Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Reveton virus? [Solved]


  • This topic is locked This topic is locked

#1
BleckComputer

BleckComputer

    New Member

  • Member
  • Pip
  • 7 posts
My son told me last night while browsing the web, a window popped up saying the computer was locked and that he needed to pay x amount of money to unlock it. He turned off the computer by way of the off button.

The computer started back up with no problems. My son insisted that he used Sandboxie, so I deleted the contents. I also ran a full Malwarebytes scan and a full Microsoft Essentials scan and neither picked up any malware.

I checked online for such a virus and read that I could use System Restore. I tried it several times and each time I received:


System Restore did not complete successfully. Your computer's system files and setting were not changed.

Details: System Restore failed to execute the file (C:\) from the restore point. An unspecified error occurred during System Restore: (0x8000ffff)

You can try System Restore again and choose a different restore point. If you continue to see this error, you can try an advanced recovery method. For more information, see what is Recovery?

The System Restore message leads me to believe that the malware may be on my computer.

OTL logfile created on: 7/16/2013 9:17:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carl\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 66.72% Memory free
7.81 Gb Paging File | 6.41 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.73 Gb Total Space | 201.02 Gb Free Space | 70.35% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 2.04 Gb Free Space | 16.78% Space Free | Partition Type: NTFS

Computer Name: CARL-LAPTOP | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/16 21:13:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/17 05:52:38 | 000,180,824 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/07/09 12:29:41 | 000,253,440 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/07/09 12:29:40 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/05/21 14:20:08 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dleacoms.exe -- (dlea_device)
SRV:64bit: - [2009/03/27 19:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/06/11 23:09:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/22 15:01:31 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Windows\Downloaded Program Files\CONFLICT.1\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/07/04 13:25:25 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/17 05:52:36 | 000,198,360 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/09 12:29:43 | 000,506,880 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/03/30 16:58:35 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/03/14 11:28:31 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2010/03/14 11:28:26 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/20 16:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 12:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 18:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKCU\..\SearchScopes\{23758B0B-0D9F-32A3-A476-D9B1033E7A1E}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/...E10SR&pc=HPNTDF
IE - HKCU\..\SearchScopes\{576D33DC-5115-4D52-AEAC-58036954FF9C}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Carl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/15 00:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/29 18:46:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/09/30 13:08:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caller ID.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://www.comcastsu...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect121.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6948A3E1-91E8-4DA0-A2C4-F6458E760E68}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/16 21:13:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2013/07/07 15:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/16 21:21:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/16 21:13:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2013/07/16 21:11:38 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/16 21:11:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/16 20:30:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 20:30:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 20:23:46 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/16 20:23:16 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/13 11:16:54 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCarl.job
[2013/07/12 11:47:48 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/12 11:47:48 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/12 11:47:48 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/10 15:32:12 | 000,361,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/08 16:04:14 | 520,203,000 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/07 15:31:29 | 000,001,608 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/07/05 12:07:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/03 17:00:35 | 000,021,031 | ---- | M] () -- C:\Users\Carl\Desktop\Electronic Filing - Sales and Use Tax Due 7-31-13.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/05 12:07:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/03 17:00:32 | 000,021,031 | ---- | C] () -- C:\Users\Carl\Desktop\Electronic Filing - Sales and Use Tax Due 7-31-13.odt
[2012/12/09 14:02:24 | 000,001,608 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/05/18 14:17:22 | 000,001,940 | ---- | C] () -- C:\Users\Carl\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/06 12:15:39 | 000,001,854 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\GhostObjGAFix.xml
[2011/01/18 01:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files (x86)\openofficeorg33.msi
[2011/01/18 01:52:10 | 000,475,016 | ---- | C] () -- C:\Program Files (x86)\setup.exe
[2011/01/18 01:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab
[2011/01/18 01:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2010/08/01 14:16:57 | 000,001,386 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\wklnhst.dat
[2009/10/15 01:52:31 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/03 21:37:10 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\.minecraft
[2010/09/21 10:04:33 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Amazon
[2011/01/17 18:25:32 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\CoffeeCup Software
[2013/05/23 10:54:58 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2011/01/22 01:38:21 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Easy MP3 Recorder
[2011/01/22 01:19:35 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\MusicNet
[2011/07/08 13:23:09 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\OpenOffice.org
[2010/08/01 14:16:59 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Template
[2011/08/17 14:57:42 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Tific
[2013/03/15 12:22:09 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts
Hello Bleck, Welcome to GeeksToGo.

My name is SleepyDude I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Please note I'm currently in training, all my responses will be revised by my Teacher before I post so expect a slight delay between replies. On the bright side, you have two people to examine your problem!

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.

I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.

I need some time to revise your log in the meantime can you please post the Extras.txt log OTL created on your Desktop?
  • 0

#3
BleckComputer

BleckComputer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi SleepyDude,

I appreciate you taking a look at this.

OTL Extras logfile created on: 7/16/2013 9:17:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carl\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 66.72% Memory free
7.81 Gb Paging File | 6.41 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.73 Gb Total Space | 201.02 Gb Free Space | 70.35% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 2.04 Gb Free Space | 16.78% Space Free | Partition Type: NTFS

Computer Name: CARL-LAPTOP | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0276EAC0-EEAB-41C3-9DAB-CF00E6CF3974}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{16E1B5F7-E072-460D-8D3D-7AEC56EBC158}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{185FAC68-B9C9-4AA9-A432-2408D4B05A2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1861EC85-813B-4EED-9CC6-CC1D4C196714}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{274CB6D9-9741-4707-AE8C-ED5B36795756}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3232678C-50BB-4670-9A80-99550AD510A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{363B0E8D-D363-4725-A318-C0CD3423CA3B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{40D8B7A5-1C81-4366-98D6-0A6545545B26}" = lport=139 | protocol=6 | dir=in | app=system |
"{440F8070-2772-47D5-8F8D-77A232CAC987}" = rport=139 | protocol=6 | dir=out | app=system |
"{4BB3008D-EEC8-4754-985A-B08962E9B0B8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6D383383-68D2-4240-B51A-23EC9481CBC4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6F9DF127-D371-4C63-AA59-13C663145628}" = rport=138 | protocol=17 | dir=out | app=system |
"{77E3226B-59DE-4C8E-9F65-81578C9BBA02}" = rport=445 | protocol=6 | dir=out | app=system |
"{7816A593-D270-43A0-82F8-E3B9886926FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83C0A605-ED4B-4D57-ACEB-50BD52FA1DEC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8591D54B-ACA0-4E83-930D-89EAC4BD9E56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5B72E1F-F3C3-4A75-88FB-4425899FEB5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A930EF79-05D9-4BB0-8991-78DFDC1275C4}" = lport=138 | protocol=17 | dir=in | app=system |
"{A96AFBCE-E539-490A-AD08-B92C9320C92C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B197E0A9-1DE1-4946-95B4-57F3A3BED080}" = lport=137 | protocol=17 | dir=in | app=system |
"{BAB52978-34D8-4EA7-8A94-6E6A898AC10E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC57CDAA-A048-4CDE-930B-7C3C44C94DD9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BC9CD098-1536-4961-8784-B79448B31A7E}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE23F760-9738-41E9-A1CF-F3C9A3FBB195}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C385C41D-5F8E-4C59-982E-144C3F0C7F84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D060C002-291B-4FD3-AF08-58D18FC0A280}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D21BF2A2-28A8-4EEC-B5C7-1E54097A97CF}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC4E4140-7407-4847-A4DA-1099256313C5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DC92D0A6-C59B-4874-8179-372FC1A6EC5D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DFC34450-2582-437F-942D-FAEAA2378579}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9D11CFE-2D13-4037-93A3-1B0550EC9524}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF3D32D6-11B0-438A-85BA-AF7FECEC29E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F13F695D-F5F8-4898-981E-0DC961C7E6D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC0B057-8762-46C3-B13C-8272256BE42F}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{0D4AE8F8-70BA-4C06-B126-58365DDDAF79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DF84021-95AC-447C-8B02-6DCBE26F6C34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10C3B5D9-5943-43A6-8471-2C62DB60DF76}" = protocol=1 | dir=out | [email protected],-28544 |
"{19F48235-1256-4E61-BD02-3076BEF6F977}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D435ACC-8074-4E62-90E8-E03FCD4C970C}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{21A33375-1C46-48D2-858C-E3860AB4302D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{221598E3-ACB3-49E8-9AAF-B2D5CB1BCAE0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2E5100A2-4437-4D93-972E-359F94807AD3}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{40EF3859-CDC7-4ED3-8F57-B8FFE980D202}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{44FD87BC-3E74-43C4-8300-710F86EF8033}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49408194-C6FD-4E88-9331-38315623E61A}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{4BE5C0F0-37D2-4DAB-9DFA-1C868DA9897B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5928FC58-F5E4-4A33-9FD6-D93D9C88D89A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{676A75F2-C90D-4D45-869A-018228B8B4E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6CF2B08C-7E13-438B-8863-B9C5CA5188FD}" = protocol=58 | dir=in | [email protected],-28545 |
"{75CBCBCE-1A5F-49DA-BB3E-1075A2A104F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C01B384-FA09-4E16-8113-8BFFDA4D57B9}" = protocol=6 | dir=out | app=system |
"{87E75829-4A0E-4747-83A2-BB1E86E9F513}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C0E068B-318E-491B-B22A-DC6AAAB2D711}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D676EC1-D4B9-497F-9952-C62E375BF697}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A64E09A3-57F4-4C1D-9219-C708567F9E73}" = protocol=58 | dir=out | [email protected],-28546 |
"{B6CD0A87-4840-46E1-A96C-D5C19C61767E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B9E8D3B6-2D8A-48B8-9C36-2B0DEDCF0E31}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BCFFB5DE-879E-40A1-9646-5C33F61D7BC7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C459E7DE-8966-40C8-9512-DE055F697B36}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{C4BA9586-7F21-47DF-B276-C97AC00A521E}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{CDD0AF4D-C55E-438E-A25C-5FD87549144B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2CBB0BF-3888-461E-8DF6-F6039BB01443}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{F476DA56-8A7B-45E4-B3E5-964891C17673}" = protocol=1 | dir=in | [email protected],-28543 |
"{F489AE78-FB6F-480E-B62E-F3E18809119E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel® Graphics Media Accelerator Driver
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"Sandboxie" = Sandboxie 4.02 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Cub Rummy_is1" = Cub Rummy 1.1
"Homepage Protection" = Homepage Protection
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2013 7:15:16 PM | Computer Name = Carl-Laptop | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 7/9/2013 3:46:17 PM | Computer Name = Carl-Laptop | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 7/12/2013 2:22:50 AM | Computer Name = Carl-Laptop | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 7/12/2013 4:07:52 PM | Computer Name = Carl-Laptop | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 7/16/2013 4:10:44 PM | Computer Name = Carl-Laptop | Source = System Restore | ID = 8210
Description =

Error - 7/16/2013 4:16:59 PM | Computer Name = Carl-Laptop | Source = System Restore | ID = 8210
Description =

Error - 7/16/2013 6:05:00 PM | Computer Name = Carl-Laptop | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 7/16/2013 9:55:22 PM | Computer Name = Carl-Laptop | Source = System Restore | ID = 8210
Description =

Error - 7/16/2013 10:39:19 PM | Computer Name = Carl-Laptop | Source = System Restore | ID = 8210
Description =

Error - 7/16/2013 10:54:39 PM | Computer Name = Carl-Laptop | Source = System Restore | ID = 8210
Description =

[ Hewlett-Packard Events ]
Error - 4/27/2013 1:23:17 AM | Computer Name = Carl-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 5/4/2013 2:11:44 AM | Computer Name = Carl-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 5/10/2013 9:39:12 PM | Computer Name = Carl-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

Error - 5/17/2013 9:35:54 PM | Computer Name = Carl-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 5/24/2013 9:06:59 PM | Computer Name = Carl-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 6/8/2013 1:08:51 AM | Computer Name = Carl-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 6/14/2013 10:27:00 PM | Computer Name = Carl-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 6/27/2013 3:13:13 AM | Computer Name = Carl-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 6/28/2013 10:56:42 PM | Computer Name = Carl-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 7/6/2013 3:41:12 PM | Computer Name = Carl-Laptop | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

[ Media Center Events ]
Error - 5/17/2013 12:44:11 PM | Computer Name = Carl-Laptop | Source = MCUpdate | ID = 0
Description = 9:43:56 AM - Error connecting to the internet. 9:43:56 AM - Unable
to contact server..

Error - 5/17/2013 1:44:17 PM | Computer Name = Carl-Laptop | Source = MCUpdate | ID = 0
Description = 10:44:17 AM - Failed to retrieve NetTV (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/17/2013 1:44:18 PM | Computer Name = Carl-Laptop | Source = MCUpdate | ID = 0
Description = 10:44:18 AM - Failed to retrieve MCESpotlight (Error: The request
failed with HTTP status 403: Forbidden.)

Error - 5/17/2013 1:44:18 PM | Computer Name = Carl-Laptop | Source = MCUpdate | ID = 0
Description = 10:44:18 AM - Failed to retrieve MCEClientUX (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/17/2013 1:44:18 PM | Computer Name = Carl-Laptop | Source = MCUpdate | ID = 0
Description = 10:44:18 AM - Failed to retrieve SportsV2 (Error: The request failed
with HTTP status 403: Forbidden.)

Error - 5/27/2013 12:00:02 AM | Computer Name = Carl-Laptop | Source = MCUpdate | ID = 0
Description = 9:00:02 PM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 6/6/2013 12:58:35 AM | Computer Name = Carl-Laptop | Source = MCUpdate | ID = 0
Description = 9:58:33 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 6/15/2013 10:42:10 PM | Computer Name = Carl-Laptop | Source = MCUpdate | ID = 0
Description = 7:42:10 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 6/19/2013 12:27:11 AM | Computer Name = Carl-Laptop | Source = MCUpdate | ID = 0
Description = 9:27:06 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 6/27/2013 2:42:45 AM | Computer Name = Carl-Laptop | Source = MCUpdate | ID = 0
Description = 11:42:39 PM - Error connecting to the internet. 11:42:39 PM - Unable
to contact server..

[ System Events ]
Error - 7/16/2013 10:26:57 PM | Computer Name = Carl-Laptop | Source = DCOM | ID = 10005
Description =

Error - 7/16/2013 10:26:57 PM | Computer Name = Carl-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/16/2013 10:26:57 PM | Computer Name = Carl-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/16/2013 10:26:57 PM | Computer Name = Carl-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/16/2013 10:26:57 PM | Computer Name = Carl-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/16/2013 10:26:57 PM | Computer Name = Carl-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/16/2013 10:26:57 PM | Computer Name = Carl-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/16/2013 10:26:57 PM | Computer Name = Carl-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/16/2013 10:26:57 PM | Computer Name = Carl-Laptop | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 7/16/2013 10:27:19 PM | Computer Name = Carl-Laptop | Source = DCOM | ID = 10005
Description =


< End of report >

  • 0

#4
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts
Hello Bleck,

Now that I have checked your logs it's time we start working in your computer problem.


Step 1 - Junkware Removal Tool (JRT)

Download JRT to your Desktop
  • Disable your AntiVirus and AntiSpyware applications
    (If you have difficulty properly disabling your security programs, refer to this link.)
  • Right click on the icon Posted Image and choose Run as Administrator. Make sure all other windows are closed & follow the prompts.
    (The tool will start scanning your system please be patient as this can take a while to complete depending on your system's specifications and the program you have installed)
  • On completion Notepad will open showing the log JRT.txt (the log is saved to your desktop). Please copy and paste its contents on your next reply

Step 2 - Scan with Adwcleaner

Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Right click on the Adwcleaner icon and choose Run as Administrator to execute the program
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • please copy/paste the generated log to your next reply. This report is also saved to C:\AdwCleaner[R1].txt


Step 3 - Custom OTL Scan

  • Execute OTL right click on the icon Posted Image and choose Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • tick the following check box's:
    • Scan All Users
    • LOP Check
    • Purity Check
  • on the Posted Image box paste this:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
    
  • Click the Run Scan button. The scan won't take long.
    • When the scan completes, it will open notepad with OTL.Txt. The file is saved on the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file and post in your topic.


Things I would like to see in your next reply:
  • The JRT.txt log
  • AdwCleaner log AdwCleaner[R1].txt
  • The new OTL.txt log

  • 0

#5
BleckComputer

BleckComputer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sleepydude,

Here are the logs you asked for. Out of curiosity, did my computer get infected with the Reveton virus? Did Sandboxie let it through and into my system?

Thanks for your help. :)

1.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Home Premium x64
Ran by Carl on Wed 07/17/2013 at 15:57:08.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2438727
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{23758B0B-0D9F-32A3-A476-D9B1033E7A1E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Carl\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Carl\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Carl\appdata\locallow\imeshbandmltbpi"
Successfully deleted: [Folder] "C:\Program Files (x86)\imesh applications"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/17/2013 at 16:02:19.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





2.
# AdwCleaner v2.305 - Logfile created 07/17/2013 at 16:13:05
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Carl - CARL-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Carl\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Moozy
Folder Found : C:\Users\Carl\AppData\Local\iMesh
Folder Found : C:\Users\Carl\AppData\Local\PackageAware
Folder Found : C:\Users\Carl\Documents\iMesh

***** [Registry] *****

Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll
Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll
Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2962 octets] - [17/07/2013 16:13:05]

########## EOF - C:\AdwCleaner[R1].txt - [3022 octets] ##########





3.
OTL logfile created on: 7/17/2013 4:19:47 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carl\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 66.46% Memory free
7.81 Gb Paging File | 6.46 Gb Available in Paging File | 82.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.73 Gb Total Space | 200.80 Gb Free Space | 70.28% Space Free | Partition Type: NTFS
Drive D: | 12.16 Gb Total Space | 2.04 Gb Free Space | 16.78% Space Free | Partition Type: NTFS

Computer Name: CARL-LAPTOP | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/16 21:13:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/17 05:52:38 | 000,180,824 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/07/09 12:29:41 | 000,253,440 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/07/09 12:29:40 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/05/21 14:20:08 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dleacoms.exe -- (dlea_device)
SRV:64bit: - [2009/03/27 19:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/06/11 23:09:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/22 15:01:31 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Windows\Downloaded Program Files\CONFLICT.1\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/07/04 13:25:25 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/17 05:52:36 | 000,198,360 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/09 12:29:43 | 000,506,880 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/03/30 16:58:35 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/03/14 11:28:31 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2010/03/14 11:28:26 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/20 16:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 12:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 18:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-245427322-1061188424-2799631487-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-245427322-1061188424-2799631487-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-245427322-1061188424-2799631487-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-245427322-1061188424-2799631487-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-245427322-1061188424-2799631487-1001\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/...E10SR&pc=HPNTDF
IE - HKU\S-1-5-21-245427322-1061188424-2799631487-1001\..\SearchScopes\{576D33DC-5115-4D52-AEAC-58036954FF9C}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-245427322-1061188424-2799631487-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enUS401
IE - HKU\S-1-5-21-245427322-1061188424-2799631487-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Carl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/15 00:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/29 18:46:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/09/30 13:08:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-245427322-1061188424-2799631487-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-245427322-1061188424-2799631487-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Carl
\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caller ID.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-245427322-1061188424-2799631487-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-245427322-1061188424-2799631487-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://www.comcastsu...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect121.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6948A3E1-91E8-4DA0-A2C4-F6458E760E68}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/17 15:57:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/17 15:55:34 | 000,559,341 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Carl\Desktop\JRT.exe
[2013/07/16 21:13:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2013/07/10 00:51:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 00:51:20 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 00:51:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/10 00:51:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/10 00:51:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/10 00:51:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/10 00:51:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/10 00:51:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/10 00:51:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/10 00:51:18 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/10 00:51:18 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/10 00:51:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 00:51:16 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 00:51:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 00:51:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/09 12:28:53 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/09 12:28:53 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/09 12:28:48 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/09 12:28:48 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/09 12:28:01 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/07 15:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013/07/05 12:09:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/07/05 12:09:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/07/05 12:09:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/07/05 12:09:29 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/07/05 12:09:29 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/07/05 12:09:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/07/05 12:09:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/07/05 12:09:27 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/07/05 12:09:26 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/07/05 12:09:26 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/07/05 12:09:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/07/05 12:09:26 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/07/05 12:09:26 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/07/05 12:09:26 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/07/05 12:09:26 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/07/05 12:09:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/07/05 12:09:26 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/07/05 12:09:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/07/05 12:09:25 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/07/05 12:09:25 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/07/05 12:09:25 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/07/05 12:09:25 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/07/05 12:09:24 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/07/05 12:09:24 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/07/05 12:03:54 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/07/05 12:03:54 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/07/05 12:03:52 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/17 16:21:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/17 16:12:05 | 000,662,345 | ---- | M] () -- C:\Users\Carl\Desktop\AdwCleaner.exe
[2013/07/17 16:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 15:55:34 | 000,559,341 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Carl\Desktop\JRT.exe
[2013/07/17 15:52:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 15:52:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 15:45:35 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/17 15:45:32 | 000,001,608 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/07/17 15:44:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/17 15:43:58 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/16 21:13:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2013/07/13 11:16:54 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCarl.job
[2013/07/12 11:47:48 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/12 11:47:48 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/12 11:47:48 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/10 15:32:12 | 000,361,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/08 16:04:14 | 520,203,000 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/05 12:07:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/03 17:00:35 | 000,021,031 | ---- | M] () -- C:\Users\Carl\Desktop\Electronic Filing - Sales and Use Tax Due 7-31-13.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/17 16:12:05 | 000,662,345 | ---- | C] () -- C:\Users\Carl\Desktop\AdwCleaner.exe
[2013/07/05 12:07:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/03 17:00:32 | 000,021,031 | ---- | C] () -- C:\Users\Carl\Desktop\Electronic Filing - Sales and Use Tax Due 7-31-13.odt
[2012/12/09 14:02:24 | 000,001,608 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/05/18 14:17:22 | 000,001,940 | ---- | C] () -- C:\Users\Carl\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/06 12:15:39 | 000,001,854 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\GhostObjGAFix.xml
[2011/01/18 01:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files (x86)\openofficeorg33.msi
[2011/01/18 01:52:10 | 000,475,016 | ---- | C] () -- C:\Program Files (x86)\setup.exe
[2011/01/18 01:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab
[2011/01/18 01:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2010/08/01 14:16:57 | 000,001,386 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\wklnhst.dat
[2009/10/15 01:52:31 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/03 21:37:10 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\.minecraft
[2010/09/21 10:04:33 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Amazon
[2011/01/17 18:25:32 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\CoffeeCup Software
[2013/05/23 10:54:58 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2011/01/22 01:38:21 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Easy MP3 Recorder
[2011/01/22 01:19:35 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\MusicNet
[2011/07/08 13:23:09 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\OpenOffice.org
[2010/08/01 14:16:59 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Template
[2011/08/17 14:57:42 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Tific
[2013/03/15 12:22:09 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 06:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/05/12 22:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/05/12 21:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 06:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 05:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 06:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 06:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 06:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 06:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 06:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 05:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 06:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 06:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 05:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 06:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 06:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 06:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 06:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 06:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 05:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 06:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/10/15 02:22:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/15 02:22:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/15 02:22:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/15 02:22:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/05/11 03:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2013/07/12 14:52:29 | 000,002,171 | ---- | M] () MD5=B340350CC3C1A0EDE6A50BB14C77A9CA -- C:\Users\Carl\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HTML >
[2010/07/16 11:31:00 | 000,005,011 | ---- | M] () MD5=D301B211EF990E2843AA75C67CFD1EE4 -- C:\Users\Carl\Documents\CoffeeCup Software\HTML Editor\Projects\services.html

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2011/01/17 18:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 18:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 80C0-0424
Directory of C:\
07/13/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Carl
03/03/2010 09:11 PM <JUNCTION> Application Data [C:\Users\Carl\AppData\Roaming]
03/03/2010 09:11 PM <JUNCTION> Cookies [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Cookies]
03/03/2010 09:11 PM <JUNCTION> Local Settings [C:\Users\Carl\AppData\Local]
03/03/2010 09:11 PM <JUNCTION> My Documents [C:\Users\Carl\Documents]
03/03/2010 09:11 PM <JUNCTION> NetHood [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/03/2010 09:11 PM <JUNCTION> PrintHood [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/03/2010 09:11 PM <JUNCTION> Recent [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Recent]
03/03/2010 09:11 PM <JUNCTION> SendTo [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\SendTo]
03/03/2010 09:11 PM <JUNCTION> Start Menu [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu]
03/03/2010 09:11 PM <JUNCTION> Templates [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Carl\AppData\Local
03/03/2010 09:11 PM <JUNCTION> Application Data [C:\Users\Carl\AppData\Local]
03/03/2010 09:11 PM <JUNCTION> History [C:\Users\Carl\AppData\Local\Microsoft\Windows\History]
03/03/2010 09:11 PM <JUNCTION> Temporary Internet Files [C:\Users\Carl\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Carl\AppData\LocalLow
06/22/2010 01:45 AM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Carl\Documents
03/03/2010 09:11 PM <JUNCTION> My Music [C:\Users\Carl\Music]
03/03/2010 09:11 PM <JUNCTION> My Pictures [C:\Users\Carl\Pictures]
03/03/2010 09:11 PM <JUNCTION> My Videos [C:\Users\Carl\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
51 Dir(s) 216,234,844,160 bytes free

< End of report >
  • 0

#6
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts
Hi,

Out of curiosity, did my computer get infected with the Reveton virus? Did Sandboxie let it through and into my system?

