 C:\Windows\System32\wbem\wbemdisp.tlb - ok
16:52:39.0828 3328 [ 89F4D0DD6606A2FE15931E6888DBBC8D ] C:\Windows\System32\stdole2.tlb
16:52:39.0828 3328 C:\Windows\System32\stdole2.tlb - ok
16:52:39.0844 3328 [ 53683A331F8A1BB20ADD0330F1DE6388 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
16:52:39.0844 3328 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
16:52:39.0859 3328 [ D9B5DD4A0F8B2FF78169FD595D3666BF ] C:\Windows\System32\en-US\vbscript.dll.mui
16:52:39.0859 3328 C:\Windows\System32\en-US\vbscript.dll.mui - ok
16:52:39.0875 3328 [ 9E5868DB59C6D8E949F724DBBC639A31 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
16:52:39.0875 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll - ok
16:52:39.0890 3328 [ E1AC89F6C5252057E6062843E36A6701 ] C:\Windows\System32\SearchProtocolHost.exe
16:52:39.0890 3328 C:\Windows\System32\SearchProtocolHost.exe - ok
16:52:39.0906 3328 [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll
16:52:39.0906 3328 C:\Windows\System32\WWanAPI.dll - ok
16:52:39.0922 3328 [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll
16:52:39.0922 3328 C:\Windows\System32\wwapi.dll - ok
16:52:39.0937 3328 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
16:52:39.0937 3328 C:\Windows\System32\webcheck.dll - ok
16:52:39.0953 3328 [ 1A1AD07741376454410B61AF233862B3 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
16:52:39.0953 3328 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll - ok
16:52:39.0968 3328 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
16:52:39.0968 3328 C:\Windows\System32\mlang.dll - ok
16:52:39.0984 3328 [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\System32\QAGENT.DLL
16:52:39.0984 3328 C:\Windows\System32\QAGENT.DLL - ok
16:52:40.0000 3328 [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\System32\SyncCenter.dll
16:52:40.0000 3328 C:\Windows\System32\SyncCenter.dll - ok
16:52:40.0015 3328 [ A63445AE437CDFE13570B8AEAE3514C3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
16:52:40.0015 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll - ok
16:52:40.0031 3328 [ 7797A2D649B58275046114E0E42EED70 ] C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui
16:52:40.0031 3328 C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui - ok
16:52:40.0046 3328 [ 35CAB7CF3754C41AEB69DCE1D5ACA5A4 ] C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
16:52:40.0046 3328 C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - ok
16:52:40.0062 3328 [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\System32\imapi2.dll
16:52:40.0062 3328 C:\Windows\System32\imapi2.dll - ok
16:52:40.0078 3328 [ C3C01CFA76D17DDA3AA4A3B49FA53C5D ] C:\Program Files\Asus\AsusVibe\GetMulStr.dll
16:52:40.0078 3328 C:\Program Files\Asus\AsusVibe\GetMulStr.dll - ok
16:52:40.0093 3328 [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\System32\hgcpl.dll
16:52:40.0093 3328 C:\Windows\System32\hgcpl.dll - ok
16:52:40.0109 3328 [ 18A76011F2C57E0981DDAA94E6F36936 ] C:\Program Files\Asus\AsusVibe\GetAsusInfomation.dll
16:52:40.0109 3328 C:\Program Files\Asus\AsusVibe\GetAsusInfomation.dll - ok