I don't see signs of that in the logs only some Adware so far. I'm not sure about Sandboxie because you also use System Restore and I have came across with some cases where the System Restore say it failed but actually did restore the system disabling the Malware.

The Adwcleaner scan shows some more things we need to remove, so please execute the following:

Step 1 - AdwCleaner

  • Close all open windows and browsers
  • Right click on the Posted Image icon you have on the Desktop and choose Run as Administrator to execute the program
    Posted Image
  • Click the Delete button and wait for the scan to finish.
  • Once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is also saved to C:\AdwCleaner[S1].txt

Step 2 - OTL Fix

  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed and to let it run uninterrupted.
    Do not change any other settings unless otherwise told to do so.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Commands
    [CreateRestorePoint]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1D435ACC-8074-4E62-90E8-E03FCD4C970C}"=-
    "{2E5100A2-4437-4D93-972E-359F94807AD3}"=-
    "{40EF3859-CDC7-4ED3-8F57-B8FFE980D202}"=-
    "{49408194-C6FD-4E88-9331-38315623E61A}"=-
    
    :Commands
    [EmptyTemp]
    [Reboot]
    
  • click the Run Fix button at the top
  • click OK
Notes:
  • When OTL executes the Fix it can shut down all running processes and you may lose the desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.

Step 3 - TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    (Accept the UAC prompt to allow changes to the computer).
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file on your next post.

Things I would like to see in your next reply:
  • AdwCleaner log AdwCleaner[S1].txt
  • The OTL Fix log
  • The TDSSKiller log

  • 0

#7
BleckComputer

BleckComputer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
SleepyDude,

Here are the additional logs. I'm grateful for your help.

1.
# AdwCleaner v2.305 - Logfile created 07/18/2013 at 14:12:50
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Carl - CARL-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Carl\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Moozy
Folder Deleted : C:\Users\Carl\AppData\Local\iMesh
Folder Deleted : C:\Users\Carl\AppData\Local\PackageAware
Folder Deleted : C:\Users\Carl\Documents\iMesh

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3089 octets] - [17/07/2013 16:13:05]
AdwCleaner[S1].txt - [3076 octets] - [18/07/2013 14:12:50]

########## EOF - C:\AdwCleaner[S1].txt - [3136 octets] ##########




2.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D435ACC-8074-4E62-90E8-E03FCD4C970C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D435ACC-8074-4E62-90E8-E03FCD4C970C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E5100A2-4437-4D93-972E-359F94807AD3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E5100A2-4437-4D93-972E-359F94807AD3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40EF3859-CDC7-4ED3-8F57-B8FFE980D202} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40EF3859-CDC7-4ED3-8F57-B8FFE980D202}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49408194-C6FD-4E88-9331-38315623E61A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49408194-C6FD-4E88-9331-38315623E61A}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Carl
->Temp folder emptied: 59648257 bytes
->Temporary Internet Files folder emptied: 203163604 bytes
->Java cache emptied: 3357045 bytes
->Flash cache emptied: 132642 bytes

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 122053839 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42286933 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 13566197 bytes

Total Files Cleaned = 424.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07182013_143059

Files\Folders moved on Reboot...
C:\Users\Carl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Carl\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




3.