16:52:40.0124 3328 [ 8F8AB20AA863EA95A421B9D54C74F20C ] C:\Program Files\Windows Media Player\wmpnssci.dll
16:52:40.0124 3328 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
16:52:40.0140 3328 [ A5D237B8673025B052C0E6FDB6A883E8 ] C:\Windows\System32\msshooks.dll
16:52:40.0140 3328 C:\Windows\System32\msshooks.dll - ok
16:52:40.0156 3328 [ F3222C893BD2F5821A0179E5C71E88FB ] C:\Windows\System32\fdPHost.dll
16:52:40.0156 3328 C:\Windows\System32\fdPHost.dll - ok
16:52:40.0156 3328 [ 1957D49A9613FAAD1C73B508CCE02AA5 ] C:\Windows\System32\wmp.dll
16:52:40.0156 3328 C:\Windows\System32\wmp.dll - ok
16:52:40.0171 3328 [ A6CD6B3F71E13E2E45B727FB8A47EA87 ] C:\Windows\System32\SearchFilterHost.exe
16:52:40.0171 3328 C:\Windows\System32\SearchFilterHost.exe - ok
16:52:40.0187 3328 [ 2CDB083831BD46723FFE24CD7764DEC3 ] C:\Program Files\Asus\LiveUpdate\ClientSocket.dll
16:52:40.0187 3328 C:\Program Files\Asus\LiveUpdate\ClientSocket.dll - ok
16:52:40.0202 3328 [ DE6F4B7E62FDE776F3DE8E5FB5A05C48 ] C:\Windows\System32\fdWSD.dll
16:52:40.0202 3328 C:\Windows\System32\fdWSD.dll - ok
16:52:40.0218 3328 [ 44AAC018DCC8430510AE138DA7821E06 ] C:\Program Files\Asus\LiveUpdate\Parser.dll
16:52:40.0218 3328 C:\Program Files\Asus\LiveUpdate\Parser.dll - ok
16:52:40.0234 3328 [ 0FBC74AA20FE0AE6884279F893169C60 ] C:\Windows\System32\wmploc.DLL
16:52:40.0234 3328 C:\Windows\System32\wmploc.DLL - ok
16:52:40.0249 3328 [ 3A8C8A7EBDFF09BFE3CDBC3E5B1B1170 ] C:\Program Files\Asus\LiveUpdate\Enumeration.dll
16:52:40.0249 3328 C:\Program Files\Asus\LiveUpdate\Enumeration.dll - ok
16:52:40.0265 3328 [ 674611721264013DB169EC12AFC9C3B6 ] C:\Windows\System32\fdSSDP.dll
16:52:40.0265 3328 C:\Windows\System32\fdSSDP.dll - ok
16:52:40.0280 3328 [ E26C32401A6CC046C7AEFAE3A287D842 ] C:\Windows\System32\en-US\wmploc.DLL.mui
16:52:40.0280 3328 C:\Windows\System32\en-US\wmploc.DLL.mui - ok
16:52:40.0296 3328 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] C:\Windows\System32\FntCache.dll
16:52:40.0296 3328 C:\Windows\System32\FntCache.dll - ok
16:52:40.0312 3328 [ 230EA9ABBC3432CDE388F4891E76E867 ] C:\Windows\System32\udhisapi.dll
16:52:40.0312 3328 C:\Windows\System32\udhisapi.dll - ok
16:52:40.0327 3328 [ 6F0FD4970BE29EE7EF2DE90C45FB92F3 ] C:\Program Files\Asus\LiveUpdate\MultiLanguageString.dll
16:52:40.0327 3328 C:\Program Files\Asus\LiveUpdate\MultiLanguageString.dll - ok
16:52:40.0343 3328 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] C:\Windows\System32\FDResPub.dll
16:52:40.0343 3328 C:\Windows\System32\FDResPub.dll - ok
16:52:40.0358 3328 [ 7AD79EBF2915BB6C9B821932D8D90879 ] C:\Program Files\Mozilla Firefox\freebl3.dll
16:52:40.0358 3328 C:\Program Files\Mozilla Firefox\freebl3.dll - ok
16:52:40.0374 3328 [ DB67C7C62038BDE813CB6486581A7611 ] C:\Windows\System32\mssph.dll
16:52:40.0374 3328 C:\Windows\System32\mssph.dll - ok
16:52:40.0390 3328 [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6 ] C:\Windows\System32\mapi32.dll
16:52:40.0390 3328 C:\Windows\System32\mapi32.dll - ok
16:52:40.0405 3328 [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\System32\httpapi.dll
16:52:40.0405 3328 C:\Windows\System32\httpapi.dll - ok