14:51:38.0769 2712 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:51:39.0346 2712 ============================================================
14:51:39.0346 2712 Current date / time: 2013/07/18 14:51:39.0346
14:51:39.0346 2712 SystemInfo:
14:51:39.0346 2712
14:51:39.0346 2712 OS Version: 6.1.7601 ServicePack: 1.0
14:51:39.0346 2712 Product type: Workstation
14:51:39.0346 2712 ComputerName: CARL-LAPTOP
14:51:39.0346 2712 UserName: Carl
14:51:39.0346 2712 Windows directory: C:\Windows
14:51:39.0346 2712 System windows directory: C:\Windows
14:51:39.0346 2712 Running under WOW64
14:51:39.0346 2712 Processor architecture: Intel x64
14:51:39.0346 2712 Number of processors: 2
14:51:39.0346 2712 Page size: 0x1000
14:51:39.0346 2712 Boot type: Normal boot
14:51:39.0346 2712 ============================================================
14:51:50.0481 2712 BG loaded
14:51:51.0653 2712 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:51:51.0665 2712 ============================================================
14:51:51.0665 2712 \Device\Harddisk0\DR0:
14:51:51.0681 2712 MBR partitions:
14:51:51.0681 2712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:51:51.0681 2712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23B77000
14:51:51.0681 2712 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23BDB000, BlocksNum 0x1853000
14:51:51.0681 2712 ============================================================
14:51:51.0748 2712 C: <-> \Device\Harddisk0\DR0\Partition2
14:51:52.0521 2712 D: <-> \Device\Harddisk0\DR0\Partition3
14:51:52.0521 2712 ============================================================
14:51:52.0521 2712 Initialize success
14:51:52.0521 2712 ============================================================
14:52:34.0015 4632 ============================================================
14:52:34.0015 4632 Scan started
14:52:34.0015 4632 Mode: Manual; SigCheck; TDLFS;
14:52:34.0015 4632 ============================================================
14:52:35.0435 4632 ================ Scan system memory ========================
14:52:35.0435 4632 System memory - ok
14:52:35.0435 4632 ================ Scan services =============================
14:52:35.0607 4632 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:52:35.0731 4632 1394ohci - ok
14:52:35.0778 4632 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:52:35.0809 4632 ACPI - ok
14:52:35.0856 4632 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:52:35.0965 4632 AcpiPmi - ok
14:52:36.0106 4632 [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
14:52:36.0121 4632 AdobeActiveFileMonitor8.0 - ok
14:52:36.0231 4632 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:52:36.0262 4632 AdobeARMservice - ok
14:52:36.0371 4632 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:52:36.0402 4632 AdobeFlashPlayerUpdateSvc - ok
14:52:36.0480 4632 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:52:36.0543 4632 adp94xx - ok
14:52:36.0589 4632 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:52:36.0621 4632 adpahci - ok
14:52:36.0636 4632 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:52:36.0652 4632 adpu320 - ok
14:52:36.0714 4632 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:52:36.0933 4632 AeLookupSvc - ok
14:52:37.0011 4632 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
14:52:37.0089 4632 AESTFilters - ok
14:52:37.0167 4632 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:52:37.0260 4632 AFD - ok
14:52:37.0307 4632 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
14:52:37.0385 4632 AgereModemAudio - ok
14:52:37.0416 4632 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
14:52:37.0463 4632 AgereSoftModem - ok
14:52:37.0510 4632 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:52:37.0525 4632 agp440 - ok
14:52:37.0588 4632 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:52:37.0666 4632 ALG - ok
14:52:37.0728 4632 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:52:37.0744 4632 aliide - ok
14:52:37.0759 4632 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:52:37.0775 4632 amdide - ok
14:52:37.0837 4632 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:52:37.0915 4632 AmdK8 - ok
14:52:37.0962 4632 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:52:38.0009 4632 AmdPPM - ok
14:52:38.0056 4632 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:52:38.0071 4632 amdsata - ok
14:52:38.0103 4632 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:52:38.0118 4632 amdsbs - ok
14:52:38.0134 4632 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:52:38.0134 4632 amdxata - ok
14:52:38.0212 4632 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:52:38.0399 4632 AppID - ok
14:52:38.0415 4632 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:52:38.0493 4632 AppIDSvc - ok
14:52:38.0539 4632 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
14:52:38.0617 4632 Appinfo - ok
14:52:38.0680 4632 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:52:38.0695 4632 arc - ok
14:52:38.0711 4632 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:52:38.0742 4632 arcsas - ok
14:52:38.0773 4632 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:52:38.0867 4632 AsyncMac - ok
14:52:38.0898 4632 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:52:38.0914 4632 atapi - ok
14:52:38.0992 4632 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:52:39.0054 4632 AudioEndpointBuilder - ok
14:52:39.0085 4632 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:52:39.0132 4632 AudioSrv - ok
14:52:39.0195 4632 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:52:39.0304 4632 AxInstSV - ok
14:52:39.0366 4632 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:52:39.0460 4632 b06bdrv - ok
14:52:39.0522 4632 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:52:39.0569 4632 b57nd60a - ok
14:52:39.0663 4632 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:52:39.0678 4632 BBSvc - ok
14:52:39.0709 4632 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:52:39.0772 4632 BDESVC - ok
14:52:39.0834 4632 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:52:39.0897 4632 Beep - ok
14:52:39.0959 4632 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:52:40.0053 4632 BFE - ok
14:52:40.0099 4632 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:52:40.0193 4632 BITS - ok
14:52:40.0224 4632 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:52:40.0271 4632 blbdrive - ok
14:52:40.0318 4632 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:52:40.0380 4632 bowser - ok
14:52:40.0411 4632 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:52:40.0505 4632 BrFiltLo - ok
14:52:40.0521 4632 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:52:40.0552 4632 BrFiltUp - ok
14:52:40.0599 4632 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:52:40.0661 4632 Browser - ok
14:52:40.0708 4632 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:52:40.0770 4632 Brserid - ok
14:52:40.0817 4632 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:52:40.0864 4632 BrSerWdm - ok
14:52:40.0895 4632 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:52:40.0942 4632 BrUsbMdm - ok
14:52:40.0973 4632 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:52:40.0989 4632 BrUsbSer - ok
14:52:41.0004 4632 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:52:41.0067 4632 BTHMODEM - ok
14:52:41.0098 4632 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:52:41.0176 4632 bthserv - ok
14:52:41.0223 4632 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:52:41.0301 4632 cdfs - ok
14:52:41.0363 4632 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:52:41.0394 4632 cdrom - ok
14:52:41.0457 4632 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:52:41.0519 4632 CertPropSvc - ok
14:52:41.0566 4632 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:52:41.0597 4632 circlass - ok
14:52:41.0628 4632 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:52:41.0659 4632 CLFS - ok
14:52:41.0737 4632 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:52:41.0753 4632 clr_optimization_v2.0.50727_32 - ok
14:52:41.0800 4632 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:52:41.0831 4632 clr_optimization_v2.0.50727_64 - ok
14:52:41.0925 4632 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:52:42.0003 4632 clr_optimization_v4.0.30319_32 - ok
14:52:42.0143 4632 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:52:42.0190 4632 clr_optimization_v4.0.30319_64 - ok
14:52:42.0252 4632 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:52:42.0346 4632 CmBatt - ok
14:52:42.0424 4632 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:52:42.0439 4632 cmdide - ok
14:52:42.0486 4632 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
14:52:42.0533 4632 CNG - ok
14:52:42.0642 4632 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:52:42.0673 4632 Com4QLBEx - ok
14:52:42.0720 4632 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:52:42.0751 4632 Compbatt - ok
14:52:42.0798 4632 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:52:42.0845 4632 CompositeBus - ok
14:52:42.0861 4632 COMSysApp - ok
14:52:42.0892 4632 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:52:42.0907 4632 crcdisk - ok
14:52:42.0970 4632 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:52:43.0032 4632 CryptSvc - ok
14:52:43.0110 4632 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:52:43.0188 4632 DcomLaunch - ok
14:52:43.0235 4632 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:52:43.0297 4632 defragsvc - ok
14:52:43.0453 4632 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:52:43.0641 4632 DfsC - ok
14:52:43.0953 4632 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:52:44.0233 4632 Dhcp - ok
14:52:44.0327 4632 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:52:44.0405 4632 discache - ok
14:52:44.0514 4632 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:52:44.0545 4632 Disk - ok
14:52:44.0701 4632 dlea_device - ok
14:52:44.0779 4632 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:52:44.0873 4632 Dnscache - ok
14:52:45.0076 4632 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:52:45.0201 4632 dot3svc - ok
14:52:45.0279 4632 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:52:45.0325 4632 DPS - ok
14:52:45.0403 4632 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:52:45.0450 4632 drmkaud - ok
14:52:45.0559 4632 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:52:45.0575 4632 DXGKrnl - ok
14:52:45.0653 4632 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:52:45.0715 4632 EapHost - ok
14:52:45.0825 4632 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:52:45.0949 4632 ebdrv - ok
14:52:45.0996 4632 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:52:46.0043 4632 EFS - ok
14:52:46.0152 4632 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:52:46.0246 4632 ehRecvr - ok
14:52:46.0308 4632 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:52:46.0371 4632 ehSched - ok
14:52:46.0417 4632 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:52:46.0480 4632 elxstor - ok
14:52:46.0511 4632 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:52:46.0558 4632 ErrDev - ok
14:52:46.0620 4632 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:52:46.0698 4632 EventSystem - ok
14:52:46.0729 4632 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:52:46.0792 4632 exfat - ok
14:52:46.0807 4632 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:52:46.0870 4632 fastfat - ok
14:52:46.0932 4632 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:52:47.0010 4632 Fax - ok
14:52:47.0041 4632 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:52:47.0088 4632 fdc - ok
14:52:47.0119 4632 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:52:47.0197 4632 fdPHost - ok
14:52:47.0213 4632 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:52:47.0307 4632 FDResPub - ok
14:52:47.0385 4632 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:52:47.0400 4632 FileInfo - ok
14:52:47.0416 4632 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:52:47.0509 4632 Filetrace - ok
14:52:47.0572 4632 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:52:47.0634 4632 FLEXnet Licensing Service - ok
14:52:47.0665 4632 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:52:47.0697 4632 flpydisk - ok
14:52:47.0759 4632 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:52:47.0790 4632 FltMgr - ok
14:52:47.0868 4632 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
14:52:47.0946 4632 FontCache - ok
14:52:48.0024 4632 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:52:48.0040 4632 FontCache3.0.0.0 - ok
14:52:48.0055 4632 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:52:48.0071 4632 FsDepends - ok
14:52:48.0118 4632 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:52:48.0149 4632 Fs_Rec - ok
14:52:48.0196 4632 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:52:48.0211 4632 fvevol - ok
14:52:48.0258 4632 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:52:48.0274 4632 gagp30kx - ok
14:52:48.0367 4632 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:52:48.0383 4632 GamesAppService - ok
14:52:48.0430 4632 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:52:48.0523 4632 gpsvc - ok
14:52:48.0617 4632 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:52:48.0633 4632 gupdate - ok
14:52:48.0695 4632 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:52:48.0726 4632 gupdatem - ok
14:52:48.0789 4632 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:52:48.0804 4632 gusvc - ok
14:52:48.0835 4632 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:52:48.0898 4632 hcw85cir - ok
14:52:48.0960 4632 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:52:49.0007 4632 HdAudAddService - ok
14:52:49.0054 4632 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:52:49.0101 4632 HDAudBus - ok
14:52:49.0132 4632 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:52:49.0179 4632 HidBatt - ok
14:52:49.0225 4632 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:52:49.0272 4632 HidBth - ok
14:52:49.0303 4632 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:52:49.0335 4632 HidIr - ok
14:52:49.0366 4632 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:52:49.0413 4632 hidserv - ok
14:52:49.0475 4632 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:52:49.0522 4632 HidUsb - ok
14:52:49.0553 4632 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:52:49.0647 4632 hkmsvc - ok
14:52:49.0678 4632 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:52:49.0740 4632 HomeGroupListener - ok
14:52:49.0771 4632 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:52:49.0818 4632 HomeGroupProvider - ok
14:52:49.0896 4632 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:52:49.0912 4632 HP Support Assistant Service - ok
14:52:49.0959 4632 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:52:49.0974 4632 HPDrvMntSvc.exe - ok
14:52:50.0037 4632 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:52:50.0099 4632 HpqKbFiltr - ok
14:52:50.0177 4632 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:52:50.0208 4632 hpqwmiex - ok
14:52:50.0271 4632 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:52:50.0286 4632 HpSAMD - ok
14:52:50.0364 4632 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:52:50.0411 4632 HTTP - ok
14:52:50.0458 4632 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:52:50.0489 4632 hwpolicy - ok
14:52:50.0551 4632 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:52:50.0567 4632 i8042prt - ok
14:52:50.0614 4632 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:52:50.0676 4632 iaStorV - ok
14:52:50.0754 4632 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:52:50.0817 4632 idsvc - ok
14:52:51.0004 4632 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:52:51.0160 4632 igfx - ok
14:52:51.0207 4632 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:52:51.0222 4632 iirsp - ok
14:52:51.0285 4632 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:52:51.0347 4632 IKEEXT - ok
14:52:51.0394 4632 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
14:52:51.0441 4632 IntcHdmiAddService - ok
14:52:51.0487 4632 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:52:51.0519 4632 intelide - ok
14:52:51.0550 4632 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:52:51.0597 4632 intelppm - ok
14:52:51.0628 4632 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:52:51.0690 4632 IPBusEnum - ok
14:52:51.0721 4632 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:51.0768 4632 IpFilterDriver - ok
14:52:51.0831 4632 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:52:51.0909 4632 iphlpsvc - ok
14:52:51.0940 4632 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:52:51.0987 4632 IPMIDRV - ok
14:52:52.0033 4632 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:52:52.0096 4632 IPNAT - ok
14:52:52.0111 4632 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:52:52.0205 4632 IRENUM - ok
14:52:52.0252 4632 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:52:52.0267 4632 isapnp - ok
14:52:52.0314 4632 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:52:52.0377 4632 iScsiPrt - ok
14:52:52.0439 4632 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:52:52.0470 4632 kbdclass - ok
14:52:52.0533 4632 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:52:52.0548 4632 kbdhid - ok
14:52:52.0579 4632 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:52:52.0579 4632 KeyIso - ok
14:52:52.0626 4632 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:52:52.0657 4632 KSecDD - ok
14:52:52.0704 4632 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:52:52.0735 4632 KSecPkg - ok
14:52:52.0782 4632 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:52:52.0860 4632 ksthunk - ok
14:52:52.0891 4632 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:52:52.0954 4632 KtmRm - ok
14:52:53.0016 4632 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:52:53.0079 4632 LanmanServer - ok
14:52:53.0125 4632 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:52:53.0188 4632 LanmanWorkstation - ok
14:52:53.0250 4632 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:52:53.0281 4632 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:52:53.0281 4632 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:52:53.0313 4632 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:52:53.0391 4632 lltdio - ok
14:52:53.0422 4632 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:52:53.0484 4632 lltdsvc - ok
14:52:53.0515 4632 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:52:53.0562 4632 lmhosts - ok
14:52:53.0609 4632 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:52:53.0640 4632 LSI_FC - ok
14:52:53.0640 4632 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:52:53.0656 4632 LSI_SAS - ok
14:52:53.0671 4632 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:52:53.0687 4632 LSI_SAS2 - ok
14:52:53.0703 4632 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:52:53.0718 4632 LSI_SCSI - ok
14:52:53.0781 4632 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:52:53.0843 4632 luafv - ok
14:52:53.0905 4632 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:52:53.0921 4632 Mcx2Svc - ok
14:52:53.0952 4632 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:52:53.0952 4632 megasas - ok
14:52:53.0999 4632 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:52:54.0030 4632 MegaSR - ok
14:52:54.0077 4632 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:52:54.0108 4632 MMCSS - ok
14:52:54.0139 4632 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:52:54.0202 4632 Modem - ok
14:52:54.0233 4632 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:52:54.0249 4632 monitor - ok
14:52:54.0295 4632 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:52:54.0311 4632 mouclass - ok
14:52:54.0358 4632 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:52:54.0405 4632 mouhid - ok
14:52:54.0451 4632 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:52:54.0467 4632 mountmgr - ok
14:52:54.0529 4632 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:52:54.0561 4632 MpFilter - ok
14:52:54.0576 4632 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:52:54.0607 4632 mpio - ok
14:52:54.0670 4632 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:52:54.0748 4632 mpsdrv - ok
14:52:54.0810 4632 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:52:54.0888 4632 MpsSvc - ok
14:52:54.0919 4632 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:52:54.0982 4632 MRxDAV - ok
14:52:55.0029 4632 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:55.0091 4632 mrxsmb - ok
14:52:55.0138 4632 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:55.0153 4632 mrxsmb10 - ok
14:52:55.0169 4632 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:55.0216 4632 mrxsmb20 - ok
14:52:55.0263 4632 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:52:55.0278 4632 msahci - ok
14:52:55.0309 4632 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:52:55.0325 4632 msdsm - ok
14:52:55.0341 4632 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:52:55.0372 4632 MSDTC - ok
14:52:55.0419 4632 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:52:55.0497 4632 Msfs - ok
14:52:55.0528 4632 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:52:55.0575 4632 mshidkmdf - ok
14:52:55.0621 4632 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:52:55.0637 4632 msisadrv - ok
14:52:55.0715 4632 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:52:55.0793 4632 MSiSCSI - ok
14:52:55.0793 4632 msiserver - ok
14:52:55.0840 4632 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:52:55.0887 4632 MSKSSRV - ok
14:52:55.0996 4632 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:52:56.0027 4632 MsMpSvc - ok
14:52:56.0058 4632 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:56.0089 4632 MSPCLOCK - ok
14:52:56.0121 4632 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:52:56.0167 4632 MSPQM - ok
14:52:56.0214 4632 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:52:56.0245 4632 MsRPC - ok
14:52:56.0277 4632 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:52:56.0292 4632 mssmbios - ok
14:52:56.0355 4632 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:52:56.0386 4632 MSTEE - ok
14:52:56.0417 4632 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:52:56.0464 4632 MTConfig - ok
14:52:56.0495 4632 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:52:56.0511 4632 Mup - ok
14:52:56.0573 4632 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:52:56.0636 4632 napagent - ok
14:52:56.0698 4632 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:52:56.0745 4632 NativeWifiP - ok
14:52:56.0823 4632 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:52:56.0885 4632 NDIS - ok
14:52:56.0932 4632 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:52:57.0010 4632 NdisCap - ok
14:52:57.0041 4632 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:57.0119 4632 NdisTapi - ok
14:52:57.0213 4632 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:57.0275 4632 Ndisuio - ok
14:52:57.0306 4632 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:57.0400 4632 NdisWan - ok
14:52:57.0447 4632 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:52:57.0494 4632 NDProxy - ok
14:52:57.0540 4632 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:52:57.0603 4632 NetBIOS - ok
14:52:57.0650 4632 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:52:57.0712 4632 NetBT - ok
14:52:57.0743 4632 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:52:57.0759 4632 Netlogon - ok
14:52:57.0790 4632 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:52:57.0837 4632 Netman - ok
14:52:57.0868 4632 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:52:57.0930 4632 netprofm - ok
14:52:57.0977 4632 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:57.0993 4632 NetTcpPortSharing - ok
14:52:58.0196 4632 [ E72F4522801FFB8F0456924FB0017BFF ] NETw1v64 C:\Windows\system32\DRIVERS\NETw1v64.sys
14:52:58.0445 4632 NETw1v64 - ok
14:52:58.0648 4632 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
14:52:58.0804 4632 NETw5s64 - ok
14:52:58.0976 4632 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
14:52:59.0163 4632 netw5v64 - ok
14:52:59.0210 4632 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:52:59.0225 4632 nfrd960 - ok
14:52:59.0303 4632 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:52:59.0334 4632 NisDrv - ok
14:52:59.0397 4632 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:52:59.0428 4632 NisSrv - ok
14:52:59.0475 4632 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:52:59.0522 4632 NlaSvc - ok
14:52:59.0553 4632 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:52:59.0615 4632 Npfs - ok
14:52:59.0646 4632 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:52:59.0709 4632 nsi - ok
14:52:59.0709 4632 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:52:59.0756 4632 nsiproxy - ok
14:52:59.0834 4632 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:52:59.0912 4632 Ntfs - ok
14:52:59.0943 4632 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:52:59.0990 4632 Null - ok
14:53:00.0036 4632 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:53:00.0052 4632 nvraid - ok
14:53:00.0068 4632 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:53:00.0083 4632 nvstor - ok
14:53:00.0114 4632 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:53:00.0130 4632 nv_agp - ok
14:53:00.0161 4632 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:53:00.0208 4632 ohci1394 - ok
14:53:00.0239 4632 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:53:00.0286 4632 p2pimsvc - ok
14:53:00.0302 4632 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:53:00.0317 4632 p2psvc - ok
14:53:00.0348 4632 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:53:00.0364 4632 Parport - ok
14:53:00.0411 4632 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:53:00.0426 4632 partmgr - ok
14:53:00.0458 4632 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:53:00.0504 4632 PcaSvc - ok
14:53:00.0536 4632 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:53:00.0551 4632 pci - ok
14:53:00.0567 4632 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:53:00.0582 4632 pciide - ok
14:53:00.0598 4632 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:53:00.0614 4632 pcmcia - ok
14:53:00.0629 4632 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:53:00.0645 4632 pcw - ok
14:53:00.0676 4632 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:53:00.0754 4632 PEAUTH - ok
14:53:00.0832 4632 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:53:00.0879 4632 PerfHost - ok
14:53:00.0957 4632 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:53:01.0035 4632 pla - ok
14:53:01.0097 4632 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:53:01.0175 4632 PlugPlay - ok
14:53:01.0206 4632 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:53:01.0238 4632 PNRPAutoReg - ok
14:53:01.0269 4632 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:53:01.0284 4632 PNRPsvc - ok
14:53:01.0331 4632 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:53:01.0394 4632 PolicyAgent - ok
14:53:01.0425 4632 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:53:01.0503 4632 Power - ok
14:53:01.0550 4632 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:53:01.0596 4632 PptpMiniport - ok
14:53:01.0612 4632 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:53:01.0659 4632 Processor - ok
14:53:01.0706 4632 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:53:01.0752 4632 ProfSvc - ok
14:53:01.0768 4632 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:53:01.0768 4632 ProtectedStorage - ok
14:53:01.0830 4632 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:53:01.0877 4632 Psched - ok
14:53:01.0955 4632 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:53:01.0986 4632 PxHlpa64 - ok
14:53:02.0033 4632 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:53:02.0127 4632 ql2300 - ok
14:53:02.0142 4632 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:53:02.0158 4632 ql40xx - ok
14:53:02.0189 4632 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:53:02.0220 4632 QWAVE - ok
14:53:02.0236 4632 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:53:02.0283 4632 QWAVEdrv - ok
14:53:02.0314 4632 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:53:02.0392 4632 RasAcd - ok
14:53:02.0439 4632 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:53:02.0486 4632 RasAgileVpn - ok
14:53:02.0517 4632 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:53:02.0579 4632 RasAuto - ok
14:53:02.0626 4632 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:53:02.0657 4632 Rasl2tp - ok
14:53:02.0704 4632 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:53:02.0766 4632 RasMan - ok
14:53:02.0813 4632 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:53:02.0891 4632 RasPppoe - ok
14:53:02.0907 4632 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:53:02.0969 4632 RasSstp - ok
14:53:03.0000 4632 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:53:03.0063 4632 rdbss - ok
14:53:03.0094 4632 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:53:03.0141 4632 rdpbus - ok
14:53:03.0172 4632 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:53:03.0219 4632 RDPCDD - ok
14:53:03.0266 4632 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:53:03.0344 4632 RDPENCDD - ok
14:53:03.0375 4632 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:53:03.0437 4632 RDPREFMP - ok
14:53:03.0500 4632 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:53:03.0562 4632 RdpVideoMiniport - ok
14:53:03.0593 4632 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:53:03.0671 4632 RDPWD - ok
14:53:03.0765 4632 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:53:03.0796 4632 rdyboost - ok
14:53:03.0874 4632 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:53:03.0952 4632 RemoteAccess - ok
14:53:03.0983 4632 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:53:04.0061 4632 RemoteRegistry - ok
14:53:04.0233 4632 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:53:04.0248 4632 RichVideo - ok
14:53:04.0311 4632 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:53:04.0373 4632 RpcEptMapper - ok
14:53:04.0404 4632 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:53:04.0451 4632 RpcLocator - ok
14:53:04.0529 4632 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:53:04.0576 4632 RpcSs - ok
14:53:04.0638 4632 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:53:04.0685 4632 rspndr - ok
14:53:04.0779 4632 [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:53:04.0841 4632 RSUSBSTOR - ok
14:53:04.0919 4632 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:53:05.0013 4632 RTL8167 - ok
14:53:05.0091 4632 RtsUIR - ok
14:53:05.0122 4632 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:53:05.0138 4632 SamSs - ok
14:53:05.0294 4632 [ 78AFA2B244DDF896BF1287B543842452 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
14:53:05.0309 4632 SbieDrv - ok
14:53:05.0434 4632 [ 654A24D71B9E6201A6A29602D3E23490 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
14:53:05.0450 4632 SbieSvc - ok
14:53:05.0496 4632 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:53:05.0512 4632 sbp2port - ok
14:53:05.0543 4632 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:53:05.0590 4632 SCardSvr - ok
14:53:05.0637 4632 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:53:05.0715 4632 scfilter - ok
14:53:05.0824 4632 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:53:05.0902 4632 Schedule - ok
14:53:05.0949 4632 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:53:05.0996 4632 SCPolicySvc - ok
14:53:06.0074 4632 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
14:53:06.0120 4632 sdbus - ok
14:53:06.0198 4632 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:53:06.0292 4632 SDRSVC - ok
14:53:06.0417 4632 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:53:06.0448 4632 SeaPort - ok
14:53:06.0495 4632 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:53:06.0573 4632 secdrv - ok
14:53:06.0604 4632 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:53:06.0682 4632 seclogon - ok
14:53:06.0713 4632 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:53:06.0791 4632 SENS - ok
14:53:06.0854 4632 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:53:06.0932 4632 SensrSvc - ok
14:53:06.0947 4632 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:53:06.0963 4632 Serenum - ok
14:53:06.0978 4632 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:53:07.0010 4632 Serial - ok
14:53:07.0056 4632 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:53:07.0103 4632 sermouse - ok
14:53:07.0150 4632 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:53:07.0212 4632 SessionEnv - ok
14:53:07.0259 4632 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:53:07.0306 4632 sffdisk - ok
14:53:07.0322 4632 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:53:07.0368 4632 sffp_mmc - ok
14:53:07.0384 4632 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:53:07.0431 4632 sffp_sd - ok
14:53:07.0462 4632 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:53:07.0509 4632 sfloppy - ok
14:53:07.0540 4632 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:53:07.0602 4632 SharedAccess - ok
14:53:07.0649 4632 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:53:07.0696 4632 ShellHWDetection - ok
14:53:07.0758 4632 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:53:07.0774 4632 SiSRaid2 - ok
14:53:07.0821 4632 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:53:07.0852 4632 SiSRaid4 - ok
14:53:07.0992 4632 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:53:08.0008 4632 SkypeUpdate - ok
14:53:08.0070 4632 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:53:08.0180 4632 Smb - ok
14:53:08.0242 4632 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:53:08.0289 4632 SNMPTRAP - ok
14:53:08.0304 4632 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:53:08.0320 4632 spldr - ok
14:53:08.0382 4632 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:53:08.0429 4632 Spooler - ok
14:53:08.0554 4632 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:53:08.0710 4632 sppsvc - ok
14:53:08.0772 4632 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:53:08.0850 4632 sppuinotify - ok
14:53:08.0913 4632 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:53:08.0991 4632 srv - ok
14:53:09.0053 4632 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:53:09.0084 4632 srv2 - ok
14:53:09.0147 4632 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:53:09.0209 4632 SrvHsfHDA - ok
14:53:09.0303 4632 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:53:09.0412 4632 SrvHsfV92 - ok
14:53:09.0459 4632 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:53:09.0521 4632 SrvHsfWinac - ok
14:53:09.0584 4632 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:53:09.0599 4632 srvnet - ok
14:53:09.0646 4632 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:53:09.0724 4632 SSDPSRV - ok
14:53:09.0755 4632 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:53:09.0818 4632 SstpSvc - ok
14:53:09.0989 4632 [ 3BD758C56A55930CD6DB89E3DEDCF322 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
14:53:10.0083 4632 STacSV - ok
14:53:10.0145 4632 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:53:10.0176 4632 stexstor - ok
14:53:10.0332 4632 [ A3FB7AD8720D7E02AA0111A6B51C2744 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
14:53:10.0379 4632 STHDA - ok
14:53:10.0520 4632 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:53:10.0566 4632 stisvc - ok
14:53:10.0769 4632 [ 78B58486A5CB4F418D06EA2D6E961DB0 ] SupportSoft RemoteAssist C:\Windows\Downloaded Program Files\CONFLICT.1\ssrc.exe
14:53:10.0800 4632 SupportSoft RemoteAssist - ok
14:53:10.0832 4632 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:53:10.0847 4632 swenum - ok
14:53:10.0972 4632 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:53:11.0019 4632 swprv - ok
14:53:11.0112 4632 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:53:11.0128 4632 SynTP - ok
14:53:11.0362 4632 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:53:11.0471 4632 SysMain - ok
14:53:11.0518 4632 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:53:11.0612 4632 TabletInputService - ok
14:53:11.0627 4632 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:53:11.0721 4632 TapiSrv - ok
14:53:11.0752 4632 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:53:11.0814 4632 TBS - ok
14:53:12.0048 4632 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:53:12.0142 4632 Tcpip - ok
14:53:12.0220 4632 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:53:12.0267 4632 TCPIP6 - ok
14:53:12.0314 4632 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:53:12.0329 4632 tcpipreg - ok
14:53:12.0392 4632 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:53:12.0423 4632 TDPIPE - ok
14:53:12.0485 4632 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:53:12.0516 4632 TDTCP - ok
14:53:12.0610 4632 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:53:12.0704 4632 tdx - ok
14:53:12.0735 4632 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:53:12.0735 4632 TermDD - ok
14:53:13.0109 4632 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:53:13.0187 4632 TermService - ok
14:53:13.0250 4632 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:53:13.0312 4632 Themes - ok
14:53:13.0328 4632 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:53:13.0374 4632 THREADORDER - ok
14:53:13.0406 4632 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:53:13.0452 4632 TrkWks - ok
14:53:13.0530 4632 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:53:13.0655 4632 TrustedInstaller - ok
14:53:13.0686 4632 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:53:13.0749 4632 tssecsrv - ok
14:53:13.0827 4632 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:53:13.0952 4632 TsUsbFlt - ok
14:53:14.0045 4632 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:53:14.0154 4632 tunnel - ok
14:53:14.0186 4632 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:53:14.0201 4632 uagp35 - ok
14:53:14.0264 4632 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:53:14.0357 4632 udfs - ok
14:53:14.0404 4632 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:53:14.0451 4632 UI0Detect - ok
14:53:14.0482 4632 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:53:14.0529 4632 uliagpkx - ok
14:53:14.0591 4632 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:53:14.0607 4632 umbus - ok
14:53:14.0638 4632 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:53:14.0716 4632 UmPass - ok
14:53:14.0778 4632 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:53:14.0856 4632 upnphost - ok
14:53:14.0919 4632 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:53:14.0966 4632 usbccgp - ok
14:53:14.0997 4632 USBCCID - ok
14:53:15.0059 4632 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:53:15.0090 4632 usbcir - ok
14:53:15.0137 4632 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:53:15.0184 4632 usbehci - ok
14:53:15.0246 4632 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:53:15.0293 4632 usbhub - ok
14:53:15.0371 4632 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:53:15.0387 4632 usbohci - ok
14:53:15.0449 4632 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:53:15.0496 4632 usbprint - ok
14:53:15.0543 4632 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:53:15.0621 4632 USBSTOR - ok
14:53:15.0683 4632 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:53:15.0714 4632 usbuhci - ok
14:53:15.0761 4632 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:53:15.0824 4632 usbvideo - ok
14:53:15.0855 4632 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:53:15.0933 4632 UxSms - ok
14:53:15.0948 4632 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:53:15.0964 4632 VaultSvc - ok
14:53:16.0026 4632 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:53:16.0058 4632 vdrvroot - ok
14:53:16.0198 4632 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:53:16.0338 4632 vds - ok
14:53:16.0416 4632 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:53:16.0479 4632 vga - ok
14:53:16.0510 4632 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:53:16.0572 4632 VgaSave - ok
14:53:16.0650 4632 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:53:16.0666 4632 vhdmp - ok
14:53:16.0713 4632 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:53:16.0728 4632 viaide - ok
14:53:16.0744 4632 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:53:16.0760 4632 volmgr - ok
14:53:16.0838 4632 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:53:16.0884 4632 volmgrx - ok
14:53:16.0947 4632 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:53:16.0978 4632 volsnap - ok
14:53:17.0040 4632 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:53:17.0056 4632 vsmraid - ok
14:53:17.0212 4632 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:53:17.0306 4632 VSS - ok
14:53:17.0368 4632 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:53:17.0415 4632 vwifibus - ok
14:53:17.0462 4632 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:53:17.0493 4632 vwififlt - ok
14:53:17.0555 4632 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:53:17.0586 4632 vwifimp - ok
14:53:17.0633 4632 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:53:17.0711 4632 W32Time - ok
14:53:17.0727 4632 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:53:17.0789 4632 WacomPen - ok
14:53:17.0836 4632 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:53:17.0914 4632 WANARP - ok
14:53:17.0930 4632 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:53:17.0961 4632 Wanarpv6 - ok
14:53:18.0054 4632 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:53:18.0117 4632 WatAdminSvc - ok
14:53:18.0257 4632 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:53:18.0398 4632 wbengine - ok
14:53:18.0413 4632 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:53:18.0476 4632 WbioSrvc - ok
14:53:18.0616 4632 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:53:18.0678 4632 wcncsvc - ok
14:53:18.0710 4632 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:53:18.0788 4632 WcsPlugInService - ok
14:53:18.0819 4632 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:53:18.0834 4632 Wd - ok
14:53:18.0912 4632 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:53:18.0975 4632 Wdf01000 - ok
14:53:18.0990 4632 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:53:19.0068 4632 WdiServiceHost - ok
14:53:19.0084 4632 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:53:19.0100 4632 WdiSystemHost - ok
14:53:19.0178 4632 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:53:19.0224 4632 WebClient - ok
14:53:19.0271 4632 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:53:19.0334 4632 Wecsvc - ok
14:53:19.0349 4632 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:53:19.0396 4632 wercplsupport - ok
14:53:19.0443 4632 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:53:19.0521 4632 WerSvc - ok
14:53:19.0568 4632 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:53:19.0599 4632 WfpLwf - ok
14:53:19.0614 4632 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:53:19.0630 4632 WIMMount - ok
14:53:19.0646 4632 WinDefend - ok
14:53:19.0677 4632 WinHttpAutoProxySvc - ok
14:53:19.0739 4632 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:53:19.0786 4632 Winmgmt - ok
14:53:19.0880 4632 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:53:19.0973 4632 WinRM - ok
14:53:20.0051 4632 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:53:20.0067 4632 WinUsb - ok
14:53:20.0129 4632 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:53:20.0176 4632 Wlansvc - ok
14:53:20.0192 4632 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:53:20.0223 4632 WmiAcpi - ok
14:53:20.0254 4632 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:53:20.0301 4632 wmiApSrv - ok
14:53:20.0332 4632 WMPNetworkSvc - ok
14:53:20.0348 4632 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:53:20.0379 4632 WPCSvc - ok
14:53:20.0410 4632 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:53:20.0426 4632 WPDBusEnum - ok
14:53:20.0441 4632 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:53:20.0504 4632 ws2ifsl - ok
14:53:20.0550 4632 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:53:20.0597 4632 wscsvc - ok
14:53:20.0597 4632 WSearch - ok
14:53:20.0706 4632 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:53:20.0753 4632 wuauserv - ok
14:53:20.0800 4632 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:53:20.0878 4632 WudfPf - ok
14:53:20.0940 4632 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:53:20.0987 4632 WUDFRd - ok
14:53:21.0018 4632 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:53:21.0065 4632 wudfsvc - ok
14:53:21.0128 4632 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
14:53:21.0206 4632 WwanSvc - ok
14:53:21.0268 4632 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
14:53:21.0330 4632 yukonw7 - ok
14:53:21.0346 4632 ================ Scan global ===============================
14:53:21.0377 4632 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:53:21.0424 4632 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:53:21.0455 4632 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:53:21.0486 4632 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:53:21.0502 4632 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:53:21.0502 4632 [Global] - ok
14:53:21.0502 4632 ================ Scan MBR ==================================
14:53:21.0518 4632 [ 0B1DADF37E478804CB22509CF36F5B47 ] \Device\Harddisk0\DR0
14:53:21.0783 4632 \Device\Harddisk0\DR0 - ok
14:53:21.0783 4632 ================ Scan VBR ==================================
14:53:21.0783 4632 [ 054939AFC10045C580B5C7FCAF7F10EF ] \Device\Harddisk0\DR0\Partition1
14:53:21.0783 4632 \Device\Harddisk0\DR0\Partition1 - ok
14:53:21.0814 4632 [ DDA5BF71C2EC796530FB0B9EDC853476 ] \Device\Harddisk0\DR0\Partition2
14:53:21.0814 4632 \Device\Harddisk0\DR0\Partition2 - ok
14:53:21.0845 4632 [ 4435A52D04420A15D3DA17B90EE01B42 ] \Device\Harddisk0\DR0\Partition3
14:53:21.0845 4632 \Device\Harddisk0\DR0\Partition3 - ok
14:53:21.0845 4632 ================ Scan active images ========================
14:53:21.0861 4632 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
14:53:21.0861 4632 C:\Windows\System32\drivers\crashdmp.sys - ok
14:53:21.0861 4632 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
14:53:21.0861 4632 C:\Windows\System32\drivers\Dumpata.sys - ok
14:53:21.0861 4632 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] C:\Windows\System32\drivers\msahci.sys
14:53:21.0861 4632 C:\Windows\System32\drivers\msahci.sys - ok
14:53:21.0876 4632 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
14:53:21.0876 4632 C:\Windows\System32\drivers\dumpfve.sys - ok
14:53:21.0876 4632 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
14:53:21.0876 4632 C:\Windows\System32\drivers\cdrom.sys - ok
14:53:21.0892 4632 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
14:53:21.0892 4632 C:\Windows\System32\drivers\null.sys - ok
14:53:21.0892 4632 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
14:53:21.0892 4632 C:\Windows\System32\drivers\beep.sys - ok
14:53:21.0908 4632 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
14:53:21.0908 4632 C:\Windows\System32\drivers\RDPCDD.sys - ok
14:53:21.0908 4632 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
14:53:21.0908 4632 C:\Windows\System32\drivers\RDPENCDD.sys - ok
14:53:21.0923 4632 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
14:53:21.0923 4632 C:\Windows\System32\drivers\vga.sys - ok
14:53:21.0923 4632 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
14:53:21.0923 4632 C:\Windows\System32\drivers\videoprt.sys - ok
14:53:21.0923 4632 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
14:53:21.0923 4632 C:\Windows\System32\drivers\watchdog.sys - ok
14:53:21.0939 4632 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
14:53:21.0939 4632 C:\Windows\System32\drivers\msfs.sys - ok
14:53:21.0939 4632 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
14:53:21.0939 4632 C:\Windows\System32\drivers\npfs.sys - ok
14:53:21.0954 4632 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
14:53:21.0954 4632 C:\Windows\System32\drivers\RDPREFMP.sys - ok
14:53:21.0954 4632 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
14:53:21.0954 4632 C:\Windows\System32\drivers\tdi.sys - ok
14:53:21.0954 4632 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
14:53:21.0954 4632 C:\Windows\System32\drivers\tdx.sys - ok
14:53:21.0970 4632 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
14:53:21.0970 4632 C:\Windows\System32\drivers\afd.sys - ok
14:53:21.0970 4632 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
14:53:21.0970 4632 C:\Windows\System32\drivers\netbt.sys - ok
14:53:21.0970 4632 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
14:53:21.0970 4632 C:\Windows\System32\drivers\wfplwf.sys - ok
14:53:21.0986 4632 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
14:53:21.0986 4632 C:\Windows\System32\drivers\netbios.sys - ok
14:53:21.0986 4632 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
14:53:21.0986 4632 C:\Windows\System32\drivers\pacer.sys - ok
14:53:21.0986 4632 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
14:53:21.0986 4632 C:\Windows\System32\drivers\vwififlt.sys - ok
14:53:22.0001 4632 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] C:\Windows\System32\drivers\serial.sys
14:53:22.0001 4632 C:\Windows\System32\drivers\serial.sys - ok
14:53:22.0001 4632 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
14:53:22.0001 4632 C:\Windows\System32\drivers\termdd.sys - ok
14:53:22.0001 4632 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
14:53:22.0001 4632 C:\Windows\System32\drivers\wanarp.sys - ok
14:53:22.0017 4632 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
14:53:22.0017 4632 C:\Windows\System32\drivers\mssmbios.sys - ok
14:53:22.0017 4632 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
14:53:22.0017 4632 C:\Windows\System32\drivers\nsiproxy.sys - ok
14:53:22.0017 4632 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
14:53:22.0017 4632 C:\Windows\System32\drivers\rdbss.sys - ok
14:53:22.0032 4632 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
14:53:22.0032 4632 C:\Windows\System32\drivers\dfsc.sys - ok
14:53:22.0032 4632 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
14:53:22.0032 4632 C:\Windows\System32\drivers\discache.sys - ok
14:53:22.0032 4632 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
14:53:22.0032 4632 C:\Windows\System32\drivers\blbdrive.sys - ok
14:53:22.0048 4632 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
14:53:22.0048 4632 C:\Windows\System32\drivers\CmBatt.sys - ok
14:53:22.0048 4632 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
14:53:22.0048 4632 C:\Windows\System32\drivers\intelppm.sys - ok
14:53:22.0048 4632 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
14:53:22.0048 4632 C:\Windows\System32\drivers\tunnel.sys - ok
14:53:22.0064 4632 [ F0371DE302FFFF8F086661611BE60848 ] C:\Windows\System32\smss.exe
14:53:22.0064 4632 C:\Windows\System32\smss.exe - ok
14:53:22.0064 4632 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
14:53:22.0064 4632 C:\Windows\System32\ntdll.dll - ok
14:53:22.0064 4632 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] C:\Windows\System32\drivers\igdkmd64.sys
14:53:22.0064 4632 C:\Windows\System32\drivers\igdkmd64.sys - ok
14:53:22.0079 4632 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
14:53:22.0079 4632 C:\Windows\System32\autochk.exe - ok
14:53:22.0079 4632 [ AF2E16242AA723F68F461B6EAE2EAD3D ] C:\Windows\System32\drivers\dxgkrnl.sys
14:53:22.0079 4632 C:\Windows\System32\drivers\dxgkrnl.sys - ok
14:53:22.0079 4632 [ 1F04CFB79DD5FB7694468CE3FB3DCC31 ] C:\Windows\System32\drivers\dxgmms1.sys
14:53:22.0079 4632 C:\Windows\System32\drivers\dxgmms1.sys - ok
14:53:22.0095 4632 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
14:53:22.0095 4632 C:\Windows\System32\drivers\usbport.sys - ok
14:53:22.0095 4632 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] C:\Windows\System32\drivers\usbuhci.sys
14:53:22.0095 4632 C:\Windows\System32\drivers\usbuhci.sys - ok
14:53:22.0095 4632 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
14:53:22.0095 4632 C:\Windows\System32\drivers\hdaudbus.sys - ok
14:53:22.0110 4632 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
14:53:22.0110 4632 C:\Windows\System32\drivers\usbehci.sys - ok
14:53:22.0110 4632 [ 39EDE676D17F37AF4573C2B33EC28ACA ] C:\Windows\System32\drivers\NETw5s64.sys
14:53:22.0110 4632 C:\Windows\System32\drivers\NETw5s64.sys - ok
14:53:22.0110 4632 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
14:53:22.0110 4632 C:\Windows\System32\drivers\vwifibus.sys - ok
14:53:22.0126 4632 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
14:53:22.0126 4632 C:\Windows\System32\setupapi.dll - ok
14:53:22.0126 4632 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] C:\Windows\System32\drivers\Rt64win7.sys
14:53:22.0126 4632 C:\Windows\System32\drivers\Rt64win7.sys - ok
14:53:22.0126 4632 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
14:53:22.0126 4632 C:\Windows\System32\drivers\i8042prt.sys - ok
14:53:22.0142 4632 [ 9AF482D058BE59CC28BCE52E7C4B747C ] C:\Windows\System32\drivers\HpqKbFiltr.sys
14:53:22.0142 4632 C:\Windows\System32\drivers\HpqKbFiltr.sys - ok
14:53:22.0142 4632 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
14:53:22.0142 4632 C:\Windows\System32\drivers\kbdclass.sys - ok
14:53:22.0142 4632 [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
14:53:22.0142 4632 C:\Windows\System32\usp10.dll - ok
14:53:22.0157 4632 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
14:53:22.0157 4632 C:\Windows\System32\drivers\usbd.sys - ok
14:53:22.0157 4632 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] C:\Windows\System32\drivers\SynTP.sys
14:53:22.0157 4632 C:\Windows\System32\drivers\SynTP.sys - ok
14:53:22.0157 4632 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
14:53:22.0157 4632 C:\Windows\System32\drivers\mouclass.sys - ok
14:53:22.0173 4632 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
14:53:22.0173 4632 C:\Windows\System32\drivers\agilevpn.sys - ok
14:53:22.0173 4632 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
14:53:22.0173 4632 C:\Windows\System32\drivers\CompositeBus.sys - ok
14:53:22.0188 4632 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
14:53:22.0188 4632 C:\Windows\System32\drivers\rasl2tp.sys - ok
14:53:22.0188 4632 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
14:53:22.0188 4632 C:\Windows\System32\drivers\wmiacpi.sys - ok
14:53:22.0188 4632 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
14:53:22.0188 4632 C:\Windows\System32\drivers\ndistapi.sys - ok
14:53:22.0204 4632 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
14:53:22.0204 4632 C:\Windows\System32\drivers\ndiswan.sys - ok
14:53:22.0204 4632 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
14:53:22.0204 4632 C:\Windows\System32\drivers\raspppoe.sys - ok
14:53:22.0204 4632 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
14:53:22.0204 4632 C:\Windows\System32\drivers\raspptp.sys - ok
14:53:22.0220 4632 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
14:53:22.0220 4632 C:\Windows\System32\drivers\rassstp.sys - ok
14:53:22.0220 4632 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
14:53:22.0220 4632 C:\Windows\System32\drivers\ks.sys - ok
14:53:22.0220 4632 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
14:53:22.0220 4632 C:\Windows\System32\drivers\swenum.sys - ok
14:53:22.0235 4632 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
14:53:22.0235 4632 C:\Windows\System32\drivers\umbus.sys - ok
14:53:22.0235 4632 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
14:53:22.0235 4632 C:\Windows\System32\imm32.dll - ok
14:53:22.0235 4632 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
14:53:22.0235 4632 C:\Windows\System32\sechost.dll - ok
14:53:22.0251 4632 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
14:53:22.0251 4632 C:\Windows\System32\msctf.dll - ok
14:53:22.0251 4632 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
14:53:22.0251 4632 C:\Windows\System32\drivers\usbhub.sys - ok
14:53:22.0251 4632 [ 792685A9538424CC1F3FA6A816FE147C ] C:\Windows\System32\urlmon.dll
14:53:22.0251 4632 C:\Windows\System32\urlmon.dll - ok
14:53:22.0266 4632 [ 9E0D8010D7368856617D3FE0FA5DA58F ] C:\Windows\System32\iertutil.dll
14:53:22.0266 4632 C:\Windows\System32\iertutil.dll - ok
14:53:22.0266 4632 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
14:53:22.0266 4632 C:\Windows\System32\difxapi.dll - ok
14:53:22.0266 4632 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
14:53:22.0266 4632 C:\Windows\System32\normaliz.dll - ok
14:53:22.0266 4632 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
14:53:22.0266 4632 C:\Windows\System32\psapi.dll - ok
14:53:22.0282 4632 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
14:53:22.0282 4632 C:\Windows\System32\shlwapi.dll - ok
14:53:22.0282 4632 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
14:53:22.0282 4632 C:\Windows\System32\rpcrt4.dll - ok
14:53:22.0282 4632 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
14:53:22.0282 4632 C:\Windows\System32\advapi32.dll - ok
14:53:22.0298 4632 [ FAF6EC2460AD5FBBD38D8E1AE28B0D77 ] C:\Windows\System32\wininet.dll
14:53:22.0298 4632 C:\Windows\System32\wininet.dll - ok
14:53:22.0298 4632 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
14:53:22.0298 4632 C:\Windows\System32\ole32.dll - ok
14:53:22.0313 4632 [ 1BFC94665BCA35F9001ADC7BFB167C63 ] C:\Windows\System32\shell32.dll
14:53:22.0313 4632 C:\Windows\System32\shell32.dll - ok
14:53:22.0313 4632 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
14:53:22.0313 4632 C:\Windows\System32\drivers\ndproxy.sys - ok
14:53:22.0313 4632 [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
14:53:22.0313 4632 C:\Windows\System32\kernel32.dll - ok
14:53:22.0329 4632 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
14:53:22.0329 4632 C:\Windows\System32\drivers\drmk.sys - ok
14:53:22.0329 4632 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
14:53:22.0329 4632 C:\Windows\System32\drivers\portcls.sys - ok
14:53:22.0329 4632 [ A3FB7AD8720D7E02AA0111A6B51C2744 ] C:\Windows\System32\drivers\stwrt64.sys
14:53:22.0329 4632 C:\Windows\System32\drivers\stwrt64.sys - ok
14:53:22.0344 4632 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
14:53:22.0344 4632 C:\Windows\System32\drivers\ksthunk.sys - ok
14:53:22.0344 4632 [ AF4748EF93416159459769A24A0053AF ] C:\Windows\System32\drivers\agrsm64.sys
14:53:22.0344 4632 C:\Windows\System32\drivers\agrsm64.sys - ok
14:53:22.0344 4632 [ 800BA92F7010378B09F9ED9270F07137 ] C:\Windows\System32\drivers\modem.sys
14:53:22.0344 4632 C:\Windows\System32\drivers\modem.sys - ok
14:53:22.0360 4632 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] C:\Windows\System32\drivers\IntcHdmi.sys
14:53:22.0360 4632 C:\Windows\System32\drivers\IntcHdmi.sys - ok
14:53:22.0360 4632 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
14:53:22.0360 4632 C:\Windows\System32\lpk.dll - ok
14:53:22.0360 4632 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
14:53:22.0360 4632 C:\Windows\System32\oleaut32.dll - ok
14:53:22.0376 4632 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
14:53:22.0376 4632 C:\Windows\System32\imagehlp.dll - ok
14:53:22.0376 4632 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
14:53:22.0376 4632 C:\Windows\System32\user32.dll - ok
14:53:22.0376 4632 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
14:53:22.0376 4632 C:\Windows\System32\gdi32.dll - ok
14:53:22.0391 4632 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
14:53:22.0391 4632 C:\Windows\System32\Wldap32.dll - ok
14:53:22.0391 4632 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
14:53:22.0391 4632 C:\Windows\System32\comdlg32.dll - ok
14:53:22.0391 4632 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
14:53:22.0391 4632 C:\Windows\System32\nsi.dll - ok
14:53:22.0407 4632 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
14:53:22.0407 4632 C:\Windows\System32\msvcrt.dll - ok
14:53:22.0407 4632 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
14:53:22.0407 4632 C:\Windows\System32\clbcatq.dll - ok
14:53:22.0407 4632 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
14:53:22.0407 4632 C:\Windows\System32\ws2_32.dll - ok
14:53:22.0422 4632 [ 0E6FBF19D9DFBB77316C23DF91F8A101 ] C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
14:53:22.0422 4632 C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
14:53:22.0422 4632 [ 72723D3E4781BADC62C3180C137E7B23 ] C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
14:53:22.0422 4632 C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - ok
14:53:22.0422 4632 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
14:53:22.0422 4632 C:\Windows\System32\comctl32.dll - ok
14:53:22.0438 4632 [ 64A4AB126E24FD3F58EBE64852773DB5 ] C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
14:53:22.0438 4632 C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
14:53:22.0438 4632 [ AFC3DB5C6EB8CA8017DDB81D6C0AD02A ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
14:53:22.0438 4632 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
14:53:22.0438 4632 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
14:53:22.0438 4632 C:\Windows\System32\devobj.dll - ok
14:53:22.0454 4632 [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
14:53:22.0454 4632 C:\Windows\System32\KernelBase.dll - ok
14:53:22.0454 4632 [ A96D5ECA5742603E0E345C4F6B801F5E ] C:\Windows\System32\crypt32.dll
14:53:22.0454 4632 C:\Windows\System32\crypt32.dll - ok
14:53:22.0454 4632 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
14:53:22.0454 4632 C:\Windows\System32\wintrust.dll - ok
14:53:22.0469 4632 [ F49E92B50CED5C9F1725D3C0329FD933 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
14:53:22.0469 4632 C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
14:53:22.0469 4632 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
14:53:22.0469 4632 C:\Windows\System32\cfgmgr32.dll - ok
14:53:22.0469 4632 [ 9094039A00485F71C4DE64BF51F64C46 ] C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
14:53:22.0469 4632 C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - ok
14:53:22.0485 4632 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
14:53:22.0485 4632 C:\Windows\System32\msasn1.dll - ok
14:53:22.0485 4632 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
14:53:22.0485 4632 C:\Windows\SysWOW64\normaliz.dll - ok
14:53:22.0485 4632 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
14:53:22.0485 4632 C:\Windows\System32\drivers\dxapi.sys - ok
14:53:22.0500 4632 [ 73601028E7C44154318AE91D2EB2EDB3 ] C:\Windows\System32\win32k.sys
14:53:22.0500 4632 C:\Windows\System32\win32k.sys - ok
14:53:22.0500 4632 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
14:53:22.0500 4632 C:\Windows\System32\drivers\usbccgp.sys - ok
14:53:22.0500 4632 [ CEC1EDF4022DC4DCA40384DCEC672B0E ] C:\Windows\System32\csrsrv.dll
14:53:22.0500 4632 C:\Windows\System32\csrsrv.dll - ok
14:53:22.0516 4632 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
14:53:22.0516 4632 C:\Windows\System32\csrss.exe - ok
14:53:22.0516 4632 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
14:53:22.0516 4632 C:\Windows\System32\basesrv.dll - ok
14:53:22.0516 4632 [ 454800C2BC7F3927CE030141EE4F4C50 ] C:\Windows\System32\drivers\usbvideo.sys
14:53:22.0516 4632 C:\Windows\System32\drivers\usbvideo.sys - ok
14:53:22.0532 4632 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
14:53:22.0532 4632 C:\Windows\System32\winsrv.dll - ok
14:53:22.0532 4632 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
14:53:22.0532 4632 C:\Windows\System32\drivers\monitor.sys - ok
14:53:22.0532 4632 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
14:53:22.0532 4632 C:\Windows\System32\sxssrv.dll - ok
14:53:22.0547 4632 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
14:53:22.0547 4632 C:\Windows\System32\tsddd.dll - ok