16:52:40.0421 3328 [ F1EC4DF011B474F0D45344F9577306F4 ] C:\Program Files\Asus\LiveUpdate\EeeStorageCommander.exe
16:52:40.0421 3328 C:\Program Files\Asus\LiveUpdate\EeeStorageCommander.exe - ok
16:52:40.0436 3328 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] C:\Program Files\Windows Media Player\wmpnetwk.exe
16:52:40.0436 3328 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
16:52:40.0452 3328 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
16:52:40.0452 3328 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
16:52:40.0468 3328 [ 62CBF36E3E10BAA74224BC7A6DD998B5 ] C:\Program Files\Internet Explorer\ieproxy.dll
16:52:40.0468 3328 C:\Program Files\Internet Explorer\ieproxy.dll - ok
16:52:40.0483 3328 [ 68FD7967AFC0BBD6F65C08900E35E72F ] C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui
16:52:40.0483 3328 C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui - ok
16:52:40.0499 3328 [ 5CF15474FFDB5005E54958DF6EDD97AB ] C:\Windows\System32\wmdrmdev.dll
16:52:40.0499 3328 C:\Windows\System32\wmdrmdev.dll - ok
16:52:40.0514 3328 [ 47D052D9EE1FD3BA2A55D13F61E3EF24 ] C:\Windows\System32\drmv2clt.dll
16:52:40.0530 3328 C:\Windows\System32\drmv2clt.dll - ok
16:52:40.0530 3328 [ 7221E380FB8BFCF0160B9D4E704E7E77 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
16:52:40.0530 3328 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll - ok
16:52:40.0561 3328 [ 52C875E8F96E4F9E69914A538C129C6E ] C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
16:52:40.0561 3328 C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - ok
16:52:40.0577 3328 [ EA2B00551F3E7B3D5F7FB730A55F8246 ] C:\Windows\System32\blackbox.dll
16:52:40.0577 3328 C:\Windows\System32\blackbox.dll - ok
16:52:40.0592 3328 [ 954EA9B34F155C844B11F4047A8F6F89 ] C:\Windows\System32\upnp.dll
16:52:40.0592 3328 C:\Windows\System32\upnp.dll - ok
16:52:40.0608 3328 [ 3F2B83695E5BF11930C16AF50E991F96 ] C:\Windows\System32\wmpps.dll
16:52:40.0608 3328 C:\Windows\System32\wmpps.dll - ok
16:52:40.0608 3328 [ 7B97346CE563B74BBCC120FC83E5A6D9 ] C:\Windows\System32\wmpmde.dll
16:52:40.0624 3328 C:\Windows\System32\wmpmde.dll - ok
16:52:40.0624 3328 [ 81C0FA250EF6DC1C6B3FA2BCE81D6C2E ] C:\Windows\System32\WinSATAPI.dll
16:52:40.0624 3328 C:\Windows\System32\WinSATAPI.dll - ok
16:52:40.0639 3328 [ C2A9093E56551AACD417926F14F848E8 ] C:\Windows\System32\msxml6r.dll
16:52:40.0639 3328 C:\Windows\System32\msxml6r.dll - ok
16:52:40.0655 3328 [ 330A6E9A4A6FA657EBB094FCD82EFA9D ] C:\Windows\System32\en-US\WinSATAPI.dll.mui
16:52:40.0655 3328 C:\Windows\System32\en-US\WinSATAPI.dll.mui - ok
16:52:40.0670 3328 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\System32\devenum.dll
16:52:40.0670 3328 C:\Windows\System32\devenum.dll - ok
16:52:40.0686 3328 [ 833FBB672460EFCE8011D262175FAD33 ] C:\Windows\System32\upnphost.dll
16:52:40.0686 3328 C:\Windows\System32\upnphost.dll - ok
16:52:40.0702 3328 [ 03AA82C3772DE28C96E4C83A4A07AF61 ] C:\Windows\System32\en-US\FirewallAPI.dll.mui
16:52:40.0702 3328 C:\Windows\System32\en-US\FirewallAPI.dll.mui - ok
16:52:40.0717 3328 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
16:52:40.0717 3328 C:\Windows\System32\wsock32.dll - ok