14:53:22.0547 4632 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
14:53:22.0547 4632 C:\Windows\System32\wininit.exe - ok
14:53:22.0547 4632 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
14:53:22.0547 4632 C:\Windows\System32\profapi.dll - ok
14:53:22.0563 4632 [ 943F527DF79E6B400104341AA7023C75 ] C:\Windows\System32\cdd.dll
14:53:22.0563 4632 C:\Windows\System32\cdd.dll - ok
14:53:22.0563 4632 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
14:53:22.0563 4632 C:\Windows\System32\KBDUS.DLL - ok
14:53:22.0563 4632 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
14:53:22.0563 4632 C:\Windows\System32\RpcRtRemote.dll - ok
14:53:22.0578 4632 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
14:53:22.0578 4632 C:\Windows\System32\WlS0WndH.dll - ok
14:53:22.0578 4632 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
14:53:22.0578 4632 C:\Windows\System32\sxs.dll - ok
14:53:22.0578 4632 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
14:53:22.0578 4632 C:\Windows\System32\cryptbase.dll - ok
14:53:22.0594 4632 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
14:53:22.0594 4632 C:\Windows\System32\apphelp.dll - ok
14:53:22.0594 4632 [ 685527DA09EBFB681E98C515978BDEE2 ] C:\Windows\System32\lsasrv.dll
14:53:22.0594 4632 C:\Windows\System32\lsasrv.dll - ok
14:53:22.0594 4632 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
14:53:22.0594 4632 C:\Windows\System32\lsass.exe - ok
14:53:22.0610 4632 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
14:53:22.0610 4632 C:\Windows\System32\lsm.exe - ok
14:53:22.0610 4632 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
14:53:22.0610 4632 C:\Windows\System32\services.exe - ok
14:53:22.0610 4632 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
14:53:22.0610 4632 C:\Windows\System32\sspicli.dll - ok
14:53:22.0625 4632 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
14:53:22.0625 4632 C:\Windows\System32\sspisrv.dll - ok
14:53:22.0625 4632 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
14:53:22.0625 4632 C:\Windows\System32\samsrv.dll - ok
14:53:22.0625 4632 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
14:53:22.0625 4632 C:\Windows\System32\scesrv.dll - ok
14:53:22.0641 4632 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
14:53:22.0641 4632 C:\Windows\System32\scext.dll - ok
14:53:22.0641 4632 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
14:53:22.0641 4632 C:\Windows\System32\secur32.dll - ok
14:53:22.0641 4632 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
14:53:22.0641 4632 C:\Windows\System32\sysntfy.dll - ok
14:53:22.0656 4632 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
14:53:22.0656 4632 C:\Windows\System32\wmsgapi.dll - ok
14:53:22.0656 4632 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
14:53:22.0656 4632 C:\Windows\System32\cryptdll.dll - ok
14:53:22.0656 4632 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
14:53:22.0656 4632 C:\Windows\System32\srvcli.dll - ok
14:53:22.0672 4632 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
14:53:22.0672 4632 C:\Windows\System32\wevtapi.dll - ok
14:53:22.0672 4632 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
14:53:22.0672 4632 C:\Windows\System32\authz.dll - ok
14:53:22.0672 4632 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
14:53:22.0672 4632 C:\Windows\System32\cngaudit.dll - ok
14:53:22.0688 4632 [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
14:53:22.0688 4632 C:\Windows\System32\ncrypt.dll - ok
14:53:22.0688 4632 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
14:53:22.0688 4632 C:\Windows\System32\bcrypt.dll - ok
14:53:22.0688 4632 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
14:53:22.0688 4632 C:\Windows\System32\msprivs.dll - ok
14:53:22.0703 4632 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
14:53:22.0703 4632 C:\Windows\System32\netjoin.dll - ok
14:53:22.0703 4632 [ CB2ABB2DA1E9C977302A78D86D4AE3B0 ] C:\Windows\System32\atmfd.dll
14:53:22.0703 4632 C:\Windows\System32\atmfd.dll - ok
14:53:22.0703 4632 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
14:53:22.0703 4632 C:\Windows\System32\negoexts.dll - ok
14:53:22.0719 4632 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
14:53:22.0719 4632 C:\Windows\System32\kerberos.dll - ok
14:53:22.0719 4632 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
14:53:22.0719 4632 C:\Windows\System32\cryptsp.dll - ok
14:53:22.0719 4632 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
14:53:22.0719 4632 C:\Windows\System32\mswsock.dll - ok
14:53:22.0734 4632 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
14:53:22.0734 4632 C:\Windows\System32\msv1_0.dll - ok
14:53:22.0734 4632 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
14:53:22.0734 4632 C:\Windows\System32\wship6.dll - ok
14:53:22.0734 4632 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
14:53:22.0734 4632 C:\Windows\System32\netlogon.dll - ok
14:53:22.0750 4632 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
14:53:22.0750 4632 C:\Windows\System32\dnsapi.dll - ok
14:53:22.0750 4632 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
14:53:22.0750 4632 C:\Windows\System32\logoncli.dll - ok
14:53:22.0750 4632 [ B7D42CB36C08FA017E73FF2433CD7287 ] C:\Windows\System32\schannel.dll
14:53:22.0750 4632 C:\Windows\System32\schannel.dll - ok
14:53:22.0766 4632 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
14:53:22.0766 4632 C:\Windows\System32\wdigest.dll - ok
14:53:22.0766 4632 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
14:53:22.0766 4632 C:\Windows\System32\rsaenh.dll - ok
14:53:22.0766 4632 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
14:53:22.0766 4632 C:\Windows\System32\TSpkg.dll - ok
14:53:22.0781 4632 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
14:53:22.0781 4632 C:\Windows\System32\pku2u.dll - ok
14:53:22.0781 4632 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
14:53:22.0781 4632 C:\Windows\System32\bcryptprimitives.dll - ok
14:53:22.0781 4632 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
14:53:22.0781 4632 C:\Windows\System32\credssp.dll - ok
14:53:22.0797 4632 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
14:53:22.0797 4632 C:\Windows\System32\efslsaext.dll - ok
14:53:22.0797 4632 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
14:53:22.0797 4632 C:\Windows\System32\scecli.dll - ok
14:53:22.0797 4632 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
14:53:22.0797 4632 C:\Windows\System32\ubpm.dll - ok
14:53:22.0812 4632 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
14:53:22.0812 4632 C:\Windows\System32\winsta.dll - ok
14:53:22.0812 4632 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
14:53:22.0812 4632 C:\Windows\System32\svchost.exe - ok
14:53:22.0812 4632 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
14:53:22.0812 4632 C:\Windows\System32\umpnpmgr.dll - ok
14:53:22.0828 4632 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
14:53:22.0828 4632 C:\Windows\System32\SPInf.dll - ok
14:53:22.0828 4632 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
14:53:22.0828 4632 C:\Windows\System32\devrtl.dll - ok
14:53:22.0828 4632 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
14:53:22.0828 4632 C:\Windows\System32\userenv.dll - ok
14:53:22.0844 4632 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
14:53:22.0844 4632 C:\Windows\System32\gpapi.dll - ok
14:53:22.0844 4632 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
14:53:22.0844 4632 C:\Windows\System32\umpo.dll - ok
14:53:22.0844 4632 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
14:53:22.0844 4632 C:\Windows\System32\pcwum.dll - ok
14:53:22.0859 4632 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
14:53:22.0859 4632 C:\Windows\System32\powrprof.dll - ok
14:53:22.0859 4632 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
14:53:22.0859 4632 C:\Windows\System32\drivers\luafv.sys - ok
14:53:22.0859 4632 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
14:53:22.0859 4632 C:\Windows\System32\rpcss.dll - ok
14:53:22.0875 4632 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
14:53:22.0875 4632 C:\Windows\System32\RpcEpMap.dll - ok
14:53:22.0875 4632 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
14:53:22.0875 4632 C:\Windows\System32\wshqos.dll - ok
14:53:22.0875 4632 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
14:53:22.0875 4632 C:\Windows\System32\WSHTCPIP.DLL - ok
14:53:22.0890 4632 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
14:53:22.0890 4632 C:\Windows\System32\winlogon.exe - ok
14:53:22.0890 4632 [ E07DEC52FF801841BA9B6878A60304FB ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:53:22.0890 4632 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
14:53:22.0890 4632 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
14:53:22.0890 4632 C:\Windows\System32\FirewallAPI.dll - ok
14:53:22.0906 4632 [ 905601FFF40D8DA9FA82CBE77D1F5EB1 ] C:\Program Files\Microsoft Security Client\MpSvc.dll
14:53:22.0906 4632 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
14:53:22.0906 4632 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
14:53:22.0906 4632 C:\Windows\System32\LogonUI.exe - ok
14:53:22.0906 4632 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
14:53:22.0906 4632 C:\Windows\System32\version.dll - ok
14:53:22.0922 4632 [ 2D4230F2F1D204A523998DF93F9DF066 ] C:\Program Files\Microsoft Security Client\MpClient.dll
14:53:22.0922 4632 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
14:53:22.0922 4632 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
14:53:22.0922 4632 C:\Windows\System32\wtsapi32.dll - ok
14:53:22.0922 4632 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
14:53:22.0922 4632 C:\Windows\System32\ntmarta.dll - ok
14:53:22.0937 4632 [ 3EF480BFED1B5947A32585E30A58D4ED ] C:\Windows\System32\authui.dll
14:53:22.0937 4632 C:\Windows\System32\authui.dll - ok
14:53:22.0937 4632 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
14:53:22.0937 4632 C:\Windows\System32\cryptui.dll - ok
14:53:22.0937 4632 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
14:53:22.0937 4632 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
14:53:22.0953 4632 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
14:53:22.0953 4632 C:\Windows\System32\samlib.dll - ok
14:53:22.0953 4632 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
14:53:22.0953 4632 C:\Windows\System32\shacct.dll - ok
14:53:22.0953 4632 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
14:53:22.0953 4632 C:\Windows\System32\propsys.dll - ok
14:53:22.0968 4632 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
14:53:22.0968 4632 C:\Windows\System32\uxtheme.dll - ok
14:53:22.0968 4632 [ 18CAAF21CBA3EAEE17BBA5D3807F29B8 ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_2b25b14c71ebf230\GdiPlus.dll
14:53:22.0968 4632 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_2b25b14c71ebf230\GdiPlus.dll - ok
14:53:22.0968 4632 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
14:53:22.0968 4632 C:\Windows\System32\dui70.dll - ok
14:53:22.0984 4632 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
14:53:22.0984 4632 C:\Windows\System32\duser.dll - ok
14:53:22.0984 4632 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
14:53:22.0984 4632 C:\Windows\System32\SndVolSSO.dll - ok
14:53:22.0984 4632 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
14:53:22.0984 4632 C:\Windows\System32\hid.dll - ok
14:53:23.0000 4632 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
14:53:23.0000 4632 C:\Windows\System32\MMDevAPI.dll - ok
14:53:23.0000 4632 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
14:53:23.0000 4632 C:\Windows\System32\dwmapi.dll - ok
14:53:23.0000 4632 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
14:53:23.0000 4632 C:\Windows\System32\xmllite.dll - ok
14:53:23.0015 4632 [ 3D7BB6DD7A87B3E36E44CA94444247A8 ] C:\Windows\System32\WindowsCodecs.dll
14:53:23.0015 4632 C:\Windows\System32\WindowsCodecs.dll - ok
14:53:23.0015 4632 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
14:53:23.0015 4632 C:\Windows\System32\winbrand.dll - ok
14:53:23.0031 4632 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
14:53:23.0031 4632 C:\Windows\System32\VaultCredProvider.dll - ok
14:53:23.0031 4632 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
14:53:23.0031 4632 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
14:53:23.0031 4632 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
14:53:23.0031 4632 C:\Windows\System32\BioCredProv.dll - ok
14:53:23.0046 4632 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
14:53:23.0046 4632 C:\Windows\System32\winbio.dll - ok
14:53:23.0046 4632 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
14:53:23.0046 4632 C:\Windows\System32\credui.dll - ok
14:53:23.0046 4632 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
14:53:23.0046 4632 C:\Windows\System32\netapi32.dll - ok
14:53:23.0062 4632 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
14:53:23.0062 4632 C:\Windows\System32\vaultcli.dll - ok
14:53:23.0062 4632 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
14:53:23.0062 4632 C:\Windows\System32\netutils.dll - ok
14:53:23.0062 4632 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
14:53:23.0062 4632 C:\Windows\System32\samcli.dll - ok
14:53:23.0062 4632 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
14:53:23.0062 4632 C:\Windows\System32\wkscli.dll - ok
14:53:23.0078 4632 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
14:53:23.0078 4632 C:\Windows\System32\certCredProvider.dll - ok
14:53:23.0078 4632 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
14:53:23.0078 4632 C:\Windows\System32\rasplap.dll - ok
14:53:23.0093 4632 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
14:53:23.0093 4632 C:\Windows\System32\rasapi32.dll - ok
14:53:23.0093 4632 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
14:53:23.0093 4632 C:\Windows\System32\rasman.dll - ok
14:53:23.0093 4632 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
14:53:23.0093 4632 C:\Windows\System32\rtutils.dll - ok
14:53:23.0109 4632 [ 9121C2E2507AD0BCBF9A7438051BEF34 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
14:53:23.0109 4632 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
14:53:23.0109 4632 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
14:53:23.0109 4632 C:\Windows\System32\wevtsvc.dll - ok
14:53:23.0109 4632 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
14:53:23.0109 4632 C:\Windows\System32\avrt.dll - ok
14:53:23.0124 4632 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
14:53:23.0124 4632 C:\Windows\System32\mmcss.dll - ok
14:53:23.0124 4632 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
14:53:23.0124 4632 C:\Windows\System32\profsvc.dll - ok
14:53:23.0124 4632 [ 2F034150ECCBC498C53B61F98C5378AC ] C:\Program Files\Microsoft Security Client\MpRTP.dll
14:53:23.0124 4632 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
14:53:23.0140 4632 [ C4C1947985144721A809965A19D616BC ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
14:53:23.0140 4632 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
14:53:23.0140 4632 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
14:53:23.0140 4632 C:\Windows\System32\fltLib.dll - ok
14:53:23.0140 4632 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
14:53:23.0140 4632 C:\Windows\System32\adtschema.dll - ok
14:53:23.0156 4632 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] C:\Windows\System32\drivers\MpFilter.sys
14:53:23.0156 4632 C:\Windows\System32\drivers\MpFilter.sys - ok
14:53:23.0156 4632 [ 5C00818741B2A76EB09AF08A5362277E ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A53E94A-A6D1-4CA3-9F3D-CB9B2BCAA967}\mpengine.dll
14:53:23.0156 4632 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A53E94A-A6D1-4CA3-9F3D-CB9B2BCAA967}\mpengine.dll - ok
14:53:23.0156 4632 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
14:53:23.0156 4632 C:\Windows\System32\audiosrv.dll - ok
14:53:23.0171 4632 [ C4C183E6551084039EC862DA1C945E3D ] C:\Windows\System32\FntCache.dll
14:53:23.0171 4632 C:\Windows\System32\FntCache.dll - ok
14:53:23.0171 4632 [ 3BD758C56A55930CD6DB89E3DEDCF322 ] C:\Program Files\IDT\WDM\stacsv64.exe
14:53:23.0171 4632 C:\Program Files\IDT\WDM\stacsv64.exe - ok
14:53:23.0171 4632 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
14:53:23.0171 4632 C:\Windows\System32\dsound.dll - ok
14:53:23.0187 4632 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
14:53:23.0187 4632 C:\Windows\System32\winmm.dll - ok
14:53:23.0187 4632 [ 45BD9B9EBD8A6B6D5E256A19217795C6 ] C:\Windows\System32\stapi64.dll
14:53:23.0187 4632 C:\Windows\System32\stapi64.dll - ok
14:53:23.0187 4632 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
14:53:23.0187 4632 C:\Windows\System32\wlansvc.dll - ok
14:53:23.0202 4632 [ B4E5B29CF31DF85DFEF25D41871DCEDC ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A53E94A-A6D1-4CA3-9F3D-CB9B2BCAA967}\mpasbase.vdm
14:53:23.0202 4632 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A53E94A-A6D1-4CA3-9F3D-CB9B2BCAA967}\mpasbase.vdm - ok
14:53:23.0202 4632 [ C69D62DE3869A6B3B24FEE68D08C2B8D ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A53E94A-A6D1-4CA3-9F3D-CB9B2BCAA967}\mpasdlta.vdm
14:53:23.0202 4632 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A53E94A-A6D1-4CA3-9F3D-CB9B2BCAA967}\mpasdlta.vdm - ok
14:53:23.0202 4632 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
14:53:23.0202 4632 C:\Windows\System32\AudioSes.dll - ok
14:53:23.0218 4632 [ 00000000000000000000000000000000 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A53E94A-A6D1-4CA3-9F3D-CB9B2BCAA967}\mpavbase.vdm
14:53:23.0218 4632 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A53E94A-A6D1-4CA3-9F3D-CB9B2BCAA967}\mpavbase.vdm - ok
14:53:23.0218 4632 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
14:53:23.0218 4632 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
14:53:23.0218 4632 [ F3294AC1857ED7ADEE0C9484B02249B1 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A53E94A-A6D1-4CA3-9F3D-CB9B2BCAA967}\mpavdlta.vdm
14:53:23.0234 4632 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A53E94A-A6D1-4CA3-9F3D-CB9B2BCAA967}\mpavdlta.vdm - ok
14:53:23.0234 4632 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
14:53:23.0234 4632 C:\Windows\System32\audiodg.exe - ok
14:53:23.0234 4632 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
14:53:23.0234 4632 C:\Windows\System32\netprofm.dll - ok
14:53:23.0249 4632 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
14:53:23.0249 4632 C:\Windows\System32\drivers\fltMgr.sys - ok
14:53:23.0249 4632 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
14:53:23.0249 4632 C:\Windows\System32\PSHED.DLL - ok
14:53:23.0249 4632 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
14:53:23.0249 4632 C:\Windows\System32\wdmaud.drv - ok
14:53:23.0265 4632 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
14:53:23.0265 4632 C:\Windows\System32\ksuser.dll - ok
14:53:23.0265 4632 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
14:53:23.0265 4632 C:\Windows\System32\gpsvc.dll - ok
14:53:23.0265 4632 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
14:53:23.0265 4632 C:\Windows\System32\msacm32.drv - ok
14:53:23.0280 4632 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
14:53:23.0280 4632 C:\Windows\System32\MPSSVC.dll - ok
14:53:23.0280 4632 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
14:53:23.0280 4632 C:\Windows\System32\atl.dll - ok
14:53:23.0280 4632 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
14:53:23.0280 4632 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
14:53:23.0296 4632 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
14:53:23.0296 4632 C:\Windows\System32\dsrole.dll - ok
14:53:23.0296 4632 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
14:53:23.0296 4632 C:\Windows\System32\es.dll - ok
14:53:23.0296 4632 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
14:53:23.0296 4632 C:\Windows\System32\nlaapi.dll - ok
14:53:23.0312 4632 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
14:53:23.0312 4632 C:\Windows\System32\slc.dll - ok
14:53:23.0312 4632 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
14:53:23.0312 4632 C:\Windows\System32\themeservice.dll - ok
14:53:23.0312 4632 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
14:53:23.0312 4632 C:\Windows\System32\Sens.dll - ok
14:53:23.0327 4632 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
14:53:23.0327 4632 C:\Windows\System32\UXInit.dll - ok
14:53:23.0327 4632 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
14:53:23.0327 4632 C:\Windows\System32\midimap.dll - ok
14:53:23.0327 4632 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
14:53:23.0327 4632 C:\Windows\System32\msacm32.dll - ok
14:53:23.0327 4632 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
14:53:23.0327 4632 C:\Windows\System32\comres.dll - ok
14:53:23.0343 4632 [ 654A24D71B9E6201A6A29602D3E23490 ] C:\Program Files\Sandboxie\SbieSvc.exe
14:53:23.0343 4632 C:\Program Files\Sandboxie\SbieSvc.exe - ok
14:53:23.0343 4632 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
14:53:23.0343 4632 C:\Windows\System32\AudioEng.dll - ok
14:53:23.0358 4632 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
14:53:23.0358 4632 C:\Windows\System32\AUDIOKSE.dll - ok
14:53:23.0358 4632 [ C80755F3ACE49D82E7DC9CF863C030F0 ] C:\Program Files\Sandboxie\SbieDll.dll
14:53:23.0358 4632 C:\Program Files\Sandboxie\SbieDll.dll - ok
14:53:23.0358 4632 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
14:53:23.0358 4632 C:\Windows\System32\IPHLPAPI.DLL - ok
14:53:23.0374 4632 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
14:53:23.0374 4632 C:\Windows\System32\uxsms.dll - ok
14:53:23.0374 4632 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
14:53:23.0374 4632 C:\Windows\System32\winnsi.dll - ok
14:53:23.0374 4632 [ 78AFA2B244DDF896BF1287B543842452 ] C:\Program Files\Sandboxie\SbieDrv.sys
14:53:23.0374 4632 C:\Program Files\Sandboxie\SbieDrv.sys - ok
14:53:23.0390 4632 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
14:53:23.0390 4632 C:\Windows\System32\drivers\lltdio.sys - ok
14:53:23.0390 4632 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
14:53:23.0390 4632 C:\Windows\System32\drivers\nwifi.sys - ok
14:53:23.0390 4632 [ DB1C2F2D9AE77D88F7951C229B9EFAC2 ] C:\Windows\System32\stapo64.dll
14:53:23.0390 4632 C:\Windows\System32\stapo64.dll - ok
14:53:23.0405 4632 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
14:53:23.0405 4632 C:\Windows\System32\WMALFXGFXDSP.dll - ok
14:53:23.0405 4632 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
14:53:23.0405 4632 C:\Windows\System32\mfplat.dll - ok
14:53:23.0405 4632 [ C469893743E18BA547DB3C7ED98B32F5 ] C:\Windows\System32\AESTAR64.dll
14:53:23.0405 4632 C:\Windows\System32\AESTAR64.dll - ok
14:53:23.0421 4632 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
14:53:23.0421 4632 C:\Windows\System32\imageres.dll - ok
14:53:23.0421 4632 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
14:53:23.0421 4632 C:\Windows\System32\drivers\ndisuio.sys - ok
14:53:23.0421 4632 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
14:53:23.0421 4632 C:\Windows\System32\drivers\rspndr.sys - ok
14:53:23.0436 4632 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
14:53:23.0436 4632 C:\Windows\System32\lmhsvc.dll - ok
14:53:23.0436 4632 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
14:53:23.0436 4632 C:\Windows\System32\nrpsrv.dll - ok
14:53:23.0436 4632 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
14:53:23.0436 4632 C:\Windows\System32\nsisvc.dll - ok
14:53:23.0452 4632 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
14:53:23.0452 4632 C:\Windows\System32\keyiso.dll - ok
14:53:23.0452 4632 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
14:53:23.0452 4632 C:\Windows\System32\dhcpcore.dll - ok
14:53:23.0452 4632 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
14:53:23.0452 4632 C:\Windows\System32\dhcpcore6.dll - ok
14:53:23.0468 4632 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
14:53:23.0468 4632 C:\Windows\System32\dnsrslvr.dll - ok
14:53:23.0468 4632 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
14:53:23.0468 4632 C:\Windows\System32\eapphost.dll - ok
14:53:23.0468 4632 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
14:53:23.0468 4632 C:\Windows\System32\eapsvc.dll - ok
14:53:23.0483 4632 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
14:53:23.0483 4632 C:\Windows\System32\FWPUCLNT.DLL - ok
14:53:23.0483 4632 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
14:53:23.0483 4632 C:\Windows\System32\dnsext.dll - ok
14:53:23.0483 4632 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
14:53:23.0483 4632 C:\Windows\System32\umb.dll - ok
14:53:23.0499 4632 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
14:53:23.0499 4632 C:\Windows\System32\dhcpcsvc.dll - ok
14:53:23.0499 4632 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
14:53:23.0499 4632 C:\Windows\System32\dhcpcsvc6.dll - ok
14:53:23.0499 4632 [ 33FD2D719594DC9F49B80CE125D4B433 ] C:\Windows\System32\pstorec.dll
14:53:23.0499 4632 C:\Windows\System32\pstorec.dll - ok
14:53:23.0514 4632 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
14:53:23.0514 4632 C:\Windows\System32\wlanmsm.dll - ok
14:53:23.0514 4632 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
14:53:23.0514 4632 C:\Windows\System32\wlansec.dll - ok
14:53:23.0514 4632 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
14:53:23.0514 4632 C:\Windows\System32\eappprxy.dll - ok
14:53:23.0530 4632 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
14:53:23.0530 4632 C:\Windows\System32\onex.dll - ok
14:53:23.0530 4632 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
14:53:23.0530 4632 C:\Windows\System32\eappcfg.dll - ok
14:53:23.0530 4632 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
14:53:23.0530 4632 C:\Windows\System32\l2gpstore.dll - ok
14:53:23.0546 4632 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
14:53:23.0546 4632 C:\Windows\System32\wlanutil.dll - ok
14:53:23.0546 4632 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
14:53:23.0546 4632 C:\Windows\System32\wlgpclnt.dll - ok
14:53:23.0546 4632 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
14:53:23.0546 4632 C:\Windows\System32\WinSCard.dll - ok
14:53:23.0561 4632 [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
14:53:23.0561 4632 C:\Windows\System32\msxml6.dll - ok
14:53:23.0561 4632 [ E3BF12C68F844E689D1A9D7E6B54742A ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
14:53:23.0561 4632 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
14:53:23.0561 4632 [ 0BEB0C931BC24F610EE87179F31A8A42 ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
14:53:23.0561 4632 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
14:53:23.0577 4632 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
14:53:23.0577 4632 C:\Windows\System32\wscapi.dll - ok
14:53:23.0577 4632 [ F5CEF064C7E6D95DA86B9D064A56A969 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
14:53:23.0577 4632 C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
14:53:23.0577 4632 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
14:53:23.0577 4632 C:\Windows\System32\shsvcs.dll - ok
14:53:23.0592 4632 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
14:53:23.0592 4632 C:\Windows\System32\schedsvc.dll - ok
14:53:23.0592 4632 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
14:53:23.0592 4632 C:\Windows\System32\ktmw32.dll - ok
14:53:23.0592 4632 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
14:53:23.0592 4632 C:\Windows\System32\fveapi.dll - ok
14:53:23.0608 4632 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
14:53:23.0608 4632 C:\Windows\System32\tbs.dll - ok
14:53:23.0608 4632 [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
14:53:23.0608 4632 C:\Windows\System32\conhost.exe - ok
14:53:23.0608 4632 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
14:53:23.0608 4632 C:\Windows\System32\cabinet.dll - ok
14:53:23.0624 4632 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
14:53:23.0624 4632 C:\Windows\System32\fvecerts.dll - ok
14:53:23.0624 4632 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
14:53:23.0624 4632 C:\Windows\System32\taskcomp.dll - ok
14:53:23.0624 4632 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
14:53:23.0624 4632 C:\Windows\System32\wiarpc.dll - ok
14:53:23.0639 4632 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
14:53:23.0639 4632 C:\Windows\System32\netcfgx.dll - ok
14:53:23.0639 4632 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
14:53:23.0639 4632 C:\Windows\System32\drivers\vwifimp.sys - ok
14:53:23.0639 4632 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
14:53:23.0639 4632 C:\Windows\System32\drivers\http.sys - ok
14:53:23.0655 4632 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
14:53:23.0655 4632 C:\Windows\System32\spoolsv.exe - ok
14:53:23.0655 4632 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
14:53:23.0655 4632 C:\Windows\System32\BFE.DLL - ok
14:53:23.0655 4632 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
14:53:23.0655 4632 C:\Windows\System32\p2pcollab.dll - ok
14:53:23.0670 4632 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
14:53:23.0670 4632 C:\Windows\System32\QAGENTRT.DLL - ok
14:53:23.0670 4632 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
14:53:23.0670 4632 C:\Windows\System32\fveui.dll - ok
14:53:23.0670 4632 [ 577D0DC85524A16FE29D7956B22974C4 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
14:53:23.0670 4632 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
14:53:23.0686 4632 [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
14:53:23.0686 4632 C:\Windows\System32\slwga.dll - ok
14:53:23.0686 4632 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
14:53:23.0686 4632 C:\Windows\System32\sppc.dll - ok
14:53:23.0686 4632 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
14:53:23.0686 4632 C:\Windows\System32\drivers\bowser.sys - ok
14:53:23.0702 4632 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
14:53:23.0702 4632 C:\Windows\System32\drivers\mpsdrv.sys - ok
14:53:23.0702 4632 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
14:53:23.0702 4632 C:\Windows\System32\drivers\mrxsmb.sys - ok
14:53:23.0702 4632 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
14:53:23.0702 4632 C:\Windows\System32\drivers\mrxsmb10.sys - ok
14:53:23.0717 4632 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
14:53:23.0717 4632 C:\Windows\System32\drivers\mrxsmb20.sys - ok
14:53:23.0717 4632 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
14:53:23.0717 4632 C:\Windows\System32\wfapigp.dll - ok
14:53:23.0717 4632 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
14:53:23.0717 4632 C:\Windows\System32\mscms.dll - ok
14:53:23.0733 4632 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
14:53:23.0733 4632 C:\Windows\System32\wkssvc.dll - ok
14:53:23.0733 4632 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
14:53:23.0733 4632 C:\Windows\System32\pcasvc.dll - ok
14:53:23.0733 4632 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
14:53:23.0733 4632 C:\Windows\System32\snmptrap.exe - ok
14:53:23.0748 4632 [ E9A0777DCA9148157E0EF9B71D7DE353 ] C:\Windows\System32\RdpGroupPolicyExtension.dll
14:53:23.0748 4632 C:\Windows\System32\RdpGroupPolicyExtension.dll - ok
14:53:23.0748 4632 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
14:53:23.0748 4632 C:\Windows\System32\provsvc.dll - ok
14:53:23.0764 4632 [ 4451CC2275B04043EC2BCC757AF97291 ] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
14:53:23.0764 4632 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe - ok
14:53:23.0764 4632 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
14:53:23.0764 4632 C:\Windows\SysWOW64\ntdll.dll - ok
14:53:23.0764 4632 [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
14:53:23.0764 4632 C:\Windows\System32\wow64.dll - ok
14:53:23.0780 4632 [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
14:53:23.0780 4632 C:\Windows\System32\wow64win.dll - ok
14:53:23.0780 4632 [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
14:53:23.0780 4632 C:\Windows\System32\wow64cpu.dll - ok
14:53:23.0780 4632 [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
14:53:23.0780 4632 C:\Windows\SysWOW64\kernel32.dll - ok
14:53:23.0795 4632 [ 1562FF50D634BE4B2DA04F023297858B ] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\platform.DLL
14:53:23.0795 4632 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\platform.DLL - ok
14:53:23.0795 4632 [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
14:53:23.0795 4632 C:\Windows\SysWOW64\KernelBase.dll - ok
14:53:23.0795 4632 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
14:53:23.0795 4632 C:\Windows\SysWOW64\mswsock.dll - ok
14:53:23.0811 4632 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
14:53:23.0811 4632 C:\Windows\SysWOW64\msvcrt.dll - ok
14:53:23.0811 4632 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
14:53:23.0811 4632 C:\Windows\SysWOW64\user32.dll - ok
14:53:23.0811 4632 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
14:53:23.0811 4632 C:\Windows\SysWOW64\gdi32.dll - ok
14:53:23.0826 4632 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
14:53:23.0826 4632 C:\Windows\SysWOW64\lpk.dll - ok
14:53:23.0826 4632 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
14:53:23.0826 4632 C:\Windows\SysWOW64\usp10.dll - ok
14:53:23.0826 4632 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
14:53:23.0826 4632 C:\Windows\SysWOW64\advapi32.dll - ok
14:53:23.0842 4632 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
14:53:23.0842 4632 C:\Windows\SysWOW64\rpcrt4.dll - ok
14:53:23.0842 4632 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
14:53:23.0842 4632 C:\Windows\SysWOW64\sechost.dll - ok
14:53:23.0842 4632 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
14:53:23.0842 4632 C:\Windows\System32\sstpsvc.dll - ok
14:53:23.0858 4632 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
14:53:23.0858 4632 C:\Windows\System32\dllhost.exe - ok
14:53:23.0858 4632 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
14:53:23.0858 4632 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
14:53:23.0858 4632 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
14:53:23.0858 4632 C:\Windows\System32\IDStore.dll - ok
14:53:23.0873 4632 [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
14:53:23.0873 4632 C:\Windows\System32\taskhost.exe - ok
14:53:23.0873 4632 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
14:53:23.0873 4632 C:\Windows\System32\AtBroker.exe - ok
14:53:23.0873 4632 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
14:53:23.0873 4632 C:\Windows\System32\mpr.dll - ok
14:53:23.0889 4632 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
14:53:23.0889 4632 C:\Windows\System32\rasadhlp.dll - ok
14:53:23.0889 4632 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
14:53:23.0889 4632 C:\Windows\System32\userinit.exe - ok
14:53:23.0889 4632 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
14:53:23.0889 4632 C:\Windows\System32\localspl.dll - ok
14:53:23.0904 4632 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
14:53:23.0904 4632 C:\Windows\System32\dwm.exe - ok
14:53:23.0904 4632 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
14:53:23.0904 4632 C:\Windows\System32\dwmredir.dll - ok
14:53:23.0904 4632 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
14:53:23.0904 4632 C:\Windows\System32\dwmcore.dll - ok
14:53:23.0920 4632 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
14:53:23.0920 4632 C:\Windows\System32\spoolss.dll - ok
14:53:23.0920 4632 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
14:53:23.0920 4632 C:\Windows\System32\esent.dll - ok
14:53:23.0920 4632 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
14:53:23.0920 4632 C:\Windows\explorer.exe - ok
14:53:23.0936 4632 [ 9AE80F6A66B30E3ED8CDF858CF28B11B ] C:\Windows\System32\d3d10_1.dll
14:53:23.0936 4632 C:\Windows\System32\d3d10_1.dll - ok
14:53:23.0936 4632 [ 63F72417CA38D8FC8F53709649B589E3 ] C:\Windows\System32\d3d10_1core.dll
14:53:23.0936 4632 C:\Windows\System32\d3d10_1core.dll - ok
14:53:23.0936 4632 [ 8DFB5752FCE145A6B295093C0A8BE131 ] C:\Windows\System32\dxgi.dll
14:53:23.0936 4632 C:\Windows\System32\dxgi.dll - ok
14:53:23.0936 4632 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
14:53:23.0951 4632 C:\Windows\System32\MsCtfMonitor.dll - ok
14:53:23.0951 4632 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
14:53:23.0951 4632 C:\Windows\System32\msutb.dll - ok
14:53:23.0951 4632 [ 4C92EB7535CAA1681A77D928FBF9771F ] C:\Windows\System32\d3d11.dll
14:53:23.0951 4632 C:\Windows\System32\d3d11.dll - ok
14:53:23.0967 4632 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
14:53:23.0967 4632 C:\Windows\System32\HotStartUserAgent.dll - ok
14:53:23.0967 4632 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
14:53:23.0967 4632 C:\Windows\System32\PlaySndSrv.dll - ok
14:53:23.0967 4632 [ 81A5793E17FD3618ACF643B23E56AB3F ] C:\Windows\System32\igd10umd64.dll
14:53:23.0967 4632 C:\Windows\System32\igd10umd64.dll - ok
14:53:23.0982 4632 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
14:53:23.0982 4632 C:\Windows\System32\ExplorerFrame.dll - ok
14:53:23.0982 4632 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
14:53:23.0982 4632 C:\Windows\System32\EhStorShell.dll - ok
14:53:23.0982 4632 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
14:53:23.0982 4632 C:\Windows\System32\cscapi.dll - ok
14:53:23.0998 4632 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
14:53:23.0998 4632 C:\Windows\System32\ntshrui.dll - ok
14:53:23.0998 4632 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
14:53:23.0998 4632 C:\Windows\System32\uDWM.dll - ok
14:53:23.0998 4632 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
14:53:23.0998 4632 C:\Windows\System32\IconCodecService.dll - ok
14:53:24.0014 4632 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
14:53:24.0014 4632 C:\Windows\System32\taskeng.exe - ok
14:53:24.0014 4632 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
14:53:24.0014 4632 C:\Windows\System32\TSChannel.dll - ok
14:53:24.0014 4632 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:53:24.0014 4632 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
14:53:24.0029 4632 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
14:53:24.0029 4632 C:\Windows\SysWOW64\cryptbase.dll - ok
14:53:24.0029 4632 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
14:53:24.0029 4632 C:\Windows\SysWOW64\ole32.dll - ok
14:53:24.0029 4632 [ BFB26890612FB8AE8B0463EBEBE84B7E ] C:\Windows\SysWOW64\sspicli.dll
14:53:24.0029 4632 C:\Windows\SysWOW64\sspicli.dll - ok
14:53:24.0045 4632 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
14:53:24.0045 4632 C:\Windows\SysWOW64\ws2_32.dll - ok
14:53:24.0045 4632 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
14:53:24.0045 4632 C:\Windows\SysWOW64\nsi.dll - ok
14:53:24.0045 4632 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
14:53:24.0060 4632 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
14:53:24.0060 4632 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
14:53:24.0060 4632 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
14:53:24.0060 4632 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
14:53:24.0060 4632 C:\Windows\SysWOW64\imm32.dll - ok
14:53:24.0076 4632 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
14:53:24.0076 4632 C:\Windows\SysWOW64\msctf.dll - ok
14:53:24.0076 4632 [ 565D78187494FB5F08B5A52DEB2AEA7A ] C:\Windows\SysWOW64\shell32.dll
14:53:24.0076 4632 C:\Windows\SysWOW64\shell32.dll - ok
14:53:24.0076 4632 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
14:53:24.0076 4632 C:\Windows\SysWOW64\shlwapi.dll - ok
14:53:24.0092 4632 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
14:53:24.0092 4632 C:\Windows\SysWOW64\profapi.dll - ok
14:53:24.0092 4632 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:53:24.0092 4632 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
14:53:24.0092 4632 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
14:53:24.0092 4632 C:\Windows\SysWOW64\ntmarta.dll - ok
14:53:24.0107 4632 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
14:53:24.0107 4632 C:\Windows\SysWOW64\oleaut32.dll - ok
14:53:24.0107 4632 [ FF60B8C5BBE73B0790B3332783B6FD81 ] C:\Program Files (x86)\Google\Update\1.3.21.153\goopdate.dll
14:53:24.0107 4632 C:\Program Files (x86)\Google\Update\1.3.21.153\goopdate.dll - ok
14:53:24.0107 4632 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
14:53:24.0107 4632 C:\Windows\SysWOW64\Wldap32.dll - ok
14:53:24.0123 4632 [ 92245C959E5BC378809D2CC5E9F6E9C7 ] C:\Windows\SysWOW64\crypt32.dll
14:53:24.0123 4632 C:\Windows\SysWOW64\crypt32.dll - ok
14:53:24.0123 4632 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
14:53:24.0123 4632 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
14:53:24.0123 4632 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
14:53:24.0123 4632 C:\Windows\SysWOW64\msasn1.dll - ok
14:53:24.0138 4632 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
14:53:24.0138 4632 C:\Windows\SysWOW64\netapi32.dll - ok
14:53:24.0138 4632 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
14:53:24.0138 4632 C:\Windows\SysWOW64\netutils.dll - ok
14:53:24.0138 4632 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
14:53:24.0138 4632 C:\Windows\SysWOW64\winnsi.dll - ok
14:53:24.0154 4632 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
14:53:24.0154 4632 C:\Windows\SysWOW64\wintrust.dll - ok
14:53:24.0154 4632 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
14:53:24.0154 4632 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
14:53:24.0154 4632 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
14:53:24.0154 4632 C:\Windows\SysWOW64\srvcli.dll - ok
14:53:24.0170 4632 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
14:53:24.0170 4632 C:\Windows\SysWOW64\wkscli.dll - ok
14:53:24.0170 4632 [ A6FB9DB8F1A86861D955FD6975977AE0 ] C:\Program Files\IDT\WDM\AESTSr64.exe
14:53:24.0170 4632 C:\Program Files\IDT\WDM\AESTSr64.exe - ok
14:53:24.0170 4632 [ B65F8DBA54F251906BBE8611B5A0E7AB ] C:\Program Files\LSI SoftModem\agr64svc.exe
14:53:24.0170 4632 C:\Program Files\LSI SoftModem\agr64svc.exe - ok
14:53:24.0185 4632 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
14:53:24.0185 4632 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
14:53:24.0185 4632 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] C:\Windows\System32\cryptsvc.dll
14:53:24.0185 4632 C:\Windows\System32\cryptsvc.dll - ok
14:53:24.0185 4632 [ A2BB76E03E5A5A073AC758F34706C3A5 ] C:\Windows\System32\dleacoms.exe
14:53:24.0185 4632 C:\Windows\System32\dleacoms.exe - ok
14:53:24.0201 4632 [ 2C4C22EA1735F21F355EB1A39832F7DF ] C:\Windows\System32\cryptnet.dll
14:53:24.0201 4632 C:\Windows\System32\cryptnet.dll - ok
14:53:24.0201 4632 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
14:53:24.0201 4632 C:\Windows\System32\vssapi.dll - ok
14:53:24.0201 4632 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
14:53:24.0201 4632 C:\Windows\SysWOW64\imagehlp.dll - ok
14:53:24.0216 4632 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
14:53:24.0216 4632 C:\Windows\System32\vsstrace.dll - ok
14:53:24.0216 4632 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
14:53:24.0216 4632 C:\Windows\System32\winspool.drv - ok
14:53:24.0216 4632 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
14:53:24.0216 4632 C:\Windows\System32\PrintIsolationProxy.dll - ok
14:53:24.0232 4632 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
14:53:24.0232 4632 C:\Windows\System32\dps.dll - ok
14:53:24.0232 4632 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
14:53:24.0232 4632 C:\Windows\System32\FDResPub.dll - ok
14:53:24.0232 4632 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
14:53:24.0232 4632 C:\Windows\System32\WSDApi.dll - ok
14:53:24.0248 4632 [ 4977CBC52959FDBD6B2E40BAA1B631C5 ] C:\Windows\System32\hpzllw71.dll
14:53:24.0248 4632 C:\Windows\System32\hpzllw71.dll - ok
14:53:24.0248 4632 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
14:53:24.0248 4632 C:\Windows\System32\FXSMON.dll - ok
14:53:24.0248 4632 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
14:53:24.0248 4632 C:\Windows\System32\snmpapi.dll - ok
14:53:24.0263 4632 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
14:53:24.0263 4632 C:\Windows\System32\tcpmon.dll - ok
14:53:24.0263 4632 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
14:53:24.0263 4632 C:\Windows\System32\wsnmp32.dll - ok
14:53:24.0263 4632 [ 3BAB1C64C3C02F09C8CB4F3962D45BA0 ] C:\Windows\System32\dlealmpm.dll
14:53:24.0263 4632 C:\Windows\System32\dlealmpm.dll - ok
14:53:24.0279 4632 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
14:53:24.0279 4632 C:\Windows\System32\usbmon.dll - ok
14:53:24.0279 4632 [ 3ABE3CC7706EDD33C12C5A99B8727053 ] C:\Windows\System32\dleacomc.dll
14:53:24.0279 4632 C:\Windows\System32\dleacomc.dll - ok
14:53:24.0279 4632 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
14:53:24.0279 4632 C:\Windows\System32\webservices.dll - ok
14:53:24.0294 4632 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
14:53:24.0294 4632 C:\Windows\SysWOW64\msi.dll - ok
14:53:24.0294 4632 [ 32C5DF01878550F320CDAB8645700BC8 ] C:\Windows\System32\dleaserv.dll
14:53:24.0294 4632 C:\Windows\System32\dleaserv.dll - ok
14:53:24.0294 4632 [ 9BF7C7654EFD098EE3A27B49492A382A ] C:\Windows\SysWOW64\wininet.dll
14:53:24.0294 4632 C:\Windows\SysWOW64\wininet.dll - ok
14:53:24.0310 4632 [ 6A13B4F3B3F575F1E24B877B9359AABA ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
14:53:24.0310 4632 C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
14:53:24.0310 4632 [ 6951562DC4625EEFC6EACD52AD165866 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
14:53:24.0310 4632 C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
14:53:24.0310 4632 [ 589CBC4989F750E1DA35625AB481CF43 ] C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
14:53:24.0310 4632 C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll - ok
14:53:24.0326 4632 [ 2E33DFD10F28F86C3FC40EE123CC3904 ] C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
14:53:24.0326 4632 C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
14:53:24.0326 4632 [ 3BE0D923AA45A4DBE091C2D84F0B4FE7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
14:53:24.0326 4632 C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll - ok
14:53:24.0341 4632 [ FE29131E35902038066C924CF9C59DF8 ] C:\Windows\SysWOW64\iertutil.dll
14:53:24.0341 4632 C:\Windows\SysWOW64\iertutil.dll - ok
14:53:24.0341 4632 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
14:53:24.0341 4632 C:\Windows\SysWOW64\version.dll - ok
14:53:24.0341 4632 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
14:53:24.0341 4632 C:\Windows\SysWOW64\cscapi.dll - ok
14:53:24.0357 4632 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
14:53:24.0357 4632 C:\Windows\SysWOW64\dbghelp.dll - ok
14:53:24.0357 4632 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
14:53:24.0357 4632 C:\Windows\SysWOW64\apphelp.dll - ok
14:53:24.0357 4632 [ 8726802EA4FBFFA3FD54FD2449BF51D4 ] C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
14:53:24.0357 4632 C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe - ok
14:53:24.0372 4632 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
14:53:24.0372 4632 C:\Windows\SysWOW64\userenv.dll - ok
14:53:24.0372 4632 [ D9A08472D8D0218A0AE2C9D9F63EA531 ] C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
14:53:24.0372 4632 C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe - ok
14:53:24.0372 4632 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
14:53:24.0372 4632 C:\Windows\SysWOW64\clbcatq.dll - ok
14:53:24.0388 4632 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
14:53:24.0388 4632 C:\Windows\System32\dbghelp.dll - ok
14:53:24.0388 4632 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
14:53:24.0388 4632 C:\Windows\SysWOW64\mstask.dll - ok
14:53:24.0388 4632 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
14:53:24.0388 4632 C:\Windows\System32\taskschd.dll - ok
14:53:24.0388 4632 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:53:24.0388 4632 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe - ok
14:53:24.0404 4632 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
14:53:24.0404 4632 C:\Windows\System32\fundisc.dll - ok
14:53:24.0404 4632 [ 3503F257B3203F824B1567238EBE17E2 ] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:53:24.0404 4632 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe - ok
14:53:24.0419 4632 [ BF5D90612080DBAA1AF7B7469A5C5370 ] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
14:53:24.0419 4632 C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll - ok
14:53:24.0419 4632 [ 9BC00D41C75B82502FCDE87C661F9E6E ] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
14:53:24.0419 4632 C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll - ok
14:53:24.0419 4632 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
14:53:24.0419 4632 C:\Windows\SysWOW64\psapi.dll - ok
14:53:24.0435 4632 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
14:53:24.0435 4632 C:\Windows\System32\IKEEXT.DLL - ok
14:53:24.0435 4632 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
14:53:24.0435 4632 C:\Windows\System32\vpnikeapi.dll - ok
14:53:24.0450 4632 [ D381E5F2003A550D9BE774CE7DF2E2E7 ] C:\Windows\System32\dleainpa.dll
14:53:24.0450 4632 C:\Windows\System32\dleainpa.dll - ok
14:53:24.0450 4632 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
14:53:24.0450 4632 C:\Windows\System32\winhttp.dll - ok
14:53:24.0450 4632 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
14:53:24.0450 4632 C:\Windows\System32\webio.dll - ok
14:53:24.0466 4632 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
14:53:24.0466 4632 C:\Windows\System32\httpapi.dll - ok
14:53:24.0466 4632 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
14:53:24.0466 4632 C:\Windows\System32\nlasvc.dll - ok
14:53:24.0466 4632 [ 5C7FFCCA7489AD7F4980F4ABB0A6A9DC ] C:\Windows\System32\dleaiesc.dll
14:53:24.0466 4632 C:\Windows\System32\dleaiesc.dll - ok
14:53:24.0482 4632 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
14:53:24.0482 4632 C:\Windows\System32\drivers\PEAuth.sys - ok
14:53:24.0482 4632 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
14:53:24.0482 4632 C:\Windows\System32\aepic.dll - ok
14:53:24.0482 4632 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
14:53:24.0482 4632 C:\Windows\System32\sfc.dll - ok
14:53:24.0497 4632 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
14:53:24.0497 4632 C:\Windows\System32\ncsi.dll - ok
14:53:24.0497 4632 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
14:53:24.0497 4632 C:\Windows\System32\ssdpapi.dll - ok
14:53:24.0497 4632 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
14:53:24.0497 4632 C:\Windows\System32\sfc_os.dll - ok
14:53:24.0513 4632 [ 6ECE65F3C2BAC3D2514F12EE913980EC ] C:\Windows\System32\dleausb1.dll
14:53:24.0513 4632 C:\Windows\System32\dleausb1.dll - ok
14:53:24.0513 4632 [ CD6B3A4B1D1909B05616D5D20209825F ] C:\Windows\System32\dleahbn3.dll
14:53:24.0513 4632 C:\Windows\System32\dleahbn3.dll - ok
14:53:24.0513 4632 [ 498EB62A160674E793FA40FD65390625 ] C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:53:24.0513 4632 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe - ok
14:53:24.0528 4632 [ CC781378E7EDA615D2CDCA3B17829FA4 ] C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:53:24.0528 4632 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE - ok
14:53:24.0528 4632 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
14:53:24.0528 4632 C:\Windows\SysWOW64\cryptsp.dll - ok
14:53:24.0528 4632 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
14:53:24.0528 4632 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
14:53:24.0544 4632 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
14:53:24.0544 4632 C:\Windows\SysWOW64\rsaenh.dll - ok
14:53:24.0544 4632 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
14:53:24.0544 4632 C:\Windows\SysWOW64\webio.dll - ok
14:53:24.0544 4632 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
14:53:24.0544 4632 C:\Windows\SysWOW64\winhttp.dll - ok
14:53:24.0560 4632 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
14:53:24.0560 4632 C:\Windows\SysWOW64\SensApi.dll - ok
14:53:24.0560 4632 [ B3E20079B7719ADD343DC3238292D9A5 ] C:\Windows\System32\dleahcp.dll
14:53:24.0560 4632 C:\Windows\System32\dleahcp.dll - ok
14:53:24.0560 4632 [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\SysWOW64\msxml6.dll
14:53:24.0560 4632 C:\Windows\SysWOW64\msxml6.dll - ok
14:53:24.0575 4632 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
14:53:24.0575 4632 C:\Windows\System32\NapiNSP.dll - ok
14:53:24.0575 4632 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
14:53:24.0575 4632 C:\Windows\System32\pnrpnsp.dll - ok
14:53:24.0575 4632 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
14:53:24.0575 4632 C:\Windows\System32\winrnr.dll - ok
14:53:24.0591 4632 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
14:53:24.0591 4632 C:\Windows\System32\drivers\secdrv.sys - ok
14:53:24.0591 4632 [ 7C15061CD0372487903B07B9BB03AFAD ] C:\Program Files (x86)\Skype\Updater\Updater.exe
14:53:24.0591 4632 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
14:53:24.0591 4632 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
14:53:24.0591 4632 C:\Windows\SysWOW64\wtsapi32.dll - ok
14:53:24.0606 4632 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
14:53:24.0606 4632 C:\Windows\System32\drivers\srvnet.sys - ok
14:53:24.0606 4632 [ 78B58486A5CB4F418D06EA2D6E961DB0 ] C:\Windows\Downloaded Program Files\CONFLICT.1\ssrc.exe
14:53:24.0606 4632 C:\Windows\Downloaded Program Files\CONFLICT.1\ssrc.exe - ok
14:53:24.0606 4632 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
14:53:24.0606 4632 C:\Windows\System32\wiaservc.dll - ok
14:53:24.0622 4632 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
14:53:24.0622 4632 C:\Windows\SysWOW64\wsock32.dll - ok
14:53:24.0622 4632 [ D7CE4BF406BB32DA938A03419BFC0F92 ] C:\Windows\Downloaded Program Files\CONFLICT.1\VNCHooks.dll
14:53:24.0622 4632 C:\Windows\Downloaded Program Files\CONFLICT.1\VNCHooks.dll - ok
14:53:24.0622 4632 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
14:53:24.0622 4632 C:\Windows\System32\wiatrace.dll - ok
14:53:24.0638 4632 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
14:53:24.0638 4632 C:\Windows\System32\drivers\tcpipreg.sys - ok
14:53:24.0638 4632 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
14:53:24.0638 4632 C:\Windows\System32\sysmain.dll - ok
14:53:24.0638 4632 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
14:53:24.0638 4632 C:\Windows\System32\trkwks.dll - ok
14:53:24.0653 4632 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
14:53:24.0653 4632 C:\Windows\System32\aeevts.dll - ok
14:53:24.0653 4632 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
14:53:24.0653 4632 C:\Windows\SysWOW64\winsta.dll - ok
14:53:24.0653 4632 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
14:53:24.0653 4632 C:\Windows\System32\wbem\WMIsvc.dll - ok
14:53:24.0669 4632 [ 432BE6CF7311062633459EEF6B242FB5 ] C:\Windows\SysWOW64\regsvr32.exe
14:53:24.0669 4632 C:\Windows\SysWOW64\regsvr32.exe - ok
14:53:24.0669 4632 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
14:53:24.0669 4632 C:\Windows\System32\drivers\srv2.sys - ok
14:53:24.0669 4632 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
14:53:24.0669 4632 C:\Windows\System32\wbemcomn.dll - ok
14:53:24.0684 4632 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
14:53:24.0684 4632 C:\Windows\System32\wbem\WinMgmtR.dll - ok
14:53:24.0684 4632 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
14:53:24.0684 4632 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
14:53:24.0684 4632 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
14:53:24.0684 4632 C:\Windows\System32\drivers\srv.sys - ok
14:53:24.0700 4632 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
14:53:24.0700 4632 C:\Windows\System32\iphlpsvc.dll - ok
14:53:24.0700 4632 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
14:53:24.0700 4632 C:\Windows\System32\sqmapi.dll - ok
14:53:24.0700 4632 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
14:53:24.0700 4632 C:\Windows\System32\wdscore.dll - ok
14:53:24.0716 4632 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
14:53:24.0716 4632 C:\Windows\System32\srvsvc.dll - ok
14:53:24.0716 4632 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
14:53:24.0716 4632 C:\Windows\System32\browser.dll - ok
14:53:24.0716 4632 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
14:53:24.0716 4632 C:\Windows\System32\netmsg.dll - ok
14:53:24.0731 4632 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
14:53:24.0731 4632 C:\Windows\System32\sscore.dll - ok
14:53:24.0731 4632 [ DD502A2E7B85EA7A3814C1034E6C23D3 ] C:\Windows\AppPatch\AcGenral.dll
14:53:24.0731 4632 C:\Windows\AppPatch\AcGenral.dll - ok
14:53:24.0731 4632 [ 46D2D7FDED46379E6D051633640AF8D3 ] C:\Windows\Downloaded Program Files\CONFLICT.1\sprtlisten.exe
14:53:24.0731 4632 C:\Windows\Downloaded Program Files\CONFLICT.1\sprtlisten.exe - ok
14:53:24.0747 4632 [ EFABAB1E14744A3B33CFC9AE46A391A0 ] C:\Windows\Downloaded Program Files\CONFLICT.1\sprthelper.exe
14:53:24.0747 4632 C:\Windows\Downloaded Program Files\CONFLICT.1\sprthelper.exe - ok
14:53:24.0747 4632 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
14:53:24.0747 4632 C:\Windows\SysWOW64\uxtheme.dll - ok
14:53:24.0747 4632 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
14:53:24.0747 4632 C:\Windows\System32\wbem\fastprox.dll - ok
14:53:24.0762 4632 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
14:53:24.0762 4632 C:\Windows\System32\ntdsapi.dll - ok
14:53:24.0762 4632 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
14:53:24.0762 4632 C:\Windows\System32\wbem\wbemprox.dll - ok
14:53:24.0762 4632 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
14:53:24.0762 4632 C:\Windows\System32\clusapi.dll - ok
14:53:24.0778 4632 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
14:53:24.0778 4632 C:\Windows\System32\resutils.dll - ok
14:53:24.0778 4632 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
14:53:24.0778 4632 C:\Windows\System32\hnetcfg.dll - ok
14:53:24.0778 4632 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
14:53:24.0778 4632 C:\Windows\System32\wbem\wbemcore.dll - ok
14:53:24.0794 4632 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
14:53:24.0794 4632 C:\Windows\System32\wbem\esscli.dll - ok
14:53:24.0794 4632 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
14:53:24.0794 4632 C:\Windows\System32\wbem\wbemsvc.dll - ok
14:53:24.0794 4632 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
14:53:24.0794 4632 C:\Windows\System32\wbem\wmiutils.dll - ok
14:53:24.0809 4632 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
14:53:24.0809 4632 C:\Windows\System32\wbem\repdrvfs.dll - ok
14:53:24.0809 4632 [ 9D2A2369AB4B08A4905FE72DB104498F ] C:\Windows\System32\appinfo.dll
14:53:24.0809 4632 C:\Windows\System32\appinfo.dll - ok
14:53:24.0809 4632 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
14:53:24.0809 4632 C:\Windows\System32\wpdbusenum.dll - ok
14:53:24.0825 4632 [ AB95FBAE4F9A5A56B177CEC427B2B35E ] C:\Windows\System32\psbase.dll
14:53:24.0825 4632 C:\Windows\System32\psbase.dll - ok
14:53:24.0825 4632 [ 35BA5AA671887FE8A62B88A9A6229FD5 ] C:\Windows\System32\pstorsvc.dll
14:53:24.0825 4632 C:\Windows\System32\pstorsvc.dll - ok
14:53:24.0825 4632 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
14:53:24.0825 4632 C:\Windows\System32\wdi.dll - ok
14:53:24.0840 4632 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
14:53:24.0840 4632 C:\Windows\System32\perftrack.dll - ok
14:53:24.0840 4632 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
14:53:24.0840 4632 C:\Windows\SysWOW64\samcli.dll - ok
14:53:24.0840 4632 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
14:53:24.0840 4632 C:\Windows\SysWOW64\winmm.dll - ok
14:53:24.0856 4632 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
14:53:24.0856 4632 C:\Windows\SysWOW64\msacm32.dll - ok
14:53:24.0856 4632 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
14:53:24.0856 4632 C:\Windows\SysWOW64\sfc.dll - ok
14:53:24.0856 4632 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
14:53:24.0856 4632 C:\Windows\SysWOW64\sfc_os.dll - ok
14:53:24.0872 4632 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
14:53:24.0872 4632 C:\Windows\System32\runonce.exe - ok
14:53:24.0872 4632 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
14:53:24.0872 4632 C:\Windows\SysWOW64\runonce.exe - ok
14:53:24.0872 4632 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
14:53:24.0872 4632 C:\Windows\SysWOW64\setupapi.dll - ok
14:53:24.0887 4632 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
14:53:24.0887 4632 C:\Windows\System32\diagperf.dll - ok
14:53:24.0887 4632 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
14:53:24.0887 4632 C:\Windows\System32\pnpts.dll - ok
14:53:24.0887 4632 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
14:53:24.0887 4632 C:\Windows\SysWOW64\cfgmgr32.dll - ok
14:53:24.0903 4632 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
14:53:24.0903 4632 C:\Windows\SysWOW64\devobj.dll - ok
14:53:24.0903 4632 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
14:53:24.0903 4632 C:\Windows\System32\radardt.dll - ok
14:53:24.0903 4632 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
14:53:24.0903 4632 C:\Windows\System32\wdiasqmmodule.dll - ok
14:53:24.0918 4632 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
14:53:24.0918 4632 C:\Windows\SysWOW64\propsys.dll - ok
14:53:24.0918 4632 [ 225D276C730DF08CC83EABAC407F0D75 ] C:\Windows\SysWOW64\urlmon.dll
14:53:24.0918 4632 C:\Windows\SysWOW64\urlmon.dll - ok
14:53:24.0918 4632 [ 49ACA548B2423F1C67898E6AC719A9A6 ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
14:53:24.0918 4632 C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
14:53:24.0934 4632 [ 1C60E09CA1C3A045BC4D367F67C915B7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
14:53:24.0934 4632 C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
14:53:24.0934 4632 [ A113AFEED3159A1ED52D78CB0226006D ] C:\Windows\SysWOW64\secur32.dll
14:53:24.0934 4632 C:\Windows\SysWOW64\secur32.dll - ok
14:53:24.0934 4632 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
14:53:24.0934 4632 C:\Windows\SysWOW64\cmd.exe - ok
14:53:24.0950 4632 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
14:53:24.0950 4632 C:\Windows\SysWOW64\winbrand.dll - ok
14:53:24.0950 4632 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
14:53:24.0950 4632 C:\Windows\System32\dimsjob.dll - ok
14:53:24.0950 4632 [ CC3FD6DEEE458D0BE9A69241E0749717 ] C:\Windows\SysWOW64\ieframe.dll
14:53:24.0950 4632 C:\Windows\SysWOW64\ieframe.dll - ok
14:53:24.0965 4632 [ 007863E45F25AA47A4C30D0930BBFD85 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
14:53:24.0965 4632 C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
14:53:24.0965 4632 [ 60F4AEFA103D421EA4A40E31409B4756 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
14:53:24.0965 4632 C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
14:53:24.0965 4632 [ 1F05F5A16881CD928C82D53CEFCF4477 ] C:\Windows\SysWOW64\shdocvw.dll
14:53:24.0965 4632 C:\Windows\SysWOW64\shdocvw.dll - ok
14:53:24.0981 4632 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Carl\AppData\Local\Temp\F949389A-92F6-446C-8B6D-FADACA258D40.exe
14:53:24.0981 4632 C:\Users\Carl\AppData\Local\Temp\F949389A-92F6-446C-8B6D-FADACA258D40.exe - ok
14:53:24.0981 4632 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
14:53:24.0981 4632 C:\Windows\SysWOW64\ncrypt.dll - ok
14:53:24.0981 4632 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
14:53:24.0981 4632 C:\Windows\System32\wer.dll - ok
14:53:24.0996 4632 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
14:53:24.0996 4632 C:\Windows\System32\npmproxy.dll - ok
14:53:24.0996 4632 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
14:53:24.0996 4632 C:\Windows\Sy