16:52:40.0733 3328 [ B9F4B1CA23D60775736059D72BA48526 ] C:\Windows\en-US\explorer.exe.mui
16:52:40.0733 3328 C:\Windows\en-US\explorer.exe.mui - ok
16:52:40.0748 3328 [ 8499531930C6E51790B08A8314B10918 ] C:\Windows\System32\wbem\en-US\NCProv.dll.mui
16:52:40.0748 3328 C:\Windows\System32\wbem\en-US\NCProv.dll.mui - ok
16:52:40.0764 3328 [ 5B06C9E3C015A64A23863791D4628A7B ] C:\Windows\IME\en-US\SpTip.dll.mui
16:52:40.0764 3328 C:\Windows\IME\en-US\SpTip.dll.mui - ok
16:52:40.0780 3328 [ 2546C6CDC6D1EF6ECA1C1B2A6E4C4C12 ] C:\Windows\System32\wbem\en-US\wmiutils.dll.mui
16:52:40.0780 3328 C:\Windows\System32\wbem\en-US\wmiutils.dll.mui - ok
16:52:40.0795 3328 [ F0A1FE51E846E5E76F75D7F40298C96D ] C:\Windows\System32\en-US\wscsvc.dll.mui
16:52:40.0795 3328 C:\Windows\System32\en-US\wscsvc.dll.mui - ok
16:52:40.0811 3328 [ 6198AFA9092016D3FD04FF41FD62D13F ] C:\Windows\System32\en-US\wuapi.dll.mui
16:52:40.0811 3328 C:\Windows\System32\en-US\wuapi.dll.mui - ok
16:52:40.0826 3328 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] C:\Windows\System32\ListSvc.dll
16:52:40.0826 3328 C:\Windows\System32\ListSvc.dll - ok
16:52:40.0842 3328 [ 08DF1B8C9C0754A7069E80A986373F52 ] C:\Windows\System32\P2P.dll
16:52:40.0842 3328 C:\Windows\System32\P2P.dll - ok
16:52:40.0858 3328 [ 9DC23ACF360AEA7DF55AD7A8D3FBF4E6 ] C:\Windows\System32\IdListen.dll
16:52:40.0858 3328 C:\Windows\System32\IdListen.dll - ok
16:52:40.0873 3328 [ F059EB4C9C256F62F196EAA439E28F74 ] C:\Windows\System32\hgprint.dll
16:52:40.0873 3328 C:\Windows\System32\hgprint.dll - ok
16:52:40.0889 3328 [ 82A8521DDC60710C3D3D3E7325209BEC ] C:\Windows\System32\pnrpsvc.dll
16:52:40.0889 3328 C:\Windows\System32\pnrpsvc.dll - ok
16:52:40.0904 3328 [ DA4F4927E92DC21B14A42EE59F7038D4 ] C:\Windows\System32\en-US\dnsapi.dll.mui
16:52:40.0904 3328 C:\Windows\System32\en-US\dnsapi.dll.mui - ok
16:52:40.0920 3328 [ 44F5C1CF70AC8F7239F3B3667E58697A ] C:\Windows\System32\CertPolEng.dll
16:52:40.0920 3328 C:\Windows\System32\CertPolEng.dll - ok
16:52:40.0936 3328 [ 59C3DDD501E39E006DAC31BF55150D91 ] C:\Windows\System32\p2psvc.dll
16:52:40.0936 3328 C:\Windows\System32\p2psvc.dll - ok
16:52:40.0951 3328 [ 1372E8E8FD066002131E3D509275E697 ] C:\Windows\System32\P2PGraph.dll
16:52:40.0951 3328 C:\Windows\System32\P2PGraph.dll - ok
16:52:40.0967 3328 [ 25A46FF7187635F19A4413AB3F5D72E7 ] C:\Windows\System32\en-US\p2psvc.dll.mui
16:52:40.0967 3328 C:\Windows\System32\en-US\p2psvc.dll.mui - ok
16:52:41.0014 3328 ============================================================
16:52:41.0014 3328 Scan finished
16:52:41.0014 3328 ============================================================
16:52:41.0154 2552 Detected object count: 2
16:52:41.0154 2552 Actual detected object count: 2
16:53:31.0012 2552 DCDhcpService ( UnsignedFile.Multi.Generic ) - skipped by user
16:53:31.0012 2552 DCDhcpService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:53:31.0027 2552 DETECT PS2: ( HiddenService.Multi.Generic ) - skipped by user
16:53:31.0027 2552 DETECT PS2: ( HiddenService.Multi.Generic ) - User select action: Skip
16:54:49.0417 3540 Deinitialize success

[maliprog]

Hi Tom629,

Test your system after this two steps and let me know results.

Step 1

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

Click the cog in the upper right


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


This scan could take up to 4h so please be patient.

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 2

Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart + Disk check



Step 3

Please don't forget to include these items in your reply:

• VRT scan log

It would be helpful if you could post each log in separate post using "Add Reply" button

[Tom629]

Hi Maliprog. There was nothing in the VRT scan to report. The letters seem to appear when I key them in. Everything is running much better now. however there is one thing that concerns me. When I downloaded and started the Puran Disk Defragmenter, I was offered the opportunity to install the Babylon Toolbar, which is, I think, what got me in this mess in the first place. Is it still hiding somethere in my files? I've heard that it is a booger to get rid of. Once again, thank you for taking the time to help me.

[maliprog]

Hi Tom629,

When I downloaded and started the Puran Disk Defragmenter, I was offered the opportunity to install the Babylon Toolbar, which is, I think, what got me in this mess in the first place.

You are right. There is option in Puran Disk Deframenter to install babylon toolbar and you must uncheck this option so you won't get babylon again. I should point this to you but you figure it out by yourself .

I'm glad that your system is much better now. Let's see status with OTL one more time.

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

[Tom629]

Hello Maliprog. Here's the latest OTL scan. I hope all is well.

OTL logfile created on: 1/10/2013 6:18:41 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.95 Mb Total Physical Memory | 107.43 Mb Available Physical Memory | 10.62% Memory free
1.99 Gb Paging File | 0.67 Gb Available in Paging File | 33.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 76.74 Gb Free Space | 76.74% Space Free | Partition Type: NTFS
Drive D: | 183.07 Gb Total Space | 182.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/06 20:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/04 09:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/06/28 16:13:20 | 000,099,792 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\USBChargeSetting\iSeriesCharge.exe
PRC - [2012/02/10 12:54:16 | 000,426,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\SHE\SuperHybridEngine.exe
PRC - [2011/11/30 19:10:34 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files\Asus\InstantOn for EPC\InsOnWMI.exe
PRC - [2011/11/30 19:10:32 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe
PRC - [2011/11/10 15:59:32 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2011/08/19 16:42:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2011/08/08 17:49:08 | 001,263,024 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\HotkeyService\HotkeyService.exe
PRC - [2011/08/08 17:49:00 | 000,101,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\HotkeyService\HotKeyMon.exe
PRC - [2011/08/08 17:48:20 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2011/07/13 21:53:48 | 000,417,456 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\Asus\Eee Docking\Eee Docking.exe
PRC - [2011/03/25 19:55:16 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2011/03/10 09:17:34 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2011/03/10 09:17:32 | 001,813,800 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/15 14:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\Asus\CapsHook\CapsHook.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/25 11:59:08 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/16 10:53:13 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/16 10:52:24 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/16 10:50:21 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/16 10:50:02 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/16 10:49:57 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/16 10:49:21 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011/08/19 16:42:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2010/09/02 06:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll


========== Services (SafeList) ==========

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 19:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/11/30 19:10:32 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\Asus\InstantOn for EPC\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/09/16 01:00:46 | 000,108,544 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\WiSharing\DCDhcpService.exe -- (DCDhcpService)
SRV - [2011/08/08 17:48:20 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2011/03/25 19:55:16 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2013/01/09 20:24:58 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05577444-967D-4D89-80D5-7BAC5FD60B44}\MpKsl7f2be63a.sys -- (MpKsl7f2be63a)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/07 14:10:18 | 000,014,720 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AiDriver.sys -- (AiDriver)
DRV - [2012/02/27 07:04:44 | 001,344,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2011/11/23 14:14:50 | 002,227,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/11/01 01:36:00 | 000,091,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2011/06/09 10:37:54 | 000,278,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/11/20 05:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/08/03 00:20:56 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/06/28 00:24:00 | 000,011,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/20 04:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/12 21:48:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/08/12 21:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2012/10/23 09:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\in3lr1ku.default\Extensions
[2012/08/12 21:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/13 19:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/13 19:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 19:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\Asus\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AsusVibeLuncher] C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [iSeriesCharge] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF97060A-C9ED-48BB-A091-84B58B91A493}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/09 20:37:34 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{AF35C61B-4BD3-4CC6-90EA-B4FD6E2CE25B}
[2013/01/09 19:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2013/01/09 19:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2013/01/09 05:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/09 05:23:12 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Disinfection
[2013/01/08 16:30:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/08 08:04:13 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/01/06 20:40:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2013/01/05 18:44:03 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes
[2013/01/05 18:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/05 18:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/05 18:43:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/01/05 18:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/05 18:43:12 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Programs
[2013/01/05 18:07:53 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/05 18:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/10 06:17:16 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/10 06:16:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/09 20:23:43 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/09 19:50:02 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 19:50:02 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/09 19:41:43 | 795,824,128 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/09 19:10:52 | 000,001,023 | ---- | M] () -- C:\Users\Tom\Desktop\Puran Defrag.lnk
[2013/01/09 18:59:46 | 000,007,606 | ---- | M] () -- C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
[2013/01/09 05:21:20 | 151,481,184 | ---- | M] () -- C:\Users\Tom\Desktop\setup_11.0.0.1245.x01_2013_01_09_05_20.exe
[2013/01/08 08:45:32 | 254,520,297 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/01/08 07:53:11 | 000,000,123 | ---- | M] () -- C:\Users\Tom\Desktop\PUP.bProtector Virus - Geeks to Go Forums.URL
[2013/01/07 06:24:48 | 000,001,304 | ---- | M] () -- C:\Users\Tom\Desktop\Notepad.lnk
[2013/01/07 06:17:01 | 000,365,568 | ---- | M] () -- C:\ksdsyrhe.exe
[2013/01/06 20:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2013/01/05 18:43:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/05 12:05:09 | 000,962,104 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/01/05 12:05:09 | 000,226,096 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/12/25 11:48:32 | 000,259,112 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/12/25 11:46:18 | 000,003,584 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/09 19:10:52 | 000,001,023 | ---- | C] () -- C:\Users\Tom\Desktop\Puran Defrag.lnk
[2013/01/09 05:16:15 | 151,481,184 | ---- | C] () -- C:\Users\Tom\Desktop\setup_11.0.0.1245.x01_2013_01_09_05_20.exe
[2013/01/08 08:04:10 | 254,520,297 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/01/08 07:53:11 | 000,000,123 | ---- | C] () -- C:\Users\Tom\Desktop\PUP.bProtector Virus - Geeks to Go Forums.URL
[2013/01/08 07:09:29 | 000,007,606 | ---- | C] () -- C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
[2013/01/07 06:24:48 | 000,001,304 | ---- | C] () -- C:\Users\Tom\Desktop\Notepad.lnk
[2013/01/07 06:16:43 | 000,365,568 | ---- | C] () -- C:\ksdsyrhe.exe
[2013/01/05 18:43:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/05 18:08:20 | 000,000,880 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/05 18:08:17 | 000,000,876 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/25 11:46:18 | 000,003,584 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/13 08:03:03 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2012/04/11 00:19:13 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2012/04/11 00:19:13 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2012/04/11 00:16:34 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2012/04/11 00:16:34 | 000,011,456 | ---- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2012/04/11 00:11:44 | 000,000,873 | ---- | C] () -- C:\windows\Reboot.ini
[2012/04/11 00:06:33 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2012/04/11 00:06:33 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2012/04/11 00:06:28 | 000,003,475 | ---- | C] () -- C:\windows\System32\drivers\RTAIODAT.DAT
[2012/04/05 08:19:10 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2012/04/05 08:19:06 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011/10/10 21:57:43 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/11 00:32:38 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ASUS WebStorage
[2012/04/11 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\E-Cam
[2012/08/12 21:06:24 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/08/13 08:03:06 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\Dz
[2012/08/13 08:03:06 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\Dz

< End of report >