sWOW64\dwmapi.dll - ok
14:53:25.0012 4632 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
14:53:25.0012 4632 C:\Windows\SysWOW64\mpr.dll - ok
14:53:25.0012 4632 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
14:53:25.0012 4632 C:\Windows\System32\aelupsvc.dll - ok
14:53:25.0012 4632 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
14:53:25.0012 4632 C:\Windows\System32\ndiscapCfg.dll - ok
14:53:25.0028 4632 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
14:53:25.0028 4632 C:\Windows\System32\rascfg.dll - ok
14:53:25.0028 4632 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
14:53:25.0028 4632 C:\Windows\System32\mprapi.dll - ok
14:53:25.0028 4632 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
14:53:25.0028 4632 C:\Windows\System32\mprmsg.dll - ok
14:53:25.0043 4632 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
14:53:25.0043 4632 C:\Windows\System32\tcpipcfg.dll - ok
14:53:25.0043 4632 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
14:53:25.0043 4632 C:\Windows\System32\WSDMon.dll - ok
14:53:25.0043 4632 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
14:53:25.0043 4632 C:\Windows\System32\fdPnp.dll - ok
14:53:25.0059 4632 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
14:53:25.0059 4632 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
14:53:25.0059 4632 [ A614F3EAE991F56340705F1F1F9A17AD ] C:\Windows\System32\spool\prtprocs\x64\dleadrpp.dll
14:53:25.0059 4632 C:\Windows\System32\spool\prtprocs\x64\dleadrpp.dll - ok
14:53:25.0059 4632 [ 6FB9BE56891EA4E85B4C9BDD4E9AFA69 ] C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll
14:53:25.0059 4632 C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll - ok
14:53:25.0074 4632 [ 67CF11E00D026A5C0C88EA5F84D501E5 ] C:\Windows\System32\win32spl.dll
14:53:25.0074 4632 C:\Windows\System32\win32spl.dll - ok
14:53:25.0074 4632 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
14:53:25.0074 4632 C:\Windows\System32\PortableDeviceApi.dll - ok
14:53:25.0074 4632 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
14:53:25.0074 4632 C:\Windows\System32\inetpp.dll - ok
14:53:25.0090 4632 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
14:53:25.0090 4632 C:\Windows\SysWOW64\bcrypt.dll - ok
14:53:25.0090 4632 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
14:53:25.0090 4632 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
14:53:25.0090 4632 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
14:53:25.0090 4632 C:\Windows\SysWOW64\gpapi.dll - ok
14:53:25.0106 4632 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
14:53:25.0106 4632 C:\Windows\System32\Apphlpdm.dll - ok
14:53:25.0106 4632 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
14:53:25.0106 4632 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
14:53:25.0106 4632 [ 8A8B277067C22F4BF6AA9A31692FC4D3 ] C:\Windows\SysWOW64\cryptnet.dll
14:53:25.0106 4632 C:\Windows\SysWOW64\cryptnet.dll - ok
14:53:25.0121 4632 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
14:53:25.0121 4632 C:\Windows\SysWOW64\credssp.dll - ok
14:53:25.0121 4632 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
14:53:25.0121 4632 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
14:53:25.0121 4632 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
14:53:25.0121 4632 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
14:53:25.0137 4632 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
14:53:25.0137 4632 C:\Windows\SysWOW64\wship6.dll - ok
14:53:25.0137 4632 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
14:53:25.0137 4632 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
14:53:25.0137 4632 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
14:53:25.0137 4632 C:\Windows\SysWOW64\dnsapi.dll - ok
14:53:25.0152 4632 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
14:53:25.0152 4632 C:\Windows\SysWOW64\rasadhlp.dll - ok
14:53:25.0152 4632 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
14:53:25.0152 4632 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
14:53:25.0152 4632 [ 5B2E4E90C04FB9AE9F2C5E99FF59B283 ] C:\Windows\SysWOW64\WindowsCodecs.dll
14:53:25.0152 4632 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
14:53:25.0168 4632 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
14:53:25.0168 4632 C:\Windows\SysWOW64\EhStorShell.dll - ok
14:53:25.0168 4632 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
14:53:25.0168 4632 C:\Windows\SysWOW64\ntshrui.dll - ok
14:53:25.0168 4632 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
14:53:25.0168 4632 C:\Windows\SysWOW64\slc.dll - ok
14:53:25.0184 4632 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
14:53:25.0184 4632 C:\Windows\SysWOW64\imageres.dll - ok
14:53:25.0184 4632 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
14:53:25.0184 4632 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
14:53:25.0184 4632 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
14:53:25.0184 4632 C:\Windows\System32\ncobjapi.dll - ok
14:53:25.0199 4632 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
14:53:25.0199 4632 C:\Windows\System32\nci.dll - ok
14:53:25.0199 4632 [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
14:53:25.0199 4632 C:\Windows\System32\wlaninst.dll - ok
14:53:25.0199 4632 [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
14:53:25.0199 4632 C:\Windows\System32\wwaninst.dll - ok
14:53:25.0199 4632 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
14:53:25.0215 4632 C:\Windows\System32\wbem\wbemess.dll - ok
14:53:25.0215 4632 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
14:53:25.0215 4632 C:\Windows\System32\rundll32.exe - ok
14:53:25.0215 4632 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
14:53:25.0215 4632 C:\Windows\System32\actxprxy.dll - ok
14:53:25.0230 4632 [ 198803E5E93E29967DFB0BCFD0186151 ] C:\Windows\System32\spfileq.dll
14:53:25.0230 4632 C:\Windows\System32\spfileq.dll - ok
14:53:25.0230 4632 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
14:53:25.0230 4632 C:\Windows\System32\netman.dll - ok
14:53:25.0230 4632 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
14:53:25.0230 4632 C:\Windows\System32\netshell.dll - ok
14:53:25.0246 4632 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
14:53:25.0246 4632 C:\Windows\System32\rasdlg.dll - ok
14:53:25.0246 4632 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
14:53:25.0246 4632 C:\Windows\SysWOW64\devrtl.dll - ok
14:53:25.0246 4632 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
14:53:25.0246 4632 C:\Windows\System32\timedate.cpl - ok
14:53:25.0262 4632 [ 22A0AE97360C1B146FDD9AA55AC0E989 ] C:\Windows\System32\shdocvw.dll
14:53:25.0262 4632 C:\Windows\System32\shdocvw.dll - ok
14:53:25.0262 4632 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
14:53:25.0262 4632 C:\Windows\System32\linkinfo.dll - ok
14:53:25.0262 4632 [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
14:53:25.0262 4632 C:\Windows\System32\gameux.dll - ok
14:53:25.0277 4632 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
14:53:25.0277 4632 C:\Windows\System32\msftedit.dll - ok
14:53:25.0277 4632 [ 112183DF91C9BAECB498E4A86ECDE598 ] C:\Windows\System32\msls31.dll
14:53:25.0277 4632 C:\Windows\System32\msls31.dll - ok
14:53:25.0277 4632 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
14:53:25.0277 4632 C:\Windows\System32\msi.dll - ok
14:53:25.0293 4632 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
14:53:25.0293 4632 C:\Windows\System32\msiltcfg.dll - ok
14:53:25.0293 4632 [ 391CD109EF28629644C267C855314DEE ] C:\Windows\System32\ieframe.dll
14:53:25.0293 4632 C:\Windows\System32\ieframe.dll - ok
14:53:25.0293 4632 [ 9108540E866F75C7AF2B91DD921A8091 ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
14:53:25.0293 4632 C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
14:53:25.0308 4632 [ FB4045578F5180BDB1963AB352B78548 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
14:53:25.0308 4632 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
14:53:25.0308 4632 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
14:53:25.0308 4632 C:\Windows\System32\thumbcache.dll - ok
14:53:25.0308 4632 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
14:53:25.0308 4632 C:\Windows\System32\networkexplorer.dll - ok
14:53:25.0324 4632 [ 4076E418CD3EB0E09FFBCD828C35CE26 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
14:53:25.0324 4632 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
14:53:25.0324 4632 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
14:53:25.0324 4632 C:\Windows\System32\DeviceCenter.dll - ok
14:53:25.0324 4632 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
14:53:25.0324 4632 C:\Windows\System32\mlang.dll - ok
14:53:25.0340 4632 [ 2EE7EAFCBA41850EA3F00EF5E7C4A549 ] C:\Windows\System32\igfxtray.exe
14:53:25.0340 4632 C:\Windows\System32\igfxtray.exe - ok
14:53:25.0340 4632 [ 53F7D5AD43AC7328B68EF44B3E7C728A ] C:\Windows\System32\hkcmd.exe
14:53:25.0340 4632 C:\Windows\System32\hkcmd.exe - ok
14:53:25.0340 4632 [ 76995B82E6DDD83E7DCA85289DE5B5F0 ] C:\Windows\System32\igfxpers.exe
14:53:25.0340 4632 C:\Windows\System32\igfxpers.exe - ok
14:53:25.0355 4632 [ F4290F0F67C0506A825647961C151E0D ] C:\Program Files\IDT\WDM\sttray64.exe
14:53:25.0355 4632 C:\Program Files\IDT\WDM\sttray64.exe - ok
14:53:25.0355 4632 [ 3911917B93DD9023DAA8258147AA7BCF ] C:\Program Files\Microsoft Security Client\msseces.exe
14:53:25.0355 4632 C:\Program Files\Microsoft Security Client\msseces.exe - ok
14:53:25.0355 4632 [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
14:53:25.0355 4632 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
14:53:25.0371 4632 [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
14:53:25.0371 4632 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
14:53:25.0371 4632 [ E835CEDEF0C69A2013E6A210F3DD7879 ] C:\Program Files\Sandboxie\SbieCtrl.exe
14:53:25.0371 4632 C:\Program Files\Sandboxie\SbieCtrl.exe - ok
14:53:25.0371 4632 [ E9097004922D4D57A9220433E4FE485B ] C:\Windows\System32\hccutils.dll
14:53:25.0371 4632 C:\Windows\System32\hccutils.dll - ok
14:53:25.0386 4632 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
14:53:25.0386 4632 C:\Windows\SysWOW64\rasapi32.dll - ok
14:53:25.0386 4632 [ A6E69E7ABAF9815390C4E3F45836CE5B ] C:\Program Files\Internet Explorer\sqmapi.dll
14:53:25.0386 4632 C:\Program Files\Internet Explorer\sqmapi.dll - ok
14:53:25.0386 4632 [ A55F6BAFC43E5768B56C02FFC4E19925 ] C:\Windows\System32\igfxsrvc.exe
14:53:25.0386 4632 C:\Windows\System32\igfxsrvc.exe - ok
14:53:25.0402 4632 [ 19F9B524A525D202194247E96656CB88 ] C:\Windows\System32\mfc42u.dll
14:53:25.0402 4632 C:\Windows\System32\mfc42u.dll - ok
14:53:25.0402 4632 [ DF48408BD8A76BC35FCC8514A89B55A9 ] C:\Windows\System32\SynCOM.dll
14:53:25.0402 4632 C:\Windows\System32\SynCOM.dll - ok
14:53:25.0402 4632 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
14:53:25.0402 4632 C:\Windows\SysWOW64\rasman.dll - ok
14:53:25.0418 4632 [ 070753E47E04181DD440EA2FEFE3115C ] C:\Program Files (x86)\Skype\Phone\Skype.exe
14:53:25.0418 4632 C:\Program Files (x86)\Skype\Phone\Skype.exe - ok
14:53:25.0418 4632 [ 773D7DC2BABC0C3DEFE910C44637F573 ] C:\Windows\System32\SynTPAPI.dll
14:53:25.0418 4632 C:\Windows\System32\SynTPAPI.dll - ok
14:53:25.0418 4632 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
14:53:25.0418 4632 C:\Windows\SysWOW64\rtutils.dll - ok
14:53:25.0433 4632 [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
14:53:25.0433 4632 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
14:53:25.0433 4632 [ 7FF8E121AFA05BDAB23B9FEDCDAB7A33 ] C:\Windows\System32\odbc32.dll
14:53:25.0433 4632 C:\Windows\System32\odbc32.dll - ok
14:53:25.0433 4632 [ 5C5D40DDDE89190B2B3A19EDAC1CCF55 ] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
14:53:25.0433 4632 C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe - ok
14:53:25.0449 4632 [ D608D6566310ADE0B0B21BAAF716B3F7 ] C:\Program Files\IDT\WDM\stlang64.dll
14:53:25.0449 4632 C:\Program Files\IDT\WDM\stlang64.dll - ok
14:53:25.0449 4632 [ 30E7CA4620500FE012EB464F0E1DE91E ] C:\Program Files (x86)\Internet Explorer\iexplore.exe
14:53:25.0449 4632 C:\Program Files (x86)\Internet Explorer\iexplore.exe - ok
14:53:25.0449 4632 [ 3E466073C3B1033FF92ADE9031E3D4A2 ] C:\Windows\System32\odbcint.dll
14:53:25.0449 4632 C:\Windows\System32\odbcint.dll - ok
14:53:25.0464 4632 [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
14:53:25.0464 4632 C:\Windows\System32\msxml3.dll - ok
14:53:25.0464 4632 [ FCAE7ED173941270A7AB9E838074C072 ] C:\Windows\System32\igfxsrvc.dll
14:53:25.0464 4632 C:\Windows\System32\igfxsrvc.dll - ok
14:53:25.0464 4632 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
14:53:25.0464 4632 C:\Windows\SysWOW64\oleacc.dll - ok
14:53:25.0480 4632 [ E8F915D5140A75ABFF036BBF9D0941AD ] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
14:53:25.0480 4632 C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe - ok
14:53:25.0480 4632 [ A905E156A7D52B55892C3255670FE97B ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
14:53:25.0480 4632 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
14:53:25.0480 4632 [ 4EFCDF3DB1BBA69C09622991280C4ACB ] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
14:53:25.0480 4632 C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe - ok
14:53:25.0496 4632 [ A171B56DA31CEA530BFC03734841BD79 ] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
14:53:25.0496 4632 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe - ok
14:53:25.0496 4632 [ 5516C26A6AF8EB4E2CAB48EC98A74398 ] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
14:53:25.0496 4632 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - ok
14:53:25.0511 4632 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
14:53:25.0511 4632 C:\Windows\System32\drprov.dll - ok
14:53:25.0511 4632 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
14:53:25.0511 4632 C:\Windows\System32\mscoree.dll - ok
14:53:25.0511 4632 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
14:53:25.0511 4632 C:\Windows\System32\ntlanman.dll - ok
14:53:25.0527 4632 [ 8A7F55E5B5543C95D8AF191BCBF6D125 ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
14:53:25.0527 4632 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe - ok
14:53:25.0527 4632 [ BD0EA5C8A4EF518C46E05F99908A56CE ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
14:53:25.0527 4632 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
14:53:25.0527 4632 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
14:53:25.0527 4632 C:\Windows\System32\davclnt.dll - ok
14:53:25.0542 4632 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
14:53:25.0542 4632 C:\Windows\System32\davhlpr.dll - ok
14:53:25.0542 4632 [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:53:25.0542 4632 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
14:53:25.0542 4632 [ 7849250D8EC5FEEA33A3C37331F56793 ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\dmres.dll
14:53:25.0542 4632 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\dmres.dll - ok
14:53:25.0558 4632 [ 25389C8387943751DABF6826A8B6D008 ] C:\Windows\System32\igfxdev.dll
14:53:25.0558 4632 C:\Windows\System32\igfxdev.dll - ok
14:53:25.0558 4632 [ E948D1D42DC68923ABD75EEB5BCCD1D3 ] C:\Windows\System32\consent.exe
14:53:25.0558 4632 C:\Windows\System32\consent.exe - ok
14:53:25.0558 4632 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
14:53:25.0558 4632 C:\Windows\SysWOW64\sxs.dll - ok
14:53:25.0574 4632 [ 5046E55184021406C27E8D48A1B2C9D2 ] C:\Windows\System32\l3codeca.acm
14:53:25.0574 4632 C:\Windows\System32\l3codeca.acm - ok
14:53:25.0574 4632 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
14:53:25.0574 4632 C:\Windows\SysWOW64\winspool.drv - ok
14:53:25.0574 4632 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
14:53:25.0574 4632 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
14:53:25.0589 4632 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\SqmApi.dll
14:53:25.0589 4632 C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
14:53:25.0589 4632 [ DEC2AE60ADC0CC7B050ADAA8808C8796 ] C:\Windows\System32\igfxrenu.lrc
14:53:25.0589 4632 C:\Windows\System32\igfxrenu.lrc - ok
14:53:25.0589 4632 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
14:53:25.0589 4632 C:\Windows\System32\SensApi.dll - ok
14:53:25.0605 4632 [ A728C8E3B8BF95E536D076A2B7C68653 ] C:\Windows\System32\igfxress.dll
14:53:25.0605 4632 C:\Windows\System32\igfxress.dll - ok
14:53:25.0605 4632 [ C0FAAE8EC1B4760D3D04844F708DA0F0 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
14:53:25.0605 4632 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
14:53:25.0605 4632 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
14:53:25.0605 4632 C:\Windows\SysWOW64\comdlg32.dll - ok
14:53:25.0620 4632 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
14:53:25.0620 4632 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
14:53:25.0620 4632 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
14:53:25.0620 4632 C:\Windows\System32\msimg32.dll - ok
14:53:25.0620 4632 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
14:53:25.0620 4632 C:\Windows\SysWOW64\msimg32.dll - ok
14:53:25.0636 4632 [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
14:53:25.0636 4632 C:\Windows\SysWOW64\d3d9.dll - ok
14:53:25.0636 4632 [ DC5ECEA062C0633346B6D199FA2B578D ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
14:53:25.0636 4632 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe - ok
14:53:25.0636 4632 [ 7F9C912B2817076DC0C9C129C90D8914 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\88744044294787b99dd4a8704ab75a79\mscorlib.ni.dll
14:53:25.0636 4632 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\88744044294787b99dd4a8704ab75a79\mscorlib.ni.dll - ok
14:53:25.0652 4632 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
14:53:25.0652 4632 C:\Windows\SysWOW64\d3d8thk.dll - ok
14:53:25.0652 4632 [ 487F44B08EFEAF5AD087878357B9403D ] C:\Windows\SysWOW64\pdh.dll
14:53:25.0652 4632 C:\Windows\SysWOW64\pdh.dll - ok
14:53:25.0652 4632 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
14:53:25.0652 4632 C:\Windows\SysWOW64\shfolder.dll - ok
14:53:25.0667 4632 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
14:53:25.0667 4632 C:\Windows\SysWOW64\powrprof.dll - ok
14:53:25.0667 4632 [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
14:53:25.0667 4632 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
14:53:25.0667 4632 [ 84174CA0E190BB9D1EFD0F005FE13B35 ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\GdiPlus.dll
14:53:25.0667 4632 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\GdiPlus.dll - ok
14:53:25.0683 4632 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\Windows\SysWOW64\msvcp100.dll
14:53:25.0683 4632 C:\Windows\SysWOW64\msvcp100.dll - ok
14:53:25.0683 4632 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\Windows\SysWOW64\msvcr100.dll
14:53:25.0683 4632 C:\Windows\SysWOW64\msvcr100.dll - ok
14:53:25.0683 4632 [ 703FFD301AB900B047337C5D40FD6F96 ] C:\Windows\SysWOW64\olepro32.dll
14:53:25.0683 4632 C:\Windows\SysWOW64\olepro32.dll - ok
14:53:25.0698 4632 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
14:53:25.0698 4632 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
14:53:25.0698 4632 [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll
14:53:25.0698 4632 C:\Windows\System32\riched20.dll - ok
14:53:25.0714 4632 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
14:53:25.0714 4632 C:\Windows\SysWOW64\avrt.dll - ok
14:53:25.0714 4632 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
14:53:25.0714 4632 C:\Windows\SysWOW64\wlanapi.dll - ok
14:53:25.0714 4632 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
14:53:25.0714 4632 C:\Windows\SysWOW64\wlanutil.dll - ok
14:53:25.0714 4632 [ 1B1431D9520C7578AD5633ED2A70625F ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
14:53:25.0714 4632 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
14:53:25.0730 4632 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\SysWOW64\cryptui.dll
14:53:25.0730 4632 C:\Windows\SysWOW64\cryptui.dll - ok
14:53:25.0730 4632 [ 0017163E0D5985168792BEE5CF70D5DF ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
14:53:25.0730 4632 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll - ok
14:53:25.0730 4632 [ 1A9B2D01C0307558C548A548ED5E3562 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6fa18e5d118c3aaffe0e379bf4b8eb08\System.ni.dll
14:53:25.0745 4632 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6fa18e5d118c3aaffe0e379bf4b8eb08\System.ni.dll - ok
14:53:25.0745 4632 [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6 ] C:\Windows\SysWOW64\mapi32.dll
14:53:25.0745 4632 C:\Windows\SysWOW64\mapi32.dll - ok
14:53:25.0745 4632 [ E24FE90E9DE8D8AE70E59F7B01675DEF ] C:\Windows\SysWOW64\avicap32.dll
14:53:25.0745 4632 C:\Windows\SysWOW64\avicap32.dll - ok
14:53:25.0745 4632 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\SysWOW64\devenum.dll
14:53:25.0761 4632 C:\Windows\SysWOW64\devenum.dll - ok
14:53:25.0761 4632 [ 7069AAB8536F29ED7323140973A2894B ] C:\Windows\SysWOW64\msdmo.dll
14:53:25.0761 4632 C:\Windows\SysWOW64\msdmo.dll - ok
14:53:25.0761 4632 [ C335EC1182AC10B188705554E0BC1186 ] C:\Windows\SysWOW64\msvfw32.dll
14:53:25.0761 4632 C:\Windows\SysWOW64\msvfw32.dll - ok
14:53:25.0776 4632 [ 24498D084FAA7A459C91066EC241E1CE ] C:\Windows\SysWOW64\vfwwdm32.dll
14:53:25.0776 4632 C:\Windows\SysWOW64\vfwwdm32.dll - ok
14:53:25.0776 4632 [ AF31E7D2C385F647ADFD5F5736B3BA64 ] C:\Windows\SysWOW64\mshtml.dll
14:53:25.0776 4632 C:\Windows\SysWOW64\mshtml.dll - ok
14:53:25.0776 4632 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
14:53:25.0776 4632 C:\Windows\System32\stobject.dll - ok
14:53:25.0776 4632 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
14:53:25.0776 4632 C:\Windows\System32\batmeter.dll - ok
14:53:25.0792 4632 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
14:53:25.0792 4632 C:\Windows\System32\prnfldr.dll - ok
14:53:25.0792 4632 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
14:53:25.0792 4632 C:\Windows\System32\fdProxy.dll - ok
14:53:25.0792 4632 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
14:53:25.0792 4632 C:\Windows\System32\DXP.dll - ok
14:53:25.0808 4632 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
14:53:25.0808 4632 C:\Windows\System32\Syncreg.dll - ok
14:53:25.0808 4632 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
14:53:25.0808 4632 C:\Windows\ehome\ehSSO.dll - ok
14:53:25.0808 4632 [ 19B9523698137566DAA8B80C62CE4AAD ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\1b21a532b2c54f825b7e916a7f1c8c54\System.Drawing.ni.dll
14:53:25.0808 4632 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\1b21a532b2c54f825b7e916a7f1c8c54\System.Drawing.ni.dll - ok
14:53:25.0823 4632 [ A810D010A5695D3256F7DD289B281DCA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\edc3fe8d35c7683e937991391e16e1d0\System.Windows.Forms.ni.dll
14:53:25.0823 4632 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\edc3fe8d35c7683e937991391e16e1d0\System.Windows.Forms.ni.dll - ok
14:53:25.0823 4632 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
14:53:25.0823 4632 C:\Windows\System32\AltTab.dll - ok
14:53:25.0839 4632 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
14:53:25.0839 4632 C:\Windows\System32\WPDShServiceObj.dll - ok
14:53:25.0839 4632 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
14:53:25.0839 4632 C:\Windows\System32\PortableDeviceTypes.dll - ok
14:53:25.0839 4632 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
14:53:25.0839 4632 C:\Windows\System32\pnidui.dll - ok
14:53:25.0854 4632 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
14:53:25.0854 4632 C:\Windows\System32\QUTIL.DLL - ok
14:53:25.0854 4632 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
14:53:25.0854 4632 C:\Windows\System32\SearchIndexer.exe - ok
14:53:25.0854 4632 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
14:53:25.0854 4632 C:\Windows\System32\srchadmin.dll - ok
14:53:25.0870 4632 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
14:53:25.0870 4632 C:\Windows\System32\dot3api.dll - ok
14:53:25.0870 4632 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
14:53:25.0870 4632 C:\Windows\System32\wlanhlp.dll - ok
14:53:25.0870 4632 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
14:53:25.0870 4632 C:\Windows\System32\wlanapi.dll - ok
14:53:25.0886 4632 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
14:53:25.0886 4632 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
14:53:25.0886 4632 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
14:53:25.0886 4632 C:\Windows\System32\WWanAPI.dll - ok
14:53:25.0886 4632 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
14:53:25.0886 4632 C:\Windows\System32\wwapi.dll - ok
14:53:25.0901 4632 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
14:53:25.0901 4632 C:\Windows\System32\QAGENT.DLL - ok
14:53:25.0901 4632 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
14:53:25.0901 4632 C:\Windows\System32\tquery.dll - ok
14:53:25.0901 4632 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
14:53:25.0901 4632 C:\Windows\System32\ActionCenter.dll - ok
14:53:25.0917 4632 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
14:53:25.0917 4632 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
14:53:25.0917 4632 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
14:53:25.0917 4632 C:\Windows\System32\bthprops.cpl - ok
14:53:25.0917 4632 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
14:53:25.0917 4632 C:\Windows\System32\mssrch.dll - ok
14:53:25.0932 4632 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
14:53:25.0932 4632 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
14:53:25.0932 4632 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
14:53:25.0932 4632 C:\Windows\SysWOW64\duser.dll - ok
14:53:25.0932 4632 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
14:53:25.0932 4632 C:\Windows\SysWOW64\dui70.dll - ok
14:53:25.0948 4632 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
14:53:25.0948 4632 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
14:53:25.0948 4632 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
14:53:25.0948 4632 C:\Windows\System32\msidle.dll - ok
14:53:25.0948 4632 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
14:53:25.0948 4632 C:\Windows\System32\mssprxy.dll - ok
14:53:25.0964 4632 [ 701EBD3EA4D1C31B5AA3539F8E3AA225 ] C:\Windows\SysWOW64\igdumdx32.dll
14:53:25.0964 4632 C:\Windows\SysWOW64\igdumdx32.dll - ok
14:53:25.0964 4632 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
14:53:25.0964 4632 C:\Windows\System32\en-US\tquery.dll.mui - ok
14:53:25.0964 4632 [ 03B2351F44D84A521C736F967EC18A4C ] C:\Windows\SysWOW64\igdumd32.dll
14:53:25.0964 4632 C:\Windows\SysWOW64\igdumd32.dll - ok
14:53:25.0979 4632 [ 64E211E0FDFCE4D186DF58BB7D0503BC ] C:\Windows\SysWOW64\gameux.dll
14:53:25.0979 4632 C:\Windows\SysWOW64\gameux.dll - ok
14:53:25.0979 4632 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
14:53:25.0979 4632 C:\Windows\System32\wsock32.dll - ok
14:53:25.0979 4632 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
14:53:25.0979 4632 C:\Windows\System32\wmdrmdev.dll - ok
14:53:25.0995 4632 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
14:53:25.0995 4632 C:\Windows\System32\drmv2clt.dll - ok
14:53:25.0995 4632 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
14:53:25.0995 4632 C:\Windows\System32\FXSST.dll - ok
14:53:25.0995 4632 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
14:53:25.0995 4632 C:\Windows\System32\shfolder.dll - ok
14:53:26.0010 4632 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
14:53:26.0010 4632 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
14:53:26.0010 4632 [ 9473D8FC514C61F3858F7C4FF8DCE30F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\516b7cd414dc5665728b15afb8d7fdf6\System.Management.ni.dll
14:53:26.0010 4632 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\516b7cd414dc5665728b15afb8d7fdf6\System.Management.ni.dll - ok
14:53:26.0010 4632 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\31754190.sys
14:53:26.0010 4632 C:\Windows\System32\drivers\31754190.sys - ok
14:53:26.0026 4632 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
14:53:26.0026 4632 C:\Windows\System32\FXSAPI.dll - ok
14:53:26.0026 4632 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\SysWOW64\xmllite.dll
14:53:26.0026 4632 C:\Windows\SysWOW64\xmllite.dll - ok
14:53:26.0026 4632 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\SysWOW64\wer.dll
14:53:26.0026 4632 C:\Windows\SysWOW64\wer.dll - ok
14:53:26.0042 4632 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
14:53:26.0042 4632 C:\Windows\System32\FXSRESM.dll - ok
14:53:26.0042 4632 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
14:53:26.0042 4632 C:\Windows\SysWOW64\linkinfo.dll - ok
14:53:26.0042 4632 [ B92E9318F7E4AEF633B8EC3A873565AF ] C:\Windows\SysWOW64\perfdisk.dll
14:53:26.0042 4632 C:\Windows\SysWOW64\perfdisk.dll - ok
14:53:26.0057 4632 [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\SysWOW64\perfos.dll
14:53:26.0057 4632 C:\Windows\SysWOW64\perfos.dll - ok
14:53:26.0057 4632 [ 752F8E96BAB993517838315508FB82CB ] C:\Windows\SysWOW64\perfproc.dll
14:53:26.0057 4632 C:\Windows\SysWOW64\perfproc.dll - ok
14:53:26.0057 4632 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
14:53:26.0057 4632 C:\Windows\SysWOW64\nlaapi.dll - ok
14:53:26.0073 4632 [ EC9739A46F1F83C6E52A7A4697F44A65 ] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:53:26.0073 4632 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe - ok
14:53:26.0073 4632 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\SysWOW64\MMDevAPI.dll
14:53:26.0073 4632 C:\Windows\SysWOW64\MMDevAPI.dll - ok
14:53:26.0073 4632 [ A586D397342E46294D6B57D9E5218FD4 ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key
14:53:26.0073 4632 C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key - ok
14:53:26.0088 4632 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
14:53:26.0088 4632 C:\Windows\SysWOW64\NapiNSP.dll - ok
14:53:26.0088 4632 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
14:53:26.0088 4632 C:\Windows\SysWOW64\pnrpnsp.dll - ok
14:53:26.0088 4632 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
14:53:26.0088 4632 C:\Windows\SysWOW64\winrnr.dll - ok
14:53:26.0104 4632 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
14:53:26.0104 4632 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
14:53:26.0104 4632 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
14:53:26.0104 4632 C:\Windows\SysWOW64\wbemcomn.dll - ok
14:53:26.0104 4632 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
14:53:26.0104 4632 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
14:53:26.0120 4632 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
14:53:26.0120 4632 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
14:53:26.0120 4632 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
14:53:26.0120 4632 C:\Windows\System32\upnp.dll - ok
14:53:26.0120 4632 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
14:53:26.0120 4632 C:\Windows\SysWOW64\ntdsapi.dll - ok
14:53:26.0135 4632 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
14:53:26.0135 4632 C:\Windows\System32\ssdpsrv.dll - ok
14:53:26.0135 4632 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
14:53:26.0135 4632 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
14:53:26.0135 4632 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
14:53:26.0135 4632 C:\Windows\System32\wbem\NCProv.dll - ok
14:53:26.0151 4632 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
14:53:26.0151 4632 C:\Windows\SysWOW64\riched20.dll - ok
14:53:26.0151 4632 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
14:53:26.0151 4632 C:\Windows\System32\FXSSVC.exe - ok
14:53:26.0151 4632 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
14:53:26.0151 4632 C:\Windows\System32\wmp.dll - ok
14:53:26.0166 4632 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
14:53:26.0166 4632 C:\Windows\System32\wbem\wmiprov.dll - ok
14:53:26.0166 4632 [ 04CB7C8FDC6D9640DD82A527208F72C4 ] C:\Windows\System32\UIAnimation.dll
14:53:26.0166 4632 C:\Windows\System32\UIAnimation.dll - ok
14:53:26.0166 4632 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
14:53:26.0166 4632 C:\Windows\System32\wmploc.DLL - ok
14:53:26.0182 4632 [ CC5BF60E9D3F181C0B62AC91AD8634B8 ] C:\Windows\SysWOW64\qcap.dll
14:53:26.0182 4632 C:\Windows\SysWOW64\qcap.dll - ok
14:53:26.0182 4632 [ 0AE0C4955E1DE29CCDC9DA1B816FE5EE ] C:\Windows\SysWOW64\quartz.dll
14:53:26.0182 4632 C:\Windows\SysWOW64\quartz.dll - ok
14:53:26.0182 4632 [ BC0D4AFBE94D8E1F81C8926D805C3366 ] C:\Windows\System32\webcheck.dll
14:53:26.0182 4632 C:\Windows\System32\webcheck.dll - ok
14:53:26.0198 4632 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
14:53:26.0198 4632 C:\Windows\System32\SyncCenter.dll - ok
14:53:26.0198 4632 [ C140F86932B5B61F54A4D836E2D34AB2 ] C:\Windows\SysWOW64\ksproxy.ax
14:53:26.0198 4632 C:\Windows\SysWOW64\ksproxy.ax - ok
14:53:26.0198 4632 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
14:53:26.0198 4632 C:\Windows\SysWOW64\ksuser.dll - ok
14:53:26.0213 4632 [ 4DDACA8A66B95ABA02812FF3C13DE198 ] C:\Windows\SysWOW64\vidcap.ax
14:53:26.0213 4632 C:\Windows\SysWOW64\vidcap.ax - ok
14:53:26.0213 4632 [ 630A31F277349109299E590856A4B004 ] C:\Windows\SysWOW64\Kswdmcap.ax
14:53:26.0213 4632 C:\Windows\SysWOW64\Kswdmcap.ax - ok
14:53:26.0213 4632 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
14:53:26.0213 4632 C:\Windows\System32\imapi2.dll - ok
14:53:26.0229 4632 [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll
14:53:26.0229 4632 C:\Windows\SysWOW64\mfc42.dll - ok
14:53:26.0229 4632 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
14:53:26.0229 4632 C:\Windows\System32\hgcpl.dll - ok
14:53:26.0229 4632 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
14:53:26.0229 4632 C:\Windows\System32\fdPHost.dll - ok
14:53:26.0244 4632 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
14:53:26.0244 4632 C:\Windows\System32\fdWSD.dll - ok
14:53:26.0244 4632 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
14:53:26.0244 4632 C:\Windows\System32\fdSSDP.dll - ok
14:53:26.0244 4632 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
14:53:26.0244 4632 C:\Windows\SysWOW64\odbc32.dll - ok
14:53:26.0260 4632 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
14:53:26.0260 4632 C:\Windows\SysWOW64\odbcint.dll - ok
14:53:26.0260 4632 [ 916A020A8C88A48B7F67AEE1D8F9CECD ] C:\Program Files\Internet Explorer\ieproxy.dll
14:53:26.0260 4632 C:\Program Files\Internet Explorer\ieproxy.dll - ok
14:53:26.0260 4632 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\SysWOW64\wshqos.dll
14:53:26.0260 4632 C:\Windows\SysWOW64\wshqos.dll - ok
14:53:26.0276 4632 [ 45375DF47ED4D0535739465105AAABE3 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
14:53:26.0276 4632 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll - ok
14:53:26.0276 4632 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
14:53:26.0276 4632 C:\Windows\System32\wmpps.dll - ok
14:53:26.0276 4632 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll
14:53:26.0276 4632 C:\Windows\System32\ListSvc.dll - ok
14:53:26.0291 4632 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
14:53:26.0291 4632 C:\Windows\System32\P2P.dll - ok
14:53:26.0291 4632 [ B22A0FB8EEBA1AED4F89B4B72486A103 ] C:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax
14:53:26.0291 4632 C:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax - ok
14:53:26.0307 4632 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
14:53:26.0307 4632 C:\Windows\System32\IdListen.dll - ok
14:53:26.0307 4632 [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll
14:53:26.0307 4632 C:\Windows\System32\hgprint.dll - ok
14:53:26.0307 4632 [ 0DE3C7622EC33126579B1742260F08C2 ] C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
14:53:26.0307 4632 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe - ok
14:53:26.0322 4632 [ 5F81A916DBF40D81FABC6B9C556E4748 ] C:\Program Files (x86)\CyberLink\YouCam\MFC71u.dll
14:53:26.0322 4632 C:\Program Files (x86)\CyberLink\YouCam\MFC71u.dll - ok
14:53:26.0322 4632 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
14:53:26.0322 4632 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
14:53:26.0322 4632 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
14:53:26.0322 4632 C:\Windows\System32\pnrpsvc.dll - ok
14:53:26.0338 4632 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
14:53:26.0338 4632 C:\Windows\SysWOW64\oledlg.dll - ok
14:53:26.0338 4632 [ 22309C300E4F1E33BC75EDA065C3C384 ] C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
14:53:26.0338 4632 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe - ok
14:53:26.0338 4632 [ 08B8CBE749D01AC1EE19B50A5190C3E2 ] C:\Program Files (x86)\CyberLink\YouCam\msvcr71.dll
14:53:26.0338 4632 C:\Program Files (x86)\CyberLink\YouCam\msvcr71.dll - ok
14:53:26.0354 4632 [ 1C638C66C3451DAEEF4A0E1158E4C67A ] C:\Program Files (x86)\CyberLink\YouCam\msvcp71.dll
14:53:26.0354 4632 C:\Program Files (x86)\CyberLink\YouCam\msvcp71.dll - ok
14:53:26.0354 4632 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
14:53:26.0354 4632 C:\Windows\System32\p2psvc.dll - ok
14:53:26.0354 4632 [ 98B6695218001219A62E55D63A36AECA ] C:\Program Files (x86)\CyberLink\YouCam\YCRgl.ax
14:53:26.0354 4632 C:\Program Files (x86)\CyberLink\YouCam\YCRgl.ax - ok
14:53:26.0369 4632 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
14:53:26.0369 4632 C:\Windows\System32\P2PGraph.dll - ok
14:53:26.0369 4632 [ 21D3A18769EC2C4E56756D04E989A221 ] C:\Windows\SysWOW64\msxml3.dll
14:53:26.0369 4632 C:\Windows\SysWOW64\msxml3.dll - ok
14:53:26.0385 4632 [ 2BC6D8AE2D2150053016AC58B72EF60C ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\68b969603e53c94e256a15cc8ba6ce78\System.Xml.ni.dll
14:53:26.0385 4632 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\68b969603e53c94e256a15cc8ba6ce78\System.Xml.ni.dll - ok
14:53:26.0385 4632 [ 4ED981241DB27C3383D72092B618A1D0 ] C:\Windows\System32\drivers\mspqm.sys
14:53:26.0385 4632 C:\Windows\System32\drivers\mspqm.sys - ok
14:53:26.0385 4632 [ 2AACCCFC5068CC176233493CC780BFDE ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\b8a65735553ba5386ed76783daa73ccc\System.Configuration.ni.dll
14:53:26.0385 4632 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\b8a65735553ba5386ed76783daa73ccc\System.Configuration.ni.dll - ok
14:53:26.0400 4632 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
14:53:26.0400 4632 C:\Windows\SysWOW64\netprofm.dll - ok
14:53:26.0400 4632 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
14:53:26.0400 4632 C:\Windows\SysWOW64\npmproxy.dll - ok
14:53:26.0400 4632 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\SysWOW64\AudioSes.dll
14:53:26.0400 4632 C:\Windows\SysWOW64\AudioSes.dll - ok
14:53:26.0416 4632 [ 5E65E90DA3A478C377F7332A9386B023 ] C:\Windows\System32\AESTAC64.dll
14:53:26.0416 4632 C:\Windows\System32\AESTAC64.dll - ok
14:53:26.0416 4632 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
14:53:26.0416 4632 C:\Windows\System32\dssenh.dll - ok
14:53:26.0416 4632 [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll
14:53:26.0416 4632 C:\Windows\System32\drttransport.dll - ok
14:53:26.0432 4632 [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll
14:53:26.0432 4632 C:\Windows\System32\drt.dll - ok
14:53:26.0432 4632 ============================================================
14:53:26.0432 4632 Scan finished
14:53:26.0432 4632 ============================================================
14:53:26.0447 4624 Detected object count: 1
14:53:26.0447 4624 Actual detected object count: 1
14:53:47.0382 4624 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:53:47.0382 4624 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:57:12.0731 2468 Deinitialize success
  • 0

#8
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Here are the additional logs. I'm grateful for your help.

Hello Bleck,

Thanks for the logs. You are welcome.

Things are looking good we are almost done I only want you to do a complete full scan to make sure I don't miss nothing...


Step 1 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
Posted Image
  • Make sure the options Remove found threats and Scan Archives are Not ticked.
  • Click on Advanced Settings, an check the options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Start and then wait for the scan to finish (it will take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply

Step 2 - Security Check

Download Security Check by screen317 from here or here.
  • Save it to the Desktop.
  • Right click on the icon Posted Image and choose Run as Administrator. Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I would like to see in your next reply:
  • The ESET log
  • The checkup.txt log
  • How is the computer performing? any problems?

  • 0

#9
BleckComputer

BleckComputer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi SleepyDude,

Here are the ESET and checkup.txt logs. To answer your question, my computer never had any problems with running that I could see. System Restore not working was what worried me. :)


[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b2d15b01d7a9a748b99b4bc65176fcfc
# engine=14463
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-19 09:35:14
# local_time=2013-07-19 02:35:14 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 687901 125813164 0 0
# scanned=229379
# found=0
# cleaned=0
# scan_time=4827






Results of screen317's Security Check version 0.99.70
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 9
Java version out of Date!
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
  • 0

#10
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts
Hello Bleck,

To answer your question, my computer never had any problems with running that I could see. System Restore not working was what worried me. :)

Good. I can tell you that System Restore is working properly we have already checked that on post #5


The Security Check log shows that there may be some problem with Microsoft Security Essentials lets check:
- open the program by double clicking its icon Posted Imagenext to the clock
- click the Update Tab, it should be similar to this:
Posted Image
- If the dates for Definitions created on and Definitions last checked aren't current click the Update button to see if the program updates without errors.

Now I want you to check if Microsoft Security Essentials is actively protecting you System. Click on the Settings tab and then on the left panel click Real-time Protection make sure you have all the check boxes checked link in the following image:
Posted Image

Note: after doing changes on the page you need to click Save Changes and accept all the Security warnings presented by the system.

Let me know the result of this...

Update Java

Your version of Java Runtime is outdated! In light of the recent events surrounding Java that is constantly target by malware, users must seriously consider their use of Java.
Do you really need it? If yes, go to the Java download page and click from the link Windows Offline this file will not include any unneeded extras like the ASK Toolbar. When java is installed its extremely important to update immediately when you get a notification pop-up from the Java Updater.
  • 0

#11
BleckComputer

BleckComputer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi SleepyDude,

I had disabled Microsoft Security Essentials because you said to do so in Post #4 before I ran the Junkware Removal Tool (JRT). I thought it needed to be turned off for all the scans. It's back on now. :)

I updated Java and will update it immediately whenever I get the pop-up notifications.

Is there anything else we need to do?
  • 0

#12
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

I had disabled Microsoft Security Essentials because you said to do so in Post #4 before I ran the Junkware Removal Tool (JRT). I thought it needed to be turned off for all the scans. It's back on now. :)

Hi Bleck,

You did well, sometimes the Security Software can interfere with our fix's also they can make the Full scans take longer...
Sorry for my incomplete instructions about re-enable the AV software.

Is there anything else we need to do?


Everything is fine you did a very good job :thumbsup:
Before you go I want to remove all the tools we use and would like to give you some recommendations about how to protect your computer against future malware infections.


Step 1 - Remove the Tools we use

» AdwCleaner
  • Double-click then AdwCleaner Icon on the Desktop to run the program.
    (Accept the UAC prompt to allow changes to the computer).
  • click the Uninstall button
» OTL
  • Double-click the OTL Icon Posted Image on the Desktop to start the program
    (Accept the UAC prompt to allow changes to the computer).
  • click the Posted Image button. Accept the prompt to Reboot.
» Uninstall ESET On-line Scanner
Access the Control Panel and Uninstall ESET On-line Scanner because it's no longer needed.

» Others
  • Delete any .log, .txt, file created on the Desktop during the cleaning process.


Step 2 - How to prevent new infections

To protect your computer from being infected again its very important to keep Windows Updated and all the programs related with the internet, Web Browser, Flash Player, Adobe Reader and Java only to mention the most targeted by today security exploits. Follow the instructions below to keep these critical programs updated:

  • Windows and Internet Explorer
    To keep Windows and Internet Explorer updated make sure you have Windows Update enabled on the Control Panel applet, follow the instructions for Windows 7 on this MS article How to configure and use Automatic Updates in Windows or use the FixIt tool provided.
  • Antivirus and Antimalware programs
    Make sure you have a Antivirus program always updated and running.
    Sometimes Antivirus can miss some malware, when that happens its good to have Malwarebytes free installed, Update and run weekly to keep your system clean. Malwarebytes is also good to revert some system changes made by the malware.
  • Enable the Firewall
    No system can be considered safe if not protected by a Firewall. If you are connected to the Internet by a Router you should check its configuration and make sure the firewall is active.
    If you connect by modem or to a open Local Network you should enable the Windows 7 built-in firewall.
  • Keep Installed Programs Up to Date
    It's important to keep all other programs on your computer updated because they can also have security vulnerability explored by the malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications to fix vulnerabilities, this can be done manually by using the Update feature included in most programs or you can use one of the following programs to help you with this task:
  • Surf the Net with extra Security
    Every web browser is a target for malware, the bad guys are always trying to explorer security holes to infect the computers, and this is especially true for Internet Explorer because is one of the most used. Using alternatives like Mozilla Firefox or Google Chrome can help protecting your computer from infections.
    And for Firefox and Chrome you can get an extra layer of protection by installing two add-ons AdBlockPlus and Web Of Trust (WOT). WOT can also protect Internet Explorer.

::: Some final recommendations :::
Best Regards and have a Safe surfing! :wave:
  • 0

#13
BleckComputer

BleckComputer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello SleepyDude,

I removed all the tools and logs. I couldn't have done it without your clear explanations. Do you get graded on this? You deserve an A+! Thanks for all the help! :cheers:
  • 0

#14
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,401 posts

Hello SleepyDude,
Do you get graded on this? You deserve an A+! Thanks for all the help! :cheers:

Hi,

Something like that. :) It was a pleasure to help. :thumbsup:

Hope not seen you in the Malware section of the forum :)

Regards :cheers:
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP