Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System Probs - suspected malware [Closed]

Started by lawnguybri , Nov 24 2013 08:04 PM

This topic is locked

#1
lawnguybri

Posted 24 November 2013 - 08:04 PM

Member

Member
102 posts

Posted Today, 12:22 PM (other forum)

I should first note that this is on my daughter's hp computer, and I have started this topic on my own laptop. I am hesitant to connect her computer onto my wifi (it was on her own wifi before), for if its infected with something I'm not sure if somehow my wifi can be compromised somehow. Should this be a concern?

Her computer has been giving her problems for a little while now...I can't say how long exactly. It is an hp computer purchased last year on Black Friday, and it runs windows 8. I know she only uses the computer for basic internet usage, school projects, and some computer gaming (minecraft, for the most part). The problems she's been experiencing recently includes random computer crashes, slow performance, an inability to access "settings" or other system tools (the icon is there, but clicking it does nothing. Also, the ability to shut down the computer properly is gone...there is no "shut down" button. Disappeared.

First, is there an danger to connecting this computer to my home wifi? If the computer is infected with something, can my wifi be somehow compromised?
And if not, what steps do I need to take?

Thank you in advance, for any help provided

Bri.

Btw, I started the OTL scan, and its been running for the past 4 hours. Shouldnt it be a lot quicker??

#2
lawnguybri

Posted 25 November 2013 - 09:32 PM

Member

Topic Starter
Member
102 posts

Ok I've tried running the OTL scan three times now, and every time it just stalls. Will not complete. What should I do know?

#3
Buddierdl

Posted 27 November 2013 - 09:14 AM

Trusted Helper

Malware Removal
2,524 posts

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.
Let's try FRST instead.

If you want to wait to connect the computer to your wifi, you can use a flash drive to transfer tools instead. But first, protect the flash drive from infecting your clean computer by running this program on the clean computer:

Download/Run Panda USB Vaccine:

Please download Panda USB Vaccine from here to the desktop of your machine.

Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
At the configuration screen(settings)...
Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> clcik on Finish.
Insert the USB Drive in your machine...it will be automatically vaccinated(as will any USB drives connected in the future).

Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advise would be to keep it installed.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

#4
lawnguybri

Posted 30 November 2013 - 11:27 AM

Member

Topic Starter
Member
102 posts

Thank you.

Ok, the should the scan be done on the clean computer, or the infected computer?

If it should be done on the clean computer, then it is included. If it it supposed to be done on the infected computer, please let me know, and Ill get it to that one.

First scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013
Ran by Brian Hillard (administrator) on BRIANHILLARD-PC on 30-11-2013 12:22:42
Running from C:\Users\Brian Hillard\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Palringo Limited) C:\Program Files (x86)\Palringo\palringo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\Toshiba\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-24] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-06-30] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] - C:\Program Files\Toshiba\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_CURRENT_USER\Software\SearchProtect /f [x]
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Runonce: [SpUninstallDeleteDir] - rmdir /s /q "C:\Users\Brian Hillard\AppData\Roaming\SearchProtect"
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YMailAdvisor] - C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [SecureW2 Tray] - C:\Program Files (x86)\SecureW2\sw2_tray.exe [287112 2011-11-04] (SecureW2 B.V.)
HKLM-x32\...\Run: [MaxMenuMgr] - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe [177448 2008-07-17] (Seagate LLC)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3316074
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCFF01B470EDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope {17946FA3-A27F-49F7-B255-788311E1EA3A} URL =
SearchScopes: HKCU - DefaultScope {17946FA3-A27F-49F7-B255-788311E1EA3A} URL = http://search.condui...6631711609&UM=2
SearchScopes: HKCU - {17946FA3-A27F-49F7-B255-788311E1EA3A} URL = http://search.condui...6631711609&UM=2
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46

FireFox:
========
FF ProfilePath: C:\Users\Brian Hillard\AppData\Roaming\Mozilla\Firefox\Profiles\ykwae3d6.default-1367810261156
FF DefaultSearchEngine: SweetPacks A14 Customized Web Search
FF SelectedSearchEngine: SweetPacks A14 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3316074&CUI=UN35094476320171472&UM=2&SearchSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316074&SearchSource=2&CUI=UN35094476320171472&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Brian Hillard\AppData\Roaming\Mozilla\Firefox\Profiles\ykwae3d6.default-1367810261156\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Brian Hillard\AppData\Roaming\Mozilla\Firefox\Profiles\ykwae3d6.default-1367810261156\searchplugins\MyStart Search.xml
FF Extension: No Name - C:\Users\Brian Hillard\AppData\Roaming\Mozilla\Firefox\Profiles\ykwae3d6.default-1367810261156\Extensions\staged
FF Extension: SweetPacks A14 - C:\Users\Brian Hillard\AppData\Roaming\Mozilla\Firefox\Profiles\ykwae3d6.default-1367810261156\Extensions\{ecf9d4ae-b571-42c2-9745-74fdb8b0d27a}
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2013-09-12] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-30 12:22 - 2013-11-30 12:23 - 00020807 _____ C:\Users\Brian Hillard\Desktop\FRST.txt
2013-11-30 12:22 - 2013-11-30 12:22 - 00000000 ____D C:\FRST
2013-11-30 12:21 - 2013-11-30 12:22 - 01959070 _____ (Farbar) C:\Users\Brian Hillard\Desktop\FRST64.exe
2013-11-30 12:18 - 2013-11-30 12:18 - 00003128 _____ C:\windows\System32\Tasks\PandaUSBVaccine
2013-11-30 12:18 - 2013-11-30 12:18 - 00000000 ____D C:\ProgramData\Panda Security
2013-11-30 12:18 - 2013-11-30 12:18 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-11-30 12:16 - 2013-11-30 12:16 - 00848856 _____ (Panda Security ) C:\Users\Brian Hillard\Desktop\USBVaccineSetup.exe
2013-11-30 12:04 - 2013-11-30 12:12 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\Conduit
2013-11-30 12:04 - 2013-11-30 12:04 - 00000000 ____D C:\ProgramData\Conduit
2013-11-30 12:04 - 2013-11-30 12:04 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-11-30 12:03 - 2013-11-30 12:12 - 00000000 ____D C:\windows\SysWOW64\WNLT
2013-11-30 12:03 - 2013-11-30 12:12 - 00000000 ____D C:\windows\SysWOW64\jmdp
2013-11-30 12:03 - 2013-11-30 12:04 - 00000000 _____ C:\END
2013-11-24 11:15 - 2013-11-24 11:17 - 00000000 ____D C:\AdwCleaner
2013-11-24 11:11 - 2013-11-24 11:11 - 01091882 _____ C:\Users\Brian Hillard\Desktop\adwcleaner.exe
2013-11-24 11:11 - 2013-11-24 11:11 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 11:11 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-24 11:11 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-24 11:11 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-24 11:10 - 2013-11-24 11:11 - 00005521 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-24 11:10 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-18 21:14 - 2013-11-18 21:14 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{74357711-278E-4EF5-AAFF-667BFD0C6182}
2013-11-18 06:48 - 2013-11-18 06:48 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{B7B9E188-1A57-49C2-9B83-1805E053D1F8}
2013-11-17 15:19 - 2013-11-17 15:20 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{51CEB180-FEE3-42D4-ADA8-F708496CD75E}
2013-11-15 23:01 - 2013-11-30 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 21:49 - 2013-11-11 21:49 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{402CAEE6-A6E0-4BEB-8F69-BB07A78E27B4}
2013-11-10 21:12 - 2013-11-10 21:12 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{80AAA16B-DABD-4B91-A838-87DC91079345}
2013-11-10 09:12 - 2013-11-10 09:12 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{2F7BF3C5-BF38-4BA8-9FDA-7ED69DDA625B}
2013-11-09 15:08 - 2013-11-09 15:08 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{85FD3CA6-FC4B-48AE-A047-6986FF6E1BFB}
2013-11-09 00:40 - 2013-11-09 00:40 - 00001754 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-09 00:38 - 2013-11-09 00:40 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-09 00:38 - 2013-11-09 00:40 - 00000000 ____D C:\Program Files\iTunes
2013-11-09 00:38 - 2013-11-09 00:40 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-09 00:38 - 2013-11-09 00:38 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-11-30 12:23 - 2013-11-30 12:22 - 00020807 _____ C:\Users\Brian Hillard\Desktop\FRST.txt
2013-11-30 12:22 - 2013-11-30 12:22 - 00000000 ____D C:\FRST
2013-11-30 12:22 - 2013-11-30 12:21 - 01959070 _____ (Farbar) C:\Users\Brian Hillard\Desktop\FRST64.exe
2013-11-30 12:22 - 2011-09-07 00:44 - 02064417 _____ C:\windows\WindowsUpdate.log
2013-11-30 12:21 - 2009-07-14 00:13 - 00726316 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-30 12:18 - 2013-11-30 12:18 - 00003128 _____ C:\windows\System32\Tasks\PandaUSBVaccine
2013-11-30 12:18 - 2013-11-30 12:18 - 00000000 ____D C:\ProgramData\Panda Security
2013-11-30 12:18 - 2013-11-30 12:18 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-11-30 12:16 - 2013-11-30 12:16 - 00848856 _____ (Panda Security ) C:\Users\Brian Hillard\Desktop\USBVaccineSetup.exe
2013-11-30 12:15 - 2013-01-05 00:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-30 12:14 - 2012-11-17 22:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-30 12:13 - 2011-09-07 01:03 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-30 12:12 - 2013-11-30 12:04 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\Conduit
2013-11-30 12:12 - 2013-11-30 12:03 - 00000000 ____D C:\windows\SysWOW64\WNLT
2013-11-30 12:12 - 2013-11-30 12:03 - 00000000 ____D C:\windows\SysWOW64\jmdp
2013-11-30 12:11 - 2013-11-15 23:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-30 12:08 - 2011-11-25 11:00 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\Google
2013-11-30 12:08 - 2011-09-07 01:03 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-30 12:08 - 2011-09-07 01:02 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-30 12:04 - 2013-11-30 12:04 - 00000000 ____D C:\ProgramData\Conduit
2013-11-30 12:04 - 2013-11-30 12:04 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-11-30 12:04 - 2013-11-30 12:03 - 00000000 _____ C:\END
2013-11-29 21:17 - 2009-07-13 23:51 - 00069742 _____ C:\windows\setupact.log
2013-11-29 21:17 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-29 21:17 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-29 21:05 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-24 11:17 - 2013-11-24 11:15 - 00000000 ____D C:\AdwCleaner
2013-11-24 11:11 - 2013-11-24 11:11 - 01091882 _____ C:\Users\Brian Hillard\Desktop\adwcleaner.exe
2013-11-24 11:11 - 2013-11-24 11:11 - 00000000 ____D C:\ProgramData\Oracle
2013-11-24 11:11 - 2013-11-24 11:10 - 00005521 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-24 11:11 - 2011-08-01 02:30 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-18 21:18 - 2013-01-13 00:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 21:14 - 2013-11-18 21:14 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{74357711-278E-4EF5-AAFF-667BFD0C6182}
2013-11-18 06:48 - 2013-11-18 06:48 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{B7B9E188-1A57-49C2-9B83-1805E053D1F8}
2013-11-17 15:20 - 2013-11-17 15:19 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{51CEB180-FEE3-42D4-ADA8-F708496CD75E}
2013-11-12 01:07 - 2013-08-12 08:10 - 00000000 ____D C:\Users\Brian Hillard\Desktop\haypi
2013-11-11 21:49 - 2013-11-11 21:49 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{402CAEE6-A6E0-4BEB-8F69-BB07A78E27B4}
2013-11-11 05:50 - 2010-11-20 22:27 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-10 21:12 - 2013-11-10 21:12 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{80AAA16B-DABD-4B91-A838-87DC91079345}
2013-11-10 09:12 - 2013-11-10 09:12 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{2F7BF3C5-BF38-4BA8-9FDA-7ED69DDA625B}
2013-11-09 15:08 - 2013-11-09 15:08 - 00000000 ____D C:\Users\Brian Hillard\AppData\Local\{85FD3CA6-FC4B-48AE-A047-6986FF6E1BFB}
2013-11-09 00:40 - 2013-11-09 00:40 - 00001754 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-09 00:40 - 2013-11-09 00:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-09 00:40 - 2013-11-09 00:38 - 00000000 ____D C:\Program Files\iTunes
2013-11-09 00:40 - 2013-11-09 00:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-09 00:38 - 2013-11-09 00:38 - 00000000 ____D C:\Program Files\iPod

Some content of TEMP:
====================
C:\Users\Brian Hillard\AppData\Local\Temp\46FC_fdminst.exe
C:\Users\Brian Hillard\AppData\Local\Temp\air46FB.exe
C:\Users\Brian Hillard\AppData\Local\Temp\airA071.exe
C:\Users\Brian Hillard\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Brian Hillard\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Brian Hillard\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Brian Hillard\AppData\Local\Temp\nsc5E39.exe
C:\Users\Brian Hillard\AppData\Local\Temp\nsc66C4.exe
C:\Users\Brian Hillard\AppData\Local\Temp\nsm1CF8.exe
C:\Users\Brian Hillard\AppData\Local\Temp\nsmF6DF.exe
C:\Users\Brian Hillard\AppData\Local\Temp\nss406D.tmp.tbSwee.dll
C:\Users\Brian Hillard\AppData\Local\Temp\nsv3EC8.exe
C:\Users\Brian Hillard\AppData\Local\Temp\Quarantine.exe
C:\Users\Brian Hillard\AppData\Local\Temp\Shortcut_air46FB.exe
C:\Users\Brian Hillard\AppData\Local\Temp\SPStub.exe
C:\Users\Brian Hillard\AppData\Local\Temp\SweetIMInstallValidator.exe
C:\Users\Brian Hillard\AppData\Local\Temp\tbSwee.dll
C:\Users\Brian Hillard\AppData\Local\Temp\WSSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-20 00:34

==================== End Of Log ============================

Additional scan:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2013
Ran by Brian Hillard at 2013-11-30 12:23:28
Running from C:\Users\Brian Hillard\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.6.0.19140)
Adobe Connect 9 Add-in (HKCU Version: 11,2,385,0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Amazon Add to Wish List IE Extension 1.2 (x32 Version: 1.2)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
Bonjour (Version: 3.0.0.10)
Bootstrapper (x32 Version: 1.1.1.0)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Conexant HD Audio (Version: 8.51.2.51)
Coupon Companion Plugin (x32 Version: 1.26.152.152)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Diablo II (x32)
FastStone Capture 7.0 (x32 Version: 7.0)
Google Drive (x32 Version: 1.12.5329.1887)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
HHD Software Hex Editor 3.10 (x32 Version: 3.10.0.0000)
iCloud (Version: 2.1.1.3)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2353)
Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (x32 Version: 7.0.450)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.8)
Java SE Development Kit 7 Update 9 (64-bit) (Version: 1.7.0.90)
Java™ 6 Update 25 (x32 Version: 6.0.250)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Label@Once 1.0 (x32 Version: 1.0)
Malwarebytes Anti-Malware version 1.65.1.1000 (x32 Version: 1.65.1.1000)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Minitab 16 (x32 Version: 16.2.3)
Minitab16 (x32 Version: 16.2.3.0)
Mozilla Firefox 17.0.11 (x86 en-US) (x32 Version: 17.0.11)
Mozilla Maintenance Service (x32 Version: 17.0.11)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Netwaiting (x32 Version: 1.0.1)
OverDrive Media Console (x32 Version: 3.2.10)
Palringo (x32)
Panda USB Vaccine 1.0.1.4 (x32)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
QuickTime (x32 Version: 7.73.80.64)
Realtek USB 2.0 Reader Driver (x32 Version: 1.0.0.15)
Realtek WLAN Driver (x32 Version: 2.00.0013)
Seagate Manager Installer (x32 Version: 2.01.0013)
Secure Download Manager (x32 Version: 3.1.0)
SecureW2 Enterprise Client 3.5.5 (x32)
Skype Launcher (x32 Version: 2.01)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
Toshiba App Place (x32 Version: 1.0.6.3)
TOSHIBA Application Installer (x32 Version: 9.0.1.2)
TOSHIBA Assist (x32 Version: 4.2.3.0)
Toshiba Book Place (x32 Version: 2.2.7530)
TOSHIBA Bulletin Board (Version: 1.6.11.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.11.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.5.64)
TOSHIBA Face Recognition (Version: 3.1.17.64)
TOSHIBA Face Recognition (x32 Version: 3.1.17.64)
TOSHIBA Hardware Setup (Version: 4.08.09.00)
TOSHIBA Hardware Setup (x32 Version: 4.08.09.00)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
Toshiba Laptop Checkup (x32 Version: 2.0.13.11)
TOSHIBA Media Controller (x32 Version: 1.0.87.4)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.5)
Toshiba Online Backup (x32 Version: 2.0.0.31)
TOSHIBA PC Health Monitor (Version: 1.7.9.64)
TOSHIBA Quality Application (x32 Version: 1.0.3)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA ReelTime (x32 Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2001)
TOSHIBA Service Station (x32 Version: 2.2.12)
TOSHIBA Sleep Utility (x32 Version: 1.4.2.8)
TOSHIBA Supervisor Password (Version: 4.08.09.00)
TOSHIBA Supervisor Password (x32 Version: 4.08.09.00)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA Value Added Package (x32 Version: 1.6.1.64)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3)
TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.5)
TOSHIBARegistration (x32 Version: 1.0.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Yahoo! Install Manager (x32)
Yahoo! Internet Mail (x32)
Yahoo! Mail Advisor (x32)
Yahoo! Software Update (x32)

==================== Restore Points =========================

27-11-2013 13:45:30 Windows Update
30-11-2013 17:01:48 Windows Update
30-11-2013 17:10:56 Removed HHD Software Hex Editor 3.10

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-08-15 22:22 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {3A65B433-E0CA-4AA2-8387-8572B9B70F73} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2011-11-04] (SecureW2 B.V.)
Task: {40882D69-3BD4-475C-9D7F-8638B4B9F352} - \AmiUpdXp No Task File
Task: {518F43C2-504B-4B32-89F7-95F0E8B3BA0D} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe
Task: {53C31FA4-1BB3-4991-8AB0-C73CA6756962} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07] (Google Inc.)
Task: {6324D6A2-D0A5-4694-ACF1-4945F237FCDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {75A695D1-3D68-4EC8-A12D-1A0D71E957E9} - System32\Tasks\Lyrics Search Update => C:\Program Files (x86)\LyricSearch\LyricSearchUp.exe
Task: {BB428D37-5988-4628-868D-C4FF51B9D4CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07] (Google Inc.)
Task: {C4193BEB-63E3-4F3F-8BA5-5608774EC13A} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {C676E9DD-12D7-42D5-8A75-B0D7100966F0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DDD0424F-892A-46A5-8888-C2C6D85F5180} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-17 17:14 - 2012-12-17 17:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 21:39 - 2013-02-27 23:43 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-11-29 21:05 - 2013-11-29 21:05 - 00098816 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\win32api.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00110080 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\PyWinTypes27.dll
2013-11-29 21:05 - 2013-11-29 21:05 - 00364544 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\pythoncom27.dll
2013-11-29 21:05 - 2013-11-29 21:05 - 00044032 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\_socket.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 01153024 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\_ssl.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00320512 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\win32com.shell.shell.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00711680 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\_hashlib.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 01175040 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\wx._core_.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00805888 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\wx._gdi_.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00811008 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\wx._windows_.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 01062400 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\wx._controls_.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00735232 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\wx._misc_.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00128512 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\_elementtree.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00127488 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\pyexpat.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00557056 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\pysqlite2._sqlite.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00087040 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\_ctypes.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00119808 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\win32file.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00108544 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\win32security.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00018432 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\win32event.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00038912 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\win32inet.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00122368 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\wx._wizard.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00686080 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\unicodedata.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00026624 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\_multiprocessing.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00070656 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\wx._html2.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00010240 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\select.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00025600 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\win32pdh.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00504832 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\windows._cacheinvalidation.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00011264 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\win32crypt.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00035840 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\win32process.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00017408 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\win32profile.pyd
2013-11-29 21:05 - 2013-11-29 21:05 - 00022528 _____ () C:\Users\Brian Hillard\AppData\Local\Temp\_MEI40682\win32ts.pyd
2008-06-23 04:31 - 2008-06-23 04:31 - 00718336 _____ () C:\Program Files (x86)\Palringo\libspeex.dll
2013-11-15 23:01 - 2013-11-15 23:01 - 02402416 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-07-17 11:19 - 2013-07-17 11:19 - 00528896 _____ () C:\Windows\SysWOW64\jmdp\lmrn.dll
2013-07-04 02:12 - 2013-07-04 02:12 - 00362029 _____ () C:\Windows\SysWOW64\jmdp\sqlite3.dll
2013-10-08 23:14 - 2013-10-08 23:14 - 16233864 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2013 00:23:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x794
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (11/30/2013 00:22:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x24c8
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (11/30/2013 00:22:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x2744
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (11/30/2013 00:21:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x2ee0
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (11/30/2013 00:21:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x2f0c
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (11/30/2013 00:20:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x2984
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (11/30/2013 00:20:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x3b7c
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (11/30/2013 00:19:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x39c8
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (11/30/2013 00:19:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x38dc
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

Error: (11/30/2013 00:18:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
Faulting module name: SxsStore.dll, version: 6.1.7600.16385, time stamp: 0x4a5be073
Exception code: 0xc0000005
Fault offset: 0x0000000000005c07
Faulting process id: 0x3788
Faulting application start time: 0xTrustedInstaller.exe0
Faulting application path: TrustedInstaller.exe1
Faulting module path: TrustedInstaller.exe2
Report Id: TrustedInstaller.exe3

System errors:
=============
Error: (11/30/2013 00:23:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 53 time(s).

Error: (11/30/2013 00:23:00 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 52 time(s).

Error: (11/30/2013 00:22:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 51 time(s).

Error: (11/30/2013 00:21:59 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 50 time(s).

Error: (11/30/2013 00:21:29 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 49 time(s).

Error: (11/30/2013 00:20:59 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 48 time(s).

Error: (11/30/2013 00:20:29 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 47 time(s).

Error: (11/30/2013 00:19:59 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 46 time(s).

Error: (11/30/2013 00:19:29 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 45 time(s).

Error: (11/30/2013 00:18:59 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 44 time(s).

Microsoft Office Sessions:
=========================
Error: (11/30/2013 00:23:29 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c0779401ceedf0e3201645C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dll20d7ad78-59e4-11e3-8807-e89a8fce6bf8

Error: (11/30/2013 00:22:59 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c0724c801ceedf0d135085bC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dll0eee7454-59e4-11e3-8807-e89a8fce6bf8

Error: (11/30/2013 00:22:29 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c07274401ceedf0bf45b4a1C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dllfd05b063-59e3-11e3-8807-e89a8fce6bf8

Error: (11/30/2013 00:21:59 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c072ee001ceedf0ad5e9e65C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dlleb159955-59e3-11e3-8807-e89a8fce6bf8

Error: (11/30/2013 00:21:29 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c072f0c01ceedf09b75b363C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dlld92d98b7-59e3-11e3-8807-e89a8fce6bf8

Error: (11/30/2013 00:20:59 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c07298401ceedf0898c050eC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dllc74486a4-59e3-11e3-8807-e89a8fce6bf8

Error: (11/30/2013 00:20:29 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c073b7c01ceedf077a081f2C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dllb55c5ef4-59e3-11e3-8807-e89a8fce6bf8

Error: (11/30/2013 00:19:59 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c0739c801ceedf065b748ceC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dlla37066a6-59e3-11e3-8807-e89a8fce6bf8

Error: (11/30/2013 00:19:29 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c0738dc01ceedf053cd4c58C:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dll9185f4fe-59e3-11e3-8807-e89a8fce6bf8

Error: (11/30/2013 00:18:59 PM) (Source: Application Error)(User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bSxsStore.dll6.1.7600.163854a5be073c00000050000000000005c07378801ceedf041e5e7fbC:\windows\servicing\TrustedInstaller.exeC:\windows\system32\SxsStore.dll7f9c1f99-59e3-11e3-8807-e89a8fce6bf8

CodeIntegrity Errors:
===================================
Date: 2013-11-25 02:42:27.843
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-25 02:42:27.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-25 02:42:27.839
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-25 02:42:27.824
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-25 02:42:27.823
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-25 02:42:27.821
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-24 00:45:08.616
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-24 00:45:08.616
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-24 00:45:08.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-11-24 00:45:08.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 6091.86 MB
Available physical RAM: 3160.83 MB
Total Pagefile: 12181.91 MB
Available Pagefile: 8846.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (TI106234W0C) (Fixed) (Total:682.64 GB) (Free:462.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:14.9 GB) (Free:14.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 9DEB38F3)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

#5
Buddierdl

Posted 30 November 2013 - 12:17 PM

Trusted Helper

Malware Removal
2,524 posts

Sorry for not being clear. The Panda Vaccine is for the clean computer, to protect it. FRST needs to be run on the infected machine.

#6
lawnguybri

Posted 30 November 2013 - 01:03 PM

Member

Topic Starter
Member
102 posts

Infected computer:

FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013
Ran by gwengoetter (administrator) on GOETTERS4BACON on 30-11-2013 13:45:47
Running from C:\Users\gwengoetter\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spigot, Inc.) C:\Users\gwengoetter\AppData\Roaming\Search Protection\SearchProtection.exe
() C:\Users\gwengoetter\AppData\Roaming\Pyixih\wytyiz.exe
() C:\Users\gwengoetter\AppData\Roaming\BabSolution\WIN3E3A.exe
() C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe
() C:\Users\gwengoetter\AppData\Roaming\Fotusui\WIN2A4B.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [21504 2012-07-25] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$541eeff7fc8cc6840a1a6882d5b1c996\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [PCSpeedUp] - C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
HKCU\...\Run: [SearchProtection] - C:\Users\gwengoetter\AppData\Roaming\Search Protection\SearchProtection.exe [832360 2013-09-03] (Spigot, Inc.)
HKCU\...\Run: [Iproanvaelmuy] - C:\Users\gwengoetter\AppData\Roaming\Pyixih\wytyiz.exe [200351 2013-07-12] ()
HKCU\...\Run: [GameServer33] - C:\Users\gwengoetter\AppData\Roaming\BabSolution\WIN3E3A.exe [124928 2013-09-20] ()
HKCU\...\Run: [Vougowloypqiuxg] - C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe [203884 2013-01-27] ()
HKCU\...\Run: [GameServer55] - C:\Users\gwengoetter\AppData\Roaming\Fotusui\WIN2A4B.exe [173056 2013-10-15] ()
HKCU\...\Run: [Ycixadycsody] - C:\Users\gwengoetter\AppData\Roaming\Umqoyh\exsefic.exe [200351 2013-02-03] ()
HKCU\...\Run: [Lyemlazoifoderq] - C:\Users\gwengoetter\AppData\Roaming\Oxydesul\ymmupy.exe [203884 2013-07-29] ()
HKCU\...\Run: [Fuivruot] - C:\Users\gwengoetter\AppData\Roaming\Viidfouc\ziulvou.exe [203884 2013-03-26] ()
HKCU\...\Run: [Udlok] - C:\Users\gwengoetter\AppData\Roaming\Gaxymi\uwryun.exe [200351 2013-09-19] ()
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume4\Users\GWENGO~1\AppData\Local\Temp\sxxoiiv\sjgudmy\wow.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...e={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...e={installDate}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
URLSearchHook: HKLM-x32 - Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgr2.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM - {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {19DB2D13-91DA-4DA4-A080-AB75B9B9484D} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/...e={installDate}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...06B083E8E0CFBEA
SearchScopes: HKCU - {19DB2D13-91DA-4DA4-A080-AB75B9B9484D} URL = http://search.yahoo....p={searchTerms}
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll No File
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgr2.dll (Conduit Ltd.)
BHO-x32: LyricsNotes - {A444752C-F03B-4E19-B2CD-E80F1FC2809C} - C:\Program Files (x86)\LyricsNotes\116.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll No File
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgr2.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} - No File
Winsock: Catalog5 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()

Chrome:
=======
CHR HomePage: hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ch", "hxxp://www1.delta-search.com/?affID=122123&babsrc=HP_ss&mntrId=E06B083E8E0CFBEA"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\gwengoetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaidocmldibgopdbjiopphnjhaehnbn\10.16.70.501_0
CHR Extension: (SearchGBY) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.73_0
CHR Extension: (Norton Identity Protection) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0
CHR Extension: (Gmail) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dbjmkjlcdkfccfpgpbieancamjhaclga] - C:\Program Files (x86)\LyricsNotes\116.crx
CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\gwengoetter\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\gwengoetter\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [icmijdhkcgeclpfjmibnginbbkfcbpep] - C:\Program Files\SearchGBY\Extensions\Chrome\searchgby.chrome.v0.9.70.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [143928 2012-10-10] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
S2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [x]

==================== Drivers (Whitelisted) ====================

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [208736 2012-11-26] (AVG Technologies CZ, s.r.o.)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [1384608 2012-11-30] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-02] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-01-02] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130109.001\IDSvia64.sys [513184 2013-01-01] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130110.005\ENG64.SYS [126112 2013-01-02] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130110.005\EX64.SYS [2084000 2013-01-02] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS [37496 2012-01-11] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1402000.013\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-09-01] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-30 13:45 - 2013-11-30 13:46 - 00018890 _____ C:\Users\gwengoetter\Desktop\FRST.txt
2013-11-30 13:45 - 2013-11-30 13:45 - 00000000 ____D C:\FRST
2013-11-30 13:45 - 2013-11-30 12:22 - 01959070 _____ (Farbar) C:\Users\gwengoetter\Desktop\FRST64.exe
2013-11-30 13:45 - 2013-11-24 11:11 - 01091882 _____ C:\Users\gwengoetter\Desktop\adwcleaner.exe
2013-11-24 17:12 - 2012-10-16 20:57 - 00602112 _____ (OldTimer Tools) C:\Users\gwengoetter\Desktop\OTL.exe
2013-11-17 20:53 - 2013-11-17 20:54 - 00559368 _____ C:\windows\Minidump\111713-22183-01.dmp
2013-11-15 15:36 - 2013-11-15 15:36 - 00561816 _____ C:\windows\Minidump\111513-21949-01.dmp
2013-11-12 16:21 - 2013-11-12 16:22 - 00564264 _____ C:\windows\Minidump\111213-53399-01.dmp
2013-11-10 18:48 - 2013-11-10 18:48 - 00561816 _____ C:\windows\Minidump\111013-21184-01.dmp
2013-11-10 17:15 - 2013-11-10 17:15 - 00560592 _____ C:\windows\Minidump\111013-22354-01.dmp
2013-11-09 22:46 - 2013-11-09 22:46 - 00560592 _____ C:\windows\Minidump\110913-22354-01.dmp
2013-11-07 18:34 - 2013-11-07 18:34 - 00561816 _____ C:\windows\Minidump\110713-28844-01.dmp
2013-11-07 16:59 - 2013-11-07 17:00 - 00560592 _____ C:\windows\Minidump\110713-22838-01.dmp
2013-11-06 16:01 - 2013-11-06 16:01 - 00561816 _____ C:\windows\Minidump\110613-23212-01.dmp

==================== One Month Modified Files and Folders =======

2013-11-30 13:46 - 2013-11-30 13:45 - 00018890 _____ C:\Users\gwengoetter\Desktop\FRST.txt
2013-11-30 13:45 - 2013-11-30 13:45 - 00000000 ____D C:\FRST
2013-11-30 13:44 - 2012-07-26 02:21 - 00037308 _____ C:\windows\setupact.log
2013-11-30 13:43 - 2013-04-03 00:31 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-30 13:42 - 2013-04-17 19:09 - 00000382 _____ C:\windows\Tasks\PC SpeedUp Service Deactivator.job
2013-11-30 13:37 - 2012-12-28 11:34 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2093230720-1359758338-2908893637-1001
2013-11-30 13:30 - 2012-07-26 02:28 - 00876320 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-30 13:28 - 2012-08-31 23:56 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-11-30 13:26 - 2013-04-17 19:08 - 00000382 _____ C:\windows\Tasks\dsmonitor.job
2013-11-30 13:26 - 2013-01-27 18:51 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-30 13:26 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-30 12:22 - 2013-11-30 13:45 - 01959070 _____ (Farbar) C:\Users\gwengoetter\Desktop\FRST64.exe
2013-11-26 09:09 - 2013-01-27 18:51 - 00000938 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 09:00 - 2013-10-15 17:46 - 00000868 _____ C:\windows\Tasks\Security Center Update - 2870800661.job
2013-11-26 09:00 - 2013-10-15 17:46 - 00000866 _____ C:\windows\Tasks\Security Center Update - 3312015459.job
2013-11-26 09:00 - 2013-10-15 17:45 - 00000864 _____ C:\windows\Tasks\Security Center Update - 4281403968.job
2013-11-26 09:00 - 2013-10-15 17:44 - 00000864 _____ C:\windows\Tasks\Security Center Update - 1052744025.job
2013-11-26 09:00 - 2013-10-15 17:43 - 00000866 _____ C:\windows\Tasks\Security Center Update - 216819031.job
2013-11-26 09:00 - 2013-10-15 17:42 - 00000874 _____ C:\windows\Tasks\Security Center Update - 317441218.job
2013-11-26 09:00 - 2013-10-15 17:42 - 00000870 _____ C:\windows\Tasks\Security Center Update - 1429565675.job
2013-11-26 09:00 - 2013-10-15 17:41 - 00000874 _____ C:\windows\Tasks\Security Center Update - 762606990.job
2013-11-26 09:00 - 2013-10-15 17:39 - 00000864 _____ C:\windows\Tasks\Security Center Update - 2119967301.job
2013-11-26 09:00 - 2013-10-15 17:38 - 00000868 _____ C:\windows\Tasks\Security Center Update - 1068615866.job
2013-11-26 09:00 - 2013-10-15 17:37 - 00000870 _____ C:\windows\Tasks\Security Center Update - 570241910.job
2013-11-26 09:00 - 2013-10-15 17:37 - 00000868 _____ C:\windows\Tasks\Security Center Update - 3443869802.job
2013-11-26 09:00 - 2013-10-15 17:36 - 00000866 _____ C:\windows\Tasks\Security Center Update - 2410123969.job
2013-11-26 09:00 - 2013-10-15 17:35 - 00000864 _____ C:\windows\Tasks\Security Center Update - 1442109945.job
2013-11-26 09:00 - 2013-10-15 17:34 - 00000866 _____ C:\windows\Tasks\Security Center Update - 3479996560.job
2013-11-26 09:00 - 2013-10-15 17:33 - 00000874 _____ C:\windows\Tasks\Security Center Update - 1182424808.job
2013-11-26 09:00 - 2013-10-15 17:32 - 00000868 _____ C:\windows\Tasks\Security Center Update - 1426077808.job
2013-11-26 09:00 - 2013-10-15 17:32 - 00000864 _____ C:\windows\Tasks\Security Center Update - 308608092.job
2013-11-26 09:00 - 2013-10-15 17:30 - 00000866 _____ C:\windows\Tasks\Security Center Update - 2057961924.job
2013-11-26 09:00 - 2013-10-15 17:29 - 00000872 _____ C:\windows\Tasks\Security Center Update - 2187567767.job
2013-11-26 09:00 - 2013-10-15 17:28 - 00000872 _____ C:\windows\Tasks\Security Center Update - 2108052082.job
2013-11-26 09:00 - 2013-10-15 17:28 - 00000870 _____ C:\windows\Tasks\Security Center Update - 1562478605.job
2013-11-26 09:00 - 2013-10-15 17:27 - 00000864 _____ C:\windows\Tasks\Security Center Update - 1316774573.job
2013-11-26 09:00 - 2013-10-15 17:26 - 00000864 _____ C:\windows\Tasks\Security Center Update - 2525865001.job
2013-11-26 09:00 - 2013-10-15 17:25 - 00000864 _____ C:\windows\Tasks\Security Center Update - 313631509.job
2013-11-26 09:00 - 2013-10-15 17:24 - 00000868 _____ C:\windows\Tasks\Security Center Update - 3140316904.job
2013-11-26 09:00 - 2013-10-15 17:23 - 00000866 _____ C:\windows\Tasks\Security Center Update - 2141931547.job
2013-11-26 09:00 - 2013-10-15 17:23 - 00000864 _____ C:\windows\Tasks\Security Center Update - 2783703395.job
2013-11-26 09:00 - 2013-10-15 17:22 - 00000862 _____ C:\windows\Tasks\Security Center Update - 4128655586.job
2013-11-26 09:00 - 2013-10-15 17:21 - 00000862 _____ C:\windows\Tasks\Security Center Update - 900570450.job
2013-11-26 09:00 - 2013-10-15 17:20 - 00000868 _____ C:\windows\Tasks\Security Center Update - 2603120980.job
2013-11-26 09:00 - 2013-10-15 17:19 - 00000868 _____ C:\windows\Tasks\Security Center Update - 572676476.job
2013-11-26 09:00 - 2013-10-15 17:18 - 00000866 _____ C:\windows\Tasks\Security Center Update - 1900048375.job
2013-11-26 09:00 - 2013-10-15 17:17 - 00000868 _____ C:\windows\Tasks\Security Center Update - 1454764009.job
2013-11-26 09:00 - 2013-10-15 17:16 - 00000870 _____ C:\windows\Tasks\Security Center Update - 1332309068.job
2013-11-26 09:00 - 2013-10-15 17:16 - 00000866 _____ C:\windows\Tasks\Security Center Update - 2236782273.job
2013-11-26 09:00 - 2013-10-15 17:14 - 00000864 _____ C:\windows\Tasks\Security Center Update - 1863044979.job
2013-11-26 09:00 - 2013-10-15 17:14 - 00000862 _____ C:\windows\Tasks\Security Center Update - 1365947148.job
2013-11-26 09:00 - 2013-10-15 17:13 - 00000866 _____ C:\windows\Tasks\Security Center Update - 4132290481.job
2013-11-26 09:00 - 2013-10-15 17:12 - 00000872 _____ C:\windows\Tasks\Security Center Update - 3130767662.job
2013-11-26 09:00 - 2013-10-15 17:11 - 00000874 _____ C:\windows\Tasks\Security Center Update - 291363577.job
2013-11-26 09:00 - 2013-10-15 17:10 - 00000868 _____ C:\windows\Tasks\Security Center Update - 2527851123.job
2013-11-26 09:00 - 2013-10-15 17:09 - 00000870 _____ C:\windows\Tasks\Security Center Update - 4141336692.job
2013-11-26 09:00 - 2013-10-15 17:09 - 00000868 _____ C:\windows\Tasks\Security Center Update - 1790000926.job
2013-11-26 09:00 - 2013-10-15 17:08 - 00000862 _____ C:\windows\Tasks\Security Center Update - 2783678376.job
2013-11-26 09:00 - 2013-10-15 17:07 - 00000874 _____ C:\windows\Tasks\Security Center Update - 3557728678.job
2013-11-26 09:00 - 2013-10-15 17:06 - 00000864 _____ C:\windows\Tasks\Security Center Update - 3393805048.job
2013-11-26 09:00 - 2013-10-15 17:05 - 00000864 _____ C:\windows\Tasks\Security Center Update - 2197418134.job
2013-11-26 09:00 - 2013-10-15 17:04 - 00000870 _____ C:\windows\Tasks\Security Center Update - 1522216968.job
2013-11-26 09:00 - 2013-10-15 17:03 - 00000866 _____ C:\windows\Tasks\Security Center Update - 943553264.job
2013-11-26 09:00 - 2013-10-15 17:02 - 00000872 _____ C:\windows\Tasks\Security Center Update - 995024744.job
2013-11-26 09:00 - 2013-10-15 17:01 - 00000870 _____ C:\windows\Tasks\Security Center Update - 1225194303.job
2013-11-26 09:00 - 2013-10-15 17:00 - 00000870 _____ C:\windows\Tasks\Security Center Update - 394917207.job
2013-11-26 09:00 - 2013-10-15 17:00 - 00000866 _____ C:\windows\Tasks\Security Center Update - 1062340554.job
2013-11-26 09:00 - 2013-10-15 16:59 - 00000872 _____ C:\windows\Tasks\Security Center Update - 593321490.job
2013-11-26 09:00 - 2013-10-15 16:58 - 00000866 _____ C:\windows\Tasks\Security Center Update - 2531586067.job
2013-11-26 09:00 - 2013-10-15 16:57 - 00000868 _____ C:\windows\Tasks\Security Center Update - 2638941911.job
2013-11-26 09:00 - 2013-10-15 16:56 - 00000868 _____ C:\windows\Tasks\Security Center Update - 2397521832.job
2013-11-26 09:00 - 2013-10-15 16:55 - 00000872 _____ C:\windows\Tasks\Security Center Update - 3193270824.job
2013-11-26 09:00 - 2013-10-15 16:54 - 00000866 _____ C:\windows\Tasks\Security Center Update - 1065851581.job
2013-11-26 09:00 - 2013-09-20 17:56 - 00000866 _____ C:\windows\Tasks\Security Center Update - 2069396391.job
2013-11-26 09:00 - 2013-09-20 17:55 - 00000864 _____ C:\windows\Tasks\Security Center Update - 2149495819.job
2013-11-26 09:00 - 2013-09-20 17:52 - 00000874 _____ C:\windows\Tasks\Security Center Update - 3827994178.job
2013-11-26 09:00 - 2013-09-20 17:52 - 00000862 _____ C:\windows\Tasks\Security Center Update - 981333664.job
2013-11-26 09:00 - 2013-09-20 17:51 - 00000862 _____ C:\windows\Tasks\Security Center Update - 544130103.job
2013-11-26 09:00 - 2013-09-20 17:48 - 00000870 _____ C:\windows\Tasks\Security Center Update - 3337804951.job
2013-11-26 09:00 - 2013-09-20 17:48 - 00000868 _____ C:\windows\Tasks\Security Center Update - 941552149.job
2013-11-26 09:00 - 2013-09-20 17:47 - 00000866 _____ C:\windows\Tasks\Security Center Update - 2912423504.job
2013-11-26 09:00 - 2013-09-20 17:46 - 00000866 _____ C:\windows\Tasks\Security Center Update - 3703140625.job
2013-11-26 09:00 - 2013-09-20 17:45 - 00000874 _____ C:\windows\Tasks\Security Center Update - 2119654584.job
2013-11-26 09:00 - 2013-09-20 17:44 - 00000870 _____ C:\windows\Tasks\Security Center Update - 2059046506.job
2013-11-26 09:00 - 2013-09-20 17:43 - 00000866 _____ C:\windows\Tasks\Security Center Update - 768967623.job
2013-11-26 09:00 - 2013-09-20 17:42 - 00000870 _____ C:\windows\Tasks\Security Center Update - 75628327.job
2013-11-26 09:00 - 2013-09-20 17:41 - 00000864 _____ C:\windows\Tasks\Security Center Update - 3744109011.job
2013-11-26 09:00 - 2013-09-20 17:40 - 00000864 _____ C:\windows\Tasks\Security Center Update - 665673278.job
2013-11-26 09:00 - 2013-09-20 17:39 - 00000866 _____ C:\windows\Tasks\Security Center Update - 2421935866.job
2013-11-26 09:00 - 2013-09-20 17:39 - 00000862 _____ C:\windows\Tasks\Security Center Update - 4112823248.job
2013-11-26 09:00 - 2013-09-20 17:38 - 00000868 _____ C:\windows\Tasks\Security Center Update - 1018871712.job
2013-11-26 09:00 - 2013-09-20 17:37 - 00000866 _____ C:\windows\Tasks\Security Center Update - 3868071995.job
2013-11-26 09:00 - 2013-09-20 17:36 - 00000866 _____ C:\windows\Tasks\Security Center Update - 1444872757.job
2013-11-26 09:00 - 2013-09-20 17:36 - 00000862 _____ C:\windows\Tasks\Security Center Update - 3283464668.job
2013-11-26 09:00 - 2013-09-20 17:35 - 00000864 _____ C:\windows\Tasks\Security Center Update - 1870254903.job
2013-11-26 09:00 - 2013-09-20 17:34 - 00000874 _____ C:\windows\Tasks\Security Center Update - 1182817912.job
2013-11-26 09:00 - 2013-09-20 17:34 - 00000866 _____ C:\windows\Tasks\Security Center Update - 159283237.job
2013-11-26 09:00 - 2013-09-20 17:33 - 00000864 _____ C:\windows\Tasks\Security Center Update - 4173188577.job
2013-11-26 09:00 - 2013-09-20 17:32 - 00000868 _____ C:\windows\Tasks\Security Center Update - 1117714879.job
2013-11-26 09:00 - 2013-09-20 17:32 - 00000866 _____ C:\windows\Tasks\Security Center Update - 274860021.job
2013-11-26 09:00 - 2013-09-20 17:31 - 00000866 _____ C:\windows\Tasks\Security Center Update - 3510923013.job
2013-11-26 09:00 - 2013-09-20 17:30 - 00000864 _____ C:\windows\Tasks\Security Center Update - 1905289452.job
2013-11-26 09:00 - 2013-09-20 17:29 - 00000870 _____ C:\windows\Tasks\Security Center Update - 1778273205.job
2013-11-26 09:00 - 2013-09-20 17:29 - 00000870 _____ C:\windows\Tasks\Security Center Update - 1333853138.job
2013-11-26 09:00 - 2013-09-20 17:28 - 00000862 _____ C:\windows\Tasks\Security Center Update - 1719967821.job
2013-11-26 09:00 - 2013-09-20 17:27 - 00000864 _____ C:\windows\Tasks\Security Center Update - 3466412537.job
2013-11-26 08:00 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2013-11-24 17:10 - 2012-12-28 11:23 - 01905612 _____ C:\windows\WindowsUpdate.log
2013-11-24 17:09 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\NDF
2013-11-24 11:11 - 2013-11-30 13:45 - 01091882 _____ C:\Users\gwengoetter\Desktop\adwcleaner.exe
2013-11-17 20:54 - 2013-11-17 20:53 - 00559368 _____ C:\windows\Minidump\111713-22183-01.dmp
2013-11-17 20:53 - 2012-12-28 19:41 - 502150463 _____ C:\windows\MEMORY.DMP
2013-11-17 20:53 - 2012-12-28 19:41 - 00000000 ____D C:\windows\Minidump
2013-11-17 20:53 - 2012-08-01 21:02 - 00041064 _____ C:\windows\PFRO.log
2013-11-17 03:24 - 2013-01-27 18:57 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-15 15:51 - 2013-01-01 22:24 - 00000000 ____D C:\Users\gwengoetter\AppData\Roaming\.minecraft
2013-11-15 15:36 - 2013-11-15 15:36 - 00561816 _____ C:\windows\Minidump\111513-21949-01.dmp
2013-11-12 16:22 - 2013-11-12 16:21 - 00564264 _____ C:\windows\Minidump\111213-53399-01.dmp
2013-11-10 18:48 - 2013-11-10 18:48 - 00561816 _____ C:\windows\Minidump\111013-21184-01.dmp
2013-11-10 17:15 - 2013-11-10 17:15 - 00560592 _____ C:\windows\Minidump\111013-22354-01.dmp
2013-11-09 22:46 - 2013-11-09 22:46 - 00560592 _____ C:\windows\Minidump\110913-22354-01.dmp
2013-11-07 18:34 - 2013-11-07 18:34 - 00561816 _____ C:\windows\Minidump\110713-28844-01.dmp
2013-11-07 17:00 - 2013-11-07 16:59 - 00560592 _____ C:\windows\Minidump\110713-22838-01.dmp
2013-11-06 16:01 - 2013-11-06 16:01 - 00561816 _____ C:\windows\Minidump\110613-23212-01.dmp

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$541eeff7fc8cc6840a1a6882d5b1c996

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2093230720-1359758338-2908893637-1001\$541eeff7fc8cc6840a1a6882d5b1c996

Alureon:
C:\Users\gwengoetter\AppData\Local\Temp\sxxoiiv\sjgudmy\wow.dll

Some content of TEMP:
====================
C:\Users\gwengoetter\AppData\Local\Temp\1347692656.exe
C:\Users\gwengoetter\AppData\Local\Temp\1347718124.exe
C:\Users\gwengoetter\AppData\Local\Temp\1356745641.exe
C:\Users\gwengoetter\AppData\Local\Temp\1356754460.exe
C:\Users\gwengoetter\AppData\Local\Temp\1366243624itinstallerp.exe
C:\Users\gwengoetter\AppData\Local\Temp\9573063.exe
C:\Users\gwengoetter\AppData\Local\Temp\autolrcstmp.exe
C:\Users\gwengoetter\AppData\Local\Temp\COMAP.EXE
C:\Users\gwengoetter\AppData\Local\Temp\Couponscom.exe
C:\Users\gwengoetter\AppData\Local\Temp\driverscanner.exe
C:\Users\gwengoetter\AppData\Local\Temp\GUninstaller.exe
C:\Users\gwengoetter\AppData\Local\Temp\installerp.exe
C:\Users\gwengoetter\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\gwengoetter\AppData\Local\Temp\instloffer.exe
C:\Users\gwengoetter\AppData\Local\Temp\Java_Update_ec7b11b5.exe
C:\Users\gwengoetter\AppData\Local\Temp\msimg32.dll
C:\Users\gwengoetter\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\gwengoetter\AppData\Local\Temp\setup.exe
C:\Users\gwengoetter\AppData\Local\Temp\tbVgr0.dll
C:\Users\gwengoetter\AppData\Local\Temp\uninst1.exe
C:\Users\gwengoetter\AppData\Local\Temp\{F7804FF2-C3B5-4478-9050-1CDC6CA8B081}-30.0.1599.101_30.0.1599.69_chrome_updater.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-30 13:38

==================== End Of Log ============================

Additional scan:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2013
Ran by gwengoetter at 2013-11-30 13:47:53
Running from C:\Users\gwengoetter\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.1.29988)
Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.180)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666)
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666)
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666)
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666)
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666)
CCC Help Czech (x32 Version: 2012.0808.1023.16666)
CCC Help Danish (x32 Version: 2012.0808.1023.16666)
CCC Help Dutch (x32 Version: 2012.0808.1023.16666)
CCC Help English (x32 Version: 2012.0808.1023.16666)
CCC Help Finnish (x32 Version: 2012.0808.1023.16666)
CCC Help French (x32 Version: 2012.0808.1023.16666)
CCC Help German (x32 Version: 2012.0808.1023.16666)
CCC Help Greek (x32 Version: 2012.0808.1023.16666)
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666)
CCC Help Italian (x32 Version: 2012.0808.1023.16666)
CCC Help Japanese (x32 Version: 2012.0808.1023.16666)
CCC Help Korean (x32 Version: 2012.0808.1023.16666)
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666)
CCC Help Polish (x32 Version: 2012.0808.1023.16666)
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666)
CCC Help Russian (x32 Version: 2012.0808.1023.16666)
CCC Help Spanish (x32 Version: 2012.0808.1023.16666)
CCC Help Swedish (x32 Version: 2012.0808.1023.16666)
CCC Help Thai (x32 Version: 2012.0808.1023.16666)
CCC Help Turkish (x32 Version: 2012.0808.1023.16666)
ccc-utility64 (Version: 2012.0808.1024.16666)
CyberLink LabelPrint (x32 Version: 2.5.1.5510)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925)
CyberLink PowerDVD (x32 Version: 10.0.1.4407)
CyberLink YouCam (x32 Version: 3.5.4.5527)
D3DX10 (x32 Version: 15.4.2368.0902)
DriverScanner (x32 Version: 4.0.10.0)
Energy Star (Version: 1.0.8)
Google Chrome (x32 Version: 31.0.1650.57)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000)
HP Connected Music (Meridian - installer) (x32 Version: v1.0)
HP Connected Music (Meridian - player) (HKCU Version: 1.1 (build 25) hp)
HP Connected Remote (x32 Version: 1.0.1202)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.3.0)
HP MyRoom (x32 Version: 9.0.0.0)
HP Postscript Converter (Version: 3.1.3591)
HP Registration Service (Version: 1.0.5976.4186)
HP Support Assistant (x32 Version: 7.0.33.6)
HP Support Information (x32 Version: 12.00.0000)
Java 7 Update 10 (x32 Version: 7.0.100)
Java Auto Updater (x32 Version: 2.1.9.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 15.4.2862.0708)
Norton Internet Security (x32 Version: 20.2.0.19)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.0.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6675)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.28123)
Recovery Manager (x32 Version: 5.5.0.5530)
Search Protection (HKCU Version: 7.5.0.1) <==== ATTENTION
TeamSpeak 3 Client (x32 Version: 3.0.12)
Vgrabber v1 Toolbar (x32 Version: 6.10.3.8)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points =========================

18-10-2013 07:15:33 Scheduled Checkpoint
18-11-2013 02:04:53 Removed Microsoft Office

==================== Hosts content: ==========================

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {01E0CF3E-A94C-4A77-8CAA-94FB3E5922F8} - System32\Tasks\Security Center Update - 3140316904 => C:\Users\gwengoetter\AppData\Roaming\Oqenudo\ucretu.exe [2013-05-28] ()
Task: {03DD4F42-F3A9-43AB-B401-262C5B8961BE} - System32\Tasks\Security Center Update - 3466412537 => C:\Users\gwengoetter\AppData\Roaming\Pyixih\wytyiz.exe [2013-07-12] ()
Task: {06869E62-9A0C-42EB-8162-E62F6E0A0B16} - System32\Tasks\Security Center Update - 2141931547 => C:\Users\gwengoetter\AppData\Roaming\Huikonr\imisf.exe [2013-07-03] ()
Task: {093B4E71-FBBA-4CA9-967F-E81B292BCF41} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27] (Google Inc.)
Task: {0AE236FC-9307-4C54-B140-7E13175DB4C5} - System32\Tasks\Security Center Update - 1018871712 => C:\Users\gwengoetter\AppData\Roaming\Dabydyh\yzvony.exe [2013-07-01] ()
Task: {0D7E952A-D493-4078-B740-DAA0AB10B540} - System32\Tasks\Security Center Update - 572676476 => C:\Users\gwengoetter\AppData\Roaming\Idapgaw\miabil.exe [2013-01-08] ()
Task: {0E0F219D-319B-4F80-A2EA-BC952B49C594} - System32\Tasks\Security Center Update - 1778273205 => C:\Users\gwengoetter\AppData\Roaming\Zufucaa\godyxot.exe [2013-07-28] ()
Task: {101CCE8F-A3A3-4F1A-B7E2-DEFF99D0F371} - System32\Tasks\Security Center Update - 3130767662 => C:\Users\gwengoetter\AppData\Roaming\Piroyzuc\artefu.exe [2013-08-31] ()
Task: {10384A4F-480D-4B13-BF57-3F91CD713972} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-03] (Adobe Systems Incorporated)
Task: {11561753-E2AB-4485-B429-9E51760F24AB} - System32\Tasks\Security Center Update - 2059046506 => C:\Users\gwengoetter\AppData\Roaming\Adubonu\gehaytm.exe [2013-09-19] ()
Task: {1192785D-FA57-4257-81B1-2CBFAE53A3FE} - System32\Tasks\Security Center Update - 1426077808 => C:\Users\gwengoetter\AppData\Roaming\Ylavufy\pucuta.exe [2013-08-28] ()
Task: {11A0F084-64A3-4D18-B9A5-EC1399B791C7} - System32\Tasks\Security Center Update - 2527851123 => C:\Users\gwengoetter\AppData\Roaming\Hyqeazy\amunhy.exe [2013-10-10] ()
Task: {14B872C9-ED54-4ACC-A2E9-1A45CAD02CCE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {18B0C106-5BDF-4291-BDDF-A6AA56CB6B78} - System32\Tasks\Security Center Update - 1442109945 => C:\Users\gwengoetter\AppData\Roaming\Xalapo\ecrevy.exe [2013-05-21] ()
Task: {19E3384A-D8BD-4551-8552-F2D33E199811} - System32\Tasks\Security Center Update - 3193270824 => C:\Users\gwengoetter\AppData\Roaming\Ylufxaap\itatur.exe [2013-07-07] ()
Task: {1C209CBD-D7BF-4195-B60A-16E02599E3D5} - System32\Tasks\Security Center Update - 2525865001 => C:\Users\gwengoetter\AppData\Roaming\Luogex\magyqo.exe [2013-08-13] ()
Task: {1F738CC4-8E42-41C2-AEB9-AD0085F330BC} - System32\Tasks\Security Center Update - 2187567767 => C:\Users\gwengoetter\AppData\Roaming\Ynehucpu\ytecwy.exe [2013-04-02] ()
Task: {2245FCA1-7C8A-4F7A-9660-49DF5E686E64} - System32\Tasks\Security Center Update - 1052744025 => C:\Users\gwengoetter\AppData\Roaming\Piteef\igsiim.exe [2013-06-04] ()
Task: {241EB36B-D1A0-4DBD-88CD-C9721EBD4EB6} - System32\Tasks\Security Center Update - 1182424808 => C:\Users\gwengoetter\AppData\Roaming\Igecidba\aveggag.exe [2013-03-15] ()
Task: {26080D11-14F1-45AE-BBC2-C8BDD270502C} - System32\Tasks\Security Center Update - 768967623 => C:\Users\gwengoetter\AppData\Roaming\Ruhuovp\awoto.exe [2013-06-04] ()
Task: {282D49AD-868D-45B6-AD7A-FEE3DEDDAA03} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {29E2F5EE-640F-4F3A-9451-FB6FE3161FD3} - System32\Tasks\Security Center Update - 4128655586 => C:\Users\gwengoetter\AppData\Roaming\Ihbyla\xiseo.exe [2013-05-16] ()
Task: {2B2B2340-949B-4612-BF18-82DD0E5992DA} - System32\Tasks\Security Center Update - 1719967821 => C:\Users\gwengoetter\AppData\Roaming\Ycnufi\bibak.exe [2013-03-16] ()
Task: {2CE13260-DA8B-459F-A646-48AD22B34721} - System32\Tasks\Security Center Update - 1444872757 => C:\Users\gwengoetter\AppData\Roaming\Eziqoz\yxbuapy.exe [2013-05-25] ()
Task: {2CFCC3EB-D4B2-4B9D-A253-47B1A1FA9A36} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {2D479D88-D56D-4D4D-98EB-71B99083125D} - System32\Tasks\Security Center Update - 4173188577 => C:\Users\gwengoetter\AppData\Roaming\Oluxin\utwiwy.exe [2013-01-01] ()
Task: {2D56C2B5-F6FE-4B86-A1A7-1899D3A992CA} - System32\Tasks\Security Center Update - 981333664 => C:\Users\gwengoetter\AppData\Roaming\Qiumho\ecava.exe [2013-08-30] ()
Task: {31EBDD26-B7FA-4210-83BD-25055E7326B1} - System32\Tasks\Security Center Update - 2119654584 => C:\Users\gwengoetter\AppData\Roaming\Yfxuowve\qeuzqez.exe [2013-06-28] ()
Task: {33511355-002A-4F50-97E6-702A1E5BF711} - System32\Tasks\Security Center Update - 995024744 => C:\Users\gwengoetter\AppData\Roaming\Myergiac\avsiaq.exe [2013-02-06] ()
Task: {3365BF12-3F1A-411C-8DBD-86145E8E15AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {356C8175-E345-4F82-9761-6BD9510C97F6} - System32\Tasks\Security Center Update - 1225194303 => C:\Users\gwengoetter\AppData\Roaming\Gaekyzf\riiryle.exe [2013-06-23] ()
Task: {360B5315-7726-4B46-9A48-AEAE2F0EEFD1} - System32\Tasks\Security Center Update - 2912423504 => C:\Users\gwengoetter\AppData\Roaming\Uvhyez\oclozop.exe [2013-01-28] ()
Task: {3642BC81-CCC5-4B77-A249-D92F652BF658} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe
Task: {36EBA975-7FB0-42FB-85A1-2B6EB770790B} - System32\Tasks\Security Center Update - 570241910 => C:\Users\gwengoetter\AppData\Roaming\Luzutii\ysdubax.exe [2013-06-02] ()
Task: {3D28B38E-F991-4AD3-9E73-9E998E386536} - System32\Tasks\Security Center Update - 1316774573 => C:\Users\gwengoetter\AppData\Roaming\Agtime\yqazxe.exe [2013-06-13] ()
Task: {3EF3F61E-8817-42F3-AD1B-CDEF06619DA4} - System32\Tasks\Security Center Update - 900570450 => C:\Users\gwengoetter\AppData\Roaming\Tuevpy\yrria.exe [2013-01-08] ()
Task: {3FCD29A1-81CF-42CE-B201-797897523AD8} - System32\Tasks\Security Center Update - 1562478605 => C:\Users\gwengoetter\AppData\Roaming\Ugzadim\soybhym.exe [2013-01-10] ()
Task: {4079081C-7DE1-4BAB-8F8F-2F4CF4691FFC} - System32\Tasks\Security Center Update - 2119967301 => C:\Users\gwengoetter\AppData\Roaming\Voymug\lexola.exe [2013-02-13] ()
Task: {420D97FA-AFE9-4F06-9728-39FC55B12E0D} - System32\Tasks\Security Center Update - 1900048375 => C:\Users\gwengoetter\AppData\Roaming\Admyaw\riaxywa.exe [2013-05-05] ()
Task: {42CCBA91-632E-4A96-A6A8-ED73530960D3} - System32\Tasks\Security Center Update - 3283464668 => C:\Users\gwengoetter\AppData\Roaming\Siumta\meery.exe [2013-01-03] ()
Task: {4651425B-ACF3-493F-AAA7-E369173B588D} - System32\Tasks\Security Center Update - 159283237 => C:\Users\gwengoetter\AppData\Roaming\Pebylye\iwexr.exe [2013-07-14] ()
Task: {4B0268CC-F85F-4EFA-B0BB-D104E2D897B6} - System32\Tasks\Security Center Update - 2603120980 => C:\Users\gwengoetter\AppData\Roaming\Edocaqa\enzyba.exe [2013-10-14] ()
Task: {4B5E28A6-EB5B-4C4B-B732-2A29C3BC6536} - System32\Tasks\Security Center Update - 3337804951 => C:\Users\gwengoetter\AppData\Roaming\Otyfetce\faadl.exe [2013-09-07] ()
Task: {52BB01C7-B7FF-44CE-A9D3-E6575B9C8D36} - System32\Tasks\Security Center Update - 3443869802 => C:\Users\gwengoetter\AppData\Roaming\Eqqoavf\ciuxgy.exe [2013-05-25] ()
Task: {5845DDFA-344F-4EA8-9269-FEE4FB03E736} - System32\Tasks\Security Center Update - 3510923013 => C:\Users\gwengoetter\AppData\Roaming\Laimge\kekaafy.exe [2013-04-11] ()
Task: {5ABF40B5-181B-4597-9621-04285EB93A5E} - System32\Tasks\Security Center Update - 75628327 => C:\Users\gwengoetter\AppData\Roaming\Inalfad\usehdui.exe [2013-01-30] ()
Task: {5D64FDC3-C8E0-4B4B-A2C1-D1F0FB4F2198} - System32\Tasks\Security Center Update - 1365947148 => C:\Users\gwengoetter\AppData\Roaming\Poziic\ahime.exe [2013-01-16] ()
Task: {61566599-C431-4272-8E69-742BA16E3009} - System32\Tasks\Security Center Update - 1454764009 => C:\Users\gwengoetter\AppData\Roaming\Qiquazo\yqmeli.exe [2013-01-07] ()
Task: {63379A9F-13A5-4969-8D0C-36C148F70699} - System32\Tasks\Security Center Update - 665673278 => C:\Users\gwengoetter\AppData\Roaming\Idkeis\ysyczi.exe [2013-01-13] ()
Task: {64F62FF2-307D-471F-9D63-DAF1F0162714} - System32\Tasks\Security Center Update - 317441218 => C:\Users\gwengoetter\AppData\Roaming\Elseokyd\ycbiytx.exe [2013-09-09] ()
Task: {66AF02CE-0E59-4158-910E-D1977AE20E4C} - System32\Tasks\Security Center Update - 313631509 => C:\Users\gwengoetter\AppData\Roaming\Ivsawo\iqucwo.exe [2013-01-13] ()
Task: {68A5CEEC-AC2C-47C2-A31F-543E5277A690} - System32\Tasks\Security Center Update - 1068615866 => C:\Users\gwengoetter\AppData\Roaming\Endyexi\yvkyah.exe [2013-06-26] ()
Task: {68B554F5-D0C6-4408-A0F6-482C5B8EE099} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {699FC089-9FA6-4BC1-B2F8-FE4EE2B96408} - System32\Tasks\Security Center Update - 3868071995 => C:\Users\gwengoetter\AppData\Roaming\Umqoyh\exsefic.exe [2013-02-03] ()
Task: {7351BEE0-F600-48E6-B188-E8615A62D799} - System32\Tasks\Security Center Update - 1062340554 => C:\Users\gwengoetter\AppData\Roaming\Yskuxop\roana.exe [2013-01-15] ()
Task: {764F447E-A864-42CE-9359-C638AA9B6A44} - System32\Tasks\Security Center Update - 3479996560 => C:\Users\gwengoetter\AppData\Roaming\Sueles\ixogmeb.exe [2013-07-10] ()
Task: {7CF40DE0-D77A-4EF9-9F4D-72B73B6CF3FA} - System32\Tasks\Security Center Update - 1790000926 => C:\Users\gwengoetter\AppData\Roaming\Izleyqu\azciko.exe [2013-01-20] ()
Task: {84785A53-99E4-4617-A840-FCC9DE66C8CF} - System32\Tasks\Security Center Update - 1522216968 => C:\Users\gwengoetter\AppData\Roaming\Nuzomuyp\beapi.exe [2013-06-09] ()
Task: {8831B0B6-5B8C-41DE-A990-DBC7045CEAC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27] (Google Inc.)
Task: {8A05C68D-C7AA-490C-BF1C-833828F48D6A} - System32\Tasks\Security Center Update - 2870800661 => C:\Users\gwengoetter\AppData\Roaming\Tykidiu\komyip.exe [2013-02-20] ()
Task: {8A494CFF-B910-4F96-9F78-A6C8EC0B969A} - System32\Tasks\Security Center Update - 1905289452 => C:\Users\gwengoetter\AppData\Roaming\Boeqro\begeim.exe [2013-09-11] ()
Task: {8A5A7ACB-65C7-4E98-8FB2-ECC5A19903AE} - System32\Tasks\Security Center Update - 2531586067 => C:\Users\gwengoetter\AppData\Roaming\Itpoyq\anqieqy.exe [2013-08-20] ()
Task: {8C753A24-1467-4A95-BC60-1290791D6C92} - System32\Tasks\Security Center Update - 2108052082 => C:\Users\gwengoetter\AppData\Roaming\Ogosymyf\lohuhy.exe [2013-01-19] ()
Task: {8E1C321B-7464-452B-9270-1C78D3A5375E} - System32\Tasks\Security Center Update - 3393805048 => C:\Users\gwengoetter\AppData\Roaming\Ydxoew\xiibum.exe [2013-08-24] ()
Task: {9307FDB2-F0C3-445C-8F0C-E36633C4F86C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\wscstub.exe [2012-10-19] (Symantec Corporation)
Task: {9329A00F-2E0E-4325-AB51-0ACE75872E72} - System32\Tasks\Security Center Update - 593321490 => C:\Users\gwengoetter\AppData\Roaming\Oxydesul\ymmupy.exe [2013-07-29] ()
Task: {95613DB8-5B68-44E5-B186-8D8736AF2CD6} - System32\Tasks\Security Center Update - 2197418134 => C:\Users\gwengoetter\AppData\Roaming\Hufeus\icowmu.exe [2013-02-21] ()
Task: {960E0A57-F93E-4032-B83D-DA48C3FCAD80} - System32\Tasks\Security Center Update - 2638941911 => C:\Users\gwengoetter\AppData\Roaming\Efufgyv\oluvux.exe [2013-04-30] ()
Task: {9A76222C-02F7-472B-89F4-777C347DA613} - System32\Tasks\Security Center Update - 1332309068 => C:\Users\gwengoetter\AppData\Roaming\Rikeyfo\yrzuyrh.exe [2013-08-05] ()
Task: {9B77BBD1-51DC-482B-BD07-ABFE10FAF41E} - System32\Tasks\Security Center Update - 1870254903 => C:\Users\gwengoetter\AppData\Roaming\Dionba\ysteuc.exe [2013-02-25] ()
Task: {9CD39B2E-2F52-4B48-B89D-568B0C6C67BD} - System32\Tasks\Security Center Update - 291363577 => C:\Users\gwengoetter\AppData\Roaming\Huoweply\uwibwyi.exe [2013-03-21] ()
Task: {9D98973D-DEBF-4445-A77D-E8677EDD7F85} - System32\Tasks\Security Center Update - 4132290481 => C:\Users\gwengoetter\AppData\Roaming\Quezare\yrgay.exe [2013-08-22] ()
Task: {9DAF91CF-68E7-4351-BEF2-8A485FFCC5A1} - System32\Tasks\Security Center Update - 2783703395 => C:\Users\gwengoetter\AppData\Roaming\Ugytah\biynal.exe [2013-08-07] ()
Task: {A21C4DD0-74BC-4895-9784-77DA371B2FC4} - System32\Tasks\Security Center Update - 3703140625 => C:\Users\gwengoetter\AppData\Roaming\Lutizya\fowas.exe [2013-08-08] ()
Task: {A22BA64B-9EE0-4CE8-8931-23E69481B8AF} - System32\Tasks\Security Center Update - 394917207 => C:\Users\gwengoetter\AppData\Roaming\Uvifcei\miyksuy.exe [2013-03-19] ()
Task: {A5DB07CC-B092-438F-839B-BC5D0A5A1B8B} - System32\Tasks\Security Center Update - 1333853138 => C:\Users\gwengoetter\AppData\Roaming\Kaodzyiq\yhulp.exe [2013-07-06] ()
Task: {A6F7F64B-F351-457B-B2E6-CAF04804202B} - System32\Tasks\Security Center Update - 216819031 => C:\Users\gwengoetter\AppData\Roaming\Luamwua\omxya.exe [2013-02-25] ()
Task: {A7B6C1FD-CA0A-486B-B314-27F39D49A6FA} - System32\Tasks\Security Center Update - 1863044979 => C:\Users\gwengoetter\AppData\Roaming\Ceufsu\moonug.exe [2013-02-03] ()
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\Dism.exe [2012-07-25] (Microsoft Corporation)
Task: {ACB1F204-64B9-4E22-B8B2-A57EE25CFD62} - System32\Tasks\Security Center Update - 308608092 => C:\Users\gwengoetter\AppData\Roaming\Ysnuud\vuadab.exe [2013-07-13] ()
Task: {B1620079-F3A0-4222-93C8-6E02DDE35625} - System32\Tasks\Security Center Update - 2069396391 => C:\Users\gwengoetter\AppData\Roaming\Osepote\apkei.exe [2013-01-04] ()
Task: {B2EE0893-B6D4-4AE6-854E-857654127603} - System32\Tasks\Security Center Update - 2410123969 => C:\Users\gwengoetter\AppData\Roaming\Aruzfu\defoepy.exe [2013-01-21] ()
Task: {B705CE92-F7CC-462A-AB27-DC7353C6F8A3} - System32\Tasks\Security Center Update - 544130103 => C:\Users\gwengoetter\AppData\Roaming\Puetak\cuibo.exe [2013-07-08] ()
Task: {B7E9D2C5-7A1F-4414-AF04-D4B2971187B7} - System32\Tasks\Security Center Update - 4281403968 => C:\Users\gwengoetter\AppData\Roaming\Gitepy\etifce.exe [2013-08-08] ()
Task: {BB6F1438-558B-4908-B0B3-42B9346A5497} - System32\Tasks\Security Center Update - 3744109011 => C:\Users\gwengoetter\AppData\Roaming\Lowoto\uxlipi.exe [2013-05-19] ()
Task: {BDD42F2E-AFAB-41A0-A9BC-4F5C9C0E05DE} - System32\Tasks\Security Center Update - 1182817912 => C:\Users\gwengoetter\AppData\Roaming\Daiszaco\niocovt.exe [2013-08-20] ()
Task: {C0FB3921-CA74-4B6F-B8B9-95EC6D7FB2B8} - System32\Tasks\DealPly => C:\Users\GWENGO~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CAC171F0-6505-432C-AE1D-8D6C81E37594} - System32\Tasks\Security Center Update - 943553264 => C:\Users\gwengoetter\AppData\Roaming\Baekta\xaecvum.exe [2012-12-30] ()
Task: {D00E4B27-05D0-40AD-94F2-3CB2CFDB2FF5} - System32\Tasks\Security Center Update - 4141336692 => C:\Users\gwengoetter\AppData\Roaming\Aqbudyno\ynray.exe [2013-06-28] ()
Task: {D3AAE4BF-C50B-46CA-8C7C-688D540E9E45} - System32\Tasks\Security Center Update - 274860021 => C:\Users\gwengoetter\AppData\Roaming\Akakdio\kayzi.exe [2013-05-07] ()
Task: {D5FEB6A6-0314-458C-892E-A018D24EDAD5} - System32\Tasks\Security Center Update - 941552149 => C:\Users\gwengoetter\AppData\Roaming\Irduime\tayfxy.exe [2013-07-04] ()
Task: {D8A8741F-AFA1-45BC-8531-65E4136E8CD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {DAFC76F1-0493-4A0D-BDE2-F8A7875CC068} - System32\Tasks\Security Center Update - 1429565675 => C:\Users\gwengoetter\AppData\Roaming\Zuliqyp\kiymudu.exe [2013-04-02] ()
Task: {E126786C-6B27-4D78-B64F-1F14F84744B5} - System32\Tasks\Security Center Update - 1117714879 => C:\Users\gwengoetter\AppData\Roaming\Fotusui\upahzo.exe [2013-05-01] ()
Task: {E3FC76CC-704C-40FF-9F66-B25D6532D802} - System32\Tasks\Security Center Update - 4112823248 => C:\Users\gwengoetter\AppData\Roaming\Xeehlo\ilrum.exe [2013-03-12] ()
Task: {E8523701-E87E-4725-8378-E4743EF29E33} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-16] (Uniblue Systems Ltd)
Task: {E8B68103-B94F-47C4-9CAC-8F83FCC60CDE} - System32\Tasks\Security Center Update - 2783678376 => C:\Users\gwengoetter\AppData\Roaming\Ukusfe\hebyb.exe [2013-02-15] ()
Task: {EC484C54-E41B-4EF6-AA97-CF9CC558A86B} - System32\Tasks\Security Center Update - 3312015459 => C:\Users\gwengoetter\AppData\Roaming\Weoqceu\faihx.exe [2013-07-17] ()
Task: {EE05A987-7605-46CD-AAE5-30C771FCDF5D} - System32\Tasks\Security Center Update - 2421935866 => C:\Users\gwengoetter\AppData\Roaming\Osvanux\egihp.exe [2013-02-13] ()
Task: {EFC868F6-13E6-4DC6-90EE-7808F625C270} - System32\Tasks\Security Center Update - 2057961924 => C:\Users\gwengoetter\AppData\Roaming\Amadhe\geogfye.exe [2013-01-08] ()
Task: {F25205DD-2908-4871-BF0F-817A957BA977} - System32\Tasks\Security Center Update - 3827994178 => C:\Users\gwengoetter\AppData\Roaming\Wyugekeh\lybutux.exe [2013-05-27] ()
Task: {F30B2951-5E13-4032-BD07-3E92E81DBF68} - System32\Tasks\Security Center Update - 2149495819 => C:\Users\gwengoetter\AppData\Roaming\Gaxymi\uwryun.exe [2013-09-19] ()
Task: {F4991C10-DB27-4318-8260-7311196FAE22} - System32\Tasks\Security Center Update - 2397521832 => C:\Users\gwengoetter\AppData\Roaming\Ynogivi\ydaptu.exe [2013-03-14] ()
Task: {FA64137F-525A-45D0-A4CE-6EB999BBE815} - System32\Tasks\Security Center Update - 1065851581 => C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe [2013-01-27] ()
Task: {FAE2E802-A47A-4B56-A957-4EBE5A98F1FC} - System32\Tasks\Security Center Update - 2236782273 => C:\Users\gwengoetter\AppData\Roaming\Hoorula\yzezo.exe [2013-02-23] ()
Task: {FB140413-7F02-4E1A-9271-004F5C141B99} - System32\Tasks\Security Center Update - 762606990 => C:\Users\gwengoetter\AppData\Roaming\Udatihyc\agfuith.exe [2013-05-04] ()
Task: {FF671236-93E1-458E-9179-11EC437F7B56} - System32\Tasks\Security Center Update - 3557728678 => C:\Users\gwengoetter\AppData\Roaming\Viidfouc\ziulvou.exe [2013-03-26] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe
Task: C:\windows\Tasks\Security Center Update - 1018871712.job => C:\Users\gwengoetter\AppData\Roaming\Dabydyh\yzvony.exe
Task: C:\windows\Tasks\Security Center Update - 1052744025.job => C:\Users\gwengoetter\AppData\Roaming\Piteef\igsiim.exe
Task: C:\windows\Tasks\Security Center Update - 1062340554.job => C:\Users\gwengoetter\AppData\Roaming\Yskuxop\roana.exe
Task: C:\windows\Tasks\Security Center Update - 1065851581.job => C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe
Task: C:\windows\Tasks\Security Center Update - 1068615866.job => C:\Users\gwengoetter\AppData\Roaming\Endyexi\yvkyah.exe
Task: C:\windows\Tasks\Security Center Update - 1117714879.job => C:\Users\gwengoetter\AppData\Roaming\Fotusui\upahzo.exe
Task: C:\windows\Tasks\Security Center Update - 1182424808.job => C:\Users\gwengoetter\AppData\Roaming\Igecidba\aveggag.exe
Task: C:\windows\Tasks\Security Center Update - 1182817912.job => C:\Users\gwengoetter\AppData\Roaming\Daiszaco\niocovt.exe
Task: C:\windows\Tasks\Security Center Update - 1225194303.job => C:\Users\gwengoetter\AppData\Roaming\Gaekyzf\riiryle.exe
Task: C:\windows\Tasks\Security Center Update - 1316774573.job => C:\Users\gwengoetter\AppData\Roaming\Agtime\yqazxe.exe
Task: C:\windows\Tasks\Security Center Update - 1332309068.job => C:\Users\gwengoetter\AppData\Roaming\Rikeyfo\yrzuyrh.exe
Task: C:\windows\Tasks\Security Center Update - 1333853138.job => C:\Users\gwengoetter\AppData\Roaming\Kaodzyiq\yhulp.exe
Task: C:\windows\Tasks\Security Center Update - 1365947148.job => C:\Users\gwengoetter\AppData\Roaming\Poziic\ahime.exe
Task: C:\windows\Tasks\Security Center Update - 1426077808.job => C:\Users\gwengoetter\AppData\Roaming\Ylavufy\pucuta.exe
Task: C:\windows\Tasks\Security Center Update - 1429565675.job => C:\Users\gwengoetter\AppData\Roaming\Zuliqyp\kiymudu.exe
Task: C:\windows\Tasks\Security Center Update - 1442109945.job => C:\Users\gwengoetter\AppData\Roaming\Xalapo\ecrevy.exe
Task: C:\windows\Tasks\Security Center Update - 1444872757.job => C:\Users\gwengoetter\AppData\Roaming\Eziqoz\yxbuapy.exe
Task: C:\windows\Tasks\Security Center Update - 1454764009.job => C:\Users\gwengoetter\AppData\Roaming\Qiquazo\yqmeli.exe
Task: C:\windows\Tasks\Security Center Update - 1522216968.job => C:\Users\gwengoetter\AppData\Roaming\Nuzomuyp\beapi.exe
Task: C:\windows\Tasks\Security Center Update - 1562478605.job => C:\Users\gwengoetter\AppData\Roaming\Ugzadim\soybhym.exe
Task: C:\windows\Tasks\Security Center Update - 159283237.job => C:\Users\gwengoetter\AppData\Roaming\Pebylye\iwexr.exe
Task: C:\windows\Tasks\Security Center Update - 1719967821.job => C:\Users\gwengoetter\AppData\Roaming\Ycnufi\bibak.exe
Task: C:\windows\Tasks\Security Center Update - 1778273205.job => C:\Users\gwengoetter\AppData\Roaming\Zufucaa\godyxot.exe
Task: C:\windows\Tasks\Security Center Update - 1790000926.job => C:\Users\gwengoetter\AppData\Roaming\Izleyqu\azciko.exe
Task: C:\windows\Tasks\Security Center Update - 1863044979.job => C:\Users\gwengoetter\AppData\Roaming\Ceufsu\moonug.exe
Task: C:\windows\Tasks\Security Center Update - 1870254903.job => C:\Users\gwengoetter\AppData\Roaming\Dionba\ysteuc.exe
Task: C:\windows\Tasks\Security Center Update - 1900048375.job => C:\Users\gwengoetter\AppData\Roaming\Admyaw\riaxywa.exe
Task: C:\windows\Tasks\Security Center Update - 1905289452.job => C:\Users\gwengoetter\AppData\Roaming\Boeqro\begeim.exe
Task: C:\windows\Tasks\Security Center Update - 2057961924.job => C:\Users\gwengoetter\AppData\Roaming\Amadhe\geogfye.exe
Task: C:\windows\Tasks\Security Center Update - 2059046506.job => C:\Users\gwengoetter\AppData\Roaming\Adubonu\gehaytm.exe
Task: C:\windows\Tasks\Security Center Update - 2069396391.job => C:\Users\gwengoetter\AppData\Roaming\Osepote\apkei.exe
Task: C:\windows\Tasks\Security Center Update - 2108052082.job => C:\Users\gwengoetter\AppData\Roaming\Ogosymyf\lohuhy.exe
Task: C:\windows\Tasks\Security Center Update - 2119654584.job => C:\Users\gwengoetter\AppData\Roaming\Yfxuowve\qeuzqez.exe
Task: C:\windows\Tasks\Security Center Update - 2119967301.job => C:\Users\gwengoetter\AppData\Roaming\Voymug\lexola.exe
Task: C:\windows\Tasks\Security Center Update - 2141931547.job => C:\Users\gwengoetter\AppData\Roaming\Huikonr\imisf.exe
Task: C:\windows\Tasks\Security Center Update - 2149495819.job => C:\Users\gwengoetter\AppData\Roaming\Gaxymi\uwryun.exe
Task: C:\windows\Tasks\Security Center Update - 216819031.job => C:\Users\gwengoetter\AppData\Roaming\Luamwua\omxya.exe
Task: C:\windows\Tasks\Security Center Update - 2187567767.job => C:\Users\gwengoetter\AppData\Roaming\Ynehucpu\ytecwy.exe
Task: C:\windows\Tasks\Security Center Update - 2197418134.job => C:\Users\gwengoetter\AppData\Roaming\Hufeus\icowmu.exe
Task: C:\windows\Tasks\Security Center Update - 2236782273.job => C:\Users\gwengoetter\AppData\Roaming\Hoorula\yzezo.exe
Task: C:\windows\Tasks\Security Center Update - 2397521832.job => C:\Users\gwengoetter\AppData\Roaming\Ynogivi\ydaptu.exe
Task: C:\windows\Tasks\Security Center Update - 2410123969.job => C:\Users\gwengoetter\AppData\Roaming\Aruzfu\defoepy.exe
Task: C:\windows\Tasks\Security Center Update - 2421935866.job => C:\Users\gwengoetter\AppData\Roaming\Osvanux\egihp.exe
Task: C:\windows\Tasks\Security Center Update - 2525865001.job => C:\Users\gwengoetter\AppData\Roaming\Luogex\magyqo.exe
Task: C:\windows\Tasks\Security Center Update - 2527851123.job => C:\Users\gwengoetter\AppData\Roaming\Hyqeazy\amunhy.exe
Task: C:\windows\Tasks\Security Center Update - 2531586067.job => C:\Users\gwengoetter\AppData\Roaming\Itpoyq\anqieqy.exe
Task: C:\windows\Tasks\Security Center Update - 2603120980.job => C:\Users\gwengoetter\AppData\Roaming\Edocaqa\enzyba.exe
Task: C:\windows\Tasks\Security Center Update - 2638941911.job => C:\Users\gwengoetter\AppData\Roaming\Efufgyv\oluvux.exe
Task: C:\windows\Tasks\Security Center Update - 274860021.job => C:\Users\gwengoetter\AppData\Roaming\Akakdio\kayzi.exe
Task: C:\windows\Tasks\Security Center Update - 2783678376.job => C:\Users\gwengoetter\AppData\Roaming\Ukusfe\hebyb.exe
Task: C:\windows\Tasks\Security Center Update - 2783703395.job => C:\Users\gwengoetter\AppData\Roaming\Ugytah\biynal.exe
Task: C:\windows\Tasks\Security Center Update - 2870800661.job => C:\Users\gwengoetter\AppData\Roaming\Tykidiu\komyip.exe
Task: C:\windows\Tasks\Security Center Update - 2912423504.job => C:\Users\gwengoetter\AppData\Roaming\Uvhyez\oclozop.exe
Task: C:\windows\Tasks\Security Center Update - 291363577.job => C:\Users\gwengoetter\AppData\Roaming\Huoweply\uwibwyi.exe
Task: C:\windows\Tasks\Security Center Update - 308608092.job => C:\Users\gwengoetter\AppData\Roaming\Ysnuud\vuadab.exe
Task: C:\windows\Tasks\Security Center Update - 3130767662.job => C:\Users\gwengoetter\AppData\Roaming\Piroyzuc\artefu.exe
Task: C:\windows\Tasks\Security Center Update - 313631509.job => C:\Users\gwengoetter\AppData\Roaming\Ivsawo\iqucwo.exe
Task: C:\windows\Tasks\Security Center Update - 3140316904.job => C:\Users\gwengoetter\AppData\Roaming\Oqenudo\ucretu.exe
Task: C:\windows\Tasks\Security Center Update - 317441218.job => C:\Users\gwengoetter\AppData\Roaming\Elseokyd\ycbiytx.exe
Task: C:\windows\Tasks\Security Center Update - 3193270824.job => C:\Users\gwengoetter\AppData\Roaming\Ylufxaap\itatur.exe
Task: C:\windows\Tasks\Security Center Update - 3283464668.job => C:\Users\gwengoetter\AppData\Roaming\Siumta\meery.exe
Task: C:\windows\Tasks\Security Center Update - 3312015459.job => C:\Users\gwengoetter\AppData\Roaming\Weoqceu\faihx.exe
Task: C:\windows\Tasks\Security Center Update - 3337804951.job => C:\Users\gwengoetter\AppData\Roaming\Otyfetce\faadl.exe
Task: C:\windows\Tasks\Security Center Update - 3393805048.job => C:\Users\gwengoetter\AppData\Roaming\Ydxoew\xiibum.exe
Task: C:\windows\Tasks\Security Center Update - 3443869802.job => C:\Users\gwengoetter\AppData\Roaming\Eqqoavf\ciuxgy.exe
Task: C:\windows\Tasks\Security Center Update - 3466412537.job => C:\Users\gwengoetter\AppData\Roaming\Pyixih\wytyiz.exe
Task: C:\windows\Tasks\Security Center Update - 3479996560.job => C:\Users\gwengoetter\AppData\Roaming\Sueles\ixogmeb.exe
Task: C:\windows\Tasks\Security Center Update - 3510923013.job => C:\Users\gwengoetter\AppData\Roaming\Laimge\kekaafy.exe
Task: C:\windows\Tasks\Security Center Update - 3557728678.job => C:\Users\gwengoetter\AppData\Roaming\Viidfouc\ziulvou.exe
Task: C:\windows\Tasks\Security Center Update - 3703140625.job => C:\Users\gwengoetter\AppData\Roaming\Lutizya\fowas.exe
Task: C:\windows\Tasks\Security Center Update - 3744109011.job => C:\Users\gwengoetter\AppData\Roaming\Lowoto\uxlipi.exe
Task: C:\windows\Tasks\Security Center Update - 3827994178.job => C:\Users\gwengoetter\AppData\Roaming\Wyugekeh\lybutux.exe
Task: C:\windows\Tasks\Security Center Update - 3868071995.job => C:\Users\gwengoetter\AppData\Roaming\Umqoyh\exsefic.exe
Task: C:\windows\Tasks\Security Center Update - 394917207.job => C:\Users\gwengoetter\AppData\Roaming\Uvifcei\miyksuy.exe
Task: C:\windows\Tasks\Security Center Update - 4112823248.job => C:\Users\gwengoetter\AppData\Roaming\Xeehlo\ilrum.exe
Task: C:\windows\Tasks\Security Center Update - 4128655586.job => C:\Users\gwengoetter\AppData\Roaming\Ihbyla\xiseo.exe
Task: C:\windows\Tasks\Security Center Update - 4132290481.job => C:\Users\gwengoetter\AppData\Roaming\Quezare\yrgay.exe
Task: C:\windows\Tasks\Security Center Update - 4141336692.job => C:\Users\gwengoetter\AppData\Roaming\Aqbudyno\ynray.exe
Task: C:\windows\Tasks\Security Center Update - 4173188577.job => C:\Users\gwengoetter\AppData\Roaming\Oluxin\utwiwy.exe
Task: C:\windows\Tasks\Security Center Update - 4281403968.job => C:\Users\gwengoetter\AppData\Roaming\Gitepy\etifce.exe
Task: C:\windows\Tasks\Security Center Update - 544130103.job => C:\Users\gwengoetter\AppData\Roaming\Puetak\cuibo.exe
Task: C:\windows\Tasks\Security Center Update - 570241910.job => C:\Users\gwengoetter\AppData\Roaming\Luzutii\ysdubax.exe
Task: C:\windows\Tasks\Security Center Update - 572676476.job => C:\Users\gwengoetter\AppData\Roaming\Idapgaw\miabil.exe
Task: C:\windows\Tasks\Security Center Update - 593321490.job => C:\Users\gwengoetter\AppData\Roaming\Oxydesul\ymmupy.exe
Task: C:\windows\Tasks\Security Center Update - 665673278.job => C:\Users\gwengoetter\AppData\Roaming\Idkeis\ysyczi.exe
Task: C:\windows\Tasks\Security Center Update - 75628327.job => C:\Users\gwengoetter\AppData\Roaming\Inalfad\usehdui.exe
Task: C:\windows\Tasks\Security Center Update - 762606990.job => C:\Users\gwengoetter\AppData\Roaming\Udatihyc\agfuith.exe
Task: C:\windows\Tasks\Security Center Update - 768967623.job => C:\Users\gwengoetter\AppData\Roaming\Ruhuovp\awoto.exe
Task: C:\windows\Tasks\Security Center Update - 900570450.job => C:\Users\gwengoetter\AppData\Roaming\Tuevpy\yrria.exe
Task: C:\windows\Tasks\Security Center Update - 941552149.job => C:\Users\gwengoetter\AppData\Roaming\Irduime\tayfxy.exe
Task: C:\windows\Tasks\Security Center Update - 943553264.job => C:\Users\gwengoetter\AppData\Roaming\Baekta\xaecvum.exe
Task: C:\windows\Tasks\Security Center Update - 981333664.job => C:\Users\gwengoetter\AppData\Roaming\Qiumho\ecava.exe
Task: C:\windows\Tasks\Security Center Update - 995024744.job => C:\Users\gwengoetter\AppData\Roaming\Myergiac\avsiaq.exe

==================== Loaded Modules (whitelisted) =============

2013-01-04 16:44 - 2012-10-11 00:44 - 00355328 _____ () C:\windows\system32\mswsock.dll
2012-08-08 12:22 - 2012-08-08 12:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-05-04 18:42 - 2012-05-04 18:42 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2012-07-19 20:06 - 2012-07-19 20:06 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-12-28 11:25 - 2012-12-28 11:25 - 00120224 _____ () C:\Users\gwengoetter\AppData\Local\assembly\dl3\4V4A56E5.VR1\L9BEYMXD.7V2\8cc91fca\0038bcf4_1366cd01\HPItunesModule.DLL
2012-07-19 20:06 - 2012-07-19 20:06 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-07-19 20:07 - 2012-07-19 20:07 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-01-04 16:44 - 2012-10-11 00:44 - 00355328 _____ () C:\windows\SYSTEM32\mswsock.dll
2012-09-01 00:18 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2013 01:28:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: ccSvcHst.exe, version: 12.2.0.8, time stamp: 0x5075eeaf
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xc06d007e
Fault offset: 0x00014b32
Faulting process id: 0xba8
Faulting application start time: 0xccSvcHst.exe0
Faulting application path: ccSvcHst.exe1
Faulting module path: ccSvcHst.exe2
Report Id: ccSvcHst.exe3
Faulting package full name: ccSvcHst.exe4
Faulting package-relative application ID: ccSvcHst.exe5

Error: (11/25/2013 10:31:26 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1568

Start Time: 01cee9afc3c2f82f

Termination Time: 31

Application Path: C:\Users\gwengoetter\Desktop\OTL.exe

Report Id: 3671bd68-564b-11e3-beca-089e013aa649

Faulting package full name:

Faulting package-relative application ID:

Error: (11/25/2013 02:26:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: goetters4bacon)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/25/2013 02:25:28 AM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1194

Start Time: 01cee96276ee0a90

Termination Time: 78

Application Path: C:\Users\gwengoetter\Downloads\OTL.exe

Report Id: 4788e75e-55a2-11e3-beca-089e013aa649

Faulting package full name:

Faulting package-relative application ID:

Error: (11/24/2013 00:00:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: ccSvcHst.exe, version: 12.2.0.8, time stamp: 0x5075eeaf
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xc06d007e
Fault offset: 0x00014b32
Faulting process id: 0xaec
Faulting application start time: 0xccSvcHst.exe0
Faulting application path: ccSvcHst.exe1
Faulting module path: ccSvcHst.exe2
Report Id: ccSvcHst.exe3
Faulting package full name: ccSvcHst.exe4
Faulting package-relative application ID: ccSvcHst.exe5

Error: (11/17/2013 09:20:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: ccSvcHst.exe, version: 12.2.0.8, time stamp: 0x5075eeaf
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xc06d007e
Fault offset: 0x00014b32
Faulting process id: 0x1b40
Faulting application start time: 0xccSvcHst.exe0
Faulting application path: ccSvcHst.exe1
Faulting module path: ccSvcHst.exe2
Report Id: ccSvcHst.exe3
Faulting package full name: ccSvcHst.exe4
Faulting package-relative application ID: ccSvcHst.exe5

Error: (11/17/2013 08:56:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: ccSvcHst.exe, version: 12.2.0.8, time stamp: 0x5075eeaf
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988950
Exception code: 0xc06d007e
Fault offset: 0x00014b32
Faulting process id: 0x93c
Faulting application start time: 0xccSvcHst.exe0
Faulting application path: ccSvcHst.exe1
Faulting module path: ccSvcHst.exe2
Report Id: ccSvcHst.exe3
Faulting package full name: ccSvcHst.exe4
Faulting package-relative application ID: ccSvcHst.exe5

Error: (11/17/2013 03:30:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 259898

Error: (11/17/2013 03:30:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 259898

Error: (11/17/2013 03:30:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (11/30/2013 01:29:03 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%1053

Error: (11/30/2013 01:29:03 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Norton Internet Security service to connect.

Error: (11/30/2013 01:26:28 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends on the following service: BFE. This service might not be installed.

Error: (11/30/2013 01:26:28 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the following service: BFE. This service might not be installed.

Error: (11/30/2013 01:26:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/30/2013 01:26:27 PM) (Source: Service Control Manager) (User: )
Description: The PC Speed Up Service service failed to start due to the following error:
%%2

Error: (11/30/2013 01:26:26 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:08:38 AM on ‎11/‎26/‎2013 was unexpected.

Error: (11/24/2013 00:00:59 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%1053

Error: (11/24/2013 00:00:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Norton Internet Security service to connect.

Error: (11/24/2013 11:58:27 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends on the following service: BFE. This service might not be installed.

Microsoft Office Sessions:
=========================
Error: (11/30/2013 01:28:57 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe12.2.0.85075eeafKERNELBASE.dll6.2.9200.1645150988950c06d007e00014b32ba801ceedf9fe8f9a2eC:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exeC:\windows\SYSTEM32\KERNELBASE.dll45f1605e-59ed-11e3-becb-089e013aa649

Error: (11/25/2013 10:31:26 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0156801cee9afc3c2f82f31C:\Users\gwengoetter\Desktop\OTL.exe3671bd68-564b-11e3-beca-089e013aa649

Error: (11/25/2013 02:26:26 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: goetters4bacon)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos-2147024891

Error: (11/25/2013 02:25:28 AM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0119401cee96276ee0a9078C:\Users\gwengoetter\Downloads\OTL.exe4788e75e-55a2-11e3-beca-089e013aa649

Error: (11/24/2013 00:00:56 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe12.2.0.85075eeafKERNELBASE.dll6.2.9200.1645150988950c06d007e00014b32aec01cee936b3c68354C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exeC:\windows\SYSTEM32\KERNELBASE.dllfbb2684a-5529-11e3-beca-089e013aa649

Error: (11/17/2013 09:20:39 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe12.2.0.85075eeafKERNELBASE.dll6.2.9200.1645150988950c06d007e00014b321b4001cee404bcf9eefdC:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exeC:\windows\SYSTEM32\KERNELBASE.dll03b2f638-4ff8-11e3-bec9-089e013aa649

Error: (11/17/2013 08:56:27 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe12.2.0.85075eeafKERNELBASE.dll6.2.9200.1645150988950c06d007e00014b3293c01cee4015aeed5b8C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exeC:\windows\SYSTEM32\KERNELBASE.dlla274cba8-4ff4-11e3-bec9-089e013aa649

Error: (11/17/2013 03:30:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 259898

Error: (11/17/2013 03:30:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 259898

Error: (11/17/2013 03:30:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 3660.08 MB
Available physical RAM: 2666.81 MB
Total Pagefile: 7372.08 MB
Available Pagefile: 6211.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.5 GB) (Free:290.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.78 GB) (Free:2.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:14.9 GB) (Free:14.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D370BA94)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

thanks.

#7
Buddierdl

Posted 30 November 2013 - 01:43 PM

Trusted Helper

Malware Removal
2,524 posts

This computer is very heavily infected. Let's start with this.

Whenever I say to download something, please use your clean computer and protected flash drive to transfer it to the infected computer. All programs will be run on the infected computer unless specifically mentioned.

Please download the attached fixlist.txt and move it to the desktop of the infected computer. Then run FRST again and click "Fix." Post the resulting fixlog.txt.

Then,

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Then,

Please download the attached batch file to the desktop of the infected computer and double-click it to run. It should open a log for you to paste for me.

Attached Files

fixlist.txt 31.96KB 232 downloads
list.bat 127bytes 151 downloads

#8
lawnguybri

Posted 30 November 2013 - 11:35 PM

Member

Topic Starter
Member
102 posts

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2013
Ran by gwengoetter at 2013-11-30 23:46:04 Run:1
Running from C:\Users\gwengoetter\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$541eeff7fc8cc6840a1a6882d5b1c996\n. ATTENTION! ====> ZeroAccess?
C:\$Recycle.Bin\S-1-5-18\$541eeff7fc8cc6840a1a6882d5b1c996
HKCU\...\Run: [SearchProtection] - C:\Users\gwengoetter\AppData\Roaming\Search Protection\SearchProtection.exe [832360 2013-09-03] (Spigot, Inc.)
HKCU\...\Run: [Iproanvaelmuy] - C:\Users\gwengoetter\AppData\Roaming\Pyixih\wytyiz.exe [200351 2013-07-12] ()
HKCU\...\Run: [GameServer33] - C:\Users\gwengoetter\AppData\Roaming\BabSolution\WIN3E3A.exe [124928 2013-09-20] ()
HKCU\...\Run: [Vougowloypqiuxg] - C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe [203884 2013-01-27] ()
HKCU\...\Run: [GameServer55] - C:\Users\gwengoetter\AppData\Roaming\Fotusui\ [173056 2013-10-15] ()
HKCU\...\Run: [Ycixadycsody] - C:\Users\gwengoetter\AppData\Roaming\Umqoyh\exsefic.exe [200351 2013-02-03] ()
HKCU\...\Run: [Lyemlazoifoderq] - C:\Users\gwengoetter\AppData\Roaming\Oxydesul\ymmupy.exe [203884 2013-07-29] ()
HKCU\...\Run: [Fuivruot] - C:\Users\gwengoetter\AppData\Roaming\Viidfouc\ziulvou.exe [203884 2013-03-26] ()
HKCU\...\Run: [Udlok] - C:\Users\gwengoetter\AppData\Roaming\Gaxymi\uwryun.exe [200351 2013-09-19] ()
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume4\Users\GWENGO~1\AppData\Local\Temp\sxxoiiv\sjgudmy\wow.dll ATTENTION! ====> ZeroAccess?
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...e={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...e={installDate}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
URLSearchHook: HKLM-x32 - Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgr2.dll (Conduit Ltd.)
C:\Program Files (x86)\Vgrabber_v1
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/...e={installDate}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...06B083E8E0CFBEA
BHO-x32: Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgr2.dll (Conduit Ltd.)
BHO-x32: LyricsNotes - {A444752C-F03B-4E19-B2CD-E80F1FC2809C} - C:\Program Files (x86)\LyricsNotes\116.dll No File
C:\Program Files (x86)\LyricsNotes
BHO-x32: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
C:\Program Files (x86)\Coupons.com CouponBar
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgr2.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} - No File
Winsock: Catalog5 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
HKCU\...\Run: [PCSpeedUp] - C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
S2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [x]
C:\Program Files (x86)\PC Speed Up
C:\windows\Tasks\PC SpeedUp Service Deactivator.job
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\gwengoetter\AppData\Local\Temp\sxxoiiv
C:\$Recycle.Bin\S-1-5-21-2093230720-1359758338-2908893637-1001\$541eeff7fc8cc6840a1a6882d5b1c996
Task: {01E0CF3E-A94C-4A77-8CAA-94FB3E5922F8} - System32\Tasks\Security Center Update - 3140316904 => C:\Users\gwengoetter\AppData\Roaming\Oqenudo\ucretu.exe [2013-05-28] ()
C:\Users\gwengoetter\AppData\Roaming\Oqenudo
Task: {03DD4F42-F3A9-43AB-B401-262C5B8961BE} - System32\Tasks\Security Center Update - 3466412537 => C:\Users\gwengoetter\AppData\Roaming\Pyixih\wytyiz.exe [2013-07-12] ()
C:\Users\gwengoetter\AppData\Roaming\Pyixih
Task: {06869E62-9A0C-42EB-8162-E62F6E0A0B16} - System32\Tasks\Security Center Update - 2141931547 => C:\Users\gwengoetter\AppData\Roaming\Huikonr\imisf.exe [2013-07-03] ()
C:\Users\gwengoetter\AppData\Roaming\Huikonr
Task: {0AE236FC-9307-4C54-B140-7E13175DB4C5} - System32\Tasks\Security Center Update - 1018871712 => C:\Users\gwengoetter\AppData\Roaming\Dabydyh\yzvony.exe [2013-07-01] ()
C:\Users\gwengoetter\AppData\Roaming\Dabydyh
Task: {0D7E952A-D493-4078-B740-DAA0AB10B540} - System32\Tasks\Security Center Update - 572676476 => C:\Users\gwengoetter\AppData\Roaming\Idapgaw\miabil.exe [2013-01-08] ()
C:\Users\gwengoetter\AppData\Roaming\Idapgaw
Task: {0E0F219D-319B-4F80-A2EA-BC952B49C594} - System32\Tasks\Security Center Update - 1778273205 => C:\Users\gwengoetter\AppData\Roaming\Zufucaa\godyxot.exe [2013-07-28] ()
C:\Users\gwengoetter\AppData\Roaming\Zufucaa
Task: {101CCE8F-A3A3-4F1A-B7E2-DEFF99D0F371} - System32\Tasks\Security Center Update - 3130767662 => C:\Users\gwengoetter\AppData\Roaming\Piroyzuc\artefu.exe [2013-08-31] ()
C:\Users\gwengoetter\AppData\Roaming\Piroyzuc
Task: {11561753-E2AB-4485-B429-9E51760F24AB} - System32\Tasks\Security Center Update - 2059046506 => C:\Users\gwengoetter\AppData\Roaming\Adubonu\gehaytm.exe [2013-09-19] ()
C:\Users\gwengoetter\AppData\Roaming\Adubonu
Task: {1192785D-FA57-4257-81B1-2CBFAE53A3FE} - System32\Tasks\Security Center Update - 1426077808 => C:\Users\gwengoetter\AppData\Roaming\Ylavufy\pucuta.exe [2013-08-28] ()
C:\Users\gwengoetter\AppData\Roaming\Ylavufy
Task: {11A0F084-64A3-4D18-B9A5-EC1399B791C7} - System32\Tasks\Security Center Update - 2527851123 => C:\Users\gwengoetter\AppData\Roaming\Hyqeazy\amunhy.exe [2013-10-10] ()
C:\Users\gwengoetter\AppData\Roaming\Hyqeazy
Task: {18B0C106-5BDF-4291-BDDF-A6AA56CB6B78} - System32\Tasks\Security Center Update - 1442109945 => C:\Users\gwengoetter\AppData\Roaming\Xalapo\ecrevy.exe [2013-05-21] ()
C:\Users\gwengoetter\AppData\Roaming\Xalapo
Task: {19E3384A-D8BD-4551-8552-F2D33E199811} - System32\Tasks\Security Center Update - 3193270824 => C:\Users\gwengoetter\AppData\Roaming\Ylufxaap\itatur.exe [2013-07-07] ()
C:\Users\gwengoetter\AppData\Roaming\Ylufxaap
Task: {1C209CBD-D7BF-4195-B60A-16E02599E3D5} - System32\Tasks\Security Center Update - 2525865001 => C:\Users\gwengoetter\AppData\Roaming\Luogex\magyqo.exe [2013-08-13] ()
C:\Users\gwengoetter\AppData\Roaming\Luogex
Task: {1F738CC4-8E42-41C2-AEB9-AD0085F330BC} - System32\Tasks\Security Center Update - 2187567767 => C:\Users\gwengoetter\AppData\Roaming\Ynehucpu\ytecwy.exe [2013-04-02] ()
C:\Users\gwengoetter\AppData\Roaming\Ynehucpu
Task: {2245FCA1-7C8A-4F7A-9660-49DF5E686E64} - System32\Tasks\Security Center Update - 1052744025 => C:\Users\gwengoetter\AppData\Roaming\Piteef\igsiim.exe [2013-06-04] ()
C:\Users\gwengoetter\AppData\Roaming\Piteef
Task: {241EB36B-D1A0-4DBD-88CD-C9721EBD4EB6} - System32\Tasks\Security Center Update - 1182424808 => C:\Users\gwengoetter\AppData\Roaming\Igecidba\aveggag.exe [2013-03-15] ()
C:\Users\gwengoetter\AppData\Roaming\Igecidba
Task: {26080D11-14F1-45AE-BBC2-C8BDD270502C} - System32\Tasks\Security Center Update - 768967623 => C:\Users\gwengoetter\AppData\Roaming\Ruhuovp\awoto.exe [2013-06-04] ()
C:\Users\gwengoetter\AppData\Roaming\Ruhuovp
Task: {29E2F5EE-640F-4F3A-9451-FB6FE3161FD3} - System32\Tasks\Security Center Update - 4128655586 => C:\Users\gwengoetter\AppData\Roaming\Ihbyla\xiseo.exe [2013-05-16] ()
C:\Users\gwengoetter\AppData\Roaming\Ihbyla
Task: {2B2B2340-949B-4612-BF18-82DD0E5992DA} - System32\Tasks\Security Center Update - 1719967821 => C:\Users\gwengoetter\AppData\Roaming\Ycnufi\bibak.exe [2013-03-16] ()
C:\Users\gwengoetter\AppData\Roaming\Ycnufi
Task: {2CE13260-DA8B-459F-A646-48AD22B34721} - System32\Tasks\Security Center Update - 1444872757 => C:\Users\gwengoetter\AppData\Roaming\Eziqoz\yxbuapy.exe [2013-05-25] ()
C:\Users\gwengoetter\AppData\Roaming\Eziqoz
Task: {2D479D88-D56D-4D4D-98EB-71B99083125D} - System32\Tasks\Security Center Update - 4173188577 => C:\Users\gwengoetter\AppData\Roaming\Oluxin\utwiwy.exe [2013-01-01] ()
Task: {2D56C2B5-F6FE-4B86-A1A7-1899D3A992CA} - System32\Tasks\Security Center Update - 981333664 => C:\Users\gwengoetter\AppData\Roaming\Qiumho\ecava.exe [2013-08-30] ()
Task: {31EBDD26-B7FA-4210-83BD-25055E7326B1} - System32\Tasks\Security Center Update - 2119654584 => C:\Users\gwengoetter\AppData\Roaming\Yfxuowve\qeuzqez.exe [2013-06-28] ()
Task: {33511355-002A-4F50-97E6-702A1E5BF711} - System32\Tasks\Security Center Update - 995024744 => C:\Users\gwengoetter\AppData\Roaming\Myergiac\avsiaq.exe [2013-02-06] ()
Task: {356C8175-E345-4F82-9761-6BD9510C97F6} - System32\Tasks\Security Center Update - 1225194303 => C:\Users\gwengoetter\AppData\Roaming\Gaekyzf\riiryle.exe [2013-06-23] ()
Task: {360B5315-7726-4B46-9A48-AEAE2F0EEFD1} - System32\Tasks\Security Center Update - 2912423504 => C:\Users\gwengoetter\AppData\Roaming\Uvhyez\oclozop.exe [2013-01-28] ()
Task: {3642BC81-CCC5-4B77-A249-D92F652BF658} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe
Task: {36EBA975-7FB0-42FB-85A1-2B6EB770790B} - System32\Tasks\Security Center Update - 570241910 => C:\Users\gwengoetter\AppData\Roaming\Luzutii\ysdubax.exe [2013-06-02] ()
Task: {3D28B38E-F991-4AD3-9E73-9E998E386536} - System32\Tasks\Security Center Update - 1316774573 => C:\Users\gwengoetter\AppData\Roaming\Agtime\yqazxe.exe [2013-06-13] ()
Task: {3EF3F61E-8817-42F3-AD1B-CDEF06619DA4} - System32\Tasks\Security Center Update - 900570450 => C:\Users\gwengoetter\AppData\Roaming\Tuevpy\yrria.exe [2013-01-08] ()
Task: {3FCD29A1-81CF-42CE-B201-797897523AD8} - System32\Tasks\Security Center Update - 1562478605 => C:\Users\gwengoetter\AppData\Roaming\Ugzadim\soybhym.exe [2013-01-10] ()
Task: {4079081C-7DE1-4BAB-8F8F-2F4CF4691FFC} - System32\Tasks\Security Center Update - 2119967301 => C:\Users\gwengoetter\AppData\Roaming\Voymug\lexola.exe [2013-02-13] ()
Task: {420D97FA-AFE9-4F06-9728-39FC55B12E0D} - System32\Tasks\Security Center Update - 1900048375 => C:\Users\gwengoetter\AppData\Roaming\Admyaw\riaxywa.exe [2013-05-05] ()
Task: {42CCBA91-632E-4A96-A6A8-ED73530960D3} - System32\Tasks\Security Center Update - 3283464668 => C:\Users\gwengoetter\AppData\Roaming\Siumta\meery.exe [2013-01-03] ()
Task: {4651425B-ACF3-493F-AAA7-E369173B588D} - System32\Tasks\Security Center Update - 159283237 => C:\Users\gwengoetter\AppData\Roaming\Pebylye\iwexr.exe [2013-07-14] ()
Task: {4B0268CC-F85F-4EFA-B0BB-D104E2D897B6} - System32\Tasks\Security Center Update - 2603120980 => C:\Users\gwengoetter\AppData\Roaming\Edocaqa\enzyba.exe [2013-10-14] ()
Task: {4B5E28A6-EB5B-4C4B-B732-2A29C3BC6536} - System32\Tasks\Security Center Update - 3337804951 => C:\Users\gwengoetter\AppData\Roaming\Otyfetce\faadl.exe [2013-09-07] ()
Task: {52BB01C7-B7FF-44CE-A9D3-E6575B9C8D36} - System32\Tasks\Security Center Update - 3443869802 => C:\Users\gwengoetter\AppData\Roaming\Eqqoavf\ciuxgy.exe [2013-05-25] ()
Task: {5845DDFA-344F-4EA8-9269-FEE4FB03E736} - System32\Tasks\Security Center Update - 3510923013 => C:\Users\gwengoetter\AppData\Roaming\Laimge\kekaafy.exe [2013-04-11] ()
Task: {5ABF40B5-181B-4597-9621-04285EB93A5E} - System32\Tasks\Security Center Update - 75628327 => C:\Users\gwengoetter\AppData\Roaming\Inalfad\usehdui.exe [2013-01-30] ()
Task: {5D64FDC3-C8E0-4B4B-A2C1-D1F0FB4F2198} - System32\Tasks\Security Center Update - 1365947148 => C:\Users\gwengoetter\AppData\Roaming\Poziic\ahime.exe [2013-01-16] ()
Task: {61566599-C431-4272-8E69-742BA16E3009} - System32\Tasks\Security Center Update - 1454764009 => C:\Users\gwengoetter\AppData\Roaming\Qiquazo\yqmeli.exe [2013-01-07] ()
Task: {63379A9F-13A5-4969-8D0C-36C148F70699} - System32\Tasks\Security Center Update - 665673278 => C:\Users\gwengoetter\AppData\Roaming\Idkeis\ysyczi.exe [2013-01-13] ()
Task: {64F62FF2-307D-471F-9D63-DAF1F0162714} - System32\Tasks\Security Center Update - 317441218 => C:\Users\gwengoetter\AppData\Roaming\Elseokyd\ycbiytx.exe [2013-09-09] ()
Task: {66AF02CE-0E59-4158-910E-D1977AE20E4C} - System32\Tasks\Security Center Update - 313631509 => C:\Users\gwengoetter\AppData\Roaming\Ivsawo\iqucwo.exe [2013-01-13] ()
Task: {68A5CEEC-AC2C-47C2-A31F-543E5277A690} - System32\Tasks\Security Center Update - 1068615866 => C:\Users\gwengoetter\AppData\Roaming\Endyexi\yvkyah.exe [2013-06-26] ()
Task: {699FC089-9FA6-4BC1-B2F8-FE4EE2B96408} - System32\Tasks\Security Center Update - 3868071995 => C:\Users\gwengoetter\AppData\Roaming\Umqoyh\exsefic.exe [2013-02-03] ()
Task: {7351BEE0-F600-48E6-B188-E8615A62D799} - System32\Tasks\Security Center Update - 1062340554 => C:\Users\gwengoetter\AppData\Roaming\Yskuxop\roana.exe [2013-01-15] ()
Task: {764F447E-A864-42CE-9359-C638AA9B6A44} - System32\Tasks\Security Center Update - 3479996560 => C:\Users\gwengoetter\AppData\Roaming\Sueles\ixogmeb.exe [2013-07-10] ()
Task: {7CF40DE0-D77A-4EF9-9F4D-72B73B6CF3FA} - System32\Tasks\Security Center Update - 1790000926 => C:\Users\gwengoetter\AppData\Roaming\Izleyqu\azciko.exe [2013-01-20] ()
Task: {84785A53-99E4-4617-A840-FCC9DE66C8CF} - System32\Tasks\Security Center Update - 1522216968 => C:\Users\gwengoetter\AppData\Roaming\Nuzomuyp\beapi.exe [2013-06-09] ()
Task: {8A05C68D-C7AA-490C-BF1C-833828F48D6A} - System32\Tasks\Security Center Update - 2870800661 => C:\Users\gwengoetter\AppData\Roaming\Tykidiu\komyip.exe [2013-02-20] ()
Task: {8A494CFF-B910-4F96-9F78-A6C8EC0B969A} - System32\Tasks\Security Center Update - 1905289452 => C:\Users\gwengoetter\AppData\Roaming\Boeqro\begeim.exe [2013-09-11] ()
Task: {8A5A7ACB-65C7-4E98-8FB2-ECC5A19903AE} - System32\Tasks\Security Center Update - 2531586067 => C:\Users\gwengoetter\AppData\Roaming\Itpoyq\anqieqy.exe [2013-08-20] ()
Task: {8C753A24-1467-4A95-BC60-1290791D6C92} - System32\Tasks\Security Center Update - 2108052082 => C:\Users\gwengoetter\AppData\Roaming\Ogosymyf\lohuhy.exe [2013-01-19] ()
Task: {8E1C321B-7464-452B-9270-1C78D3A5375E} - System32\Tasks\Security Center Update - 3393805048 => C:\Users\gwengoetter\AppData\Roaming\Ydxoew\xiibum.exe [2013-08-24] ()
Task: {9329A00F-2E0E-4325-AB51-0ACE75872E72} - System32\Tasks\Security Center Update - 593321490 => C:\Users\gwengoetter\AppData\Roaming\Oxydesul\ymmupy.exe [2013-07-29] ()
Task: {95613DB8-5B68-44E5-B186-8D8736AF2CD6} - System32\Tasks\Security Center Update - 2197418134 => C:\Users\gwengoetter\AppData\Roaming\Hufeus\icowmu.exe [2013-02-21] ()
Task: {960E0A57-F93E-4032-B83D-DA48C3FCAD80} - System32\Tasks\Security Center Update - 2638941911 => C:\Users\gwengoetter\AppData\Roaming\Efufgyv\oluvux.exe [2013-04-30] ()
Task: {9A76222C-02F7-472B-89F4-777C347DA613} - System32\Tasks\Security Center Update - 1332309068 => C:\Users\gwengoetter\AppData\Roaming\Rikeyfo\yrzuyrh.exe [2013-08-05] ()
Task: {9B77BBD1-51DC-482B-BD07-ABFE10FAF41E} - System32\Tasks\Security Center Update - 1870254903 => C:\Users\gwengoetter\AppData\Roaming\Dionba\ysteuc.exe [2013-02-25] ()
Task: {9CD39B2E-2F52-4B48-B89D-568B0C6C67BD} - System32\Tasks\Security Center Update - 291363577 => C:\Users\gwengoetter\AppData\Roaming\Huoweply\uwibwyi.exe [2013-03-21] ()
Task: {9D98973D-DEBF-4445-A77D-E8677EDD7F85} - System32\Tasks\Security Center Update - 4132290481 => C:\Users\gwengoetter\AppData\Roaming\Quezare\yrgay.exe [2013-08-22] ()
Task: {9DAF91CF-68E7-4351-BEF2-8A485FFCC5A1} - System32\Tasks\Security Center Update - 2783703395 => C:\Users\gwengoetter\AppData\Roaming\Ugytah\biynal.exe [2013-08-07] ()
Task: {A21C4DD0-74BC-4895-9784-77DA371B2FC4} - System32\Tasks\Security Center Update - 3703140625 => C:\Users\gwengoetter\AppData\Roaming\Lutizya\fowas.exe [2013-08-08] ()
Task: {A22BA64B-9EE0-4CE8-8931-23E69481B8AF} - System32\Tasks\Security Center Update - 394917207 => C:\Users\gwengoetter\AppData\Roaming\Uvifcei\miyksuy.exe [2013-03-19] ()
Task: {A5DB07CC-B092-438F-839B-BC5D0A5A1B8B} - System32\Tasks\Security Center Update - 1333853138 => C:\Users\gwengoetter\AppData\Roaming\Kaodzyiq\yhulp.exe [2013-07-06] ()
Task: {A6F7F64B-F351-457B-B2E6-CAF04804202B} - System32\Tasks\Security Center Update - 216819031 => C:\Users\gwengoetter\AppData\Roaming\Luamwua\omxya.exe [2013-02-25] ()
Task: {A7B6C1FD-CA0A-486B-B314-27F39D49A6FA} - System32\Tasks\Security Center Update - 1863044979 => C:\Users\gwengoetter\AppData\Roaming\Ceufsu\moonug.exe [2013-02-03] ()
Task: {ACB1F204-64B9-4E22-B8B2-A57EE25CFD62} - System32\Tasks\Security Center Update - 308608092 => C:\Users\gwengoetter\AppData\Roaming\Ysnuud\vuadab.exe [2013-07-13] ()
Task: {B1620079-F3A0-4222-93C8-6E02DDE35625} - System32\Tasks\Security Center Update - 2069396391 => C:\Users\gwengoetter\AppData\Roaming\Osepote\apkei.exe [2013-01-04] ()
Task: {B2EE0893-B6D4-4AE6-854E-857654127603} - System32\Tasks\Security Center Update - 2410123969 => C:\Users\gwengoetter\AppData\Roaming\Aruzfu\defoepy.exe [2013-01-21] ()
Task: {B705CE92-F7CC-462A-AB27-DC7353C6F8A3} - System32\Tasks\Security Center Update - 544130103 => C:\Users\gwengoetter\AppData\Roaming\Puetak\cuibo.exe [2013-07-08] ()
Task: {B7E9D2C5-7A1F-4414-AF04-D4B2971187B7} - System32\Tasks\Security Center Update - 4281403968 => C:\Users\gwengoetter\AppData\Roaming\Gitepy\etifce.exe [2013-08-08] ()
Task: {BB6F1438-558B-4908-B0B3-42B9346A5497} - System32\Tasks\Security Center Update - 3744109011 => C:\Users\gwengoetter\AppData\Roaming\Lowoto\uxlipi.exe [2013-05-19] ()
Task: {BDD42F2E-AFAB-41A0-A9BC-4F5C9C0E05DE} - System32\Tasks\Security Center Update - 1182817912 => C:\Users\gwengoetter\AppData\Roaming\Daiszaco\niocovt.exe [2013-08-20] ()
Task: {C0FB3921-CA74-4B6F-B8B9-95EC6D7FB2B8} - System32\Tasks\DealPly => C:\Users\GWENGO~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CAC171F0-6505-432C-AE1D-8D6C81E37594} - System32\Tasks\Security Center Update - 943553264 => C:\Users\gwengoetter\AppData\Roaming\Baekta\xaecvum.exe [2012-12-30] ()
Task: {D00E4B27-05D0-40AD-94F2-3CB2CFDB2FF5} - System32\Tasks\Security Center Update - 4141336692 => C:\Users\gwengoetter\AppData\Roaming\Aqbudyno\ynray.exe [2013-06-28] ()
Task: {D3AAE4BF-C50B-46CA-8C7C-688D540E9E45} - System32\Tasks\Security Center Update - 274860021 => C:\Users\gwengoetter\AppData\Roaming\Akakdio\kayzi.exe [2013-05-07] ()
Task: {D5FEB6A6-0314-458C-892E-A018D24EDAD5} - System32\Tasks\Security Center Update - 941552149 => C:\Users\gwengoetter\AppData\Roaming\Irduime\tayfxy.exe [2013-07-04] ()
Task: {DAFC76F1-0493-4A0D-BDE2-F8A7875CC068} - System32\Tasks\Security Center Update - 1429565675 => C:\Users\gwengoetter\AppData\Roaming\Zuliqyp\kiymudu.exe [2013-04-02] ()
Task: {E126786C-6B27-4D78-B64F-1F14F84744B5} - System32\Tasks\Security Center Update - 1117714879 => C:\Users\gwengoetter\AppData\Roaming\Fotusui\upahzo.exe [2013-05-01] ()
Task: {E3FC76CC-704C-40FF-9F66-B25D6532D802} - System32\Tasks\Security Center Update - 4112823248 => C:\Users\gwengoetter\AppData\Roaming\Xeehlo\ilrum.exe [2013-03-12] ()
Task: {E8B68103-B94F-47C4-9CAC-8F83FCC60CDE} - System32\Tasks\Security Center Update - 2783678376 => C:\Users\gwengoetter\AppData\Roaming\Ukusfe\hebyb.exe [2013-02-15] ()
Task: {EC484C54-E41B-4EF6-AA97-CF9CC558A86B} - System32\Tasks\Security Center Update - 3312015459 => C:\Users\gwengoetter\AppData\Roaming\Weoqceu\faihx.exe [2013-07-17] ()
Task: {EE05A987-7605-46CD-AAE5-30C771FCDF5D} - System32\Tasks\Security Center Update - 2421935866 => C:\Users\gwengoetter\AppData\Roaming\Osvanux\egihp.exe [2013-02-13] ()
Task: {EFC868F6-13E6-4DC6-90EE-7808F625C270} - System32\Tasks\Security Center Update - 2057961924 => C:\Users\gwengoetter\AppData\Roaming\Amadhe\geogfye.exe [2013-01-08] ()
Task: {F25205DD-2908-4871-BF0F-817A957BA977} - System32\Tasks\Security Center Update - 3827994178 => C:\Users\gwengoetter\AppData\Roaming\Wyugekeh\lybutux.exe [2013-05-27] ()
Task: {F30B2951-5E13-4032-BD07-3E92E81DBF68} - System32\Tasks\Security Center Update - 2149495819 => C:\Users\gwengoetter\AppData\Roaming\Gaxymi\uwryun.exe [2013-09-19] ()
Task: {F4991C10-DB27-4318-8260-7311196FAE22} - System32\Tasks\Security Center Update - 2397521832 => C:\Users\gwengoetter\AppData\Roaming\Ynogivi\ydaptu.exe [2013-03-14] ()
Task: {FA64137F-525A-45D0-A4CE-6EB999BBE815} - System32\Tasks\Security Center Update - 1065851581 => C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe [2013-01-27] ()
Task: {FAE2E802-A47A-4B56-A957-4EBE5A98F1FC} - System32\Tasks\Security Center Update - 2236782273 => C:\Users\gwengoetter\AppData\Roaming\Hoorula\yzezo.exe [2013-02-23] ()
Task: {FB140413-7F02-4E1A-9271-004F5C141B99} - System32\Tasks\Security Center Update - 762606990 => C:\Users\gwengoetter\AppData\Roaming\Udatihyc\agfuith.exe [2013-05-04] ()
Task: {FF671236-93E1-458E-9179-11EC437F7B56} - System32\Tasks\Security Center Update - 3557728678 => C:\Users\gwengoetter\AppData\Roaming\Viidfouc\ziulvou.exe [2013-03-26] ()
Task: C:\windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe
Task: C:\windows\Tasks\Security Center Update - 1018871712.job => C:\Users\gwengoetter\AppData\Roaming\Dabydyh\yzvony.exe
Task: C:\windows\Tasks\Security Center Update - 1052744025.job => C:\Users\gwengoetter\AppData\Roaming\Piteef\igsiim.exe
Task: C:\windows\Tasks\Security Center Update - 1062340554.job => C:\Users\gwengoetter\AppData\Roaming\Yskuxop\roana.exe
Task: C:\windows\Tasks\Security Center Update - 1065851581.job => C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe
Task: C:\windows\Tasks\Security Center Update - 1068615866.job => C:\Users\gwengoetter\AppData\Roaming\Endyexi\yvkyah.exe
Task: C:\windows\Tasks\Security Center Update - 1117714879.job => C:\Users\gwengoetter\AppData\Roaming\Fotusui\upahzo.exe
Task: C:\windows\Tasks\Security Center Update - 1182424808.job => C:\Users\gwengoetter\AppData\Roaming\Igecidba\aveggag.exe
Task: C:\windows\Tasks\Security Center Update - 1182817912.job => C:\Users\gwengoetter\AppData\Roaming\Daiszaco\niocovt.exe
Task: C:\windows\Tasks\Security Center Update - 1225194303.job => C:\Users\gwengoetter\AppData\Roaming\Gaekyzf\riiryle.exe
Task: C:\windows\Tasks\Security Center Update - 1316774573.job => C:\Users\gwengoetter\AppData\Roaming\Agtime\yqazxe.exe
Task: C:\windows\Tasks\Security Center Update - 1332309068.job => C:\Users\gwengoetter\AppData\Roaming\Rikeyfo\yrzuyrh.exe
Task: C:\windows\Tasks\Security Center Update - 1333853138.job => C:\Users\gwengoetter\AppData\Roaming\Kaodzyiq\yhulp.exe
Task: C:\windows\Tasks\Security Center Update - 1365947148.job => C:\Users\gwengoetter\AppData\Roaming\Poziic\ahime.exe
Task: C:\windows\Tasks\Security Center Update - 1426077808.job => C:\Users\gwengoetter\AppData\Roaming\Ylavufy\pucuta.exe
Task: C:\windows\Tasks\Security Center Update - 1429565675.job => C:\Users\gwengoetter\AppData\Roaming\Zuliqyp\kiymudu.exe
Task: C:\windows\Tasks\Security Center Update - 1442109945.job => C:\Users\gwengoetter\AppData\Roaming\Xalapo\ecrevy.exe
Task: C:\windows\Tasks\Security Center Update - 1444872757.job => C:\Users\gwengoetter\AppData\Roaming\Eziqoz\yxbuapy.exe
Task: C:\windows\Tasks\Security Center Update - 1454764009.job => C:\Users\gwengoetter\AppData\Roaming\Qiquazo\yqmeli.exe
Task: C:\windows\Tasks\Security Center Update - 1522216968.job => C:\Users\gwengoetter\AppData\Roaming\Nuzomuyp\beapi.exe
Task: C:\windows\Tasks\Security Center Update - 1562478605.job => C:\Users\gwengoetter\AppData\Roaming\Ugzadim\soybhym.exe
Task: C:\windows\Tasks\Security Center Update - 159283237.job => C:\Users\gwengoetter\AppData\Roaming\Pebylye\iwexr.exe
Task: C:\windows\Tasks\Security Center Update - 1719967821.job => C:\Users\gwengoetter\AppData\Roaming\Ycnufi\bibak.exe
Task: C:\windows\Tasks\Security Center Update - 1778273205.job => C:\Users\gwengoetter\AppData\Roaming\Zufucaa\godyxot.exe
Task: C:\windows\Tasks\Security Center Update - 1790000926.job => C:\Users\gwengoetter\AppData\Roaming\Izleyqu\azciko.exe
Task: C:\windows\Tasks\Security Center Update - 1863044979.job => C:\Users\gwengoetter\AppData\Roaming\Ceufsu\moonug.exe
Task: C:\windows\Tasks\Security Center Update - 1870254903.job => C:\Users\gwengoetter\AppData\Roaming\Dionba\ysteuc.exe
Task: C:\windows\Tasks\Security Center Update - 1900048375.job => C:\Users\gwengoetter\AppData\Roaming\Admyaw\riaxywa.exe
Task: C:\windows\Tasks\Security Center Update - 1905289452.job => C:\Users\gwengoetter\AppData\Roaming\Boeqro\begeim.exe
Task: C:\windows\Tasks\Security Center Update - 2057961924.job => C:\Users\gwengoetter\AppData\Roaming\Amadhe\geogfye.exe
Task: C:\windows\Tasks\Security Center Update - 2059046506.job => C:\Users\gwengoetter\AppData\Roaming\Adubonu\gehaytm.exe
Task: C:\windows\Tasks\Security Center Update - 2069396391.job => C:\Users\gwengoetter\AppData\Roaming\Osepote\apkei.exe
Task: C:\windows\Tasks\Security Center Update - 2108052082.job => C:\Users\gwengoetter\AppData\Roaming\Ogosymyf\lohuhy.exe
Task: C:\windows\Tasks\Security Center Update - 2119654584.job => C:\Users\gwengoetter\AppData\Roaming\Yfxuowve\qeuzqez.exe
Task: C:\windows\Tasks\Security Center Update - 2119967301.job => C:\Users\gwengoetter\AppData\Roaming\Voymug\lexola.exe
Task: C:\windows\Tasks\Security Center Update - 2141931547.job => C:\Users\gwengoetter\AppData\Roaming\Huikonr\imisf.exe
Task: C:\windows\Tasks\Security Center Update - 2149495819.job => C:\Users\gwengoetter\AppData\Roaming\Gaxymi\uwryun.exe
Task: C:\windows\Tasks\Security Center Update - 216819031.job => C:\Users\gwengoetter\AppData\Roaming\Luamwua\omxya.exe
Task: C:\windows\Tasks\Security Center Update - 2187567767.job => C:\Users\gwengoetter\AppData\Roaming\Ynehucpu\ytecwy.exe
Task: C:\windows\Tasks\Security Center Update - 2197418134.job => C:\Users\gwengoetter\AppData\Roaming\Hufeus\icowmu.exe
Task: C:\windows\Tasks\Security Center Update - 2236782273.job => C:\Users\gwengoetter\AppData\Roaming\Hoorula\yzezo.exe
Task: C:\windows\Tasks\Security Center Update - 2397521832.job => C:\Users\gwengoetter\AppData\Roaming\Ynogivi\ydaptu.exe
Task: C:\windows\Tasks\Security Center Update - 2410123969.job => C:\Users\gwengoetter\AppData\Roaming\Aruzfu\defoepy.exe
Task: C:\windows\Tasks\Security Center Update - 2421935866.job => C:\Users\gwengoetter\AppData\Roaming\Osvanux\egihp.exe
Task: C:\windows\Tasks\Security Center Update - 2525865001.job => C:\Users\gwengoetter\AppData\Roaming\Luogex\magyqo.exe
Task: C:\windows\Tasks\Security Center Update - 2527851123.job => C:\Users\gwengoetter\AppData\Roaming\Hyqeazy\amunhy.exe
Task: C:\windows\Tasks\Security Center Update - 2531586067.job => C:\Users\gwengoetter\AppData\Roaming\Itpoyq\anqieqy.exe
Task: C:\windows\Tasks\Security Center Update - 2603120980.job => C:\Users\gwengoetter\AppData\Roaming\Edocaqa\enzyba.exe
Task: C:\windows\Tasks\Security Center Update - 2638941911.job => C:\Users\gwengoetter\AppData\Roaming\Efufgyv\oluvux.exe
Task: C:\windows\Tasks\Security Center Update - 274860021.job => C:\Users\gwengoetter\AppData\Roaming\Akakdio\kayzi.exe
Task: C:\windows\Tasks\Security Center Update - 2783678376.job => C:\Users\gwengoetter\AppData\Roaming\Ukusfe\hebyb.exe
Task: C:\windows\Tasks\Security Center Update - 2783703395.job => C:\Users\gwengoetter\AppData\Roaming\Ugytah\biynal.exe
Task: C:\windows\Tasks\Security Center Update - 2870800661.job => C:\Users\gwengoetter\AppData\Roaming\Tykidiu\komyip.exe
Task: C:\windows\Tasks\Security Center Update - 2912423504.job => C:\Users\gwengoetter\AppData\Roaming\Uvhyez\oclozop.exe
Task: C:\windows\Tasks\Security Center Update - 291363577.job => C:\Users\gwengoetter\AppData\Roaming\Huoweply\uwibwyi.exe
Task: C:\windows\Tasks\Security Center Update - 308608092.job => C:\Users\gwengoetter\AppData\Roaming\Ysnuud\vuadab.exe
Task: C:\windows\Tasks\Security Center Update - 3130767662.job => C:\Users\gwengoetter\AppData\Roaming\Piroyzuc\artefu.exe
Task: C:\windows\Tasks\Security Center Update - 313631509.job => C:\Users\gwengoetter\AppData\Roaming\Ivsawo\iqucwo.exe
Task: C:\windows\Tasks\Security Center Update - 3140316904.job => C:\Users\gwengoetter\AppData\Roaming\Oqenudo\ucretu.exe
Task: C:\windows\Tasks\Security Center Update - 317441218.job => C:\Users\gwengoetter\AppData\Roaming\Elseokyd\ycbiytx.exe
Task: C:\windows\Tasks\Security Center Update - 3193270824.job => C:\Users\gwengoetter\AppData\Roaming\Ylufxaap\itatur.exe
Task: C:\windows\Tasks\Security Center Update - 3283464668.job => C:\Users\gwengoetter\AppData\Roaming\Siumta\meery.exe
Task: C:\windows\Tasks\Security Center Update - 3312015459.job => C:\Users\gwengoetter\AppData\Roaming\Weoqceu\faihx.exe
Task: C:\windows\Tasks\Security Center Update - 3337804951.job => C:\Users\gwengoetter\AppData\Roaming\Otyfetce\faadl.exe
Task: C:\windows\Tasks\Security Center Update - 3393805048.job => C:\Users\gwengoetter\AppData\Roaming\Ydxoew\xiibum.exe
Task: C:\windows\Tasks\Security Center Update - 3443869802.job => C:\Users\gwengoetter\AppData\Roaming\Eqqoavf\ciuxgy.exe
Task: C:\windows\Tasks\Security Center Update - 3466412537.job => C:\Users\gwengoetter\AppData\Roaming\Pyixih\wytyiz.exe
Task: C:\windows\Tasks\Security Center Update - 3479996560.job => C:\Users\gwengoetter\AppData\Roaming\Sueles\ixogmeb.exe
Task: C:\windows\Tasks\Security Center Update - 3510923013.job => C:\Users\gwengoetter\AppData\Roaming\Laimge\kekaafy.exe
Task: C:\windows\Tasks\Security Center Update - 3557728678.job => C:\Users\gwengoetter\AppData\Roaming\Viidfouc\ziulvou.exe
Task: C:\windows\Tasks\Security Center Update - 3703140625.job => C:\Users\gwengoetter\AppData\Roaming\Lutizya\fowas.exe
Task: C:\windows\Tasks\Security Center Update - 3744109011.job => C:\Users\gwengoetter\AppData\Roaming\Lowoto\uxlipi.exe
Task: C:\windows\Tasks\Security Center Update - 3827994178.job => C:\Users\gwengoetter\AppData\Roaming\Wyugekeh\lybutux.exe
Task: C:\windows\Tasks\Security Center Update - 3868071995.job => C:\Users\gwengoetter\AppData\Roaming\Umqoyh\exsefic.exe
Task: C:\windows\Tasks\Security Center Update - 394917207.job => C:\Users\gwengoetter\AppData\Roaming\Uvifcei\miyksuy.exe
Task: C:\windows\Tasks\Security Center Update - 4112823248.job => C:\Users\gwengoetter\AppData\Roaming\Xeehlo\ilrum.exe
Task: C:\windows\Tasks\Security Center Update - 4128655586.job => C:\Users\gwengoetter\AppData\Roaming\Ihbyla\xiseo.exe
Task: C:\windows\Tasks\Security Center Update - 4132290481.job => C:\Users\gwengoetter\AppData\Roaming\Quezare\yrgay.exe
Task: C:\windows\Tasks\Security Center Update - 4141336692.job => C:\Users\gwengoetter\AppData\Roaming\Aqbudyno\ynray.exe
Task: C:\windows\Tasks\Security Center Update - 4173188577.job => C:\Users\gwengoetter\AppData\Roaming\Oluxin\utwiwy.exe
Task: C:\windows\Tasks\Security Center Update - 4281403968.job => C:\Users\gwengoetter\AppData\Roaming\Gitepy\etifce.exe
Task: C:\windows\Tasks\Security Center Update - 544130103.job => C:\Users\gwengoetter\AppData\Roaming\Puetak\cuibo.exe
Task: C:\windows\Tasks\Security Center Update - 570241910.job => C:\Users\gwengoetter\AppData\Roaming\Luzutii\ysdubax.exe
Task: C:\windows\Tasks\Security Center Update - 572676476.job => C:\Users\gwengoetter\AppData\Roaming\Idapgaw\miabil.exe
Task: C:\windows\Tasks\Security Center Update - 593321490.job => C:\Users\gwengoetter\AppData\Roaming\Oxydesul\ymmupy.exe
Task: C:\windows\Tasks\Security Center Update - 665673278.job => C:\Users\gwengoetter\AppData\Roaming\Idkeis\ysyczi.exe
Task: C:\windows\Tasks\Security Center Update - 75628327.job => C:\Users\gwengoetter\AppData\Roaming\Inalfad\usehdui.exe
Task: C:\windows\Tasks\Security Center Update - 762606990.job => C:\Users\gwengoetter\AppData\Roaming\Udatihyc\agfuith.exe
Task: C:\windows\Tasks\Security Center Update - 768967623.job => C:\Users\gwengoetter\AppData\Roaming\Ruhuovp\awoto.exe
Task: C:\windows\Tasks\Security Center Update - 900570450.job => C:\Users\gwengoetter\AppData\Roaming\Tuevpy\yrria.exe
Task: C:\windows\Tasks\Security Center Update - 941552149.job => C:\Users\gwengoetter\AppData\Roaming\Irduime\tayfxy.exe
Task: C:\windows\Tasks\Security Center Update - 943553264.job => C:\Users\gwengoetter\AppData\Roaming\Baekta\xaecvum.exe
Task: C:\windows\Tasks\Security Center Update - 981333664.job => C:\Users\gwengoetter\AppData\Roaming\Qiumho\ecava.exe
Task: C:\windows\Tasks\Security Center Update - 995024744.job => C:\Users\gwengoetter\AppData\Roaming\Myergiac\avsiaq.exe
cmd: netsh winsock reset
*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.

"C:\$Recycle.Bin\S-1-5-18\$541eeff7fc8cc6840a1a6882d5b1c996" directory move:

C:\$Recycle.Bin\S-1-5-18\$541eeff7fc8cc6840a1a6882d5b1c996\@ => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$541eeff7fc8cc6840a1a6882d5b1c996\n => Moved successfully.
Could not move "C:\$Recycle.Bin\S-1-5-18\$541eeff7fc8cc6840a1a6882d5b1c996" directory. => Scheduled to move on reboot.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Iproanvaelmuy => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GameServer33 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Vougowloypqiuxg => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GameServer55 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Ycixadycsody => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Lyemlazoifoderq => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Fuivruot => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Udlok => Value deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7f7f82f1-7c95-47cd-814f-950b56d58fc3} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{7f7f82f1-7c95-47cd-814f-950b56d58fc3} => Key deleted successfully.
C:\Program Files (x86)\Vgrabber_v1 => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f7f82f1-7c95-47cd-814f-950b56d58fc3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7f7f82f1-7c95-47cd-814f-950b56d58fc3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A444752C-F03B-4E19-B2CD-E80F1FC2809C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A444752C-F03B-4E19-B2CD-E80F1FC2809C} => Key deleted successfully.
"C:\Program Files (x86)\LyricsNotes" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} => Key deleted successfully.
"C:\Program Files (x86)\Coupons.com CouponBar" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7f7f82f1-7c95-47cd-814f-950b56d58fc3} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{7f7f82f1-7c95-47cd-814f-950b56d58fc3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7F7F82F1-7C95-47CD-814F-950B56D58FC3} => Value deleted successfully.
HKCR\CLSID\{7F7F82F1-7C95-47CD-814F-950B56D58FC3} => Key not found.
Winsock: Catalog5 entry 000000000004\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000004\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp => Value deleted successfully.
PCSUService => Service deleted successfully.
C:\Program Files (x86)\PC Speed Up => Moved successfully.
C:\windows\Tasks\PC SpeedUp Service Deactivator.job => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
Could not move "C:\Windows\assembly\GAC_64\Desktop.ini" => Scheduled to move on reboot.

"C:\Users\gwengoetter\AppData\Local\Temp\sxxoiiv" directory move:

C:\Users\gwengoetter\AppData\Local\Temp\sxxoiiv\sjgudmy\wow.dll => Moved successfully.
C:\Users\gwengoetter\AppData\Local\Temp\sxxoiiv\sjgudmy\wow.ini => Moved successfully.
"C:\Users\gwengoetter\AppData\Local\Temp\sxxoiiv" => Directory moved successfully.

C:\$Recycle.Bin\S-1-5-21-2093230720-1359758338-2908893637-1001\$541eeff7fc8cc6840a1a6882d5b1c996 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01E0CF3E-A94C-4A77-8CAA-94FB3E5922F8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01E0CF3E-A94C-4A77-8CAA-94FB3E5922F8} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3140316904 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3140316904 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Oqenudo => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03DD4F42-F3A9-43AB-B401-262C5B8961BE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03DD4F42-F3A9-43AB-B401-262C5B8961BE} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3466412537 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3466412537 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Pyixih => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06869E62-9A0C-42EB-8162-E62F6E0A0B16} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06869E62-9A0C-42EB-8162-E62F6E0A0B16} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2141931547 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2141931547 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Huikonr => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AE236FC-9307-4C54-B140-7E13175DB4C5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AE236FC-9307-4C54-B140-7E13175DB4C5} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1018871712 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1018871712 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Dabydyh => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D7E952A-D493-4078-B740-DAA0AB10B540} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D7E952A-D493-4078-B740-DAA0AB10B540} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 572676476 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 572676476 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Idapgaw => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E0F219D-319B-4F80-A2EA-BC952B49C594} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E0F219D-319B-4F80-A2EA-BC952B49C594} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1778273205 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1778273205 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Zufucaa => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{101CCE8F-A3A3-4F1A-B7E2-DEFF99D0F371} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{101CCE8F-A3A3-4F1A-B7E2-DEFF99D0F371} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3130767662 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3130767662 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Piroyzuc => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11561753-E2AB-4485-B429-9E51760F24AB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11561753-E2AB-4485-B429-9E51760F24AB} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2059046506 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2059046506 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Adubonu => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1192785D-FA57-4257-81B1-2CBFAE53A3FE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1192785D-FA57-4257-81B1-2CBFAE53A3FE} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1426077808 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1426077808 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Ylavufy => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11A0F084-64A3-4D18-B9A5-EC1399B791C7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11A0F084-64A3-4D18-B9A5-EC1399B791C7} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2527851123 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2527851123 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Hyqeazy => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18B0C106-5BDF-4291-BDDF-A6AA56CB6B78} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18B0C106-5BDF-4291-BDDF-A6AA56CB6B78} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1442109945 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1442109945 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Xalapo => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19E3384A-D8BD-4551-8552-F2D33E199811} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19E3384A-D8BD-4551-8552-F2D33E199811} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3193270824 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3193270824 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Ylufxaap => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C209CBD-D7BF-4195-B60A-16E02599E3D5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C209CBD-D7BF-4195-B60A-16E02599E3D5} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2525865001 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2525865001 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Luogex => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F738CC4-8E42-41C2-AEB9-AD0085F330BC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F738CC4-8E42-41C2-AEB9-AD0085F330BC} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2187567767 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2187567767 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Ynehucpu => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2245FCA1-7C8A-4F7A-9660-49DF5E686E64} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2245FCA1-7C8A-4F7A-9660-49DF5E686E64} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1052744025 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1052744025 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Piteef => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{241EB36B-D1A0-4DBD-88CD-C9721EBD4EB6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{241EB36B-D1A0-4DBD-88CD-C9721EBD4EB6} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1182424808 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1182424808 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Igecidba => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26080D11-14F1-45AE-BBC2-C8BDD270502C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26080D11-14F1-45AE-BBC2-C8BDD270502C} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 768967623 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 768967623 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Ruhuovp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29E2F5EE-640F-4F3A-9451-FB6FE3161FD3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29E2F5EE-640F-4F3A-9451-FB6FE3161FD3} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 4128655586 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4128655586 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Ihbyla => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B2B2340-949B-4612-BF18-82DD0E5992DA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B2B2340-949B-4612-BF18-82DD0E5992DA} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1719967821 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1719967821 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Ycnufi => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CE13260-DA8B-459F-A646-48AD22B34721} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CE13260-DA8B-459F-A646-48AD22B34721} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1444872757 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1444872757 => Key deleted successfully.
C:\Users\gwengoetter\AppData\Roaming\Eziqoz => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D479D88-D56D-4D4D-98EB-71B99083125D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D479D88-D56D-4D4D-98EB-71B99083125D} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 4173188577 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4173188577 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D56C2B5-F6FE-4B86-A1A7-1899D3A992CA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D56C2B5-F6FE-4B86-A1A7-1899D3A992CA} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 981333664 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 981333664 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31EBDD26-B7FA-4210-83BD-25055E7326B1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31EBDD26-B7FA-4210-83BD-25055E7326B1} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2119654584 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2119654584 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33511355-002A-4F50-97E6-702A1E5BF711} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33511355-002A-4F50-97E6-702A1E5BF711} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 995024744 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 995024744 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{356C8175-E345-4F82-9761-6BD9510C97F6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{356C8175-E345-4F82-9761-6BD9510C97F6} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1225194303 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1225194303 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{360B5315-7726-4B46-9A48-AEAE2F0EEFD1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{360B5315-7726-4B46-9A48-AEAE2F0EEFD1} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2912423504 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2912423504 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3642BC81-CCC5-4B77-A249-D92F652BF658} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3642BC81-CCC5-4B77-A249-D92F652BF658} => Key deleted successfully.
C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36EBA975-7FB0-42FB-85A1-2B6EB770790B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36EBA975-7FB0-42FB-85A1-2B6EB770790B} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 570241910 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 570241910 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D28B38E-F991-4AD3-9E73-9E998E386536} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D28B38E-F991-4AD3-9E73-9E998E386536} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1316774573 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1316774573 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EF3F61E-8817-42F3-AD1B-CDEF06619DA4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EF3F61E-8817-42F3-AD1B-CDEF06619DA4} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 900570450 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 900570450 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FCD29A1-81CF-42CE-B201-797897523AD8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FCD29A1-81CF-42CE-B201-797897523AD8} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1562478605 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1562478605 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4079081C-7DE1-4BAB-8F8F-2F4CF4691FFC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4079081C-7DE1-4BAB-8F8F-2F4CF4691FFC} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2119967301 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2119967301 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{420D97FA-AFE9-4F06-9728-39FC55B12E0D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420D97FA-AFE9-4F06-9728-39FC55B12E0D} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1900048375 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1900048375 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42CCBA91-632E-4A96-A6A8-ED73530960D3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42CCBA91-632E-4A96-A6A8-ED73530960D3} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3283464668 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3283464668 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4651425B-ACF3-493F-AAA7-E369173B588D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4651425B-ACF3-493F-AAA7-E369173B588D} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 159283237 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 159283237 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B0268CC-F85F-4EFA-B0BB-D104E2D897B6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B0268CC-F85F-4EFA-B0BB-D104E2D897B6} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2603120980 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2603120980 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B5E28A6-EB5B-4C4B-B732-2A29C3BC6536} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B5E28A6-EB5B-4C4B-B732-2A29C3BC6536} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3337804951 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3337804951 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52BB01C7-B7FF-44CE-A9D3-E6575B9C8D36} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52BB01C7-B7FF-44CE-A9D3-E6575B9C8D36} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3443869802 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3443869802 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5845DDFA-344F-4EA8-9269-FEE4FB03E736} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5845DDFA-344F-4EA8-9269-FEE4FB03E736} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3510923013 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3510923013 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5ABF40B5-181B-4597-9621-04285EB93A5E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ABF40B5-181B-4597-9621-04285EB93A5E} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 75628327 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 75628327 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D64FDC3-C8E0-4B4B-A2C1-D1F0FB4F2198} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D64FDC3-C8E0-4B4B-A2C1-D1F0FB4F2198} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1365947148 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1365947148 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61566599-C431-4272-8E69-742BA16E3009} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61566599-C431-4272-8E69-742BA16E3009} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1454764009 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1454764009 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63379A9F-13A5-4969-8D0C-36C148F70699} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63379A9F-13A5-4969-8D0C-36C148F70699} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 665673278 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 665673278 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64F62FF2-307D-471F-9D63-DAF1F0162714} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64F62FF2-307D-471F-9D63-DAF1F0162714} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 317441218 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 317441218 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66AF02CE-0E59-4158-910E-D1977AE20E4C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66AF02CE-0E59-4158-910E-D1977AE20E4C} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 313631509 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 313631509 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68A5CEEC-AC2C-47C2-A31F-543E5277A690} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68A5CEEC-AC2C-47C2-A31F-543E5277A690} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1068615866 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1068615866 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{699FC089-9FA6-4BC1-B2F8-FE4EE2B96408} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{699FC089-9FA6-4BC1-B2F8-FE4EE2B96408} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3868071995 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3868071995 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7351BEE0-F600-48E6-B188-E8615A62D799} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7351BEE0-F600-48E6-B188-E8615A62D799} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1062340554 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1062340554 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{764F447E-A864-42CE-9359-C638AA9B6A44} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{764F447E-A864-42CE-9359-C638AA9B6A44} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3479996560 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3479996560 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CF40DE0-D77A-4EF9-9F4D-72B73B6CF3FA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CF40DE0-D77A-4EF9-9F4D-72B73B6CF3FA} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1790000926 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1790000926 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84785A53-99E4-4617-A840-FCC9DE66C8CF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84785A53-99E4-4617-A840-FCC9DE66C8CF} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1522216968 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1522216968 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A05C68D-C7AA-490C-BF1C-833828F48D6A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A05C68D-C7AA-490C-BF1C-833828F48D6A} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2870800661 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2870800661 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A494CFF-B910-4F96-9F78-A6C8EC0B969A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A494CFF-B910-4F96-9F78-A6C8EC0B969A} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1905289452 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1905289452 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A5A7ACB-65C7-4E98-8FB2-ECC5A19903AE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A5A7ACB-65C7-4E98-8FB2-ECC5A19903AE} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2531586067 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2531586067 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C753A24-1467-4A95-BC60-1290791D6C92} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C753A24-1467-4A95-BC60-1290791D6C92} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2108052082 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2108052082 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E1C321B-7464-452B-9270-1C78D3A5375E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E1C321B-7464-452B-9270-1C78D3A5375E} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3393805048 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3393805048 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9329A00F-2E0E-4325-AB51-0ACE75872E72} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9329A00F-2E0E-4325-AB51-0ACE75872E72} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 593321490 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 593321490 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95613DB8-5B68-44E5-B186-8D8736AF2CD6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95613DB8-5B68-44E5-B186-8D8736AF2CD6} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2197418134 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2197418134 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{960E0A57-F93E-4032-B83D-DA48C3FCAD80} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{960E0A57-F93E-4032-B83D-DA48C3FCAD80} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2638941911 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2638941911 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A76222C-02F7-472B-89F4-777C347DA613} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A76222C-02F7-472B-89F4-777C347DA613} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1332309068 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1332309068 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B77BBD1-51DC-482B-BD07-ABFE10FAF41E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B77BBD1-51DC-482B-BD07-ABFE10FAF41E} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1870254903 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1870254903 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CD39B2E-2F52-4B48-B89D-568B0C6C67BD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CD39B2E-2F52-4B48-B89D-568B0C6C67BD} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 291363577 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 291363577 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D98973D-DEBF-4445-A77D-E8677EDD7F85} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D98973D-DEBF-4445-A77D-E8677EDD7F85} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 4132290481 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4132290481 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DAF91CF-68E7-4351-BEF2-8A485FFCC5A1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DAF91CF-68E7-4351-BEF2-8A485FFCC5A1} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2783703395 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2783703395 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A21C4DD0-74BC-4895-9784-77DA371B2FC4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A21C4DD0-74BC-4895-9784-77DA371B2FC4} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3703140625 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3703140625 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A22BA64B-9EE0-4CE8-8931-23E69481B8AF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A22BA64B-9EE0-4CE8-8931-23E69481B8AF} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 394917207 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 394917207 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5DB07CC-B092-438F-839B-BC5D0A5A1B8B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5DB07CC-B092-438F-839B-BC5D0A5A1B8B} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1333853138 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1333853138 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6F7F64B-F351-457B-B2E6-CAF04804202B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6F7F64B-F351-457B-B2E6-CAF04804202B} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 216819031 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 216819031 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7B6C1FD-CA0A-486B-B314-27F39D49A6FA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7B6C1FD-CA0A-486B-B314-27F39D49A6FA} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1863044979 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1863044979 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACB1F204-64B9-4E22-B8B2-A57EE25CFD62} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACB1F204-64B9-4E22-B8B2-A57EE25CFD62} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 308608092 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 308608092 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1620079-F3A0-4222-93C8-6E02DDE35625} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1620079-F3A0-4222-93C8-6E02DDE35625} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2069396391 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2069396391 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2EE0893-B6D4-4AE6-854E-857654127603} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2EE0893-B6D4-4AE6-854E-857654127603} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2410123969 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2410123969 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B705CE92-F7CC-462A-AB27-DC7353C6F8A3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B705CE92-F7CC-462A-AB27-DC7353C6F8A3} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 544130103 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 544130103 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7E9D2C5-7A1F-4414-AF04-D4B2971187B7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7E9D2C5-7A1F-4414-AF04-D4B2971187B7} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 4281403968 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4281403968 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB6F1438-558B-4908-B0B3-42B9346A5497} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB6F1438-558B-4908-B0B3-42B9346A5497} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3744109011 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3744109011 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDD42F2E-AFAB-41A0-A9BC-4F5C9C0E05DE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDD42F2E-AFAB-41A0-A9BC-4F5C9C0E05DE} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1182817912 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1182817912 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0FB3921-CA74-4B6F-B8B9-95EC6D7FB2B8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0FB3921-CA74-4B6F-B8B9-95EC6D7FB2B8} => Key deleted successfully.
C:\Windows\System32\Tasks\DealPly => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAC171F0-6505-432C-AE1D-8D6C81E37594} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAC171F0-6505-432C-AE1D-8D6C81E37594} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 943553264 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 943553264 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D00E4B27-05D0-40AD-94F2-3CB2CFDB2FF5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D00E4B27-05D0-40AD-94F2-3CB2CFDB2FF5} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 4141336692 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4141336692 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3AAE4BF-C50B-46CA-8C7C-688D540E9E45} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3AAE4BF-C50B-46CA-8C7C-688D540E9E45} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 274860021 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 274860021 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5FEB6A6-0314-458C-892E-A018D24EDAD5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5FEB6A6-0314-458C-892E-A018D24EDAD5} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 941552149 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 941552149 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAFC76F1-0493-4A0D-BDE2-F8A7875CC068} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAFC76F1-0493-4A0D-BDE2-F8A7875CC068} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1429565675 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1429565675 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E126786C-6B27-4D78-B64F-1F14F84744B5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E126786C-6B27-4D78-B64F-1F14F84744B5} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1117714879 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1117714879 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3FC76CC-704C-40FF-9F66-B25D6532D802} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3FC76CC-704C-40FF-9F66-B25D6532D802} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 4112823248 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4112823248 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8B68103-B94F-47C4-9CAC-8F83FCC60CDE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8B68103-B94F-47C4-9CAC-8F83FCC60CDE} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2783678376 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2783678376 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC484C54-E41B-4EF6-AA97-CF9CC558A86B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC484C54-E41B-4EF6-AA97-CF9CC558A86B} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3312015459 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3312015459 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE05A987-7605-46CD-AAE5-30C771FCDF5D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE05A987-7605-46CD-AAE5-30C771FCDF5D} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2421935866 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2421935866 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFC868F6-13E6-4DC6-90EE-7808F625C270} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFC868F6-13E6-4DC6-90EE-7808F625C270} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2057961924 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2057961924 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F25205DD-2908-4871-BF0F-817A957BA977} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F25205DD-2908-4871-BF0F-817A957BA977} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3827994178 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3827994178 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F30B2951-5E13-4032-BD07-3E92E81DBF68} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F30B2951-5E13-4032-BD07-3E92E81DBF68} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2149495819 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2149495819 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4991C10-DB27-4318-8260-7311196FAE22} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4991C10-DB27-4318-8260-7311196FAE22} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2397521832 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2397521832 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA64137F-525A-45D0-A4CE-6EB999BBE815} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA64137F-525A-45D0-A4CE-6EB999BBE815} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1065851581 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1065851581 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAE2E802-A47A-4B56-A957-4EBE5A98F1FC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAE2E802-A47A-4B56-A957-4EBE5A98F1FC} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2236782273 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2236782273 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB140413-7F02-4E1A-9271-004F5C141B99} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB140413-7F02-4E1A-9271-004F5C141B99} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 762606990 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 762606990 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF671236-93E1-458E-9179-11EC437F7B56} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF671236-93E1-458E-9179-11EC437F7B56} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3557728678 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3557728678 => Key deleted successfully.
C:\windows\Tasks\PC SpeedUp Service Deactivator.job not found.
C:\windows\Tasks\Security Center Update - 1018871712.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1052744025.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1062340554.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1065851581.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1068615866.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1117714879.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1182424808.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1182817912.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1225194303.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1316774573.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1332309068.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1333853138.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1365947148.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1426077808.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1429565675.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1442109945.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1444872757.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1454764009.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1522216968.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1562478605.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 159283237.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1719967821.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1778273205.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1790000926.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1863044979.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1870254903.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1900048375.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 1905289452.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2057961924.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2059046506.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2069396391.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2108052082.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2119654584.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2119967301.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2141931547.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2149495819.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 216819031.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2187567767.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2197418134.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2236782273.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2397521832.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2410123969.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2421935866.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2525865001.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2527851123.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2531586067.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2603120980.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2638941911.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 274860021.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2783678376.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2783703395.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2870800661.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 2912423504.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 291363577.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 308608092.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3130767662.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 313631509.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3140316904.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 317441218.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3193270824.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3283464668.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3312015459.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3337804951.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3393805048.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3443869802.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3466412537.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3479996560.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3510923013.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3557728678.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3703140625.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3744109011.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3827994178.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 3868071995.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 394917207.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 4112823248.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 4128655586.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 4132290481.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 4141336692.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 4173188577.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 4281403968.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 544130103.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 570241910.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 572676476.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 593321490.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 665673278.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 75628327.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 762606990.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 768967623.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 900570450.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 941552149.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 943553264.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 981333664.job => Moved successfully.
C:\windows\Tasks\Security Center Update - 995024744.job => Moved successfully.

========= netsh winsock reset =========

The following helper DLL cannot be loaded: WSHELPER.DLL.
The following command was not found: winsock reset.

========= End of CMD: =========

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-11-30 23:50:27)<=

C:\$Recycle.Bin\S-1-5-18\$541eeff7fc8cc6840a1a6882d5b1c996 => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.

==== End of Fixlog ====

There were two TDSSKiller logs, 3 min apart...

First:

23:56:50.0628 0x04dc TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
23:56:50.0628 0x04dc UEFI system
23:56:57.0607 0x04dc ============================================================
23:56:57.0607 0x04dc Current date / time: 2013/11/30 23:56:57.0607
23:56:57.0607 0x04dc SystemInfo:
23:56:57.0607 0x04dc
23:56:57.0607 0x04dc OS Version: 6.2.9200 ServicePack: 0.0
23:56:57.0607 0x04dc Product type: Workstation
23:56:57.0607 0x04dc ComputerName: GOETTERS4BACON
23:56:57.0607 0x04dc UserName: gwengoetter
23:56:57.0607 0x04dc Windows directory: C:\windows
23:56:57.0607 0x04dc System windows directory: C:\windows
23:56:57.0607 0x04dc Running under WOW64
23:56:57.0607 0x04dc Processor architecture: Intel x64
23:56:57.0607 0x04dc Number of processors: 2
23:56:57.0607 0x04dc Page size: 0x1000
23:56:57.0607 0x04dc Boot type: Normal boot
23:56:57.0607 0x04dc ============================================================
23:56:58.0668 0x04dc KLMD registered as C:\windows\system32\drivers\75246046.sys
23:56:58.0761 0x04dc System UUID: {D0DE1A84-2ABB-E0CC-B017-6942276708FD}
23:56:59.0760 0x04dc Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:56:59.0760 0x04dc Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:56:59.0760 0x04dc ============================================================
23:56:59.0760 0x04dc \Device\Harddisk0\DR0:
23:56:59.0760 0x04dc GPT partitions:
23:56:59.0760 0x04dc \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3C9513CD-4E27-45B2-8489-458E7B887694}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
23:56:59.0760 0x04dc \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {EDC5B92A-9811-46F7-A58D-809C7DBED3E8}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
23:56:59.0775 0x04dc \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {28849E52-D8E3-4891-B52E-9BA40C8671EC}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
23:56:59.0775 0x04dc \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9A1E242D-A985-49B2-9481-AA5C24237231}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x37901800
23:56:59.0775 0x04dc \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {387DC583-5750-4F32-A518-902E8701299A}, Name: Basic data partition, StartLBA 0x37BF5800, BlocksNum 0x2790800
23:56:59.0775 0x04dc MBR partitions:
23:56:59.0775 0x04dc \Device\Harddisk1\DR1:
23:56:59.0775 0x04dc MBR partitions:
23:56:59.0775 0x04dc \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
23:56:59.0775 0x04dc ============================================================
23:56:59.0885 0x04dc C: <-> \Device\Harddisk0\DR0\Partition4
23:57:00.0025 0x04dc D: <-> \Device\Harddisk0\DR0\Partition5
23:57:00.0025 0x04dc ============================================================
23:57:00.0025 0x04dc Initialize success
23:57:00.0025 0x04dc ============================================================
23:57:41.0714 0x02a8 KLMD registered as C:\windows\system32\drivers\06181298.sys
23:57:42.0682 0x02a8 Deinitialize success

#9
lawnguybri

Posted 30 November 2013 - 11:37 PM

Member

Topic Starter
Member
102 posts

Wouldnt let me post all in one reply.....

Second TDSSKiller log:

23:59:00.0814 0x0830 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
23:59:00.0814 0x0830 UEFI system
23:59:00.0892 0x0830 ============================================================
23:59:00.0892 0x0830 Current date / time: 2013/11/30 23:59:00.0892
23:59:00.0892 0x0830 SystemInfo:
23:59:00.0892 0x0830
23:59:00.0892 0x0830 OS Version: 6.2.9200 ServicePack: 0.0
23:59:00.0892 0x0830 Product type: Workstation
23:59:00.0892 0x0830 ComputerName: GOETTERS4BACON
23:59:00.0892 0x0830 UserName: gwengoetter
23:59:00.0892 0x0830 Windows directory: C:\windows
23:59:00.0892 0x0830 System windows directory: C:\windows
23:59:00.0892 0x0830 Running under WOW64
23:59:00.0892 0x0830 Processor architecture: Intel x64
23:59:00.0892 0x0830 Number of processors: 2
23:59:00.0892 0x0830 Page size: 0x1000
23:59:00.0892 0x0830 Boot type: Normal boot
23:59:00.0892 0x0830 ============================================================
23:59:00.0892 0x0830 BG loaded
23:59:01.0079 0x0830 System UUID: {D0DE1A84-2ABB-E0CC-B017-6942276708FD}
23:59:02.0249 0x0830 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:59:02.0296 0x0830 Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:59:02.0296 0x0830 ============================================================
23:59:02.0296 0x0830 \Device\Harddisk0\DR0:
23:59:02.0311 0x0830 GPT partitions:
23:59:02.0311 0x0830 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3C9513CD-4E27-45B2-8489-458E7B887694}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
23:59:02.0311 0x0830 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {EDC5B92A-9811-46F7-A58D-809C7DBED3E8}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
23:59:02.0311 0x0830 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {28849E52-D8E3-4891-B52E-9BA40C8671EC}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
23:59:02.0311 0x0830 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9A1E242D-A985-49B2-9481-AA5C24237231}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x37901800
23:59:02.0311 0x0830 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {387DC583-5750-4F32-A518-902E8701299A}, Name: Basic data partition, StartLBA 0x37BF5800, BlocksNum 0x2790800
23:59:02.0311 0x0830 MBR partitions:
23:59:02.0311 0x0830 \Device\Harddisk1\DR1:
23:59:02.0327 0x0830 MBR partitions:
23:59:02.0327 0x0830 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
23:59:02.0327 0x0830 ============================================================
23:59:02.0389 0x0830 C: <-> \Device\Harddisk0\DR0\Partition4
23:59:02.0561 0x0830 D: <-> \Device\Harddisk0\DR0\Partition5
23:59:02.0561 0x0830 ============================================================
23:59:02.0561 0x0830 Initialize success
23:59:02.0561 0x0830 ============================================================
00:00:33.0031 0x0530 ============================================================
00:00:33.0031 0x0530 Scan started
00:00:33.0031 0x0530 Mode: Manual; SigCheck; TDLFS;
00:00:33.0031 0x0530 ============================================================
00:00:33.0031 0x0530 KSN ping started
00:00:33.0093 0x0530 KSN ping finished: false
00:00:37.0628 0x0530 ================ Scan system memory ========================
00:00:37.0628 0x0530 System memory - ok
00:00:38.0094 0x0530 ================ Scan services =============================
00:00:38.0687 0x0530 [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci C:\windows\System32\drivers\1394ohci.sys
00:00:39.0358 0x0530 1394ohci - ok
00:00:39.0467 0x0530 [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware C:\windows\system32\drivers\3ware.sys
00:00:39.0529 0x0530 3ware - ok
00:00:39.0670 0x0530 [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI C:\windows\system32\drivers\ACPI.sys
00:00:39.0794 0x0530 ACPI - ok
00:00:39.0857 0x0530 [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex C:\windows\system32\Drivers\acpiex.sys
00:00:39.0904 0x0530 acpiex - ok
00:00:39.0966 0x0530 [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr C:\windows\System32\drivers\acpipagr.sys
00:00:40.0075 0x0530 acpipagr - ok
00:00:40.0231 0x0530 [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi C:\windows\System32\drivers\acpipmi.sys
00:00:40.0294 0x0530 AcpiPmi - ok
00:00:40.0309 0x0530 [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime C:\windows\System32\drivers\acpitime.sys
00:00:40.0777 0x0530 acpitime - ok
00:00:40.0933 0x0530 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:00:40.0996 0x0530 AdobeARMservice - ok
00:00:43.0320 0x0530 [ EA856F4A46320389D1899B2CAA7BF40F, C6ED82398481093B5EDF0D89D165AD1534139274239401414E0D59DBBA175686 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:00:43.0351 0x0530 AdobeFlashPlayerUpdateSvc - ok
00:00:43.0429 0x0530 [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx C:\windows\system32\drivers\adp94xx.sys
00:00:43.0523 0x0530 adp94xx - ok
00:00:43.0585 0x0530 [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci C:\windows\system32\drivers\adpahci.sys
00:00:43.0663 0x0530 adpahci - ok
00:00:43.0757 0x0530 [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320 C:\windows\system32\drivers\adpu320.sys
00:00:43.0804 0x0530 adpu320 - ok
00:00:43.0882 0x0530 [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc C:\windows\System32\aelupsvc.dll
00:00:43.0928 0x0530 AeLookupSvc - ok
00:00:44.0022 0x0530 [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
00:00:44.0053 0x0530 AERTFilters - ok
00:00:44.0147 0x0530 [ 36D6A3201721558A8AFBCC09C2DA4C2C, 66BBD6F2267A6418625D54F114B87248590E48C182085B3F43AEF585554F4A17 ] AFD C:\windows\system32\drivers\afd.sys
00:00:44.0225 0x0530 AFD - ok
00:00:44.0303 0x0530 [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440 C:\windows\system32\drivers\agp440.sys
00:00:44.0334 0x0530 agp440 - ok
00:00:44.0396 0x0530 [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG C:\windows\System32\alg.exe
00:00:44.0724 0x0530 ALG - ok
00:00:44.0911 0x0530 [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
00:00:45.0099 0x0530 AllUserInstallAgent - ok
00:00:45.0254 0x0530 [ 15223ECAD7D688273DADA63ADA8B6BBA, 4E6261A8E89CF0491FAE680C9A842D46E4C693300D7DA7412AF02728486CDFFF ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
00:00:45.0863 0x0530 AMD External Events Utility - ok
00:00:45.0956 0x0530 [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8 C:\windows\System32\drivers\amdk8.sys
00:00:46.0097 0x0530 AmdK8 - ok
00:00:47.0080 0x0530 [ 8EEBE772FA7D2A6436D6DBDE5EC7191B, B6108A3DF9348D5500FC741AEACFD94044AE4AA5314DEDCF4A4B491F12E7AC15 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
00:00:47.0844 0x0530 amdkmdag - ok
00:00:47.0953 0x0530 [ 9B08F939F313CC8D57789C528F6B4C4B, 3CC2E9BC7EAF7F193DB53A91B706369077CAD769F3585823389564235FCD09EE ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
00:00:48.0094 0x0530 amdkmdap - ok
00:00:48.0156 0x0530 [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM C:\windows\System32\drivers\amdppm.sys
00:00:48.0219 0x0530 AmdPPM - ok
00:00:48.0265 0x0530 [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata C:\windows\system32\drivers\amdsata.sys
00:00:48.0297 0x0530 amdsata - ok
00:00:48.0343 0x0530 [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
00:00:48.0390 0x0530 amdsbs - ok
00:00:48.0406 0x0530 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata C:\windows\system32\drivers\amdxata.sys
00:00:48.0453 0x0530 amdxata - ok
00:00:48.0499 0x0530 [ 823F34D1DEF120A657BB7529ABF4461F, C56D6614F6B3DA13DF7F6AC6B70ACA39D1DB146F7324CF96029CA038C3063DB3 ] AppHostSvc C:\windows\system32\inetsrv\apphostsvc.dll
00:00:48.0546 0x0530 AppHostSvc - ok
00:00:48.0577 0x0530 [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID C:\windows\system32\drivers\appid.sys
00:00:48.0655 0x0530 AppID - ok
00:00:48.0765 0x0530 [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc C:\windows\System32\appidsvc.dll
00:00:48.0858 0x0530 AppIDSvc - ok
00:00:48.0889 0x0530 [ D64C4AFEE8277F35EF729A2B924666B0, 543AA2B2CD09820437646CFE01AFDBA6B764AA588E663759DEB93CB4F25E09D7 ] Appinfo C:\windows\System32\appinfo.dll
00:00:48.0952 0x0530 Appinfo - ok
00:00:48.0999 0x0530 [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc C:\windows\system32\drivers\arc.sys
00:00:49.0030 0x0530 arc - ok
00:00:49.0045 0x0530 [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas C:\windows\system32\drivers\arcsas.sys
00:00:49.0092 0x0530 arcsas - ok
00:00:49.0264 0x0530 [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:00:49.0342 0x0530 aspnet_state - ok
00:00:49.0373 0x0530 [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
00:00:49.0420 0x0530 AsyncMac - ok
00:00:49.0467 0x0530 [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi C:\windows\system32\drivers\atapi.sys
00:00:49.0545 0x0530 atapi - ok
00:00:49.0654 0x0530 [ 810ED88782952228AF9C0985FB7D259E, 234DE596B4A92BE5955B1D766721FBC55D853D0620BD54E1445FB199434D0052 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
00:00:49.0732 0x0530 AudioEndpointBuilder - ok
00:00:49.0997 0x0530 [ 25CA8B87479A374919563B3EE7136F32, 1954C7C67C6493879D431746BD311BEDBA2C54E689551D45CE1E1D67692E9FF8 ] Audiosrv C:\windows\System32\Audiosrv.dll
00:00:50.0106 0x0530 Audiosrv - ok
00:00:50.0247 0x0530 [ 64A0A811F096834E8B85AB5009609D10, 000CDB733DCD1827E25279CEF712D6906CF625EEF179390C8B7BD16CB7C86894 ] Avgwfpa C:\windows\system32\DRIVERS\avgwfpa.sys
00:00:50.0356 0x0530 Avgwfpa - ok
00:00:50.0403 0x0530 [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV C:\windows\System32\AxInstSV.dll
00:00:50.0465 0x0530 AxInstSV - ok
00:00:50.0559 0x0530 [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
00:00:50.0621 0x0530 b06bdrv - ok
00:00:50.0668 0x0530 [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay C:\windows\System32\drivers\BasicDisplay.sys
00:00:50.0761 0x0530 BasicDisplay - ok
00:00:50.0793 0x0530 [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender C:\windows\System32\drivers\BasicRender.sys
00:00:50.0855 0x0530 BasicRender - ok
00:00:50.0964 0x0530 [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC C:\windows\System32\bdesvc.dll
00:00:51.0011 0x0530 BDESVC - ok
00:00:51.0073 0x0530 [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep C:\windows\system32\drivers\Beep.sys
00:00:51.0198 0x0530 Beep - ok
00:00:51.0510 0x0530 [ ED97ADAF00A61F57A2CCBBB1CE58C600, FD1BF5EE623F54FC253C8F32DA22AEB361260E555D12AD81338A505B6ECE40AE ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130107.001\BHDrvx64.sys
00:00:51.0619 0x0530 BHDrvx64 - ok
00:00:51.0697 0x0530 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:00:51.0744 0x0530 Bonjour Service - ok
00:00:51.0791 0x0530 [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
00:00:51.0885 0x0530 bowser - ok
00:00:51.0947 0x0530 [ 975398A3D2C1FEA73FC93931978DF354, 623E66E79BF16AC82E5DD579B1D50AA1A884FAFC042C3C8A1B503C97A84098DF ] BrokerInfrastructure C:\windows\System32\bisrv.dll
00:00:52.0009 0x0530 BrokerInfrastructure - ok
00:00:52.0056 0x0530 [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser C:\windows\System32\browser.dll
00:00:52.0103 0x0530 Browser - ok
00:00:52.0150 0x0530 [ 3AA4309EBD9491E516F13FE3DC752FEE, 32F058279C2C2E35C4E47030C71297ACFD6762190B3397F639AD56B16B5E5D93 ] BthAvrcpTg C:\windows\System32\drivers\BthAvrcpTg.sys
00:00:52.0181 0x0530 BthAvrcpTg - ok
00:00:52.0228 0x0530 [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum C:\windows\System32\drivers\bthhfenum.sys
00:00:52.0337 0x0530 BthHFEnum - ok
00:00:52.0415 0x0530 [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid C:\windows\System32\drivers\BthHFHid.sys
00:00:52.0493 0x0530 bthhfhid - ok
00:00:52.0571 0x0530 [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM C:\windows\System32\drivers\bthmodem.sys
00:00:52.0774 0x0530 BTHMODEM - ok
00:00:52.0992 0x0530 [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv C:\windows\system32\bthserv.dll
00:00:53.0086 0x0530 bthserv - ok
00:00:53.0398 0x0530 [ 248C952C82DF1E23775432774CBB20F1, D04D382E7963B84E4856534A2FA209787FEBA2B6F21F579CA8F7C6BE4AA10072 ] ccSet_NIS C:\windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys
00:00:53.0476 0x0530 ccSet_NIS - ok
00:00:53.0679 0x0530 [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
00:00:53.0866 0x0530 cdfs - ok
00:00:53.0944 0x0530 [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom C:\windows\System32\drivers\cdrom.sys
00:00:54.0037 0x0530 cdrom - ok
00:00:54.0973 0x0530 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc C:\windows\System32\certprop.dll
00:00:55.0083 0x0530 CertPropSvc - ok
00:00:55.0145 0x0530 [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass C:\windows\System32\drivers\circlass.sys
00:00:55.0332 0x0530 circlass - ok
00:00:55.0441 0x0530 [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS C:\windows\system32\drivers\CLFS.sys
00:00:55.0551 0x0530 CLFS - ok
00:00:55.0675 0x0530 [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive C:\windows\system32\DRIVERS\CLVirtualDrive.sys
00:00:55.0707 0x0530 CLVirtualDrive - ok
00:00:55.0754 0x0530 [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt C:\windows\System32\drivers\CmBatt.sys
00:00:55.0816 0x0530 CmBatt - ok
00:00:55.0941 0x0530 [ E708BFF0473EC6B271EA46B65B16CA56, 2B4C661F7C5A4395CA4204122A1C3C8AA766B56C3D01CD8BAAFA18F71FC7B591 ] CNG C:\windows\system32\Drivers\cng.sys
00:00:56.0034 0x0530 CNG - ok
00:00:56.0112 0x0530 [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus C:\windows\System32\drivers\CompositeBus.sys
00:00:56.0237 0x0530 CompositeBus - ok
00:00:56.0253 0x0530 COMSysApp - ok
00:00:56.0315 0x0530 [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv C:\windows\system32\drivers\condrv.sys
00:00:56.0409 0x0530 condrv - ok
00:00:56.0487 0x0530 [ F0E78B119D12BA81F163D48C0FF30B9A, 9622A2F36F03A33E7D145C439BD62D5AEFD53064D60BCC787555D1AF8CB936A9 ] CryptSvc C:\windows\system32\cryptsvc.dll
00:00:56.0596 0x0530 CryptSvc - ok
00:00:56.0658 0x0530 [ C4D01BD86D6B207275FC143EEA951D75, D36F7BBE0DB3EAD0C74DE5E6622C89D4568760D8735B6E191AD30990EA8018DC ] dam C:\windows\system32\drivers\dam.sys
00:00:56.0721 0x0530 dam - ok
00:00:56.0924 0x0530 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch C:\windows\system32\rpcss.dll
00:00:58.0140 0x0530 DcomLaunch - ok
00:00:58.0250 0x0530 [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc C:\windows\System32\defragsvc.dll
00:00:59.0342 0x0530 defragsvc - ok
00:00:59.0435 0x0530 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\windows\system32\das.dll
00:00:59.0607 0x0530 DeviceAssociationService - ok
00:00:59.0701 0x0530 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall C:\windows\system32\umpnpmgr.dll
00:00:59.0763 0x0530 DeviceInstall - ok
00:00:59.0841 0x0530 [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] Dfsc C:\windows\system32\Drivers\dfsc.sys
00:00:59.0872 0x0530 Dfsc - ok
00:01:00.0028 0x0530 [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp C:\windows\system32\dhcpcore.dll
00:01:00.0168 0x0530 Dhcp - ok
00:01:00.0200 0x0530 [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache C:\windows\system32\drivers\discache.sys
00:01:00.0293 0x0530 discache - ok
00:01:00.0371 0x0530 [ 560495FF4CA22E1D9B1972FA18F43B6F, 41FFDD4C1097AA857A8177E34F101A1A9C1429A4E8DEC3D395C6135A9E112CD6 ] disk C:\windows\system32\drivers\disk.sys
00:01:00.0434 0x0530 disk - ok
00:01:00.0496 0x0530 [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc C:\windows\System32\drivers\dmvsc.sys
00:01:00.0636 0x0530 dmvsc - ok
00:01:00.0730 0x0530 [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache C:\windows\System32\dnsrslvr.dll
00:01:00.0792 0x0530 Dnscache - ok
00:01:00.0902 0x0530 [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc C:\windows\System32\dot3svc.dll
00:01:00.0995 0x0530 dot3svc - ok
00:01:01.0042 0x0530 [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4 C:\windows\system32\DRIVERS\Dot4.sys
00:01:01.0073 0x0530 dot4 - ok
00:01:01.0136 0x0530 [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print C:\windows\System32\drivers\Dot4Prt.sys
00:01:01.0151 0x0530 Dot4Print - ok
00:01:01.0198 0x0530 [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
00:01:01.0229 0x0530 dot4usb - ok
00:01:01.0307 0x0530 [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS C:\windows\system32\dps.dll
00:01:01.0432 0x0530 DPS - ok
00:01:01.0495 0x0530 [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
00:01:01.0557 0x0530 drmkaud - ok
00:01:01.0666 0x0530 [ BF48F32EE248C3D371DA5DC93BBEADA7, C8E9B685A8F2F99140382557F11E362D899E7EC6693ADEFE762F0A3850585C63 ] DsmSvc C:\windows\System32\DeviceSetupManager.dll
00:01:01.0744 0x0530 DsmSvc - ok
00:01:01.0916 0x0530 [ ED120AA770A78B5079F8C7BB5AF8A035, 3B9D1EF81EC679F264C1305AA008B717F6DBEE32297350494A153370695BC37F ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
00:01:02.0150 0x0530 DXGKrnl - ok
00:01:02.0274 0x0530 [ 651FBD69A9713D623D456A240F96179C, 22A1F306B454EF9C84D25EF266F3ED0E1D896B1F5BE60170E79F37F2DBCA59F4 ] e1iexpress C:\windows\system32\DRIVERS\e1i63x64.sys
00:01:02.0368 0x0530 e1iexpress - ok
00:01:02.0446 0x0530 [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost C:\windows\System32\eapsvc.dll
00:01:02.0524 0x0530 Eaphost - ok
00:01:02.0774 0x0530 [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv C:\windows\system32\drivers\evbda.sys
00:01:03.0101 0x0530 ebdrv - ok
00:01:03.0320 0x0530 [ 4353FF94D47A0A9D52B89ECCF0CDB013, 8926D1BA577B59ED7A7B5D7ED170A934ACD81541563DB81916E11BAD2DB8282B ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:01:03.0382 0x0530 eeCtrl - ok
00:01:03.0444 0x0530 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] EFS C:\windows\System32\lsass.exe
00:01:03.0522 0x0530 EFS - ok
00:01:03.0569 0x0530 [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass C:\windows\system32\drivers\EhStorClass.sys
00:01:03.0632 0x0530 EhStorClass - ok
00:01:03.0679 0x0530 [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv C:\windows\system32\drivers\EhStorTcgDrv.sys
00:01:03.0757 0x0530 EhStorTcgDrv - ok
00:01:03.0819 0x0530 [ C5BCCB378D0A896304A3E71BE7215983, 33202DEDDA66C7D5D268E7B36320C104A097A43D099BD9D2E4EC20EC0997FBF3 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:01:03.0866 0x0530 EraserUtilRebootDrv - ok
00:01:03.0928 0x0530 [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev C:\windows\System32\drivers\errdev.sys
00:01:03.0975 0x0530 ErrDev - ok
00:01:04.0131 0x0530 [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem C:\windows\system32\es.dll
00:01:04.0256 0x0530 EventSystem - ok
00:01:04.0349 0x0530 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat C:\windows\system32\drivers\exfat.sys
00:01:04.0458 0x0530 exfat - ok
00:01:04.0552 0x0530 [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat C:\windows\system32\drivers\fastfat.sys
00:01:04.0630 0x0530 fastfat - ok
00:01:04.0770 0x0530 [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax C:\windows\system32\fxssvc.exe
00:01:04.0880 0x0530 Fax - ok
00:01:04.0911 0x0530 [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc C:\windows\System32\drivers\fdc.sys
00:01:04.0958 0x0530 fdc - ok
00:01:05.0005 0x0530 [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost C:\windows\system32\fdPHost.dll
00:01:05.0098 0x0530 fdPHost - ok
00:01:05.0145 0x0530 [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub C:\windows\system32\fdrespub.dll
00:01:05.0239 0x0530 FDResPub - ok
00:01:05.0301 0x0530 [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc C:\windows\system32\fhsvc.dll
00:01:05.0363 0x0530 fhsvc - ok
00:01:05.0410 0x0530 [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
00:01:05.0457 0x0530 FileInfo - ok
00:01:05.0488 0x0530 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace C:\windows\system32\drivers\filetrace.sys
00:01:05.0551 0x0530 Filetrace - ok
00:01:05.0613 0x0530 [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk C:\windows\System32\drivers\flpydisk.sys
00:01:05.0675 0x0530 flpydisk - ok
00:01:05.0785 0x0530 [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
00:01:05.0847 0x0530 FltMgr - ok
00:01:06.0050 0x0530 [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache C:\windows\system32\FntCache.dll
00:01:06.0268 0x0530 FontCache - ok
00:01:06.0346 0x0530 [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:01:06.0393 0x0530 FontCache3.0.0.0 - ok
00:01:06.0455 0x0530 [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
00:01:06.0502 0x0530 FsDepends - ok
00:01:06.0549 0x0530 [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
00:01:06.0580 0x0530 Fs_Rec - ok
00:01:06.0705 0x0530 [ FA228F4BB10DC7ED7E7D131C034E2331, 0463B1DB8BB2B5AF95EAD988EA9DEB5483D9E78C07E07BAC1E3CC46C086B3BB0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
00:01:06.0799 0x0530 fvevol - ok
00:01:06.0861 0x0530 [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM C:\windows\System32\drivers\fxppm.sys
00:01:06.0923 0x0530 FxPPM - ok
00:01:07.0017 0x0530 [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
00:01:07.0064 0x0530 gagp30kx - ok
00:01:07.0111 0x0530 [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter C:\windows\System32\drivers\vmgencounter.sys
00:01:07.0157 0x0530 gencounter - ok
00:01:07.0235 0x0530 [ CA18ECFCFFDD638ECE80799A9056B238, FEA6778443253CBAA9FF43A980D576A3F449B036151F91495F04CE0C54F02254 ] GPIOClx0101 C:\windows\system32\Drivers\msgpioclx.sys
00:01:07.0282 0x0530 GPIOClx0101 - ok
00:01:07.0516 0x0530 [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc C:\windows\System32\gpsvc.dll
00:01:07.0781 0x0530 gpsvc - ok
00:01:07.0922 0x0530 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:01:08.0047 0x0530 gupdate - ok
00:01:08.0109 0x0530 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:01:08.0140 0x0530 gupdatem - ok
00:01:08.0249 0x0530 [ C2504AA983B5D411F7D31402E8B57725, B07370E6BF87546F2557C423F7450CBE90E2A13042DEA2864B6047EFE9F459C5 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
00:01:08.0359 0x0530 HdAudAddService - ok
00:01:08.0452 0x0530 [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] HDAudBus C:\windows\System32\drivers\HDAudBus.sys
00:01:08.0530 0x0530 HDAudBus - ok
00:01:08.0608 0x0530 [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt C:\windows\System32\drivers\HidBatt.sys
00:01:08.0671 0x0530 HidBatt - ok
00:01:08.0702 0x0530 [ A25BAE8C1F2830C8E5625EC7E4E968BE, 81D441B6616094C604453D8EC289C29D9B84A323B5C7C312C96C8380D51538DA ] HidBth C:\windows\System32\drivers\hidbth.sys
00:01:08.0795 0x0530 HidBth - ok
00:01:08.0873 0x0530 [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c C:\windows\System32\drivers\hidi2c.sys
00:01:08.0920 0x0530 hidi2c - ok
00:01:08.0983 0x0530 [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr C:\windows\System32\drivers\hidir.sys
00:01:09.0045 0x0530 HidIr - ok
00:01:09.0139 0x0530 [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv C:\windows\system32\hidserv.dll
00:01:09.0185 0x0530 hidserv - ok
00:01:09.0217 0x0530 [ 590B6F71BCDA4368B4BF7D8DF22B60F7, 5CED8ACCBBF373607A8CEC81E9F9856C450A73A969E07DF3218B85F444CA7D3F ] HidUsb C:\windows\System32\drivers\hidusb.sys
00:01:09.0263 0x0530 HidUsb - ok
00:01:09.0357 0x0530 [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc C:\windows\system32\kmsvc.dll
00:01:09.0419 0x0530 hkmsvc - ok
00:01:09.0529 0x0530 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\windows\system32\ListSvc.dll
00:01:09.0653 0x0530 HomeGroupListener - ok
00:01:09.0763 0x0530 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\windows\system32\provsvc.dll
00:01:09.0887 0x0530 HomeGroupProvider - ok
00:01:10.0012 0x0530 [ E1C037A7E05FD39E6C1AF93CEEFDC53A, D20B056BE5CEB5D471170D6627157D8848376FF319BFE12C7331B0F2C0EBB4A4 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:01:10.0106 0x0530 HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
00:01:10.0418 0x0530 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
00:01:10.0511 0x0530 [ 949B6D4F2FEFDE409D1D73DA56739EA4, 31739AD0F7B01C081EC7933A912B29FA8C9EA189FC13287B967F44AC53681C4D ] HPConnectedRemote c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
00:01:10.0527 0x0530 HPConnectedRemote - ok
00:01:10.0652 0x0530 [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
00:01:10.0730 0x0530 hpqwmiex - ok
00:01:10.0777 0x0530 [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
00:01:10.0823 0x0530 HpSAMD - ok
00:01:10.0933 0x0530 [ 29CB98187BB5711F7759540976D295FC, 75F98F2E2CA19B637DF1FC7C4E1FCCF0C50FCEDC69E07B2AD6AE139ED8E3AE99 ] HTTP C:\windows\system32\drivers\HTTP.sys
00:01:11.0120 0x0530 HTTP - ok
00:01:11.0182 0x0530 [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
00:01:11.0198 0x0530 hwpolicy - ok
00:01:11.0229 0x0530 [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd C:\windows\System32\drivers\hyperkbd.sys
00:01:11.0385 0x0530 hyperkbd - ok
00:01:11.0447 0x0530 [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo C:\windows\system32\DRIVERS\HyperVideo.sys
00:01:11.0494 0x0530 HyperVideo - ok
00:01:11.0541 0x0530 [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt C:\windows\System32\drivers\i8042prt.sys
00:01:11.0603 0x0530 i8042prt - ok
00:01:11.0728 0x0530 [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
00:01:11.0775 0x0530 iaStorV - ok
00:01:12.0181 0x0530 [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
00:01:12.0461 0x0530 IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
00:01:12.0461 0x0530 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
00:01:12.0461 0x0530 Force sending object to P2P due to detect: C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
00:01:12.0477 0x0530 Object send P2P result: false
00:01:12.0602 0x0530 [ A48928D4CCA6F8B731989DB08CF2C0AB, DDAEF30F16B65439D44096D97976D94EEE82240A375078930E921523E147732E ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130109.001\IDSvia64.sys
00:01:12.0664 0x0530 IDSVia64 - ok
00:01:13.0382 0x0530 [ 83915E05E168AB63B48302F7DC5D8E00, CD7300A5FFD5A8CE47690CDC1223F4693C536D5667F842CA457CC8716AA3F618 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
00:01:14.0240 0x0530 igfx - ok
00:01:14.0334 0x0530 [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp C:\windows\system32\drivers\iirsp.sys
00:01:14.0365 0x0530 iirsp - ok
00:01:14.0505 0x0530 [ 531B5A98145DA689741A0AC18F14EA94, BFD6FF79EA87627B2E5D96747518928119B60CFE772AE15F1643F9738DCD4DBB ] IKEEXT C:\windows\System32\ikeext.dll
00:01:14.0630 0x0530 IKEEXT - ok
00:01:14.0958 0x0530 [ 60E17BAF7A93E1BFC37971C0A3AB1B5E, E25F3535523B992ACC11B22EE9123B88A68D135DB19CCDCB4317894EC6135C65 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
00:01:15.0254 0x0530 IntcAzAudAddService - ok
00:01:15.0301 0x0530 [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide C:\windows\system32\drivers\intelide.sys
00:01:15.0332 0x0530 intelide - ok
00:01:15.0363 0x0530 [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm C:\windows\System32\drivers\intelppm.sys
00:01:15.0441 0x0530 intelppm - ok
00:01:15.0504 0x0530 [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
00:01:15.0550 0x0530 IpFilterDriver - ok
00:01:15.0597 0x0530 [ 6E98A046A12AA113F8898AA5D612BD6E, 28816CC1F03F2BFBF099C087C0BB6949E959F44C888DD2D0528FF7ED5D665ECF ] IPMIDRV C:\windows\System32\drivers\IPMIDrv.sys
00:01:15.0644 0x0530 IPMIDRV - ok
00:01:15.0675 0x0530 [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT C:\windows\system32\drivers\ipnat.sys
00:01:15.0722 0x0530 IPNAT - ok
00:01:15.0753 0x0530 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM C:\windows\system32\drivers\irenum.sys
00:01:15.0784 0x0530 IRENUM - ok
00:01:15.0831 0x0530 [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp C:\windows\system32\drivers\isapnp.sys
00:01:15.0878 0x0530 isapnp - ok
00:01:15.0956 0x0530 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF, 8FFF92828C3DC20F0F42C42E58A03B59A4E0187963F728DC618C9595FB2D0239 ] iScsiPrt C:\windows\System32\drivers\msiscsi.sys
00:01:16.0018 0x0530 iScsiPrt - ok
00:01:16.0065 0x0530 [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass C:\windows\System32\drivers\kbdclass.sys
00:01:16.0096 0x0530 kbdclass - ok
00:01:16.0159 0x0530 [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid C:\windows\System32\drivers\kbdhid.sys
00:01:16.0190 0x0530 kbdhid - ok
00:01:16.0221 0x0530 [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic C:\windows\system32\DRIVERS\kdnic.sys
00:01:16.0252 0x0530 kdnic - ok
00:01:16.0268 0x0530 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] KeyIso C:\windows\system32\lsass.exe
00:01:16.0315 0x0530 KeyIso - ok
00:01:16.0362 0x0530 [ DFA480F6DED551464F3A5B959F437800, C07AB6F28A09FCBE11EECAD03B06CEAE1016EC24031FCA0C092639E90FBA84CF ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
00:01:16.0408 0x0530 KSecDD - ok
00:01:16.0471 0x0530 [ 127FB0AAD232BAAD2C9BBACD374F4FC5, 3BC56F6B4374062C96149D69ACE053DF81A278F0361599F5A2F3DB1F76F0AD68 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
00:01:16.0549 0x0530 KSecPkg - ok
00:01:16.0611 0x0530 [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
00:01:16.0658 0x0530 ksthunk - ok
00:01:16.0736 0x0530 [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm C:\windows\system32\msdtckrm.dll
00:01:16.0861 0x0530 KtmRm - ok
00:01:16.0970 0x0530 [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer C:\windows\system32\srvsvc.dll
00:01:17.0079 0x0530 LanmanServer - ok
00:01:17.0142 0x0530 [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
00:01:17.0251 0x0530 LanmanWorkstation - ok
00:01:17.0282 0x0530 [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
00:01:17.0360 0x0530 lltdio - ok
00:01:17.0454 0x0530 [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc C:\windows\System32\lltdsvc.dll
00:01:17.0547 0x0530 lltdsvc - ok
00:01:17.0610 0x0530 [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts C:\windows\System32\lmhsvc.dll
00:01:17.0672 0x0530 lmhosts - ok
00:01:17.0750 0x0530 [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
00:01:17.0797 0x0530 LSI_SAS - ok
00:01:17.0812 0x0530 [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
00:01:17.0859 0x0530 LSI_SAS2 - ok
00:01:17.0906 0x0530 [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
00:01:17.0937 0x0530 LSI_SCSI - ok
00:01:17.0953 0x0530 [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS C:\windows\system32\drivers\lsi_sss.sys
00:01:18.0000 0x0530 LSI_SSS - ok
00:01:18.0156 0x0530 [ A57BA284F5996FFD32DCDBC41A4657DB, 2106B83873A824BC83EF42FAC9DD9A0F741209535A84AE65EA8E786519920043 ] LSM C:\windows\System32\lsm.dll
00:01:18.0280 0x0530 LSM - ok
00:01:18.0358 0x0530 [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv C:\windows\system32\drivers\luafv.sys
00:01:18.0514 0x0530 luafv - ok
00:01:18.0546 0x0530 [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas C:\windows\system32\drivers\megasas.sys
00:01:18.0577 0x0530 megasas - ok
00:01:18.0655 0x0530 [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
00:01:18.0717 0x0530 MegaSR - ok
00:01:18.0764 0x0530 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS C:\windows\system32\mmcss.dll
00:01:18.0858 0x0530 MMCSS - ok
00:01:18.0889 0x0530 [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem C:\windows\system32\drivers\modem.sys
00:01:18.0951 0x0530 Modem - ok
00:01:18.0982 0x0530 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935, CC3F4E09F8834C7293B607446FECFE3CBB9B9151E65AAD38E2A4A8B30244DE14 ] monitor C:\windows\system32\DRIVERS\monitor.sys
00:01:19.0092 0x0530 monitor - ok
00:01:19.0107 0x0530 [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass C:\windows\System32\drivers\mouclass.sys
00:01:19.0123 0x0530 mouclass - ok
00:01:19.0154 0x0530 [ CB2527B8B87D83E56FBF3944BBB6F606, F8DA5AF97B91099C58E14D1DACBCA02AF8F193E53A88DDC8CC4C0655A2E4F90B ] mouhid C:\windows\System32\drivers\mouhid.sys
00:01:19.0201 0x0530 mouhid - ok
00:01:19.0216 0x0530 [ 89D263DBF08119CE16273991C120D6DD, 9771EDAD266F0E234E71DFB6792F396710E051F2ADCA5CDADEBBD2790D0E6054 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
00:01:19.0248 0x0530 mountmgr - ok
00:01:19.0294 0x0530 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C, BCBFF081FAFB822CE29D291FB329FC310D90F0EC0D1BB69CF8CB09ED5A2E84D1 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
00:01:19.0388 0x0530 mpsdrv - ok
00:01:19.0435 0x0530 [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
00:01:19.0528 0x0530 MRxDAV - ok
00:01:19.0606 0x0530 [ 877D60D6E4156EC4A2E0B6871D41BED9, 7B648AD34793770F249BCB2D3A10B2633EE1A15F1D8EF4FC657B936E9E4E7A9F ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
00:01:19.0684 0x0530 mrxsmb - ok
00:01:19.0716 0x0530 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
00:01:19.0778 0x0530 mrxsmb10 - ok
00:01:19.0809 0x0530 [ E078446D4B8622AA6030C7B8A1A08962, CF322CC4C851718C5BAFCCDFDC80A6076DD2EDC8DC2ACA8F03E7EDB19E776DD0 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
00:01:19.0856 0x0530 mrxsmb20 - ok
00:01:19.0918 0x0530 [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge C:\windows\system32\DRIVERS\bridge.sys
00:01:19.0981 0x0530 MsBridge - ok
00:01:20.0028 0x0530 [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC C:\windows\System32\msdtc.exe
00:01:20.0106 0x0530 MSDTC - ok
00:01:20.0168 0x0530 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs C:\windows\system32\drivers\Msfs.sys
00:01:20.0199 0x0530 Msfs - ok
00:01:20.0246 0x0530 [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32 C:\windows\System32\drivers\msgpiowin32.sys
00:01:20.0277 0x0530 msgpiowin32 - ok
00:01:20.0293 0x0530 [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
00:01:20.0324 0x0530 mshidkmdf - ok
00:01:20.0355 0x0530 [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf C:\windows\System32\drivers\mshidumdf.sys
00:01:20.0386 0x0530 mshidumdf - ok
00:01:20.0449 0x0530 [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv C:\windows\system32\drivers\msisadrv.sys
00:01:20.0464 0x0530 msisadrv - ok
00:01:20.0542 0x0530 [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI C:\windows\system32\iscsiexe.dll
00:01:20.0605 0x0530 MSiSCSI - ok
00:01:20.0620 0x0530 msiserver - ok
00:01:20.0652 0x0530 [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
00:01:20.0698 0x0530 MSKSSRV - ok
00:01:20.0714 0x0530 [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp C:\windows\system32\DRIVERS\mslldp.sys
00:01:20.0761 0x0530 MsLldp - ok
00:01:20.0776 0x0530 [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
00:01:20.0839 0x0530 MSPCLOCK - ok
00:01:20.0854 0x0530 [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
00:01:20.0901 0x0530 MSPQM - ok
00:01:20.0979 0x0530 [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC C:\windows\system32\drivers\MsRPC.sys
00:01:21.0026 0x0530 MsRPC - ok
00:01:21.0057 0x0530 [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios C:\windows\System32\drivers\mssmbios.sys
00:01:21.0104 0x0530 mssmbios - ok
00:01:21.0120 0x0530 [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
00:01:21.0166 0x0530 MSTEE - ok
00:01:21.0182 0x0530 [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig C:\windows\System32\drivers\MTConfig.sys
00:01:21.0229 0x0530 MTConfig - ok
00:01:21.0276 0x0530 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup C:\windows\system32\Drivers\mup.sys
00:01:21.0322 0x0530 Mup - ok
00:01:21.0338 0x0530 [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis C:\windows\system32\drivers\mvumis.sys
00:01:21.0369 0x0530 mvumis - ok
00:01:21.0478 0x0530 [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent C:\windows\system32\qagentRT.dll
00:01:21.0572 0x0530 napagent - ok
00:01:21.0666 0x0530 [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
00:01:21.0775 0x0530 NativeWifiP - ok
00:01:21.0837 0x0530 [ C58D8A669D6551F616D90244BD2C2D4F, 43D954E6DC903179552E85DEB3666DB3D9EAA1DA6A1F6E515DD02D1716FDDCC4 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130110.005\ENG64.SYS
00:01:21.0993 0x0530 NAVENG - ok
00:01:22.0290 0x0530 [ A3DBDB412ADFA5882DD6843B11FE0828, CDE6C98C249E6A03D4148F343A80A5A5E182C328B950CD314F769A356FAC9065 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130110.005\EX64.SYS
00:01:22.0570 0x0530 NAVEX15 - ok
00:01:22.0711 0x0530 [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc C:\windows\System32\ncasvc.dll
00:01:22.0773 0x0530 NcaSvc - ok
00:01:22.0820 0x0530 [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup C:\windows\System32\NcdAutoSetup.dll
00:01:22.0960 0x0530 NcdAutoSetup - ok
00:01:23.0070 0x0530 [ 0F89AE618DBA5D8AB7A2DFCC375F4159, 92868F9437CCBDC615651C371121AB94E3F0244C064783996C21A7629C8ED1D7 ] NDIS C:\windows\system32\drivers\ndis.sys
00:01:23.0210 0x0530 NDIS - ok
00:01:23.0257 0x0530 [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
00:01:23.0304 0x0530 NdisCap - ok
00:01:23.0319 0x0530 [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform C:\windows\system32\DRIVERS\NdisImPlatform.sys
00:01:23.0366 0x0530 NdisImPlatform - ok
00:01:23.0413 0x0530 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
00:01:23.0460 0x0530 NdisTapi - ok
00:01:23.0475 0x0530 [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
00:01:23.0506 0x0530 Ndisuio - ok
00:01:23.0522 0x0530 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
00:01:23.0584 0x0530 NdisWan - ok
00:01:23.0616 0x0530 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY C:\windows\system32\DRIVERS\ndiswan.sys
00:01:23.0662 0x0530 NDISWANLEGACY - ok
00:01:23.0709 0x0530 [ CE6EBC0AD38CC6482D8FBB744FF15CE2, B8712DB2E574ECFBC840FAAFB874644AB56909382BA2A5A8BC599874BBEAA543 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
00:01:23.0756 0x0530 NDProxy - ok
00:01:23.0803 0x0530 [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu C:\windows\system32\drivers\Ndu.sys
00:01:23.0850 0x0530 Ndu - ok
00:01:23.0865 0x0530 [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
00:01:23.0896 0x0530 NetBIOS - ok
00:01:23.0928 0x0530 [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
00:01:23.0990 0x0530 NetBT - ok
00:01:24.0021 0x0530 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] Netlogon C:\windows\system32\lsass.exe
00:01:24.0052 0x0530 Netlogon - ok
00:01:24.0115 0x0530 [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman C:\windows\System32\netman.dll
00:01:24.0224 0x0530 Netman - ok
00:01:24.0349 0x0530 [ C166E3CD90AB0781ECDF10EC765B083A, 0BC4C9A49C2B616F2E06957BF855733981CD3D7EF5D7F01AF544FF0FD42F14D0 ] netprofm C:\windows\System32\netprofmsvc.dll
00:01:24.0396 0x0530 netprofm - ok
00:01:24.0536 0x0530 [ E020B4201757864B621C247AC9448BBF, CBD1327E7CA5F170825A22FF4BDB1EE8AB5988892108BDACA0D9A6D9BA77DD65 ] netr28x C:\windows\system32\DRIVERS\netr28x.sys
00:01:24.0692 0x0530 netr28x - ok
00:01:24.0801 0x0530 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:01:24.0864 0x0530 NetTcpPortSharing - ok
00:01:24.0910 0x0530 [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
00:01:24.0957 0x0530 nfrd960 - ok
00:01:25.0082 0x0530 [ 4A9258B9597A31DB68EC9740F3A8A70B, 08A0A3AB6668F9AC2699D353C1E33BB5CE71988D767CB4CAF6F84649E5C16510 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe
00:01:25.0098 0x0530 NIS - ok
00:01:25.0176 0x0530 [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc C:\windows\System32\nlasvc.dll
00:01:25.0254 0x0530 NlaSvc - ok
00:01:25.0300 0x0530 [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs C:\windows\system32\drivers\Npfs.sys
00:01:25.0347 0x0530 Npfs - ok
00:01:25.0378 0x0530 [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig C:\windows\System32\drivers\npsvctrig.sys
00:01:25.0425 0x0530 npsvctrig - ok
00:01:25.0519 0x0530 [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi C:\windows\system32\nsisvc.dll
00:01:25.0550 0x0530 nsi - ok
00:01:25.0628 0x0530 [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
00:01:25.0659 0x0530 nsiproxy - ok
00:01:26.0002 0x0530 [ 11D7A4A4A1DA60F394F53B413DCDF0DE, 53ED04CCB6CBBD1D33F8222E46D847E13DAC1363191000715DBB5D5AB4EEF3BB ] Ntfs C:\windows\system32\drivers\Ntfs.sys
00:01:26.0346 0x0530 Ntfs - ok
00:01:26.0392 0x0530 [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null C:\windows\system32\drivers\Null.sys
00:01:26.0470 0x0530 Null - ok
00:01:26.0517 0x0530 [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid C:\windows\system32\drivers\nvraid.sys
00:01:26.0595 0x0530 nvraid - ok
00:01:26.0627 0x0530 [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor C:\windows\system32\drivers\nvstor.sys
00:01:26.0673 0x0530 nvstor - ok
00:01:26.0705 0x0530 [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
00:01:26.0767 0x0530 nv_agp - ok
00:01:26.0845 0x0530 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc C:\windows\system32\pnrpsvc.dll
00:01:26.0907 0x0530 p2pimsvc - ok
00:01:27.0001 0x0530 [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc C:\windows\system32\p2psvc.dll
00:01:27.0079 0x0530 p2psvc - ok
00:01:27.0141 0x0530 [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport C:\windows\System32\drivers\parport.sys
00:01:27.0188 0x0530 Parport - ok
00:01:27.0235 0x0530 [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr C:\windows\system32\drivers\partmgr.sys
00:01:27.0297 0x0530 partmgr - ok
00:01:27.0406 0x0530 [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc C:\windows\System32\pcasvc.dll
00:01:27.0469 0x0530 PcaSvc - ok
00:01:27.0578 0x0530 [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci C:\windows\system32\drivers\pci.sys
00:01:27.0625 0x0530 pci - ok
00:01:27.0672 0x0530 [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide C:\windows\system32\drivers\pciide.sys
00:01:27.0718 0x0530 pciide - ok
00:01:27.0765 0x0530 [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
00:01:27.0828 0x0530 pcmcia - ok
00:01:27.0890 0x0530 [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw C:\windows\system32\drivers\pcw.sys
00:01:27.0921 0x0530 pcw - ok
00:01:27.0984 0x0530 [ EF9B4F3136B4C45F421ADE6871659FB6, 372B6C8F08721D6143E3D02CE3F966ED16C03F8C1880587982A0545CBC5C99FD ] pdc C:\windows\system32\drivers\pdc.sys
00:01:28.0031 0x0530 pdc - ok
00:01:28.0233 0x0530 [ 70DBB6A8B52B3830922F1C5789E1BEEB, 30288885789753FE19B51A200137E916E10BCD4211EFF50931C19E88824EADC0 ] PEAUTH C:\windows\system32\drivers\peauth.sys
00:01:28.0389 0x0530 PEAUTH - ok
00:01:28.0530 0x0530 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost C:\windows\SysWow64\perfhost.exe
00:01:28.0748 0x0530 PerfHost - ok
00:01:28.0935 0x0530 [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla C:\windows\system32\pla.dll
00:01:29.0201 0x0530 pla - ok
00:01:29.0247 0x0530 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay C:\windows\system32\umpnpmgr.dll
00:01:29.0294 0x0530 PlugPlay - ok
00:01:29.0325 0x0530 [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
00:01:29.0450 0x0530 PNRPAutoReg - ok
00:01:29.0481 0x0530 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc C:\windows\system32\pnrpsvc.dll
00:01:29.0544 0x0530 PNRPsvc - ok
00:01:29.0622 0x0530 [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent C:\windows\System32\ipsecsvc.dll
00:01:29.0778 0x0530 PolicyAgent - ok
00:01:29.0825 0x0530 [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power C:\windows\system32\umpo.dll
00:01:29.0996 0x0530 Power - ok
00:01:30.0043 0x0530 [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
00:01:30.0121 0x0530 PptpMiniport - ok
00:01:30.0464 0x0530 [ C2D3B3D0060619D5E03E696BD56FF59F, 155954F16B6F9B51BA16F43F1AE6F977B1EC4DE77862C6F6C722293189BE0DD2 ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
00:01:30.0792 0x0530 PrintNotify - ok
00:01:30.0854 0x0530 [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor C:\windows\System32\drivers\processr.sys
00:01:30.0885 0x0530 Processor - ok
00:01:30.0948 0x0530 [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc C:\windows\system32\profsvc.dll
00:01:30.0995 0x0530 ProfSvc - ok
00:01:31.0041 0x0530 [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched C:\windows\system32\DRIVERS\pacer.sys
00:01:31.0088 0x0530 Psched - ok
00:01:31.0135 0x0530 [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE C:\windows\system32\qwave.dll
00:01:31.0244 0x0530 QWAVE - ok
00:01:31.0291 0x0530 [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
00:01:31.0338 0x0530 QWAVEdrv - ok
00:01:31.0353 0x0530 [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
00:01:31.0463 0x0530 RasAcd - ok
00:01:31.0494 0x0530 [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
00:01:31.0572 0x0530 RasAgileVpn - ok
00:01:31.0634 0x0530 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto C:\windows\System32\rasauto.dll
00:01:31.0806 0x0530 RasAuto - ok
00:01:31.0821 0x0530 [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
00:01:31.0915 0x0530 Rasl2tp - ok
00:01:32.0009 0x0530 [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan C:\windows\System32\rasmans.dll
00:01:32.0133 0x0530 RasMan - ok
00:01:32.0196 0x0530 [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
00:01:32.0258 0x0530 RasPppoe - ok
00:01:32.0274 0x0530 [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
00:01:32.0336 0x0530 RasSstp - ok
00:01:32.0414 0x0530 [ B72C33DBD5326B3864CF2091AF8B906B, 85A22311FA870CE43CF70F69D7D101D96B9095A992DCF5FA1587886F6D4282DC ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
00:01:32.0477 0x0530 rdbss - ok
00:01:32.0555 0x0530 [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus C:\windows\System32\drivers\rdpbus.sys
00:01:32.0648 0x0530 rdpbus - ok
00:01:32.0679 0x0530 [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
00:01:32.0789 0x0530 RDPDR - ok
00:01:32.0882 0x0530 [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
00:01:32.0913 0x0530 RdpVideoMiniport - ok
00:01:32.0991 0x0530 [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
00:01:33.0085 0x0530 RDPWD - ok
00:01:33.0132 0x0530 [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost C:\windows\system32\drivers\rdyboost.sys
00:01:33.0179 0x0530 rdyboost - ok
00:01:33.0303 0x0530 [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess C:\windows\System32\mprdim.dll
00:01:33.0366 0x0530 RemoteAccess - ok
00:01:33.0444 0x0530 [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry C:\windows\system32\regsvc.dll
00:01:33.0584 0x0530 RemoteRegistry - ok
00:01:33.0647 0x0530 [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
00:01:33.0803 0x0530 RpcEptMapper - ok
00:01:33.0865 0x0530 [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator C:\windows\system32\locator.exe
00:01:34.0021 0x0530 RpcLocator - ok
00:01:34.0115 0x0530 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs C:\windows\system32\rpcss.dll
00:01:34.0302 0x0530 RpcSs - ok
00:01:34.0411 0x0530 [ 7BFDFD1D2244B444D7BBC55087426518, 06DF03A734A8A1956C842E30B4A1F143CD59B2DD09E0F8F01E6B4CE2A3D1D418 ] RSPCIESTOR C:\windows\system32\DRIVERS\RtsPStor.sys
00:01:34.0473 0x0530 RSPCIESTOR - ok
00:01:34.0536 0x0530 [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
00:01:34.0723 0x0530 rspndr - ok
00:01:34.0801 0x0530 [ 7D9DA8EC6784A9EE213C676709D46BE6, 9861D1EF107F7D1590B89098EAEA7F509C1EF46999C37703F3766BAD733D8AD2 ] RTL8168 C:\windows\system32\DRIVERS\Rt630x64.sys
00:01:34.0863 0x0530 RTL8168 - ok
00:01:34.0910 0x0530 [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap C:\windows\System32\drivers\vms3cap.sys
00:01:34.0957 0x0530 s3cap - ok
00:01:35.0004 0x0530 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] SamSs C:\windows\system32\lsass.exe
00:01:35.0082 0x0530 SamSs - ok
00:01:35.0129 0x0530 [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
00:01:35.0160 0x0530 sbp2port - ok
00:01:35.0253 0x0530 [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr C:\windows\System32\SCardSvr.dll
00:01:35.0363 0x0530 SCardSvr - ok
00:01:35.0425 0x0530 [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
00:01:35.0534 0x0530 scfilter - ok
00:01:35.0643 0x0530 [ EDCDF4DB82EF825B94B190D544C8C58B, 65E316CB66893FBA852D44F6ACE0F1DA415DBADADCA838B31DF3AB6B681E33B6 ] Schedule C:\windows\system32\schedsvc.dll
00:01:35.0784 0x0530 Schedule - ok
00:01:35.0846 0x0530 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc C:\windows\System32\certprop.dll
00:01:36.0018 0x0530 SCPolicySvc - ok
00:01:36.0065 0x0530 [ 12F06525912BBEF67837DE47D87C60A9, 996A014FAF0300D734A80A6FA2037B9A389B644342F418719173E1C20D3A8F72 ] sdbus C:\windows\System32\drivers\sdbus.sys
00:01:36.0111 0x0530 sdbus - ok
00:01:36.0205 0x0530 [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC C:\windows\System32\SDRSVC.dll
00:01:36.0314 0x0530 SDRSVC - ok
00:01:36.0345 0x0530 [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor C:\windows\System32\drivers\sdstor.sys
00:01:36.0377 0x0530 sdstor - ok
00:01:36.0423 0x0530 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
00:01:36.0455 0x0530 secdrv - ok
00:01:36.0501 0x0530 [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon C:\windows\system32\seclogon.dll
00:01:36.0564 0x0530 seclogon - ok
00:01:36.0595 0x0530 [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS C:\windows\System32\sens.dll
00:01:36.0642 0x0530 SENS - ok
00:01:36.0673 0x0530 [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc C:\windows\system32\sensrsvc.dll
00:01:36.0720 0x0530 SensrSvc - ok
00:01:36.0735 0x0530 [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx C:\windows\system32\drivers\SerCx.sys
00:01:36.0782 0x0530 SerCx - ok
00:01:36.0813 0x0530 [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum C:\windows\System32\drivers\serenum.sys
00:01:36.0876 0x0530 Serenum - ok
00:01:36.0923 0x0530 [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial C:\windows\System32\drivers\serial.sys
00:01:36.0969 0x0530 Serial - ok
00:01:36.0985 0x0530 [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse C:\windows\System32\drivers\sermouse.sys
00:01:37.0016 0x0530 sermouse - ok
00:01:37.0094 0x0530 [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv C:\windows\system32\sessenv.dll
00:01:37.0141 0x0530 SessionEnv - ok
00:01:37.0188 0x0530 [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy C:\windows\System32\drivers\sfloppy.sys
00:01:37.0219 0x0530 sfloppy - ok
00:01:37.0281 0x0530 [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\windows\System32\shsvcs.dll
00:01:37.0375 0x0530 ShellHWDetection - ok
00:01:37.0391 0x0530 [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
00:01:37.0422 0x0530 SiSRaid2 - ok
00:01:37.0453 0x0530 [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
00:01:37.0484 0x0530 SiSRaid4 - ok
00:01:37.0547 0x0530 [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP C:\windows\System32\snmptrap.exe
00:01:37.0625 0x0530 SNMPTRAP - ok
00:01:37.0671 0x0530 [ 465F3C355CE5ED2779B8F460F14C5A78, 4CDFBACBC2C228D6655DFE151249725D72D58DAE3299E15EAAEBC26FE0F712DC ] spaceport C:\windows\system32\drivers\spaceport.sys
00:01:37.0718 0x0530 spaceport - ok
00:01:37.0749 0x0530 [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx C:\windows\system32\drivers\SpbCx.sys
00:01:37.0781 0x0530 SpbCx - ok
00:01:37.0859 0x0530 [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler C:\windows\System32\spoolsv.exe
00:01:37.0952 0x0530 Spooler - ok
00:01:38.0249 0x0530 [ EC84D961501054F87A6878EC5D53388F, C69F3542B182BED4260EE1906361B72B9FFDE47FD92A161850E28BC6ED7505CC ] sppsvc C:\windows\system32\sppsvc.exe
00:01:38.0592 0x0530 sppsvc - ok
00:01:38.0717 0x0530 [ 3510E7021D2637A67FBCB5105EAE945D, 8D449AEFE427C4B5184C7CB4B3C41AC407683F95532190BFE6E103EDA35B3A74 ] SRTSP C:\windows\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS
00:01:38.0795 0x0530 SRTSP - ok
00:01:38.0810 0x0530 [ 1B884D876E87EABF5A3356BBD7321412, 5A25FC170B08F477A0EA99CAA77452F5C421D9A2562508D58C8D788D49D613BB ] SRTSPX C:\windows\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS
00:01:38.0826 0x0530 SRTSPX - ok
00:01:38.0873 0x0530 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv C:\windows\system32\DRIVERS\srv.sys
00:01:38.0951 0x0530 srv - ok
00:01:39.0029 0x0530 [ C2106BB710AA34A046126AED7BCA6964, C85E7FC80814521B951CDE9C7D2ACC0CD0591E5889DFD86D184861B7F9024DEC ] srv2 C:\windows\system32\DRIVERS\srv2.sys
00:01:39.0107 0x0530 srv2 - ok
00:01:39.0138 0x0530 [ 9400C71F5A1A380B494B6922F007D485, 66C293974BA4A61A06DC26EF48D5FA5E75377F66AD1CD774AA6827FA20A5F46E ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
00:01:39.0200 0x0530 srvnet - ok
00:01:39.0278 0x0530 [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
00:01:39.0341 0x0530 SSDPSRV - ok
00:01:39.0356 0x0530 [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc C:\windows\system32\sstpsvc.dll
00:01:39.0403 0x0530 SstpSvc - ok
00:01:39.0465 0x0530 [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor C:\windows\system32\drivers\stexstor.sys
00:01:39.0497 0x0530 stexstor - ok
00:01:39.0559 0x0530 [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc C:\windows\System32\wiaservc.dll
00:01:39.0653 0x0530 stisvc - ok
00:01:39.0684 0x0530 [ C588BBD37B432CE3204E5765B459E6B2, 6A30570C82390C4D6668137D05C7EFBE243CAC243CBE405D308E3F7B2BC5729D ] storahci C:\windows\system32\drivers\storahci.sys
00:01:39.0715 0x0530 storahci - ok
00:01:39.0731 0x0530 [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt C:\windows\system32\DRIVERS\vmstorfl.sys
00:01:39.0762 0x0530 storflt - ok
00:01:39.0824 0x0530 [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc C:\windows\system32\storsvc.dll
00:01:39.0855 0x0530 StorSvc - ok
00:01:39.0887 0x0530 [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc C:\windows\system32\drivers\storvsc.sys
00:01:39.0902 0x0530 storvsc - ok
00:01:39.0933 0x0530 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc C:\windows\system32\svsvc.dll
00:01:40.0011 0x0530 svsvc - ok
00:01:40.0027 0x0530 [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum C:\windows\System32\drivers\swenum.sys
00:01:40.0058 0x0530 swenum - ok
00:01:40.0136 0x0530 [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv C:\windows\System32\swprv.dll
00:01:40.0230 0x0530 swprv - ok
00:01:40.0308 0x0530 [ 777217682DA76337E8E6EC8AC4412B9B, 711DFF2AC65906791A9FEE7935A71ECBE9264041F15E137B3A5FCC21F5A8012A ] SymDS C:\windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS
00:01:40.0355 0x0530 SymDS - ok
00:01:40.0433 0x0530 [ 64D1AF3D04E70A681154FFF1893848F6, AD80C996D1ED97EFBBE22BE5AD0C35F698CDEDBA13B1862D8F36E800C782B7E8 ] SymEFA C:\windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS
00:01:40.0511 0x0530 SymEFA - ok
00:01:40.0557 0x0530 [ 42947647F71E9EF2167B42B372F1DDB7, AE825B7DFFAE8BCF5598C512EFAF5645C5A6C4DC90F8B3073A255223DF3AAA4A ] SymELAM C:\windows\system32\drivers\NISx64\1402000.013\SymELAM.sys
00:01:40.0573 0x0530 SymELAM - ok
00:01:40.0635 0x0530 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F, 90D7AB3F2C32C18BB8A6F0073476755C7A634CC41970D99A4D0E99A864E0EFC1 ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
00:01:40.0667 0x0530 SymEvent - ok
00:01:40.0760 0x0530 [ ADF37F1A715D6C56C8E065FD8569A9A4, 33E895CB326F62D4D22E345563B0641EB88D23B2104A07E8CEBE5ED150882767 ] SymIRON C:\windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS
00:01:40.0807 0x0530 SymIRON - ok
00:01:40.0869 0x0530 [ 1605EBD8CB86AFC4430116065995279A, DCBEB06F60F5677A2A254BAC4421E67B0119C5BAD9771FDE5FF67C2819931F02 ] SymNetS C:\windows\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS
00:01:40.0916 0x0530 SymNetS - ok
00:01:41.0025 0x0530 [ DC21E1F06343773D7E24362DCEF7944B, E5C13A2D4DEEBEDC6E0E4882FFC56322EA0474A3BD8B1C8A077293F433854F9B ] SysMain C:\windows\system32\sysmain.dll
00:01:41.0166 0x0530 SysMain - ok
00:01:41.0228 0x0530 [ E219BF7BCCFE4881B0C053C7E0B47ECC, 38638803C4586B3583D6B935876EC59CA69A91A909734A864DC6F04D59D70C52 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
00:01:41.0306 0x0530 SystemEventsBroker - ok
00:01:41.0353 0x0530 [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\windows\System32\TabSvc.dll
00:01:41.0400 0x0530 TabletInputService - ok
00:01:41.0462 0x0530 [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv C:\windows\System32\tapisrv.dll
00:01:41.0525 0x0530 TapiSrv - ok
00:01:41.0821 0x0530 [ D192288CE5FB395F0BBAFDD1A8B5285D, 41D6C80B9E34DCAA0A81C5FC375B454B7C13DFDF6D95594E2E33C39FC54A402F ] Tcpip C:\windows\system32\drivers\tcpip.sys
00:01:42.0024 0x0530 Tcpip - ok
00:01:42.0289 0x0530 [ D192288CE5FB395F0BBAFDD1A8B5285D, 41D6C80B9E34DCAA0A81C5FC375B454B7C13DFDF6D95594E2E33C39FC54A402F ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
00:01:42.0461 0x0530 TCPIP6 - ok
00:01:42.0539 0x0530 [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
00:01:42.0585 0x0530 tcpipreg - ok
00:01:42.0617 0x0530 [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx C:\windows\system32\DRIVERS\tdx.sys
00:01:42.0679 0x0530 tdx - ok
00:01:42.0679 0x0530 [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt C:\windows\System32\drivers\terminpt.sys
00:01:42.0726 0x0530 terminpt - ok
00:01:42.0835 0x0530 [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService C:\windows\System32\termsrv.dll
00:01:42.0913 0x0530 TermService - ok
00:01:42.0929 0x0530 [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes C:\windows\system32\themeservice.dll
00:01:43.0007 0x0530 Themes - ok
00:01:43.0054 0x0530 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER C:\windows\system32\mmcss.dll
00:01:43.0085 0x0530 THREADORDER - ok
00:01:43.0147 0x0530 [ FF4135424A79DCC2998276D8E39C9B4D, B61F57BC38B9C6E0576F1F555C41957D8F187D99D392967A8EBB66C73BFD3CBD ] TimeBroker C:\windows\System32\TimeBrokerServer.dll
00:01:43.0210 0x0530 TimeBroker - ok
00:01:43.0272 0x0530 [ B44EFE254C0B3719E4037088D24FE4B5, 5AC07658A599470C2BCB2813E644B132DDF886510470F5CC636113CEC48DC0F3 ] TPM C:\windows\system32\drivers\tpm.sys
00:01:43.0319 0x0530 TPM - ok
00:01:43.0366 0x0530 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks C:\windows\System32\trkwks.dll
00:01:43.0412 0x0530 TrkWks - ok
00:01:43.0459 0x0530 [ 8D516AEF3C1DF980664CF17BB1FF6093, D68A82D7DE647EAD68D5B8F3E8174B520C7FC6387EC68C8685B3E161C6020488 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
00:01:43.0490 0x0530 TrustedInstaller - ok
00:01:43.0537 0x0530 [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
00:01:43.0568 0x0530 TsUsbFlt - ok
00:01:43.0584 0x0530 [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD C:\windows\System32\drivers\TsUsbGD.sys
00:01:43.0631 0x0530 TsUsbGD - ok
00:01:43.0646 0x0530 [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
00:01:43.0693 0x0530 tunnel - ok
00:01:43.0709 0x0530 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35 C:\windows\system32\drivers\uagp35.sys
00:01:43.0756 0x0530 uagp35 - ok
00:01:43.0771 0x0530 [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor C:\windows\System32\drivers\uaspstor.sys
00:01:43.0802 0x0530 UASPStor - ok
00:01:43.0849 0x0530 [ 1ED222DFE6C13DA50FE081ABF90CAFE1, B3DFAE29D2E08E2A5ABEF8B4D2C03CD25EE22B11D6E0B6BFCAC2D09B8D73AD49 ] UCX01000 C:\windows\System32\drivers\ucx01000.sys
00:01:43.0896 0x0530 UCX01000 - ok
00:01:43.0958 0x0530 [ DC5A461591C71AF7F19DC048A81E3F88, C6689C70B6CDE5A5707C06ABDC9CABF87CCE549BD23B96969EF3AA177A889320 ] udfs C:\windows\system32\DRIVERS\udfs.sys
00:01:44.0021 0x0530 udfs - ok
00:01:44.0083 0x0530 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect C:\windows\system32\UI0Detect.exe
00:01:44.0130 0x0530 UI0Detect - ok
00:01:44.0146 0x0530 [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
00:01:44.0177 0x0530 uliagpkx - ok
00:01:44.0192 0x0530 [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus C:\windows\System32\drivers\umbus.sys
00:01:44.0270 0x0530 umbus - ok
00:01:44.0286 0x0530 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass C:\windows\System32\drivers\umpass.sys
00:01:44.0317 0x0530 UmPass - ok
00:01:44.0380 0x0530 [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService C:\windows\System32\umrdp.dll
00:01:44.0426 0x0530 UmRdpService - ok
00:01:44.0473 0x0530 [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost C:\windows\System32\upnphost.dll
00:01:44.0567 0x0530 upnphost - ok
00:01:44.0614 0x0530 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B, AADB8991174CCDA3ADE14AF3EFB3A9826EC17A0F989F449FF43010A99D8CAA1F ] usbccgp C:\windows\System32\drivers\usbccgp.sys
00:01:44.0660 0x0530 usbccgp - ok
00:01:44.0676 0x0530 [ B395B62B62F28106218FA6FB17F4C797, 231CA3512B02BBE70E630A6304E899BCB741CE411FB10C2B3DE48E52034F24BB ] usbcir C:\windows\System32\drivers\usbcir.sys
00:01:44.0738 0x0530 usbcir - ok
00:01:44.0785 0x0530 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86, 93E2CC1D4A56A3BBDD85020A8F4AD1B9B119953DB83A155C56D667924D5D8A02 ] usbehci C:\windows\System32\drivers\usbehci.sys
00:01:44.0816 0x0530 usbehci - ok
00:01:44.0879 0x0530 [ 5AE9C87A1ED4B243942B3FDDD902134B, E19657C637B354F968099755DD311A159E57C4BD5ED89D81BDA1C70A62DC732E ] usbfilter C:\windows\System32\drivers\usbfilter.sys
00:01:44.0894 0x0530 usbfilter - ok
00:01:44.0941 0x0530 [ FBB6794E3BBAD92D66D59D206C1F849F, CEA5B07518699F09B2ABA372312FF0769B913DC4C43CC142BDB25274B52825DA ] usbhub C:\windows\System32\drivers\usbhub.sys
00:01:45.0004 0x0530 usbhub - ok
00:01:45.0050 0x0530 [ B7A948501424805571BF562BB0BFE31D, 2D74DD305F394960BD6F603A5C1874197DD0E30C6FAE05380772B177D23FE2F1 ] USBHUB3 C:\windows\System32\drivers\UsbHub3.sys
00:01:45.0113 0x0530 USBHUB3 - ok
00:01:45.0144 0x0530 [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci C:\windows\System32\drivers\usbohci.sys
00:01:45.0175 0x0530 usbohci - ok
00:01:45.0222 0x0530 [ BA3ABE0CD1C14B3295BAD0F076B84CAC, 19E0679D44A9BD9DDCC336C7DE784147D6CFC3DE4250D5CA31CE49867D51A414 ] usbprint C:\windows\System32\drivers\usbprint.sys
00:01:45.0253 0x0530 usbprint - ok
00:01:45.0284 0x0530 [ A9858597B6DB695F78A37F6755A6FF98, 0EEB217E62105927657FCCF9DC557EFA6FA6AB2A44C1BC50E5C3A894800C1B27 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
00:01:45.0347 0x0530 usbscan - ok
00:01:45.0378 0x0530 [ F77177F6C95B2116EE7AD23B5EF57007, 646E345DE5AFF26B338E17BC9D03D0EDA5608DF77D7685DE7AFF6E4113B9EB87 ] USBSTOR C:\windows\System32\drivers\USBSTOR.SYS
00:01:45.0409 0x0530 USBSTOR - ok
00:01:45.0472 0x0530 [ D25EF4A6EC244C5DE85D88A05B7C149D, A08793945D5FDC2CCCB2C621853A69941F1A108DF6CB559F3E8A21A047A8CCB3 ] usbuhci C:\windows\System32\drivers\usbuhci.sys
00:01:45.0487 0x0530 usbuhci - ok
00:01:45.0534 0x0530 [ 09799E701B4327097E9F63D3FE221083, CF2B97D5B3D434D8E5547B2A86771C69A6F7F4857CAD70865B50462A04A27A48 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
00:01:45.0581 0x0530 usbvideo - ok
00:01:45.0628 0x0530 [ 9CD4259AD15F84DE27B94A956C978D6C, F3289BBB1C52E49D8F76D07877541A74DFB7AD3E950C2E58A2C6CDC443F824CF ] USBXHCI C:\windows\System32\drivers\USBXHCI.SYS
00:01:45.0690 0x0530 USBXHCI - ok
00:01:45.0706 0x0530 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] VaultSvc C:\windows\system32\lsass.exe
00:01:45.0737 0x0530 VaultSvc - ok
00:01:45.0784 0x0530 [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
00:01:45.0815 0x0530 vdrvroot - ok
00:01:45.0893 0x0530 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71, 1B75B3BDA612FE1129B461A11A5C5333593E97CB79C8CBFD81E0E6AAD31ECF8B ] vds C:\windows\System32\vds.exe
00:01:45.0986 0x0530 vds - ok
00:01:46.0002 0x0530 [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt C:\windows\system32\drivers\VerifierExt.sys
00:01:46.0033 0x0530 VerifierExt - ok
00:01:46.0080 0x0530 [ 8628FA679F0EC4B709CCD1F6B6A3233B, E8A99795BB7956BFB9FDF6D24209280917FE6500E52F82F50C9FAD2EA6EDFA88 ] vhdmp C:\windows\System32\drivers\vhdmp.sys
00:01:46.0142 0x0530 vhdmp - ok
00:01:46.0158 0x0530 [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide C:\windows\system32\drivers\viaide.sys
00:01:46.0189 0x0530 viaide - ok
00:01:46.0252 0x0530 [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus C:\windows\system32\drivers\vmbus.sys
00:01:46.0283 0x0530 vmbus - ok
00:01:46.0314 0x0530 [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID C:\windows\System32\drivers\VMBusHID.sys
00:01:46.0330 0x0530 VMBusHID - ok
00:01:46.0408 0x0530 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat C:\windows\System32\ICSvc.dll
00:01:46.0470 0x0530 vmicheartbeat - ok
00:01:46.0517 0x0530 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\windows\System32\ICSvc.dll
00:01:46.0595 0x0530 vmickvpexchange - ok
00:01:46.0642 0x0530 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv C:\windows\System32\ICSvc.dll
00:01:46.0720 0x0530 vmicrdv - ok
00:01:46.0766 0x0530 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown C:\windows\System32\ICSvc.dll
00:01:46.0844 0x0530 vmicshutdown - ok
00:01:46.0891 0x0530 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync C:\windows\System32\ICSvc.dll
00:01:46.0985 0x0530 vmictimesync - ok
00:01:47.0032 0x0530 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss C:\windows\System32\ICSvc.dll
00:01:47.0110 0x0530 vmicvss - ok
00:01:47.0172 0x0530 [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr C:\windows\system32\drivers\volmgr.sys
00:01:47.0234 0x0530 volmgr - ok
00:01:47.0281 0x0530 [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
00:01:47.0375 0x0530 volmgrx - ok
00:01:47.0437 0x0530 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE, 26FD9DBCFAEDE0F945D80B11769741A3A837F84461263217A43C458B674566EE ] volsnap C:\windows\system32\drivers\volsnap.sys
00:01:47.0515 0x0530 volsnap - ok
00:01:47.0546 0x0530 [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci C:\windows\System32\drivers\vpci.sys
00:01:47.0593 0x0530 vpci - ok
00:01:47.0624 0x0530 [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid C:\windows\system32\drivers\vsmraid.sys
00:01:47.0702 0x0530 vsmraid - ok
00:01:47.0890 0x0530 [ EA658570314042C914964FC72AB50E6B, 0B10E16D5136BF71EAF68F0D9A8B25F92F6D686BF9F80FEEB9F291221C6B8284 ] VSS C:\windows\system32\vssvc.exe
00:01:48.0139 0x0530 VSS - ok
00:01:48.0202 0x0530 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID C:\windows\system32\drivers\vstxraid.sys
00:01:48.0295 0x0530 VSTXRAID - ok
00:01:48.0326 0x0530 [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
00:01:48.0389 0x0530 vwifibus - ok
00:01:48.0436 0x0530 [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
00:01:48.0498 0x0530 vwififlt - ok
00:01:48.0514 0x0530 [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
00:01:48.0592 0x0530 vwifimp - ok
00:01:48.0670 0x0530 [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time C:\windows\system32\w32time.dll
00:01:48.0794 0x0530 W32Time - ok
00:01:48.0826 0x0530 [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen C:\windows\System32\drivers\wacompen.sys
00:01:48.0888 0x0530 WacomPen - ok
00:01:48.0935 0x0530 [ 6081CEC9EF9EB145D8B46655C7708D51, 34E421501185BDE9049AC68F0604F4AD694AF6DA1D52A7D75C2BD050B5817ADF ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
00:01:48.0997 0x0530 Wanarp - ok
00:01:49.0013 0x0530 [ 6081CEC9EF9EB145D8B46655C7708D51, 34E421501185BDE9049AC68F0604F4AD694AF6DA1D52A7D75C2BD050B5817ADF ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
00:01:49.0075 0x0530 Wanarpv6 - ok
00:01:49.0186 0x0530 [ 901CC968412F8155B08D7ABE0171166A, D05A8E3D4D159546394E902C618D0583FE497B51C8F1C86D8E3B9E046819DD53 ] WAS C:\windows\system32\inetsrv\iisw3adm.dll
00:01:49.0279 0x0530 WAS - ok
00:01:49.0560 0x0530 [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine C:\windows\system32\wbengine.exe
00:01:49.0841 0x0530 wbengine - ok
00:01:49.0934 0x0530 [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc C:\windows\System32\wbiosrvc.dll
00:01:50.0028 0x0530 WbioSrvc - ok
00:01:50.0418 0x0530 [ D9C1E82651BF19C6FF69CEC6FD400124, 93B96481A5B26F5617B16DD775AF0F8CE9001B30251FFF58D6EF9044D5EE91CD ] Wcmsvc C:\windows\System32\wcmsvc.dll
00:01:50.0512 0x0530 Wcmsvc - ok
00:01:50.0605 0x0530 [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc C:\windows\System32\wcncsvc.dll
00:01:50.0699 0x0530 wcncsvc - ok
00:01:50.0761 0x0530 [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
00:01:50.0824 0x0530 WcsPlugInService - ok
00:01:50.0871 0x0530 [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd C:\windows\system32\drivers\wd.sys
00:01:50.0917 0x0530 Wd - ok
00:01:50.0948 0x0530 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA, 36A6B264677A8A5A4E4785C9BE49E39C82B552460C46026964B700CCBA51FBB0 ] WdBoot C:\windows\system32\drivers\WdBoot.sys
00:01:51.0011 0x0530 WdBoot - ok
00:01:51.0120 0x0530 [ 2ADC985B85A71BD7D99712EC0C24358B, 22B2BAC79BBA83271AC23EA14E4EB1101F1F570691EBE68A43C0D74D1A3E8D23 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
00:01:51.0245 0x0530 Wdf01000 - ok
00:01:51.0292 0x0530 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A, 406363087976285481A8401FC5A8BBAF0DDCCC8D9228F39702D5B80ADC61EEA9 ] WdFilter C:\windows\system32\drivers\WdFilter.sys
00:01:51.0370 0x0530 WdFilter - ok
00:01:51.0432 0x0530 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost C:\windows\system32\wdi.dll
00:01:51.0541 0x0530 WdiServiceHost - ok
00:01:51.0557 0x0530 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost C:\windows\system32\wdi.dll
00:01:51.0650 0x0530 WdiSystemHost - ok
00:01:51.0697 0x0530 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6, 4281100271761521F75F4D5A3D2E9FF40A9C7D81CEDAFD2EDD95788534090CA6 ] WebClient C:\windows\System32\webclnt.dll
00:01:51.0807 0x0530 WebClient - ok
00:01:51.0838 0x0530 [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc C:\windows\system32\wecsvc.dll
00:01:51.0931 0x0530 Wecsvc - ok
00:01:51.0978 0x0530 [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport C:\windows\System32\wercplsupport.dll
00:01:52.0103 0x0530 wercplsupport - ok
00:01:52.0165 0x0530 [ 8E2426162ED6749A127B35D235F21E11, 3B92CE177DE926CC801B71EACC2901DB11BDBF4A1269A004BFFECB3047E17E4C ] WerSvc C:\windows\System32\WerSvc.dll
00:01:52.0290 0x0530 WerSvc - ok
00:01:52.0337 0x0530 [ FE762D3498719C3A23471BBA62F747B4, 7F9390D5B0133BF1FA66BFC5FD933E17AADEB7845F141948EE4A52AB779A69F8 ] WFPLWFS C:\windows\system32\DRIVERS\wfplwfs.sys
00:01:52.0399 0x0530 WFPLWFS - ok
00:01:52.0462 0x0530 [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc C:\windows\System32\wiarpc.dll
00:01:52.0524 0x0530 WiaRpc - ok
00:01:52.0540 0x0530 [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount C:\windows\system32\drivers\wimmount.sys
00:01:52.0602 0x0530 WIMMount - ok
00:01:52.0649 0x0530 WinDefend - ok
00:01:52.0774 0x0530 [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
00:01:52.0914 0x0530 WinHttpAutoProxySvc - ok
00:01:53.0008 0x0530 [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
00:01:53.0070 0x0530 Winmgmt - ok
00:01:53.0304 0x0530 [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM C:\windows\system32\WsmSvc.dll
00:01:53.0663 0x0530 WinRM - ok
00:01:53.0757 0x0530 [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
00:01:53.0866 0x0530 WinUsb - ok
00:01:54.0084 0x0530 [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc C:\windows\System32\wlansvc.dll
00:01:54.0287 0x0530 WlanSvc - ok
00:01:54.0474 0x0530 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc C:\windows\system32\wlidsvc.dll
00:01:54.0661 0x0530 wlidsvc - ok
00:01:54.0708 0x0530 [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi C:\windows\System32\drivers\wmiacpi.sys
00:01:54.0771 0x0530 WmiAcpi - ok
00:01:54.0833 0x0530 [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
00:01:54.0927 0x0530 wmiApSrv - ok
00:01:54.0989 0x0530 WMPNetworkSvc - ok
00:01:55.0052 0x0530 [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr C:\windows\system32\DRIVERS\wpcfltr.sys
00:01:55.0114 0x0530 wpcfltr - ok
00:01:55.0145 0x0530 [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc C:\windows\System32\wpcsvc.dll
00:01:55.0223 0x0530 WPCSvc - ok
00:01:55.0254 0x0530 [ 94AA5150E35B3ABB7191FE641E3C2473, 48CC776E92579188FF75BADFABF7BDBED0092AF5EE2BDBDEF9C3834A01E39CAB ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
00:01:55.0332 0x0530 WPDBusEnum - ok
00:01:55.0364 0x0530 [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr C:\windows\system32\drivers\WpdUpFltr.sys
00:01:55.0426 0x0530 WpdUpFltr - ok
00:01:55.0473 0x0530 [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
00:01:55.0536 0x0530 ws2ifsl - ok
00:01:55.0567 0x0530 WSearch - ok
00:01:55.0848 0x0530 [ C10BFFEE7E0D7A1366E84F251796C51D, E1FD1DF5F5C5934F9A8584D54F35720655AC4F5D4CFD69CD1E063C0BBEC4D33D ] WSService C:\windows\System32\WSService.dll
00:01:56.0145 0x0530 WSService - ok
00:01:56.0207 0x0530 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
00:01:56.0254 0x0530 WudfPf - ok
00:01:56.0285 0x0530 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\System32\drivers\WUDFRd.sys
00:01:56.0332 0x0530 WUDFRd - ok
00:01:56.0379 0x0530 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
00:01:56.0441 0x0530 wudfsvc - ok
00:01:56.0488 0x0530 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs C:\windows\system32\DRIVERS\WUDFRd.sys
00:01:56.0535 0x0530 WUDFWpdFs - ok
00:01:56.0566 0x0530 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp C:\windows\system32\DRIVERS\WUDFRd.sys
00:01:56.0613 0x0530 WUDFWpdMtp - ok
00:01:56.0691 0x0530 [ F9D8D2E6ECE08B278621D5BF3A7240A6, 99EEEE51EA6CE8909713CA81A2AFA5102774AE9C8554F422F4D9A1D8B0ABDB09 ] WwanSvc C:\windows\System32\wwansvc.dll
00:01:56.0831 0x0530 WwanSvc - ok
00:01:56.0878 0x0530 ================ Scan global ===============================
00:01:56.0956 0x0530 [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\windows\system32\basesrv.dll
00:01:57.0018 0x0530 [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\windows\system32\winsrv.dll
00:01:57.0096 0x0530 [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\windows\system32\sxssrv.dll
00:01:57.0190 0x0530 [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\windows\system32\services.exe
00:01:57.0237 0x0530 [ Global ] - ok
00:01:57.0237 0x0530 ================ Scan MBR ==================================
00:01:57.0268 0x0530 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
00:01:57.0377 0x0530 \Device\Harddisk0\DR0 - ok
00:01:57.0393 0x0530 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
00:01:57.0595 0x0530 \Device\Harddisk1\DR1 - ok
00:01:57.0595 0x0530 ================ Scan VBR ==================================
00:01:57.0611 0x0530 [ 29675F2A48AC19FAD47603F9C33C12DA ] \Device\Harddisk0\DR0\Partition1
00:01:57.0611 0x0530 \Device\Harddisk0\DR0\Partition1 - ok
00:01:57.0658 0x0530 [ A1C1A46662D0347C2A1BE0CF8ED3D88F ] \Device\Harddisk0\DR0\Partition2
00:01:57.0658 0x0530 \Device\Harddisk0\DR0\Partition2 - ok
00:01:57.0673 0x0530 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
00:01:57.0673 0x0530 \Device\Harddisk0\DR0\Partition3 - ok
00:01:57.0705 0x0530 [ 45A4EE44823048AE3AD6D7CE85699F0C ] \Device\Harddisk0\DR0\Partition4
00:01:57.0705 0x0530 \Device\Harddisk0\DR0\Partition4 - ok
00:01:57.0752 0x0530 [ 1E22B1B3885290CA2C2314CAFF89E3A4 ] \Device\Harddisk0\DR0\Partition5
00:01:57.0767 0x0530 \Device\Harddisk0\DR0\Partition5 - ok
00:01:57.0783 0x0530 [ CF6ABB367EA18AC597D05BBC62E1EBA5 ] \Device\Harddisk1\DR1\Partition1
00:01:57.0783 0x0530 \Device\Harddisk1\DR1\Partition1 - ok
00:01:57.0783 0x0530 ================ Scan active images ========================
00:01:57.0798 0x0530 [ 48753C871A12B9E2201E71D01B32F6EF, 5821370556C2EB9556A67E09E3779BFCED5991961FE4A8C0D48074FFE84A38CE ] C:\Windows\System32\Drivers\crashdmp.sys
00:01:57.0798 0x0530 C:\Windows\System32\Drivers\crashdmp.sys - ok
00:01:57.0798 0x0530 [ AAF40EB125BED7271F05289873EC4EDB, 4FD912F0BEFD5A16270686BF56BDD8F12A9CAB5E3636E2A3860815B1CA6DD8B3 ] C:\Windows\System32\Drivers\Diskdump.sys
00:01:57.0798 0x0530 C:\Windows\System32\Drivers\Diskdump.sys - ok
00:01:57.0829 0x0530 [ C588BBD37B432CE3204E5765B459E6B2, 6A30570C82390C4D6668137D05C7EFBE243CAC243CBE405D308E3F7B2BC5729D ] C:\Windows\System32\Drivers\storahci.sys
00:01:57.0829 0x0530 C:\Windows\System32\Drivers\storahci.sys - ok
00:01:57.0845 0x0530 [ CB9EAD11F3312C77CE9B7F29B59C3A39, E71B768CD85068A5D22697BC1670EBE70885740AC347F52E604CFA8C481995D0 ] C:\Windows\System32\Drivers\dumpfve.sys
00:01:57.0845 0x0530 C:\Windows\System32\Drivers\dumpfve.sys - ok
00:01:57.0861 0x0530 [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] C:\Windows\System32\Drivers\cdrom.sys
00:01:57.0861 0x0530 C:\Windows\System32\Drivers\cdrom.sys - ok
00:01:57.0892 0x0530 [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] C:\Windows\System32\Drivers\BasicRender.sys
00:01:57.0892 0x0530 C:\Windows\System32\Drivers\BasicRender.sys - ok
00:01:57.0907 0x0530 [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] C:\Windows\System32\Drivers\beep.sys
00:01:57.0907 0x0530 C:\Windows\System32\Drivers\beep.sys - ok
00:01:57.0923 0x0530 [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] C:\Windows\System32\Drivers\null.sys
00:01:57.0923 0x0530 C:\Windows\System32\Drivers\null.sys - ok
00:01:57.0939 0x0530 [ B9FF5E13079ADB858ED5C0B1E4CAB225, 56D58A7622618B53E8384AD4A2D62370E0E4368E35BFAD344B2C37FF9ACAE9EE ] C:\Windows\System32\Drivers\watchdog.sys
00:01:57.0939 0x0530 C:\Windows\System32\Drivers\watchdog.sys - ok
00:01:57.0970 0x0530 [ ED120AA770A78B5079F8C7BB5AF8A035, 3B9D1EF81EC679F264C1305AA008B717F6DBEE32297350494A153370695BC37F ] C:\Windows\System32\Drivers\dxgkrnl.sys
00:01:57.0970 0x0530 C:\Windows\System32\Drivers\dxgkrnl.sys - ok
00:01:57.0985 0x0530 [ 28619B6E5A37F71AE1145643949CFA60, 3F987B3932733067D8752C3E204718CC17199EDCE2D0AB792B5AEF23F8A44131 ] C:\Windows\System32\Drivers\dxgmms1.sys
00:01:57.0985 0x0530 C:\Windows\System32\Drivers\dxgmms1.sys - ok
00:01:58.0001 0x0530 [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] C:\Windows\System32\Drivers\BasicDisplay.sys
00:01:58.0001 0x0530 C:\Windows\System32\Drivers\BasicDisplay.sys - ok
00:01:58.0017 0x0530 [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] C:\Windows\System32\Drivers\npfs.sys
00:01:58.0017 0x0530 C:\Windows\System32\Drivers\npfs.sys - ok
00:01:58.0048 0x0530 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] C:\Windows\System32\Drivers\msfs.sys
00:01:58.0048 0x0530 C:\Windows\System32\Drivers\msfs.sys - ok
00:01:58.0063 0x0530 [ 749AFA28C01233E93F59BD31B2B088B1, 38D4E4DAFE79F28F67CAED64243689CCD9C9D79E4E9B8D76F6F0C8D36EFA13C7 ] C:\Windows\System32\Drivers\tdi.sys
00:01:58.0063 0x0530 C:\Windows\System32\Drivers\tdi.sys - ok
00:01:58.0079 0x0530 [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] C:\Windows\System32\Drivers\tdx.sys
00:01:58.0079 0x0530 C:\Windows\System32\Drivers\tdx.sys - ok
00:01:58.0095 0x0530 [ 64A0A811F096834E8B85AB5009609D10, 000CDB733DCD1827E25279CEF712D6906CF625EEF179390C8B7BD16CB7C86894 ] C:\Windows\System32\Drivers\avgwfpa.sys
00:01:58.0095 0x0530 C:\Windows\System32\Drivers\avgwfpa.sys - ok
00:01:58.0110 0x0530 [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] C:\Windows\System32\Drivers\netbt.sys
00:01:58.0110 0x0530 C:\Windows\System32\Drivers\netbt.sys - ok
00:01:58.0141 0x0530 [ 36D6A3201721558A8AFBCC09C2DA4C2C, 66BBD6F2267A6418625D54F114B87248590E48C182085B3F43AEF585554F4A17 ] C:\Windows\System32\Drivers\afd.sys
00:01:58.0141 0x0530 C:\Windows\System32\Drivers\afd.sys - ok
00:01:58.0157 0x0530 [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] C:\Windows\System32\Drivers\pacer.sys
00:01:58.0157 0x0530 C:\Windows\System32\Drivers\pacer.sys - ok
00:01:58.0173 0x0530 [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] C:\Windows\System32\Drivers\vwififlt.sys
00:01:58.0173 0x0530 C:\Windows\System32\Drivers\vwififlt.sys - ok
00:01:58.0204 0x0530 [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] C:\Windows\System32\Drivers\netbios.sys
00:01:58.0204 0x0530 C:\Windows\System32\Drivers\netbios.sys - ok
00:01:58.0219 0x0530 [ B72C33DBD5326B3864CF2091AF8B906B, 85A22311FA870CE43CF70F69D7D101D96B9095A992DCF5FA1587886F6D4282DC ] C:\Windows\System32\Drivers\rdbss.sys
00:01:58.0219 0x0530 C:\Windows\System32\Drivers\rdbss.sys - ok
00:01:58.0235 0x0530 [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] C:\Windows\System32\Drivers\nsiproxy.sys
00:01:58.0235 0x0530 C:\Windows\System32\Drivers\nsiproxy.sys - ok
00:01:58.0251 0x0530 [ 6081CEC9EF9EB145D8B46655C7708D51, 34E421501185BDE9049AC68F0604F4AD694AF6DA1D52A7D75C2BD050B5817ADF ] C:\Windows\System32\Drivers\wanarp.sys
00:01:58.0251 0x0530 C:\Windows\System32\Drivers\wanarp.sys - ok
00:01:58.0282 0x0530 [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] C:\Windows\System32\Drivers\discache.sys
00:01:58.0282 0x0530 C:\Windows\System32\Drivers\discache.sys - ok
00:01:58.0297 0x0530 [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] C:\Windows\System32\Drivers\mssmbios.sys
00:01:58.0297 0x0530 C:\Windows\System32\Drivers\mssmbios.sys - ok
00:01:58.0313 0x0530 [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] C:\Windows\System32\Drivers\npsvctrig.sys
00:01:58.0313 0x0530 C:\Windows\System32\Drivers\npsvctrig.sys - ok
00:01:58.0329 0x0530 [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] C:\Windows\System32\Drivers\dfsc.sys
00:01:58.0329 0x0530 C:\Windows\System32\Drivers\dfsc.sys - ok
00:01:58.0344 0x0530 [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] C:\Windows\System32\Drivers\CLVirtualDrive.sys
00:01:58.0344 0x0530 C:\Windows\System32\Drivers\CLVirtualDrive.sys - ok
00:01:58.0375 0x0530 [ C4D01BD86D6B207275FC143EEA951D75, D36F7BBE0DB3EAD0C74DE5E6622C89D4568760D8735B6E191AD30990EA8018DC ] C:\Windows\System32\Drivers\dam.sys
00:01:58.0375 0x0530 C:\Windows\System32\Drivers\dam.sys - ok
00:01:58.0391 0x0530 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] C:\Windows\System32\Drivers\ndistapi.sys
00:01:58.0391 0x0530 C:\Windows\System32\Drivers\ndistapi.sys - ok
00:01:58.0407 0x0530 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] C:\Windows\System32\Drivers\ndiswan.sys
00:01:58.0407 0x0530 C:\Windows\System32\Drivers\ndiswan.sys - ok
00:01:58.0438 0x0530 [ F1B8276F58969BD87683D33066DFE442, 8266A55A9B578C37E52F835CB6F198AB9BAFB660BFF2ED87F3E07308AF070836 ] C:\Windows\System32\ntdll.dll
00:01:58.0438 0x0530 C:\Windows\System32\ntdll.dll - ok
00:01:58.0453 0x0530 [ 08F850FEBDBDE7C89017B6B0CA0D1CD2, 04B671CF2F269A12B996633E83B397F2924EBBAC425919D74E2BBC3013A238B5 ] C:\Windows\System32\smss.exe
00:01:58.0453 0x0530 C:\Windows\System32\smss.exe - ok
00:01:58.0469 0x0530 [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] C:\Windows\System32\Drivers\rassstp.sys
00:01:58.0469 0x0530 C:\Windows\System32\Drivers\rassstp.sys - ok
00:01:58.0485 0x0530 [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] C:\Windows\System32\Drivers\agilevpn.sys
00:01:58.0485 0x0530 C:\Windows\System32\Drivers\agilevpn.sys - ok
00:01:58.0516 0x0530 [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] C:\Windows\System32\Drivers\tunnel.sys
00:01:58.0516 0x0530 C:\Windows\System32\Drivers\tunnel.sys - ok
00:01:58.0531 0x0530 [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] C:\Windows\System32\Drivers\CompositeBus.sys
00:01:58.0531 0x0530 C:\Windows\System32\Drivers\CompositeBus.sys - ok
00:01:58.0547 0x0530 [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] C:\Windows\System32\Drivers\kdnic.sys
00:01:58.0547 0x0530 C:\Windows\System32\Drivers\kdnic.sys - ok
00:01:58.0563 0x0530 [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] C:\Windows\System32\Drivers\umbus.sys
00:01:58.0563 0x0530 C:\Windows\System32\Drivers\umbus.sys - ok
00:01:58.0594 0x0530 [ 9B08F939F313CC8D57789C528F6B4C4B, 3CC2E9BC7EAF7F193DB53A91B706369077CAD769F3585823389564235FCD09EE ] C:\Windows\System32\Drivers\atikmpag.sys
00:01:58.0594 0x0530 C:\Windows\System32\Drivers\atikmpag.sys - ok
00:01:58.0609 0x0530 [ 490B7921C6DC58022FAA908E6310CF24, 0B1D7AF23D787FC8E7BC972DDB4EC7BB5E11581B113A92B4507DF1352ABB4FA0 ] C:\Windows\System32\autochk.exe
00:01:58.0609 0x0530 C:\Windows\System32\autochk.exe - ok
00:01:58.0625 0x0530 [ 8EEBE772FA7D2A6436D6DBDE5EC7191B, B6108A3DF9348D5500FC741AEACFD94044AE4AA5314DEDCF4A4B491F12E7AC15 ] C:\Windows\System32\Drivers\atikmdag.sys
00:01:58.0625 0x0530 C:\Windows\System32\Drivers\atikmdag.sys - ok
00:01:58.0641 0x0530 [ 169629C36CB835A36E23BBC37664401E, 127154A2F45E91444BF272B05B5FF887895438CC650F309997123FF83B6B1ABA ] C:\Windows\System32\Drivers\usbport.sys
00:01:58.0641 0x0530 C:\Windows\System32\Drivers\usbport.sys - ok
00:01:58.0672 0x0530 [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] C:\Windows\System32\Drivers\usbohci.sys
00:01:58.0672 0x0530 C:\Windows\System32\Drivers\usbohci.sys - ok
00:01:58.0687 0x0530 [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] C:\Windows\System32\Drivers\fastfat.sys
00:01:58.0687 0x0530 C:\Windows\System32\Drivers\fastfat.sys - ok
00:01:58.0703 0x0530 [ 5AE9C87A1ED4B243942B3FDDD902134B, E19657C637B354F968099755DD311A159E57C4BD5ED89D81BDA1C70A62DC732E ] C:\Windows\System32\Drivers\usbfilter.sys
00:01:58.0703 0x0530 C:\Windows\System32\Drivers\usbfilter.sys - ok
00:01:58.0719 0x0530 [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] C:\Windows\System32\Drivers\hdaudbus.sys
00:01:58.0719 0x0530 C:\Windows\System32\Drivers\hdaudbus.sys - ok
00:01:58.0750 0x0530 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86, 93E2CC1D4A56A3BBDD85020A8F4AD1B9B119953DB83A155C56D667924D5D8A02 ] C:\Windows\System32\Drivers\usbehci.sys
00:01:58.0750 0x0530 C:\Windows\System32\Drivers\usbehci.sys - ok
00:01:58.0765 0x0530 [ E020B4201757864B621C247AC9448BBF, CBD1327E7CA5F170825A22FF4BDB1EE8AB5988892108BDACA0D9A6D9BA77DD65 ] C:\Windows\System32\Drivers\netr28x.sys
00:01:58.0765 0x0530 C:\Windows\System32\Drivers\netr28x.sys - ok
00:01:58.0781 0x0530 [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] C:\Windows\System32\Drivers\vwifibus.sys
00:01:58.0781 0x0530 C:\Windows\System32\Drivers\vwifibus.sys - ok
00:01:58.0797 0x0530 [ 7D9DA8EC6784A9EE213C676709D46BE6, 9861D1EF107F7D1590B89098EAEA7F509C1EF46999C37703F3766BAD733D8AD2 ] C:\Windows\System32\Drivers\Rt630x64.sys
00:01:58.0797 0x0530 C:\Windows\System32\Drivers\Rt630x64.sys - ok
00:01:58.0828 0x0530 [ 0341C9184C252000D1AD396C71CFD860, 910155B34763EDA22EC7D63625B4177B00F8B3AA2F68B807E26B10BCB0540547 ] C:\Windows\System32\combase.dll
00:01:58.0828 0x0530 C:\Windows\System32\combase.dll - ok
00:01:58.0843 0x0530 [ 7BFDFD1D2244B444D7BBC55087426518, 06DF03A734A8A1956C842E30B4A1F143CD59B2DD09E0F8F01E6B4CE2A3D1D418 ] C:\Windows\System32\Drivers\RtsPStor.sys
00:01:58.0843 0x0530 C:\Windows\System32\Drivers\RtsPStor.sys - ok
00:01:58.0859 0x0530 [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] C:\Windows\System32\Drivers\amdppm.sys
00:01:58.0859 0x0530 C:\Windows\System32\Drivers\amdppm.sys - ok
00:01:58.0875 0x0530 [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] C:\Windows\System32\Drivers\raspptp.sys
00:01:58.0875 0x0530 C:\Windows\System32\Drivers\raspptp.sys - ok
00:01:58.0906 0x0530 [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] C:\Windows\System32\Drivers\rasl2tp.sys
00:01:58.0906 0x0530 C:\Windows\System32\Drivers\rasl2tp.sys - ok
00:01:58.0921 0x0530 [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] C:\Windows\System32\Drivers\raspppoe.sys
00:01:58.0921 0x0530 C:\Windows\System32\Drivers\raspppoe.sys - ok
00:01:58.0937 0x0530 [ 48258ED8A46D0F39ACBF891336250E89, C286E95C64A5B561699A3AEE64F4C11FEF9BF2070D72C90E68C13C15C150AA92 ] C:\Windows\System32\Drivers\ks.sys
00:01:58.0937 0x0530 C:\Windows\System32\Drivers\ks.sys - ok
00:01:58.0953 0x0530 [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] C:\Windows\System32\Drivers\rdpbus.sys
00:01:58.0953 0x0530 C:\Windows\System32\Drivers\rdpbus.sys - ok
00:01:58.0984 0x0530 [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] C:\Windows\System32\Drivers\swenum.sys
00:01:58.0984 0x0530 C:\Windows\System32\Drivers\swenum.sys - ok
00:01:58.0999 0x0530 [ F9D9FAA0E2460EDA807C32391E5B6DAE, C826B69D4BFEED96236311C985F599E51DB42536BD02F044695E7EC7C86BB867 ] C:\Windows\System32\msctf.dll
00:01:58.0999 0x0530 C:\Windows\System32\msctf.dll - ok
00:01:59.0015 0x0530 [ A74C6A6DA5A35686D7639ACDBD458BFB, FEC49FE822C462F6C2FE1B8480C119C0C524CD9BC800B5CD0524507461D5FEDC ] C:\Windows\System32\nsi.dll
00:01:59.0015 0x0530 C:\Windows\System32\nsi.dll - ok
00:01:59.0031 0x0530 [ CE6EBC0AD38CC6482D8FBB744FF15CE2, B8712DB2E574ECFBC840FAAFB874644AB56909382BA2A5A8BC599874BBEAA543 ] C:\Windows\System32\Drivers\ndproxy.sys
00:01:59.0031 0x0530 C:\Windows\System32\Drivers\ndproxy.sys - ok
00:01:59.0046 0x0530 [ BDE820861D8107C67E182DF66A27074F, 66FC7DBE1604464EB07A964672B43C0F9E9D7759563318048795D3D4D6352A71 ] C:\Windows\System32\wininet.dll
00:01:59.0046 0x0530 C:\Windows\System32\wininet.dll - ok
00:01:59.0077 0x0530 [ B3FB7D980FE7F6FB78D83B87C0D2F7F3, F50630386DF512A6D5EED136E8C2921D3DAB0711F2DFF3381B09544F8E8F382B ] C:\Windows\System32\imagehlp.dll
00:01:59.0077 0x0530 C:\Windows\System32\imagehlp.dll - ok
00:01:59.0093 0x0530 [ 1E2E99B4FA9A5F0D9934F8B99B528A62, 89CE514C386A78D656E97AD2100A949A129D7B1EBBFF9500753C423C37D3EB33 ] C:\Windows\System32\wow64cpu.dll
00:01:59.0093 0x0530 C:\Windows\System32\wow64cpu.dll - ok
00:01:59.0109 0x0530 [ 3FA129BFC7808A2BB7681BEAF339FACD, C6CC494F3EF03318C8063D96EE4A7E361F05E440729A2CD59E2553260988473F ] C:\Windows\System32\Drivers\usbd.sys
00:01:59.0109 0x0530 C:\Windows\System32\Drivers\usbd.sys - ok
00:01:59.0124 0x0530 [ FBB6794E3BBAD92D66D59D206C1F849F, CEA5B07518699F09B2ABA372312FF0769B913DC4C43CC142BDB25274B52825DA ] C:\Windows\System32\Drivers\usbhub.sys
00:01:59.0124 0x0530 C:\Windows\System32\Drivers\usbhub.sys - ok
00:01:59.0155 0x0530 [ 65572D70EB8839462278989E25A37C98, BEFD146F43BAD7EF3271BB90B0233292858E4381F9E417C288949A2D8F7E869B ] C:\Windows\System32\shell32.dll
00:01:59.0155 0x0530 C:\Windows\System32\shell32.dll - ok
00:01:59.0171 0x0530 [ 946ECE07334A74373FAFBFAA063E62F2, C5A3D3E122330B078BA1F371EE18B1C5E4597850F88EB2D510C23C4940D3F19C ] C:\Windows\System32\Drivers\drmk.sys
00:01:59.0171 0x0530 C:\Windows\System32\Drivers\drmk.sys - ok
00:01:59.0187 0x0530 [ D10DAEA91AA8412A323DB8EADA23768A, 38286E18A8D629C6807F9EB5F50CEBDB3E5FC361D3CE47003E0819AFFA97C8CF ] C:\Windows\System32\Drivers\portcls.sys
00:01:59.0187 0x0530 C:\Windows\System32\Drivers\portcls.sys - ok
00:01:59.0202 0x0530 [ 60E17BAF7A93E1BFC37971C0A3AB1B5E, E25F3535523B992ACC11B22EE9123B88A68D135DB19CCDCB4317894EC6135C65 ] C:\Windows\System32\Drivers\RTKVHD64.sys
00:01:59.0202 0x0530 C:\Windows\System32\Drivers\RTKVHD64.sys - ok
00:01:59.0233 0x0530 [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] C:\Windows\System32\Drivers\ksthunk.sys
00:01:59.0233 0x0530 C:\Windows\System32\Drivers\ksthunk.sys - ok
00:01:59.0249 0x0530 [ CA7561AACEE1F578C5360E4C07B71708, 85EEF488141AE20372BB70C4241269BD062F8384BC02E1BB082DFFF918F4F43C ] C:\Windows\System32\gdi32.dll
00:01:59.0249 0x0530 C:\Windows\System32\gdi32.dll - ok
00:01:59.0265 0x0530 [ 7653DB77F0DB2A50392F015321E42E37, C53F7A8C36CDEFF0322A74EEE203490E7F821BEDAC68A9A416B2EAC9A3EA314B ] C:\Windows\System32\setupapi.dll
00:01:59.0265 0x0530 C:\Windows\System32\setupapi.dll - ok
00:01:59.0280 0x0530 [ DA66D6D4A0B77D57F5CF449B1231010F, 4F590109EC31F8761FDFD5C4149165B36B2A93C423F577FEF85B221DE8CE47C2 ] C:\Windows\System32\imm32.dll
00:01:59.0280 0x0530 C:\Windows\System32\imm32.dll - ok
00:01:59.0311 0x0530 [ 1D2731630A5437C54217CDE1C4830F81, 153E04E449A05B902CF956F0C48490C7279158757C484550AD725DEB45998620 ] C:\Windows\System32\ole32.dll
00:01:59.0311 0x0530 C:\Windows\System32\ole32.dll - ok
00:01:59.0327 0x0530 [ 3C6933B638BB812F4084CF44AE698704, B2AA7FB2CEE9954E44574863DDDC830287EE77A2EC3D5BBF9A9278184ADB7059 ] C:\Windows\System32\kernel32.dll
00:01:59.0327 0x0530 C:\Windows\System32\kernel32.dll - ok
00:01:59.0343 0x0530 [ DC537ED95888E71BA92ED8D9422188BA, C9FF213AFA87369424C23BEE676E321533088D977464ED00510E3A3D076F55FC ] C:\Windows\System32\iertutil.dll
00:01:59.0343 0x0530 C:\Windows\System32\iertutil.dll - ok
00:01:59.0358 0x0530 [ 75CB0458521FFA420E4230A931E4517B, 319B06970F31528A81C86BD965BE901D602158CA9822F6EAE7C3A51BE68EAD2E ] C:\Windows\System32\normaliz.dll
00:01:59.0358 0x0530 C:\Windows\System32\normaliz.dll - ok
00:01:59.0389 0x0530 [ CC81790E0A18535853C33BABBFF15D56, 03D086F691038A1291EF4F517C36B231AC6002A08ABD3C8258E430C6F1F289E8 ] C:\Windows\System32\lpk.dll
00:01:59.0389 0x0530 C:\Windows\System32\lpk.dll - ok
00:01:59.0405 0x0530 [ CE1C66AD4D56FCD7301E1EFEA71340EC, F03A1AD492DC7B2238914E65B5B9C6B0BCCC59ED2435BBAD8B78DDD82D34A011 ] C:\Windows\System32\oleaut32.dll
00:01:59.0405 0x0530 C:\Windows\System32\oleaut32.dll - ok
00:01:59.0421 0x0530 [ 652467DC0E67CF738972117C09D05571, 2C0902FEE71E9C13B9BDF4FBB4D84090725262746BA82BD2B79FD5B1D8650395 ] C:\Windows\System32\rpcrt4.dll
00:01:59.0421 0x0530 C:\Windows\System32\rpcrt4.dll - ok
00:01:59.0436 0x0530 [ 2E3EDE81672653E0C759F0A1135F704F, DD670B8F3997D5C9B36968CD1E1EDCD5292E3EA553C2EAFCA8A0D5F88964D7A6 ] C:\Windows\System32\clbcatq.dll
00:01:59.0436 0x0530 C:\Windows\System32\clbcatq.dll - ok
00:01:59.0467 0x0530 [ 41AC2B1335317D2F8700E17328F71E0C, E570C6D2FD54BF5B0BBD321FBF4C9AAB115A5A92D6F7EF7FDF53F5F75088E1DD ] C:\Windows\System32\psapi.dll
00:01:59.0467 0x0530 C:\Windows\System32\psapi.dll - ok
00:01:59.0483 0x0530 [ 05C53C1F84F12FBBF5E779963D6756DE, CE6789A9FCB3E887FF845F9AC12D5086052E0A4ACB3AD96A4CFCDA46A7CF3D4C ] C:\Windows\System32\urlmon.dll
00:01:59.0483 0x0530 C:\Windows\System32\urlmon.dll - ok
00:01:59.0499 0x0530 [ 2E5B349ACDA36C20612795754DB93312, 323A623FEF29F20E364528B58CF5C188B550F2CD38E9ED64B34071C74B9BC391 ] C:\Windows\System32\ws2_32.dll
00:01:59.0499 0x0530 C:\Windows\System32\ws2_32.dll - ok
00:01:59.0514 0x0530 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B, AADB8991174CCDA3ADE14AF3EFB3A9826EC17A0F989F449FF43010A99D8CAA1F ] C:\Windows\System32\Drivers\usbccgp.sys
00:01:59.0514 0x0530 C:\Windows\System32\Drivers\usbccgp.sys - ok
00:01:59.0545 0x0530 [ 77BA3F9A5E0D3BA8657F14767CC5706D, F09F20FA98DD13BE79F04010478AF275E930EC760EC22529A4C7BDBB9C49AD0A ] C:\Windows\System32\GdiPlus.dll
00:01:59.0545 0x0530 C:\Windows\System32\GdiPlus.dll - ok
00:01:59.0561 0x0530 [ AECED95ACFDCF96757EDD8D0CFFE34B8, A76487C0572BC588BA0B87A15B1341674EA54C55AE95565086927007FF1EDFB6 ] C:\Windows\System32\msvcrt.dll
00:01:59.0561 0x0530 C:\Windows\System32\msvcrt.dll - ok
00:01:59.0577 0x0530 [ 3A30E09AAA2BB060D39C8FA5E20D4FA3, F172A0F7194D73AD4A11A4B1C12459385C64F334E471C25E3471B8B57EED6E5C ] C:\Windows\System32\advapi32.dll
00:01:59.0577 0x0530 C:\Windows\System32\advapi32.dll - ok
00:01:59.0608 0x0530 [ E1B2751640FA7840CC5EB6E78513A632, 2F81762EDA6B2FCA88F4D78D3696E856A2D1F4809C9A53702D8069D9B643BF20 ] C:\Windows\System32\Wldap32.dll
00:01:59.0608 0x0530 C:\Windows\System32\Wldap32.dll - ok
00:01:59.0623 0x0530 [ 6B3F1596000CB33F73E14B6F7D5CFF82, 4DA1A14B39413F19D507B8371C99F9265E3FC17DC7F0842057B254C9D5ADD69D ] C:\Windows\System32\difxapi.dll
00:01:59.0623 0x0530 C:\Windows\System32\difxapi.dll - ok
00:01:59.0639 0x0530 [ 46501A8D9CF0383A104120810E1BABA6, 8062AB1FC35F61448D08E26919FD7DA3F91D807C912E41321918F24C4ADBBA1D ] C:\Windows\System32\shlwapi.dll
00:01:59.0639 0x0530 C:\Windows\System32\shlwapi.dll - ok
00:01:59.0655 0x0530 [ 09799E701B4327097E9F63D3FE221083, CF2B97D5B3D434D8E5547B2A86771C69A6F7F4857CAD70865B50462A04A27A48 ] C:\Windows\System32\Drivers\usbvideo.sys
00:01:59.0655 0x0530 C:\Windows\System32\Drivers\usbvideo.sys - ok
00:01:59.0670 0x0530 [ A99AD14F26BDA7D7F27F76BC91B7EED7, 98491CFA2524A9650367BEF87814A58B198F467335C6AB7A446004A9D0320EC6 ] C:\Windows\System32\user32.dll
00:01:59.0670 0x0530 C:\Windows\System32\user32.dll - ok
00:01:59.0686 0x0530 [ 85B5B3797315F714A62AC986FFB2B17E, DF6590235BA33AFF42F7153646DA70C600EC607C1E01BBB58C468A54E0E795EF ] C:\Windows\System32\sechost.dll
00:01:59.0686 0x0530 C:\Windows\System32\sechost.dll - ok
00:01:59.0717 0x0530 [ 2AE813F005223E5B39E0C4D7B8314732, 3F24D78F2F0B61B9ED24A06D6792CF7732E3A17B94A8F71ACB29D04A8918113F ] C:\Windows\System32\wow64win.dll
00:01:59.0717 0x0530 C:\Windows\System32\wow64win.dll - ok
00:01:59.0717 0x0530 [ C3D51000E8FBEF76BC91E145B0D7FC67, 5B7F37042B51C6321D8AC3E31385E2A6742523EB74A23BA43662738AFF14C09C ] C:\Windows\System32\comdlg32.dll
00:01:59.0717 0x0530 C:\Windows\System32\comdlg32.dll - ok
00:01:59.0733 0x0530 [ B74C50954E234506548CBBF3933AF391, 50A1C0704069AAD9E7158689C521442CE8F29F47F247A6E3FCBCBB107E665ADA ] C:\Windows\System32\wow64.dll
00:01:59.0733 0x0530 C:\Windows\System32\wow64.dll - ok
00:01:59.0748 0x0530 [ 996604E515ACE3775D645A4FE0D66D4A, 6732BA3E1B0C899CE3A37874E1ED395273BCB11A99D5A5B9A76F9C5D4238FA3D ] C:\Windows\System32\wintrust.dll
00:01:59.0748 0x0530 C:\Windows\System32\wintrust.dll - ok
00:01:59.0764 0x0530 [ C26780F936820DBB3A1323FC1C09E05F, A7F38B8959C668D02CED78306917FE8F7740CB199129DB5F9408FB728A66CC5F ] C:\Windows\System32\cfgmgr32.dll
00:01:59.0764 0x0530 C:\Windows\System32\cfgmgr32.dll - ok
00:01:59.0779 0x0530 [ 03E223CC4AE2D2B55E400AD9C55449F6, D591ED45FD259EEC6FFDFBC8B2719C9B0D317FC289D07FF221205561671CD7AE ] C:\Windows\System32\comctl32.dll
00:01:59.0779 0x0530 C:\Windows\System32\comctl32.dll - ok
00:01:59.0795 0x0530 [ F37BD0CAA604B6FE5CEC9D0BC05ABAF8, B084F5E3EF08623473A33954686BE8DDD978F14B66AC9E665FEAA498CDC680DD ] C:\Windows\System32\KernelBase.dll
00:01:59.0795 0x0530 C:\Windows\System32\KernelBase.dll - ok
00:01:59.0811 0x0530 [ EFD55F2C466663F37412B843F6CC55F5, 0EF49FD60341B8B29749E73F825C6BEBCA1BFC5CC3E16FC5139E7D69CDF86CC2 ] C:\Windows\System32\crypt32.dll
00:01:59.0811 0x0530 C:\Windows\System32\crypt32.dll - ok
00:01:59.0826 0x0530 [ 51B6CB1852B49E150F7E8B8C2F4CB0F7, C069D14E79F01468521EE466AE5DC5757E53765B7A05567F9D8E3DE21EC1E7B5 ] C:\Windows\System32\devobj.dll
00:01:59.0826 0x0530 C:\Windows\System32\devobj.dll - ok
00:01:59.0842 0x0530 [ C763F7DC50C70E657DCB164FA9D92085, 9006A11034F128250DE9B918F478AB5B3AAD1685FA9B5BEC5FA259439DCFFAA1 ] C:\Windows\System32\msasn1.dll
00:01:59.0842 0x0530 C:\Windows\System32\msasn1.dll - ok
00:01:59.0857 0x0530 [ 36D755FFED947A08B1650ACE9644FAB8, B37629A1EB7B3E1AC6C9164A5B7FDEAF8A3B4629B732CD885089BDB3BEE31CF5 ] C:\Windows\SysWOW64\lpk.dll
00:01:59.0857 0x0530 C:\Windows\SysWOW64\lpk.dll - ok
00:01:59.0857 0x0530 [ BD321B58C0CC6C8196F8CF4EE226E830, 592D62425AFCF37E10088202B9DD01C22C20A9D4F5F562006D407B8B26CDBB3F ] C:\Windows\SysWOW64\normaliz.dll
00:01:59.0857 0x0530 C:\Windows\SysWOW64\normaliz.dll - ok
00:01:59.0873 0x0530 [ 436188BB139D51E4A763D1D356C90EE3, 2E3504B78C96B535AFC5CED3D162E5FFFD70AF572196CDBC45EB8FF126F17DC9 ] C:\Windows\System32\Drivers\hidparse.sys
00:01:59.0873 0x0530 C:\Windows\System32\Drivers\hidparse.sys - ok
00:01:59.0889 0x0530 [ 771BE60F1899D8E43CF563162A8A2FBB, E846915CEE1792E23A4A5095684D3D1DE408BED68772958E08F16CD38EFD09AA ] C:\Windows\System32\Drivers\hidclass.sys
00:01:59.0889 0x0530 C:\Windows\System32\Drivers\hidclass.sys - ok
00:01:59.0920 0x0530 [ 590B6F71BCDA4368B4BF7D8DF22B60F7, 5CED8ACCBBF373607A8CEC81E9F9856C450A73A969E07DF3218B85F444CA7D3F ] C:\Windows\System32\Drivers\hidusb.sys
00:01:59.0920 0x0530 C:\Windows\System32\Drivers\hidusb.sys - ok
00:01:59.0935 0x0530 [ AAF79606645C4D72B47074A0FB597677, 40CFF5319DE0E0932466F921984112DFB32BEFC99A62C5ECB85687973E570E35 ] C:\Windows\System32\win32k.sys
00:01:59.0935 0x0530 C:\Windows\System32\win32k.sys - ok
00:01:59.0951 0x0530 [ 0D9F14739D05F8B8B028B539FC6F1F29, 07751B8D090F4E159C0E38FB569B3C781DC8AAF0CE5A9505AC4F37265B5F4654 ] C:\Windows\System32\csrss.exe
00:01:59.0951 0x0530 C:\Windows\System32\csrss.exe - ok
00:01:59.0967 0x0530 [ F77177F6C95B2116EE7AD23B5EF57007, 646E345DE5AFF26B338E17BC9D03D0EDA5608DF77D7685DE7AFF6E4113B9EB87 ] C:\Windows\System32\Drivers\USBSTOR.SYS
00:01:59.0967 0x0530 C:\Windows\System32\Drivers\USBSTOR.SYS - ok
00:01:59.0982 0x0530 [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\System32\basesrv.dll
00:01:59.0982 0x0530 C:\Windows\System32\basesrv.dll - ok
00:01:59.0982 0x0530 [ 1C510F9C2DB7393468EB789A96DAAFA8, ED20E82B4754BA3B93F70E85890505E6C3177C72B7F5BDC3AA465DB236CF0834 ] C:\Windows\System32\csrsrv.dll
00:01:59.0982 0x0530 C:\Windows\System32\csrsrv.dll - ok
00:01:59.0998 0x0530 [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] C:\Windows\System32\Drivers\mouclass.sys
00:01:59.0998 0x0530 C:\Windows\System32\Drivers\mouclass.sys - ok
00:02:00.0013 0x0530 [ CB2527B8B87D83E56FBF3944BBB6F606, F8DA5AF97B91099C58E14D1DACBCA02AF8F193E53A88DDC8CC4C0655A2E4F90B ] C:\Windows\System32\Drivers\mouhid.sys
00:02:00.0013 0x0530 C:\Windows\System32\Drivers\mouhid.sys - ok
00:02:00.0029 0x0530 [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\System32\winsrv.dll
00:02:00.0029 0x0530 C:\Windows\System32\winsrv.dll - ok
00:02:00.0045 0x0530 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935, CC3F4E09F8834C7293B607446FECFE3CBB9B9151E65AAD38E2A4A8B30244DE14 ] C:\Windows\System32\Drivers\monitor.sys
00:02:00.0045 0x0530 C:\Windows\System32\Drivers\monitor.sys - ok
00:02:00.0060 0x0530 [ F14D77B1B3347ED08272B65A3F80B4CE, 355875455F744C2E02C7C9934636F8CD82ACB22DD86A81B05D093A0DFB562A4E ] C:\Windows\System32\tsddd.dll
00:02:00.0060 0x0530 C:\Windows\System32\tsddd.dll - ok
00:02:00.0076 0x0530 [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\System32\sxssrv.dll
00:02:00.0076 0x0530 C:\Windows\System32\sxssrv.dll - ok
00:02:00.0091 0x0530 [ 4C7303709714F589A0809AC82F03CA84, 6D2BF13F52831C48A26A74FEB6458EDB4C578292C1B79AF419BF0BE9CA9A88FA ] C:\Windows\System32\profapi.dll
00:02:00.0091 0x0530 C:\Windows\System32\profapi.dll - ok
00:02:00.0107 0x0530 [ FE9AB232B56A12224E8A3F3F9878C9A3, 09326E764DAF190D1A888E6E4786FAE471EF93BEFB03ABB405357F6DED5F9ABC ] C:\Windows\System32\wininit.exe
00:02:00.0107 0x0530 C:\Windows\System32\wininit.exe - ok
00:02:00.0123 0x0530 [ FD777FE5B879BC921ED01A647143D709, 215DC626F3DEA5CA4C60D87CAD8B3167ED0C82A5316177B052A51DE9A494020A ] C:\Windows\System32\KBDUS.DLL
00:02:00.0123 0x0530 C:\Windows\System32\KBDUS.DLL - ok
00:02:00.0138 0x0530 [ 8144BCD1736C3C76978B8378556CA746, 4E1FE0847716C697360E3601CB6D842599DCD46C853C06D480BB66463D95F0D2 ] C:\Windows\System32\wininitext.dll
00:02:00.0138 0x0530 C:\Windows\System32\wininitext.dll - ok
00:02:00.0154 0x0530 [ 8D46D6195A59F6DBE993385D6B26B5C7, EEE7902C8A11B2E3F68908868E97BD3A7623F99010E9264F2B66C76C23F18FAC ] C:\Windows\System32\cdd.dll
00:02:00.0154 0x0530 C:\Windows\System32\cdd.dll - ok
00:02:00.0169 0x0530 [ BCF2036A0DD579E47C008C133550283E, 52F95F4A253C431221852FA0E0FB9AB94752FDEE597750949460C74242887B09 ] C:\Windows\System32\winlogon.exe
00:02:00.0169 0x0530 C:\Windows\System32\winlogon.exe - ok
00:02:00.0185 0x0530 [ 10564D7D4FBAABDB826E9D607679C85F, 1E85B8F5A24CB9261A55BF9D16B365D1DC5F36EC409E6086481F736FD60AB08C ] C:\Windows\System32\WlS0WndH.dll
00:02:00.0185 0x0530 C:\Windows\System32\WlS0WndH.dll - ok
00:02:00.0185 0x0530 [ EF72CFB67C73A8751F3BC4F4C98EAD4C, 47A0E97C24FBBEA83954C32FCA98D69B5DF1CC59DA020030018CB9E23E7A8F69 ] C:\Windows\System32\powrprof.dll
00:02:00.0185 0x0530 C:\Windows\System32\powrprof.dll - ok
00:02:00.0201 0x0530 [ 7679414791657155EDF45D388325BEFE, 70467B3284BF0E85E4BD25E702D60C6299621B2FEE2CBB764BC1D4F78285EA67 ] C:\Windows\System32\sxs.dll
00:02:00.0201 0x0530 C:\Windows\System32\sxs.dll - ok
00:02:00.0216 0x0530 [ C0FAB7DDA13CE5593A48B40056AA278D, 7CDA1C4A43E25A284B8DE20E6065199BC6569EF6BAB5D034A73DA3B559D65ABF ] C:\Windows\System32\samcli.dll
00:02:00.0216 0x0530 C:\Windows\System32\samcli.dll - ok
00:02:00.0232 0x0530 [ 9D7EAFBAD213566D70BAE9A14B847666, 9E181A029835789C449D6D756F5CDFCA3712A393DEEA96831DB2AAC12B1169D1 ] C:\Windows\System32\winsta.dll
00:02:00.0232 0x0530 C:\Windows\System32\winsta.dll - ok
00:02:00.0247 0x0530 [ 2577AEA213B0B70FF5B4E3D180E66B11, A5C6D937BF2FE09FE63FD87528F853567A40C94AEC492E9F9B9CA9D9121B07D2 ] C:\Windows\System32\cryptbase.dll
00:02:00.0247 0x0530 C:\Windows\System32\cryptbase.dll - ok
00:02:00.0263 0x0530 [ E8001E0F56F0B0F5D204EF865F47372B, 6B1A23443F4F9737CB654AD7257968C080958C1AA5C0615DCD2A00BA9278259F ] C:\Windows\System32\wtsapi32.dll
00:02:00.0263 0x0530 C:\Windows\System32\wtsapi32.dll - ok
00:02:00.0279 0x0530 [ 7F4E2FB897E35952C5B22BE48047FCA8, 68E1AA815C667C0CBAA931D27746F8544943E51398D798D027C24A44EA2A64A2 ] C:\Windows\System32\bcryptprimitives.dll
00:02:00.0279 0x0530 C:\Windows\System32\bcryptprimitives.dll - ok
00:02:00.0294 0x0530 [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\System32\services.exe
00:02:00.0294 0x0530 C:\Windows\System32\services.exe - ok
00:02:00.0310 0x0530 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] C:\Windows\System32\lsass.exe
00:02:00.0310 0x0530 C:\Windows\System32\lsass.exe - ok
00:02:00.0325 0x0530 [ 90BEE4B9728DDCF9787100CB8A04815C, 036D94C59ECF3A9C1EF193AA66CEFC384B628D1F36BBE1648FDF8F1778659AE2 ] C:\Windows\System32\sspisrv.dll
00:02:00.0325 0x0530 C:\Windows\System32\sspisrv.dll - ok
00:02:00.0341 0x0530 [ D1AEFA79EE1EE089D03249BE581D5DD6, E8A41BB6004F10AA829F7DD348F3349FB891B28F7CCE6E6AFC237D9A21EB07F3 ] C:\Windows\System32\sspicli.dll
00:02:00.0341 0x0530 C:\Windows\System32\sspicli.dll - ok
00:02:00.0357 0x0530 [ D293F2E8CEE73B87B04790D5169C0F25, 6B05D92ACC59FC1FBEAE0E31298F72ED4FF9E2BE2D8263F848057F15A033EF8F ] C:\Windows\System32\lsasrv.dll
00:02:00.0357 0x0530 C:\Windows\System32\lsasrv.dll - ok
00:02:00.0372 0x0530 [ ECFC9AF8D1A6E16223E1B17EA732FA08, BF74E48E2F14DCBA257473FCCEC3E512C7283335610205E3B84CB16449E86335 ] C:\Windows\System32\scext.dll
00:02:00.0372 0x0530 C:\Windows\System32\scext.dll - ok
00:02:00.0388 0x0530 [ 8A6CAF25365FDF2432054C672885917E, 91B70BCA392C402162191B6AFB4C603C27ED4A6FA51253B42070B8BB31EAC2C8 ] C:\Windows\System32\ubpm.dll
00:02:00.0388 0x0530 C:\Windows\System32\ubpm.dll - ok
00:02:00.0388 0x0530 [ 79FE8418CD57C9E2BDDC2FB0CC2BFB05, 5EDFBE6A86A3D70CAD80E0E1875D01DAFA3F5A69591A60E20A1984B0C38C7C36 ] C:\Windows\System32\samsrv.dll
00:02:00.0388 0x0530 C:\Windows\System32\samsrv.dll - ok
00:02:00.0403 0x0530 [ DF8111BDC2F35006F0CD471A2CC65665, 9469D6E40D6F66E3171CD1C7765DC2E6CC0D62699B64A68AD04C6CED21CA126A ] C:\Windows\System32\SPInf.dll
00:02:00.0403 0x0530 C:\Windows\System32\SPInf.dll - ok
00:02:00.0419 0x0530 [ D71A882FE7A74F01B92F6A2C74305E45, B8E7A987B58DED89CC6423E286E052A110B0448EC9E15B9E00FD8303C192A5D2 ] C:\Windows\System32\srvcli.dll
00:02:00.0419 0x0530 C:\Windows\System32\srvcli.dll - ok
00:02:00.0435 0x0530 [ E3D5F59826899393970533A8E6AB34EE, 1FE5E545C1CDE06843B8E79FA378A7D6DFAF438CBEEF886D8035E56B45A45FA5 ] C:\Windows\System32\bcrypt.dll
00:02:00.0435 0x0530 C:\Windows\System32\bcrypt.dll - ok
00:02:00.0450 0x0530 [ EA697BA99655FA048BB297EE9A3CCBC7, 1AD4B8717B41AA79D5AAC5E49619DAB3FBFA528B4B20A037317B5C465F78F040 ] C:\Windows\System32\ncrypt.dll
00:02:00.0450 0x0530 C:\Windows\System32\ncrypt.dll - ok
00:02:00.0466 0x0530 [ A6FE1FCAB4AC686D6BD7884B317935F7, 08B3BD92505F781E23AA823E9F34D4F49033EAE13FD75A4C47DD81BBA7BA385C ] C:\Windows\System32\ntasn1.dll
00:02:00.0466 0x0530 C:\Windows\System32\ntasn1.dll - ok
00:02:00.0481 0x0530 [ 39084062AB7B7CA19DBF0AA4581D833B, F70757667060222A94037D4B62FA236B6EFC5D4CD72559F8F21F562002D93B83 ] C:\Windows\System32\msprivs.dll
00:02:00.0481 0x0530 C:\Windows\System32\msprivs.dll - ok
00:02:00.0497 0x0530 [ 21AA2C2564DDB9F3B83CE322D9E97F9C, 492B583B3182DF3B80C2E237DD77656711FACFB97A19F8F3E52A9E34E6F2D1DB ] C:\Windows\System32\netjoin.dll
00:02:00.0497 0x0530 C:\Windows\System32\netjoin.dll - ok
00:02:00.0513 0x0530 [ 058B0CDA8E19AF2A7E6CFA7604BB8D14, D0F645CB1F43A998C97FAEFAE511A752DECF5C82588A1E8EDB29DE96618DA0AE ] C:\Windows\System32\cryptdll.dll
00:02:00.0513 0x0530 C:\Windows\System32\cryptdll.dll - ok
00:02:00.0528 0x0530 [ 016EDF8CF3BC0428F9A910637E918808, AC099B0BC04A6F4A2599E3305FA1E1FB3B90E4B4D71F37C616AE8B9C3A20B12A ] C:\Windows\System32\negoexts.dll
00:02:00.0528 0x0530 C:\Windows\System32\negoexts.dll - ok
00:02:00.0544 0x0530 [ 1654B23B029698077A59469E6AC93A99, 574706E7B023FED05BEE97A2C6BE5BC4F0893A28BB77CA7CC356CF532AFBF8D1 ] C:\Windows\System32\kerberos.dll
00:02:00.0544 0x0530 C:\Windows\System32\kerberos.dll - ok
00:02:00.0544 0x0530 [ 8F9F55C4B857E35552D78A2AAF1BADF9, D5F17DEB76C4B96177798C15C81A34FC0A7EB9DBF70A92395BBF5083FCF215E7 ] C:\Windows\System32\cryptsp.dll
00:02:00.0544 0x0530 C:\Windows\System32\cryptsp.dll - ok
00:02:00.0560 0x0530 [ 1AC307A2F7317007BC382046B3835202, A1FC763F34D12872C76551A66BBD8DED07DF55712F54773372FE6B4F27BC8DF5 ] C:\Windows\System32\mswsock.dll
00:02:00.0560 0x0530 C:\Windows\System32\mswsock.dll - ok
00:02:00.0575 0x0530 [ 4543E23FF678CA9D2C943A45B5B82A17, 1025FEF57E115A84217BE0F0DAFE0F2FA65F69F1C7FF0103FAE82816696B419B ] C:\Windows\System32\msv1_0.dll
00:02:00.0575 0x0530 C:\Windows\System32\msv1_0.dll - ok
00:02:00.0591 0x0530 [ FDC70965F0FC9DFEBC919627DED5DDFF, 54ED1E203720963982706F0D402449059A0C6057A771A72903122A3C41BF5E14 ] C:\Windows\System32\netlogon.dll
00:02:00.0591 0x0530 C:\Windows\System32\netlogon.dll - ok
00:02:00.0606 0x0530 [ B16A14270DB26838B48A06835FDBBFB4, E12D0314E4F09FBA9CC85D7191ADDFE70F6419AA120FFC6C14E0F3B5FFB68195 ] C:\Windows\System32\dnsapi.dll
00:02:00.0606 0x0530 C:\Windows\System32\dnsapi.dll - ok
00:02:00.0622 0x0530 [ 113E9BB020461D5F9D0C0C6EA29C513F, BA8F05244F9F500026D647C3329FE965119DE9E6E20AEF20ED6A806CC9AACC17 ] C:\Windows\System32\logoncli.dll
00:02:00.0622 0x0530 C:\Windows\System32\logoncli.dll - ok
00:02:00.0638 0x0530 [ 72FCEDD4EEE5F1C38F84F0947A26950E, 9B9A14632160346B69973CDAA38D8EC6D5648E161C3ABE984159CB9EADD74093 ] C:\Windows\System32\userenv.dll
00:02:00.0638 0x0530 C:\Windows\System32\userenv.dll - ok
00:02:00.0653 0x0530 [ 6847834F846A4CF1CD4FC86334B4879D, 217B27867A0BAB98814CD6F66C281147D33492D39DFEDBDF0552CAC624C1F0A9 ] C:\Windows\System32\schannel.dll
00:02:00.0653 0x0530 C:\Windows\System32\schannel.dll - ok
00:02:00.0669 0x0530 [ 0DFEBCD834EF05A112BF90F8A7993212, 0059B928F19C832DE87B515D64E4D51DA5D8A4E221444CDA2AC0EA6356E1B2D1 ] C:\Windows\System32\wdigest.dll
00:02:00.0669 0x0530 C:\Windows\System32\wdigest.dll - ok
00:02:00.0684 0x0530 [ BB4FCE5019D973A8BA038A03C7ECECDD, 2981F6E626C582965CBED2D9DFD6C9D575D4298DB4DA67DFDDCD860F49AE3700 ] C:\Windows\System32\rsaenh.dll
00:02:00.0684 0x0530 C:\Windows\System32\rsaenh.dll - ok
00:02:00.0700 0x0530 [ CC6D17EDB5B1C73523E4B7D6EB7BBC09, BBFC18708273C7D2E34FFD4F63A7D86C3E0BA3BE3A35CB2C773440EE77E67CAE ] C:\Windows\System32\TSpkg.dll
00:02:00.0700 0x0530 C:\Windows\System32\TSpkg.dll - ok
00:02:00.0715 0x0530 [ 0059D2032BCA18EBBC03D6D1308892F6, AE1C8DBCBAE564D9814C6AFB52C2B9A493FCC9BC9E789DAD080132828FD09280 ] C:\Windows\System32\pku2u.dll
00:02:00.0715 0x0530 C:\Windows\System32\pku2u.dll - ok
00:02:00.0715 0x0530 [ 5B92CE37EBE65A5424074E50C48AA52E, 1B8679051E25E06E76B539AECFAD4E700A8A2ADDE9C2E6EC949FE68FC456E09A ] C:\Windows\System32\livessp.dll
00:02:00.0715 0x0530 C:\Windows\System32\livessp.dll - ok
00:02:00.0731 0x0530 [ D8BEFDDADA7125E5A4DD37EA5AC620D9, E91E26353E2151C755C5D5B4F25084F0CEF688A9F1CA7FF309C57C607BCF9DF4 ] C:\Windows\System32\efslsaext.dll
00:02:00.0731 0x0530 C:\Windows\System32\efslsaext.dll - ok
00:02:00.0747 0x0530 [ 2F5E3751FAB4AE994262E2FB9CEDC885, 6B2429CF621D05D72CBF38163C92BC9508D72EB5D4951382321A16859CE871FA ] C:\Windows\System32\dpapisrv.dll
00:02:00.0747 0x0530 C:\Windows\System32\dpapisrv.dll - ok
00:02:00.0762 0x0530 [ 8EA33056071F6EB7A97C68E978F01573, 0A3FEF2C7B00CB6DE1CA6216BE06C6F3D61B15CC3A06F9B0F1BCB8C1443A25EA ] C:\Windows\System32\credssp.dll
00:02:00.0762 0x0530 C:\Windows\System32\credssp.dll - ok
00:02:00.0778 0x0530 [ C0D0F60B47079C2AAD30B836326313F4, 0EB155BCA65D4B7FBE3DCB12832DEE555449ED21D403EBE6CED1F1B9B81A7FE4 ] C:\Windows\System32\scesrv.dll
00:02:00.0778 0x0530 C:\Windows\System32\scesrv.dll - ok
00:02:00.0794 0x0530 [ 4F6E1CA672370A9BCAC049CE3AB7F666, E984A9803615B2C90933694B65A7D9B95919680F29354B9E93126889BE2BF5B4 ] C:\Windows\System32\scecli.dll
00:02:00.0794 0x0530 C:\Windows\System32\scecli.dll - ok
00:02:00.0809 0x0530 [ 0D7B278E91F0F07BBC4DFDF634BEFDB5, 3EC751DE5364FB5F4B965338A4F741625C5EB85187419B7242EA9678C6250148 ] C:\Windows\System32\authz.dll
00:02:00.0809 0x0530 C:\Windows\System32\authz.dll - ok
00:02:00.0825 0x0530 [ E17EA93682D88F1CE94CCE2A804FA691, DDD2A8EB5100EA96983FFBC38097EC5C4BEB9E3335D3A124261776A2E4981FDC ] C:\Windows\System32\netutils.dll
00:02:00.0825 0x0530 C:\Windows\System32\netutils.dll - ok
00:02:00.0840 0x0530 [ EDE27EACE742EE2888C5DD36400A2EC0, 4AE0C5191FE9D93E1BE2B99C0C64BF3CA43272CD66003139476192F946F0BEC4 ] C:\Windows\System32\svchost.exe
00:02:00.0840 0x0530 C:\Windows\System32\svchost.exe - ok
00:02:00.0856 0x0530 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] C:\Windows\System32\umpnpmgr.dll
00:02:00.0856 0x0530 C:\Windows\System32\umpnpmgr.dll - ok
00:02:00.0856 0x0530 [ 0CE9A21C24E62DFD77E273B56B11C2C7, 5380B306AAE6BE15472874994DA013D43D10F3BF637C81DA2E5AD05C0DC7EECA ] C:\Windows\System32\devrtl.dll
00:02:00.0856 0x0530 C:\Windows\System32\devrtl.dll - ok
00:02:00.0871 0x0530 [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] C:\Windows\System32\umpo.dll
00:02:00.0871 0x0530 C:\Windows\System32\umpo.dll - ok
00:02:00.0887 0x0530 [ 58CE8F135CC6F3271603A8BB094B1967, A47AD0441433A583766A90117176C8ECB42D9ACE4AA6B593010C2140395A8A8F ] C:\Windows\System32\umpoext.dll
00:02:00.0887 0x0530 C:\Windows\System32\umpoext.dll - ok
00:02:00.0903 0x0530 [ 5C2758C697F6EC1C3771902D5FDF8079, 1A1BC2B91181D4B9F6B05A7A25E73FAF86C89DE6C246D75C6497CCB784D53C78 ] C:\Windows\System32\gpapi.dll
00:02:00.0903 0x0530 C:\Windows\System32\gpapi.dll - ok
00:02:00.0918 0x0530 [ 2BA42F109B70D10E2F12072AD5BFFE27, ACB02141234D0D83899602F192AF55BDEACC33D14362A97CDDEC971F9B2EB59A ] C:\Windows\System32\hid.dll
00:02:00.0918 0x0530 C:\Windows\System32\hid.dll - ok
00:02:00.0934 0x0530 [ 61A8BF961A244C60697814D8CC2741FA, 1F67DEC687A6FDBDC62E5CB52CC177673A601676605949B6F2132AC3BCEFA054 ] C:\Windows\System32\pcwum.dll
00:02:00.0934 0x0530 C:\Windows\System32\pcwum.dll - ok
00:02:00.0949 0x0530 [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] C:\Windows\System32\Drivers\luafv.sys
00:02:00.0949 0x0530 C:\Windows\System32\Drivers\luafv.sys - ok
00:02:00.0965 0x0530 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] C:\Windows\System32\rpcss.dll
00:02:00.0965 0x0530 C:\Windows\System32\rpcss.dll - ok
00:02:00.0981 0x0530 [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] C:\Windows\System32\RpcEpMap.dll
00:02:00.0981 0x0530 C:\Windows\System32\RpcEpMap.dll - ok
00:02:00.0981 0x0530 [ 587089B7A93F3DE43832F3DBDD8F4653, 9A026D63576454ECF009E09809E09B75874E43B78C031F64C31012A871CAF91D ] C:\Windows\System32\RpcRtRemote.dll
00:02:00.0981 0x0530 C:\Windows\System32\RpcRtRemote.dll - ok
00:02:00.0996 0x0530 [ A57BA284F5996FFD32DCDBC41A4657DB, 2106B83873A824BC83EF42FAC9DD9A0F741209535A84AE65EA8E786519920043 ] C:\Windows\System32\lsm.dll
00:02:00.0996 0x0530 C:\Windows\System32\lsm.dll - ok
00:02:01.0012 0x0530 [ 43197AE4DF1F8D5A95C5134C81B05FB9, 5D8BED8631B8395BEE30123BD15FA082C4C75A3799FB3CE07C1873D2A85F928F ] C:\Windows\System32\FirewallAPI.dll
00:02:01.0012 0x0530 C:\Windows\System32\FirewallAPI.dll - ok
00:02:01.0027 0x0530 [ 2383FFF04B78586DB2F78E82583F630A, 35081F9BDC2D1FFECAAF9DF974D75416A769722643650F2752BB32DA6F9D84FF ] C:\Windows\System32\sysntfy.dll
00:02:01.0027 0x0530 C:\Windows\System32\sysntfy.dll - ok
00:02:01.0043 0x0530 [ E5D1CB25AB7050FE4A4397089BE2AA09, 4806EC7A712E28FF8B473EE71E22CD8B73CA5249C51640F58B4A9A683350CBD4 ] C:\Windows\System32\wmsgapi.dll
00:02:01.0043 0x0530 C:\Windows\System32\wmsgapi.dll - ok
00:02:01.0059 0x0530 [ 975398A3D2C1FEA73FC93931978DF354, 623E66E79BF16AC82E5DD579B1D50AA1A884FAFC042C3C8A1B503C97A84098DF ] C:\Windows\System32\bisrv.dll
00:02:01.0059 0x0530 C:\Windows\System32\bisrv.dll - ok
00:02:01.0074 0x0530 [ 73BC115720CB5D6F2FF0F7B4A9C58DF1, 45EE00014210AF8B346B295440F32867747D23B5B3AEE6BD44CF27263BA92D3E ] C:\Windows\System32\UXInit.dll
00:02:01.0074 0x0530 C:\Windows\System32\UXInit.dll - ok
00:02:01.0090 0x0530 [ 066FE80AE0AC570822EB37970E27EA1D, C621030A577AFCF3246811DF9BFA6A9937082B75C7B025169205A456D6D1064C ] C:\Windows\System32\psmsrv.dll
00:02:01.0090 0x0530 C:\Windows\System32\psmsrv.dll - ok
00:02:01.0105 0x0530 [ CDE105E44DB12F536B05086EA1054555, 30E07F1240FEECCC41C7330F03F51F7C6AA4A009F9C414097777CEC025891396 ] C:\Windows\System32\uxtheme.dll
00:02:01.0105 0x0530 C:\Windows\System32\uxtheme.dll - ok
00:02:01.0121 0x0530 [ 15223ECAD7D688273DADA63ADA8B6BBA, 4E6261A8E89CF0491FAE680C9A842D46E4C693300D7DA7412AF02728486CDFFF ] C:\Windows\System32\atiesrxx.exe
00:02:01.0121 0x0530 C:\Windows\System32\atiesrxx.exe - ok
00:02:01.0137 0x0530 [ 52576C623E5877D6CD73479610A532C2, 58D8596659AFF4E68F1C8D21042D4DB00227A4B07BB3470B3CF5BE1B5950D3BD ] C:\Windows\System32\dpapi.dll
00:02:01.0137 0x0530 C:\Windows\System32\dpapi.dll - ok
00:02:01.0152 0x0530 [ 11EA2B2C58E38BDBBEC4298BCEE40A59, BE7EB8717B6E82879398058E85F4B58969C469B4FC14EE4B8B174B13D7F0487B ] C:\Windows\System32\wevtsvc.dll
00:02:01.0152 0x0530 C:\Windows\System32\wevtsvc.dll - ok
00:02:01.0168 0x0530 [ FAD009934DE5E8FA2511109B2349B9B1, DBAA161E24CD91DD15F135469556E8569DCCC47A8AC52F5196996F72EDACAC54 ] C:\Windows\System32\LogonUI.exe
00:02:01.0168 0x0530 C:\Windows\System32\LogonUI.exe - ok
00:02:01.0184 0x0530 [ 0CBF0748B3F6C978233BBDD1D9D6A023, 7AE78B94A0D3974A3B4C3EB6C4F08C3A8003E6961B4A1175EC6A7788C148692F ] C:\Windows\System32\dwm.exe
00:02:01.0184 0x0530 C:\Windows\System32\dwm.exe - ok
00:02:01.0199 0x0530 [ 064FEE2A4EEE419868FE409C4C065A24, 91E7286A1F48354FC37A895501236A253D724BC943091F62BE4DF618B0897FCE ] C:\Windows\System32\authui.dll
00:02:01.0199 0x0530 C:\Windows\System32\authui.dll - ok
00:02:01.0215 0x0530 [ 849958533A0CB20B5B738CA963A81EAF, C4A3A04076CB0B47F3D6FE5A87EABB7BF3856AD8E691284E0D61157B45E9CCA0 ] C:\Windows\System32\dwmredir.dll
00:02:01.0215 0x0530 C:\Windows\System32\dwmredir.dll - ok
00:02:01.0230 0x0530 [ 65F870703D4DC0FC382C23EB2A609252, E5B6F34AF4F102B89BAED17B682C283E6D4B0F50F5D0DBD834FB1D2949C5B6F0 ] C:\Windows\System32\dwmcore.dll
00:02:01.0230 0x0530 C:\Windows\System32\dwmcore.dll - ok
00:02:01.0246 0x0530 [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] C:\Windows\System32\profsvc.dll
00:02:01.0246 0x0530 C:\Windows\System32\profsvc.dll - ok
00:02:01.0246 0x0530 [ BF81D887348C8DD9E45B08F3718F7D96, 469534F8BD42B7C3C0B6E4DDCCF85EE1D533D531F65A151F8FA81BC3DEC2276A ] C:\Windows\System32\SHCore.dll
00:02:01.0246 0x0530 C:\Windows\System32\SHCore.dll - ok
00:02:01.0262 0x0530 [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] C:\Windows\System32\gpsvc.dll
00:02:01.0262 0x0530 C:\Windows\System32\gpsvc.dll - ok
00:02:01.0277 0x0530 [ B1256D36D6D415FB924A26957A83C2CB, 24058235181F322D76D138BC0413474FD399DED2FE522F843DF5611A2A75364F ] C:\Windows\System32\dcomp.dll
00:02:01.0277 0x0530 C:\Windows\System32\dcomp.dll - ok
00:02:01.0293 0x0530 [ 80E5C64479952266CCFCF52CBBBE84DC, A6A94784396A7DB55C2239D02C5D315022FE67F0E8EA1A4107756DEDBCA6CBAE ] C:\Windows\System32\dui70.dll
00:02:01.0293 0x0530 C:\Windows\System32\dui70.dll - ok
00:02:01.0308 0x0530 [ C6D71F42C6CB7F3AECFEDC1C0DDE8232, FEC69FDA873BEBF409108A3CDED953C8174AAA494512CA366713C4C52C633A71 ] C:\Windows\System32\WindowsCodecs.dll
00:02:01.0308 0x0530 C:\Windows\System32\WindowsCodecs.dll - ok
00:02:01.0324 0x0530 [ F0C56FAF38A244599CBC173D581E27FC, 6F2A2DDB435E52450C60B4432D1020088ABFAFCD2D06697FC24D39CC6CA08509 ] C:\Windows\System32\nlaapi.dll
00:02:01.0324 0x0530 C:\Windows\System32\nlaapi.dll - ok
00:02:01.0339 0x0530 [ 91E1A704990CEE32FFFBDF8AB8C258E4, 7FAC1A8A21E7C4F15F54F882CA2166B4C2BD92C52D691824F54F37D7A9283B00 ] C:\Windows\System32\dsrole.dll
00:02:01.0339 0x0530 C:\Windows\System32\dsrole.dll - ok
00:02:01.0355 0x0530 [ 38082C25FC60B10977AC729127A4463D, 4F6D3DCD33C6DA86E8AF74DADDBB78B87AB09627EAFF5193EA94C84747A8BF5A ] C:\Windows\System32\dwmapi.dll
00:02:01.0355 0x0530 C:\Windows\System32\dwmapi.dll - ok
00:02:01.0371 0x0530 [ 91F2CB5172B120F7BE0645882D4427C8, 6C7BD71AAC26C4244C96EDEBB47CF93638D2C28C8A85012814A31A31173D081F ] C:\Windows\System32\profsvcext.dll
00:02:01.0371 0x0530 C:\Windows\System32\profsvcext.dll - ok
00:02:01.0386 0x0530 [ 6CB5B0F8F835B0E69857436405BA6E28, 8D166C6C9340F8E0785A24751AC52C83E1BA3E2A6C48F6513676B40364C0080F ] C:\Windows\System32\d3d10_1.dll
00:02:01.0386 0x0530 C:\Windows\System32\d3d10_1.dll - ok
00:02:01.0402 0x0530 [ 3951ECF063787EB40CD33D2961B39E23, 40818482DF1EB61A0E077A0EC8B7D9B024BBC4BBD6509E985C40B3575FDCBCC0 ] C:\Windows\System32\d3d10_1core.dll
00:02:01.0402 0x0530 C:\Windows\System32\d3d10_1core.dll - ok
00:02:01.0402 0x0530 [ BB6591EA99CBCD17989CBF04214DD7E8, 860ED35BE8697B7ED89E8BC1A6AECE5F40FBF9CD2B0C10B4E510C88DB6795661 ] C:\Windows\System32\ntdsapi.dll
00:02:01.0417 0x0530 C:\Windows\System32\ntdsapi.dll - ok
00:02:01.0417 0x0530 [ ABA350274707D09D91826ED8EAF886B5, 2C16EBF9FCD61780CBE24A8FF342F508CA8A2828891F44E10C0388BDEB3D0AA6 ] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll
00:02:01.0417 0x0530 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f\comctl32.dll - ok
00:02:01.0433 0x0530 [ F235600515AD6CBE06DB440FBB7C8E01, F5241F9388EC8D7C470DCEC07E4B307B80CB55DC9FF5638A2EB5AE32D79A6E20 ] C:\Windows\System32\atl.dll
00:02:01.0433 0x0530 C:\Windows\System32\atl.dll - ok
00:02:01.0449 0x0530 [ 02DF949C584B02FAB05868502C578D42, 18ED0FAC5DDA7B1A77B003B48D58BC41679ECC32F48CB1A180C0710E6963C30A ] C:\Windows\System32\dxgi.dll
00:02:01.0449 0x0530 C:\Windows\System32\dxgi.dll - ok
00:02:01.0464 0x0530 [ D70E930E67968D0F849333841DDBA02B, D671D8176E9AB24A294F6389D4CDB08C795D3C4E63186600412AF88EA3112CED ] C:\Windows\System32\netapi32.dll
00:02:01.0464 0x0530 C:\Windows\System32\netapi32.dll - ok
00:02:01.0480 0x0530 [ EAE1E802E8DBA1A8562652A29D520BEF, 65E1283775BCFBA12ADC50BBE7DA8BE26789BC1801E7136B936C2197A986EFDB ] C:\Windows\System32\d3d11.dll
00:02:01.0480 0x0530 C:\Windows\System32\d3d11.dll - ok
00:02:01.0496 0x0530 [ 4A945F0177124D653B5EF975D11DA9F8, 15ABE16F232F34E8539AD9E9A926067E7829AC9BAABE925F03F12029247AE56E ] C:\Windows\System32\dfscli.dll
00:02:01.0496 0x0530 C:\Windows\System32\dfscli.dll - ok
00:02:01.0511 0x0530 [ FC414C8C91848FACFD6514AEF88A5ABA, E00EF2380FEAD83A23A8720BDA16FB7218C1B8D5C5EE6FDA3B446D75364CC7A1 ] C:\Windows\System32\wkscli.dll
00:02:01.0511 0x0530 C:\Windows\System32\wkscli.dll - ok
00:02:01.0527 0x0530 [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] C:\Windows\System32\themeservice.dll
00:02:01.0527 0x0530 C:\Windows\System32\themeservice.dll - ok
00:02:01.0542 0x0530 [ 5264BDA0ACE3D560336AC2EAD0728D41, 95DA9352536ACBE64335D85B9B719B2205B98147A5AF5A49BFA88BF1DB0E361A ] C:\Windows\System32\duser.dll
00:02:01.0542 0x0530 C:\Windows\System32\duser.dll - ok
00:02:01.0558 0x0530 [ 4B249FD266D2FF17EE8809EB46A173A6, 7DA4CBC84F905BE6E76C9554642549A3D98C1BED4D3AA41E3D36FA5B27BF3E38 ] C:\Windows\System32\taskschd.dll
00:02:01.0558 0x0530 C:\Windows\System32\taskschd.dll - ok
00:02:01.0558 0x0530 [ E4410DCE9BD5904BE8992E9AD17FB1CC, 439332E200639A4D95E2D7D227377F3E7775E1F6EE856FB1870A8CDE98CCE6D0 ] C:\Windows\System32\atieclxx.exe
00:02:01.0558 0x0530 C:\Windows\System32\atieclxx.exe - ok
00:02:01.0574 0x0530 [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] C:\Windows\System32\es.dll
00:02:01.0574 0x0530 C:\Windows\System32\es.dll - ok
00:02:01.0589 0x0530 [ 46F09D226A9F0676932657A6761CEB82, EDB5AC9597817FC9F30655BF4EF441D4A7CFAFEC8AC6D1DAC39D4A2FB79E0935 ] C:\Windows\System32\d3d10warp.dll
00:02:01.0589 0x0530 C:\Windows\System32\d3d10warp.dll - ok
00:02:01.0605 0x0530 [ D39F1714D8944A0AC590B08F5A2DD0E7, 2A642B28DBE1B855D3A1E35E08C07DA4A57EA643C33EA8519611B483AF091D40 ] C:\Windows\System32\SndVolSSO.dll
00:02:01.0605 0x0530 C:\Windows\System32\SndVolSSO.dll - ok
00:02:01.0636 0x0530 [ 411DF2BD73FADE38352CCC5396D7A458, C072C5D64162A73E0931E930E7AEAF07107F2B2C37CF1285C68B71FC45235E8E ] C:\Windows\System32\atiadlxx.dll
00:02:01.0636 0x0530 C:\Windows\System32\atiadlxx.dll - ok
00:02:01.0651 0x0530 [ B5FEAE9A8C299EB6D1B6D810CDB4A9A7, 583C67C3A72BB444D9B5E0515E8AE86875331454A28403218388507DA263691A ] C:\Windows\System32\MMDevAPI.dll
00:02:01.0651 0x0530 C:\Windows\System32\MMDevAPI.dll - ok
00:02:01.0651 0x0530 [ 18EB7BBD18BAB5520988E41D69501ADB, FF2534F6CE90F9A088FC33922FC6A879757EB24A1E6CAEBC2CCB67D2AF5BB3A3 ] C:\Windows\System32\aticfx64.dll
00:02:01.0651 0x0530 C:\Windows\System32\aticfx64.dll - ok
00:02:01.0667 0x0530 [ D3F63550DCDA80A2AFB218A86A4EC5F0, E135CCE750A0D78DE392A146B07C35CBDF72F6FAFC58630CB793EBBE6AFA103C ] C:\Windows\System32\BCP47Langs.dll
00:02:01.0667 0x0530 C:\Windows\System32\BCP47Langs.dll - ok
00:02:01.0683 0x0530 [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] C:\Windows\System32\Sens.dll
00:02:01.0683 0x0530 C:\Windows\System32\Sens.dll - ok
00:02:01.0698 0x0530 [ 721CAFC7474688EFB2961726DBBF1C78, 5659D84310D783D0E36F3B5A89D70079DB355F76DEE52F43B08EEECD62B30B09 ] C:\Windows\System32\wsock32.dll
00:02:01.0698 0x0530 C:\Windows\System32\wsock32.dll - ok
00:02:01.0714 0x0530 [ 156B8769D44187090781DFA9FED1AE18, E78130BD3771344D15785D4F73012E107EAE8350D203C9DD6147993A36A548F6 ] C:\Windows\System32\SmartcardCredentialProvider.dll
00:02:01.0714 0x0530 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
00:02:01.0729 0x0530 [ 810ED88782952228AF9C0985FB7D259E, 234DE596B4A92BE5955B1D766721FBC55D853D0620BD54E1445FB199434D0052 ] C:\Windows\System32\AudioEndpointBuilder.dll
00:02:01.0729 0x0530 C:\Windows\System32\AudioEndpointBuilder.dll - ok
00:02:01.0745 0x0530 [ 37843E6888569097918544F0338BC19D, C9FCBE51494225FBEFDC8A7D863CE5FD7318E454F13D066D719F415D9F3786A4 ] C:\Windows\System32\avrt.dll
00:02:01.0745 0x0530 C:\Windows\System32\avrt.dll - ok
00:02:01.0761 0x0530 [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] C:\Windows\System32\FntCache.dll
00:02:01.0761 0x0530 C:\Windows\System32\FntCache.dll - ok
00:02:01.0776 0x0530 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] C:\Windows\System32\mmcss.dll
00:02:01.0776 0x0530 C:\Windows\System32\mmcss.dll - ok
00:02:01.0792 0x0530 [ C98F6286818474AB284144A73EC7BA6D, 34FBB46A9F1676FC977C9E624C0568589F8869D9B3CAAF7101FFCBAD91DD58EB ] C:\Windows\System32\cngcredui.dll
00:02:01.0792 0x0530 C:\Windows\System32\cngcredui.dll - ok
00:02:01.0807 0x0530 [ 3C076057F15735DDBE20415F714C3CB6, 29B00355A5D290355526B75D50A8483478639A4B9352B8D78BAFC840E9339A03 ] C:\Windows\System32\atiuxp64.dll
00:02:01.0807 0x0530 C:\Windows\System32\atiuxp64.dll - ok
00:02:01.0807 0x0530 [ 439580916E49358F8BE33005E98E4B1F, 88C7E7EB90FAD41CBDADAC2CEF0A174DB2D295F2E509A492ABEDB70FDB242C79 ] C:\Windows\System32\BioCredProv.dll
00:02:01.0807 0x0530 C:\Windows\System32\BioCredProv.dll - ok
00:02:01.0823 0x0530 [ EF630FAA4252832FD7A24BF7C756D0E9, F03A4E1EE235E063BA5F0F05266696869384E4585B69DD9634678A51A188DC0E ] C:\Windows\System32\atidxx64.dll
00:02:01.0823 0x0530 C:\Windows\System32\atidxx64.dll - ok
00:02:01.0839 0x0530 [ 25CA8B87479A374919563B3EE7136F32, 1954C7C67C6493879D431746BD311BEDBA2C54E689551D45CE1E1D67692E9FF8 ] C:\Windows\System32\audiosrv.dll
00:02:01.0839 0x0530 C:\Windows\System32\audiosrv.dll - ok
00:02:01.0854 0x0530 [ 5DCBA1A3AE7150D2B71347BDD08639ED, 1F95863F935EA963AF10D6E0A66E57F222E1ABCFAE7A9EBFD64028B7B34B8E02 ] C:\Windows\System32\version.dll
00:02:01.0854 0x0530 C:\Windows\System32\version.dll - ok
00:02:01.0870 0x0530 [ 77DA2B3F012A1F0D88F29C612F606F28, 0D98A159E1D8985D2E041456F08ED268AB18C3CBF1635BC80F006C356A4F17DA ] C:\Windows\System32\winbio.dll
00:02:01.0870 0x0530 C:\Windows\System32\winbio.dll - ok
00:02:01.0885 0x0530 [ 20A19E2D29F86B2B3AA5B2A8B96B3041, F5298BBDA3A577F4213894CEA27285F79496D5DBA41C372E84F36F7C1EA1BE2D ] C:\Windows\System32\DWrite.dll
00:02:01.0885 0x0530 C:\Windows\System32\DWrite.dll - ok
00:02:01.0901 0x0530 [ CE0884D5E82E48F0959BEE3006BEA0E1, 4D6E115B40FBEE9A11F3E989C996CD403D356B88F27DE2A5521D6A7C7F615945 ] C:\Windows\System32\certCredProvider.dll
00:02:01.0901 0x0530 C:\Windows\System32\certCredProvider.dll - ok
00:02:01.0917 0x0530 [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] C:\Windows\System32\Drivers\lltdio.sys
00:02:01.0917 0x0530 C:\Windows\System32\Drivers\lltdio.sys - ok
00:02:01.0932 0x0530 [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] C:\Windows\System32\Drivers\nwifi.sys
00:02:01.0932 0x0530 C:\Windows\System32\Drivers\nwifi.sys - ok
00:02:01.0948 0x0530 [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] C:\Windows\System32\Drivers\ndisuio.sys
00:02:01.0948 0x0530 C:\Windows\System32\Drivers\ndisuio.sys - ok
00:02:01.0963 0x0530 [ 7FA8C13A62CAEB2D84A731030DC1B866, CDDD1F4E96D215BC07FEEC79E54D42BBA8F9C3D5490A9CCB7A5F8098F45483C0 ] C:\Windows\System32\oleacc.dll
00:02:01.0963 0x0530 C:\Windows\System32\oleacc.dll - ok
00:02:01.0979 0x0530 [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] C:\Windows\System32\Drivers\rspndr.sys
00:02:01.0979 0x0530 C:\Windows\System32\Drivers\rspndr.sys - ok
00:02:01.0995 0x0530 [ 04A9D55BDCD79EBB2F32D91FE5946C28, A295750E156760FD28E02ED83E8DBA0731BD90C9374F3D735A80D7472D2FE95A ] C:\Windows\System32\IPHLPAPI.DLL
00:02:01.0995 0x0530 C:\Windows\System32\IPHLPAPI.DLL - ok
00:02:02.0010 0x0530 [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] C:\Windows\System32\lmhsvc.dll
00:02:02.0010 0x0530 C:\Windows\System32\lmhsvc.dll - ok
00:02:02.0026 0x0530 [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] C:\Windows\System32\nsisvc.dll
00:02:02.0026 0x0530 C:\Windows\System32\nsisvc.dll - ok
00:02:02.0041 0x0530 [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] C:\Windows\System32\dnsrslvr.dll
00:02:02.0041 0x0530 C:\Windows\System32\dnsrslvr.dll - ok
00:02:02.0041 0x0530 [ F28C7A1A04C73FD099CBA2441B07842D, 2680D367DF0FDEDAF88DEE6D177225701682742E8702125D8E85C4BFA520BD75 ] C:\Windows\System32\nrpsrv.dll
00:02:02.0041 0x0530 C:\Windows\System32\nrpsrv.dll - ok
00:02:02.0057 0x0530 [ D9C1E82651BF19C6FF69CEC6FD400124, 93B96481A5B26F5617B16DD775AF0F8CE9001B30251FFF58D6EF9044D5EE91CD ] C:\Windows\System32\wcmsvc.dll
00:02:02.0057 0x0530 C:\Windows\System32\wcmsvc.dll - ok
00:02:02.0073 0x0530 [ 0911A3B2DE545EA2498E560D745B7E71, 9A32494AD2D8B9166B81543A2D602AFA15944CC25084CC3F704ED93C52227FD0 ] C:\Windows\System32\winnsi.dll
00:02:02.0073 0x0530 C:\Windows\System32\winnsi.dll - ok
00:02:02.0088 0x0530 [ 1D03DD2BA438D4B3E1A0289738619056, 598DD04E851566E38496A7BC671BB0AF2D8C88BFAE1A6734AD570516AEE9F050 ] C:\Windows\System32\wlidcredprov.dll
00:02:02.0088 0x0530 C:\Windows\System32\wlidcredprov.dll - ok
00:02:02.0104 0x0530 [ EC7C1F9882A5E2F4C5391DDC43582110, AECFDC57EEFE492749B5167C16AF7773F8E19227EEDD5F5822AED494C2F49204 ] C:\Windows\System32\rasplap.dll
00:02:02.0104 0x0530 C:\Windows\System32\rasplap.dll - ok
00:02:02.0135 0x0530 [ 028A5E6B0ABDD7B2D32745C5F1D8F711, 216B96048343D0991E4F7B1EF81D39B499129EA83E6DB5E84602682C0207561C ] C:\Windows\System32\wcmcsp.dll
00:02:02.0135 0x0530 C:\Windows\System32\wcmcsp.dll - ok
00:02:02.0135 0x0530 [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] C:\Windows\System32\wlansvc.dll
00:02:02.0135 0x0530 C:\Windows\System32\wlansvc.dll - ok
00:02:02.0151 0x0530 [ E2B8F9FE6FA401AEB0BDFF8ED61A7568, AF1866C4DB5904BCA4CFBA4CECA6AE478BEAE24DC83D8B13414E7B4139C9FFDE ] C:\Windows\System32\wmiclnt.dll
00:02:02.0151 0x0530 C:\Windows\System32\wmiclnt.dll - ok
00:02:02.0166 0x0530 [ 536198D1FACCF6C6F5A4D71E7EA70039, 251EB8E82D01C606AD09AFB9BAEA75A5BB31D1FB43842215EA5DE2972C94DC14 ] C:\Windows\System32\FWPUCLNT.DLL
00:02:02.0166 0x0530 C:\Windows\System32\FWPUCLNT.DLL - ok
00:02:02.0182 0x0530 [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] C:\Windows\System32\dhcpcore.dll
00:02:02.0182 0x0530 C:\Windows\System32\dhcpcore.dll - ok
00:02:02.0197 0x0530 [ 6E578460E165F14D9BA473ED54E3299B, 9C479BFC6D6D06509233A47513563E614909DE550D67BDD249B1D1BFB81CA4EA ] C:\Windows\System32\rasapi32.dll
00:02:02.0197 0x0530 C:\Windows\System32\rasapi32.dll - ok
00:02:02.0213 0x0530 [ 137BBCFB2080C5F6F4E5C4EB6314D97A, 6152A78B2E7782B502045AA94C230948340FD6720A25E44BE2F9F398F1548646 ] C:\Windows\System32\dnsext.dll
00:02:02.0213 0x0530 C:\Windows\System32\dnsext.dll - ok
00:02:02.0229 0x0530 [ 8C988C29CFB9B3673E882B4DA5EEC81D, 93C6FC9ECC08DB44FF1CE1EEB19B9C8A7D58A2B89D467EEE9223B86B55409DE1 ] C:\Windows\System32\rasman.dll
00:02:02.0229 0x0530 C:\Windows\System32\rasman.dll - ok
00:02:02.0244 0x0530 [ 4E251FE2729D6A3FCCC87DC13F823DC2, 70F2D7A4EC3E6CDAC4D644FDBCB2DB3019FF0860E336C52F9CC821DED0AA8221 ] C:\Windows\System32\rtutils.dll
00:02:02.0244 0x0530 C:\Windows\System32\rtutils.dll - ok
00:02:02.0260 0x0530 [ D142894EBEFD276A5CFE876884A6E3F9, 23C70855328491916519D9193CE066BE08BAC4ACD3486CBF4239DDD38AC3CFFA ] C:\Windows\System32\uDWM.dll
00:02:02.0260 0x0530 C:\Windows\System32\uDWM.dll - ok
00:02:02.0276 0x0530 [ 7D6BDD2A339080EFA03D9EB39398F4E6, 956CAE39979A4A7A7BFBBF5FDCF0553F3F9B0DB9D52FB33FF9135114ABB2856F ] C:\Windows\System32\wlanmsm.dll
00:02:02.0276 0x0530 C:\Windows\System32\wlanmsm.dll - ok
00:02:02.0291 0x0530 [ ACB80C69E775A1EA1D0500CE8C72FD69, 3AC431A3CE0ADF07C8BF33E9DB94F64297947E37F4CB318DE14C47245F066DC2 ] C:\Windows\System32\dhcpcore6.dll
00:02:02.0291 0x0530 C:\Windows\System32\dhcpcore6.dll - ok
00:02:02.0291 0x0530 [ EB87F1EFE1376CE0283635563026F9E0, 86AB2AB2A37996944E725B48B957C3B34E649F79708F0034A4CDDA357DDC058A ] C:\Windows\System32\dhcpcsvc6.dll
00:02:02.0291 0x0530 C:\Windows\System32\dhcpcsvc6.dll - ok
00:02:02.0307 0x0530 [ 72EC1DEF102304EE8C2E47566328F035, A16B5CBCBE9D31661FFC725D3FE28F97EF6AA5AA2FF894F43082E3447EF8EBA2 ] C:\Windows\System32\onex.dll
00:02:02.0307 0x0530 C:\Windows\System32\onex.dll - ok
00:02:02.0322 0x0530 [ 2C71C009DFAC4C6EE7795C6C042090B4, F4BA7EA954F735E9B61CCFF99D319F618FA16688191CC8ECC5D923B4DE29E554 ] C:\Windows\System32\slc.dll
00:02:02.0322 0x0530 C:\Windows\System32\slc.dll - ok
00:02:02.0338 0x0530 [ 8341C75945D37A0CA7642A47B7E79260, 3AD1C15ACFD847AC199769AE0B9634986D98E37ECC6218A67E13388AA1CE0518 ] C:\Windows\System32\dhcpcsvc.dll
00:02:02.0338 0x0530 C:\Windows\System32\dhcpcsvc.dll - ok
00:02:02.0353 0x0530 [ 855D7BA4DC79E4157651FF5B23B41FD0, 81CDD8271D5C82B847BAFD3AA26565ECF918EE5DE1B13845FC5A3626ABD42665 ] C:\Windows\System32\UIAnimation.dll
00:02:02.0353 0x0530 C:\Windows\System32\UIAnimation.dll - ok
00:02:02.0369 0x0530 [ 14D785DFBE808D9CF7B8C06884730B1D, C352EFB9B798AABC41A130ECD7E471F903EA0764411120A914CAEA0A0EE7F0C6 ] C:\Windows\System32\wlansec.dll
00:02:02.0369 0x0530 C:\Windows\System32\wlansec.dll - ok
00:02:02.0385 0x0530 [ 6684C72C745F0E5E385EEAFF3C15538F, 9EEEB59D28417C45CDDFD46566234C352D456929B8819B0D3273987F81359B19 ] C:\Windows\System32\eappprxy.dll
00:02:02.0385 0x0530 C:\Windows\System32\eappprxy.dll - ok
00:02:02.0400 0x0530 [ F2CDA4A446FD4BA2D8BAF456219C6964, A629715162FDE1E4B612436756784BCF36FEFC77270980F6A321363E462BC9C5 ] C:\Windows\System32\UIAutomationCore.dll
00:02:02.0400 0x0530 C:\Windows\System32\UIAutomationCore.dll - ok
00:02:02.0416 0x0530 [ 21E796CF2D1B8A6FAA2347B0070316CE, 6E6B2441FA1B7D64B6A26E19472686F58627AAC5D65D23A753D9DD46624C1146 ] C:\Windows\System32\winbrand.dll
00:02:02.0416 0x0530 C:\Windows\System32\winbrand.dll - ok
00:02:02.0416 0x0530 [ 36E419B92BFBF76438B8C0C4DD28B9E6, B5F6A5C3C638B7011E47BA8C120C3172680B51ECFBA7ED150C331E84AC0D64DB ] C:\Windows\System32\msxml6.dll
00:02:02.0416 0x0530 C:\Windows\System32\msxml6.dll - ok
00:02:02.0431 0x0530 [ DC774C3671FBD6FD176864AF0EBA404E, AD95E442134EC6727AF0B8EA6DF47A56196B431C88C31ECA6FDD3BDE5ED8C68D ] C:\Windows\System32\d2d1.dll
00:02:02.0431 0x0530 C:\Windows\System32\d2d1.dll - ok
00:02:02.0447 0x0530 [ 15E300200794A8FC38589B44A0B314D6, 5083ABE1F777938FB310EA7A584BE2DBFC2B74C780DDA54A6B32D71591D11F42 ] C:\Windows\System32\xmllite.dll
00:02:02.0447 0x0530 C:\Windows\System32\xmllite.dll - ok
00:02:02.0463 0x0530 [ D9AEEA13463C68BC9506342A7D15CBDA, 9E41E7937C26C5C23D167B12822891DAD3CA92A4213631DD8E62A98DFB96C6A5 ] C:\Windows\System32\wlgpclnt.dll
00:02:02.0463 0x0530 C:\Windows\System32\wlgpclnt.dll - ok
00:02:02.0478 0x0530 [ 193F8B5C8E94D2F4512868135CDB3B1A, DC548C8D0F37073E01A798AE44DD51CFB82DD7F32DBC0F046EE7E25DA3964469 ] C:\Windows\System32\l2gpstore.dll
00:02:02.0478 0x0530 C:\Windows\System32\l2gpstore.dll - ok
00:02:02.0494 0x0530 [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] C:\Windows\System32\shsvcs.dll
00:02:02.0494 0x0530 C:\Windows\System32\shsvcs.dll - ok
00:02:02.0510 0x0530 [ 047DB56D72FDC16114606B1A6576904B, A1264FC9A7891557172CADDD7BE71FD88ECE7C0AA8D441AF0170C88EB768C129 ] C:\Windows\System32\wlanapi.dll
00:02:02.0510 0x0530 C:\Windows\System32\wlanapi.dll - ok
00:02:02.0525 0x0530 [ 59FB8ADC92BF41345BD0034F02187C0E, B62D38CD939289E6547EF7D5E51FE0F44C4064CB6C75A30F3A7110F931916E41 ] C:\Windows\System32\wlanhlp.dll
00:02:02.0525 0x0530 C:\Windows\System32\wlanhlp.dll - ok
00:02:02.0541 0x0530 [ 04E866855FC3282BFEC25E8B6703FFEE, C26F167EB158C72458AE90BF0B54EC9346F29C73872719D2B481F8C409B4B8D3 ] C:\Windows\System32\netcfgx.dll
00:02:02.0541 0x0530 C:\Windows\System32\netcfgx.dll - ok
00:02:02.0556 0x0530 [ 3E5177CAE5C4325C49345B4D48626856, 5162866034888429584464245B3782FB48C1183D7AAE87DAC2ABB79F475BFC83 ] C:\Windows\System32\SubscriptionMgr.dll
00:02:02.0556 0x0530 C:\Windows\System32\SubscriptionMgr.dll - ok
00:02:02.0572 0x0530 [ 81ECD8768D3E4AD61DB7EE27401A25E9, 32166BA146CE840FC89BDDF8E4C36189637C897D0C0FC6CFB0B7AB24E94A3291 ] C:\Windows\System32\wevtapi.dll
00:02:02.0572 0x0530 C:\Windows\System32\wevtapi.dll - ok
00:02:02.0572 0x0530 [ EB4EE894AF86408776C6FD03376DEA29, 7DDBC722E40C502887A574516C1DD7BA2CC16EF0475508C35CC61036B3266420 ] C:\Windows\System32\fveapi.dll
00:02:02.0572 0x0530 C:\Windows\System32\fveapi.dll - ok
00:02:02.0588 0x0530 [ 103E609A08474C43C04FB064440FCAE7, 5621577B397F656273FF71DA7DD50B2AD40C83B2AD14FB41F91BDC92E0F70A75 ] C:\Windows\System32\shacct.dll
00:02:02.0588 0x0530 C:\Windows\System32\shacct.dll - ok
00:02:02.0603 0x0530 [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] C:\Windows\System32\Drivers\vwifimp.sys
00:02:02.0603 0x0530 C:\Windows\System32\Drivers\vwifimp.sys - ok
00:02:02.0619 0x0530 [ A22411CA36466FC676D6805B3196726E, D92974F89C61C7CCA0B1FEC4983E8D9FF107C5BE0D60251C5D37718AB952CCC1 ] C:\Windows\System32\samlib.dll
00:02:02.0619 0x0530 C:\Windows\System32\samlib.dll - ok
00:02:02.0634 0x0530 [ BA47A3E78521EC9EA4341F6FA8A75EC9, 4605269D80E7336CF56A7C95453C170E8A62EFC2CAA8B679696160D06CEAF0D7 ] C:\Windows\System32\propsys.dll
00:02:02.0634 0x0530 C:\Windows\System32\propsys.dll - ok
00:02:02.0650 0x0530 [ 8FF250BD9B3AC4D9D3F325570F901F36, B9324A54D9C6074E7A9AE0A985CFF43755FE10C310BB6E5B71A2693FDEEF19D7 ] C:\Windows\System32\fvecerts.dll
00:02:02.0650 0x0530 C:\Windows\System32\fvecerts.dll - ok
00:02:02.0665 0x0530 [ EDCDF4DB82EF825B94B190D544C8C58B, 65E316CB66893FBA852D44F6ACE0F1DA415DBADADCA838B31DF3AB6B681E33B6 ] C:\Windows\System32\schedsvc.dll
00:02:02.0665 0x0530 C:\Windows\System32\schedsvc.dll - ok
00:02:02.0681 0x0530 [ 9C09F1D54C7F391B1C3D7440AF30720A, 2CB74FE80A8AD9C05C50E2D989C0B7CBAF6C34C6FF09F61479E817503885BB04 ] C:\Windows\System32\InputSwitch.dll
00:02:02.0681 0x0530 C:\Windows\System32\InputSwitch.dll - ok
00:02:02.0697 0x0530 [ D058F369A791DD5B4DF8E7C18C0EB282, B710758473B752A6D21E93778255192F5E1C541A939D7505C1F6C417A9027FBF ] C:\Windows\System32\ktmw32.dll
00:02:02.0697 0x0530 C:\Windows\System32\ktmw32.dll - ok
00:02:02.0712 0x0530 [ F9D935D60C397809FC6E1E0676F4AC6E, B526CDE36112D17BCFF95B18663970758A25F1CC089F8B2AA492FF6E729B2815 ] C:\Windows\System32\wuaext.dll
00:02:02.0712 0x0530 C:\Windows\System32\wuaext.dll - ok
00:02:02.0728 0x0530 [ AA221DD533C7B0897B90B92AFFA45A7E, 411611DC8AD56EB92DD9D2AADE9C30E5DB33D200B9A3083BBC458D4E30C0331B ] C:\Windows\System32\taskcomp.dll
00:02:02.0728 0x0530 C:\Windows\System32\taskcomp.dll - ok
00:02:02.0744 0x0530 [ F0E5C2AACB8DFD8EF2F7A67A12CCDA5D, 8A5801FCDECF5735DC150498E7C68F4E598DDD75A9B96A1E42043E390C1B7916 ] C:\Windows\System32\IDStore.dll
00:02:02.0744 0x0530 C:\Windows\System32\IDStore.dll - ok
00:02:02.0759 0x0530 [ 3DB7FFC313BD190D0E64931302776BAF, E7F12568729DBF43323C47B4AE12F231A05B4E57D677D339E98555B01E2498B8 ] C:\Windows\System32\ntmarta.dll
00:02:02.0759 0x0530 C:\Windows\System32\ntmarta.dll - ok
00:02:02.0759 0x0530 [ 29CB98187BB5711F7759540976D295FC, 75F98F2E2CA19B637DF1FC7C4E1FCCF0C50FCEDC69E07B2AD6AE139ED8E3AE99 ] C:\Windows\System32\Drivers\http.sys
00:02:02.0759 0x0530 C:\Windows\System32\Drivers\http.sys - ok
00:02:02.0775 0x0530 [ 53B518707ECB8132E173ADAF42D68054, 53FC46B36408FB952B2B0EAB7D46B6884CFBE7F9B37B618DEC1FA70713322AEE ] C:\Windows\System32\Windows.UI.Immersive.dll
00:02:02.0775 0x0530 C:\Windows\System32\Windows.UI.Immersive.dll - ok
00:02:02.0790 0x0530 [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] C:\Windows\System32\spoolsv.exe
00:02:02.0790 0x0530 C:\Windows\System32\spoolsv.exe - ok
00:02:02.0806 0x0530 [ 4A627D948C498368B2F65A5312455520, A6AC050209DE765E6993670E7B5DC3D74029CCEEFCD5916EEAB6EBECBFD6F607 ] C:\Windows\System32\taskhost.exe
00:02:02.0806 0x0530 C:\Windows\System32\taskhost.exe - ok
00:02:02.0821 0x0530 [ 5C32C180AB29655EFDFF6B7F91271775, 0588E0B818627949BA3A51273C0B022CE5F77F4131138593A63403519173E1A4 ] C:\Windows\System32\msftedit.dll
00:02:02.0821 0x0530 C:\Windows\System32\msftedit.dll - ok
00:02:02.0837 0x0530 [ 9400C71F5A1A380B494B6922F007D485, 66C293974BA4A61A06DC26EF48D5FA5E75377F66AD1CD774AA6827FA20A5F46E ] C:\Windows\System32\Drivers\srvnet.sys
00:02:02.0837 0x0530 C:\Windows\System32\Drivers\srvnet.sys - ok
00:02:02.0837 0x0530 [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] C:\Windows\System32\Drivers\bowser.sys
00:02:02.0837 0x0530 C:\Windows\System32\Drivers\bowser.sys - ok
00:02:02.0853 0x0530 [ 877D60D6E4156EC4A2E0B6871D41BED9, 7B648AD34793770F249BCB2D3A10B2633EE1A15F1D8EF4FC657B936E9E4E7A9F ] C:\Windows\System32\Drivers\mrxsmb.sys
00:02:02.0853 0x0530 C:\Windows\System32\Drivers\mrxsmb.sys - ok
00:02:02.0868 0x0530 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] C:\Windows\System32\Drivers\mrxsmb10.sys
00:02:02.0868 0x0530 C:\Windows\System32\Drivers\mrxsmb10.sys - ok
00:02:02.0884 0x0530 [ AB74105622BBE9EE069AC56666DBC696, 32E832E776822DFE285423444DF24839E1D47B97CF4B142B144013258BBB888E ] C:\Windows\System32\Windows.Globalization.dll
00:02:02.0884 0x0530 C:\Windows\System32\Windows.Globalization.dll - ok
00:02:02.0899 0x0530 [ E078446D4B8622AA6030C7B8A1A08962, CF322CC4C851718C5BAFCCDFDC80A6076DD2EDC8DC2ACA8F03E7EDB19E776DD0 ] C:\Windows\System32\Drivers\mrxsmb20.sys
00:02:02.0899 0x0530 C:\Windows\System32\Drivers\mrxsmb20.sys - ok
00:02:02.0915 0x0530 [ 47AC075FC4DE7DCF690E861B9B2C22A9, 8ADCC665167D46C52D70DD142495C71C86EE75AABBDF32E51011096681CD39D9 ] C:\Windows\System32\ninput.dll
00:02:02.0915 0x0530 C:\Windows\System32\ninput.dll - ok
00:02:02.0931 0x0530 [ C2106BB710AA34A046126AED7BCA6964, C85E7FC80814521B951CDE9C7D2ACC0CD0591E5889DFD86D184861B7F9024DEC ] C:\Windows\System32\Drivers\srv2.sys
00:02:02.0931 0x0530 C:\Windows\System32\Drivers\srv2.sys - ok
00:02:02.0946 0x0530 [ 599FCE13B819BA7D2D4D4E9C5AD08002, 5D4E9721F691DFFA9F4B5CD2BD0B0756F75A3633BBE6DEC36318034E95BCF271 ] C:\Windows\System32\ProximityService.dll
00:02:02.0946 0x0530 C:\Windows\System32\ProximityService.dll - ok
00:02:02.0962 0x0530 [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] C:\Windows\System32\wkssvc.dll
00:02:02.0962 0x0530 C:\Windows\System32\wkssvc.dll - ok
00:02:02.0977 0x0530 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] C:\Windows\System32\Drivers\srv.sys
00:02:02.0977 0x0530 C:\Windows\System32\Drivers\srv.sys - ok
00:02:02.0993 0x0530 [ 406388E840C631E3C338F4E3551F791C, DA74B2340C156F83F4D999774B77DD58E682304482340E4A2D69E721E8F3F163 ] C:\Windows\System32\ProximityCommon.dll
00:02:02.0993 0x0530 C:\Windows\System32\ProximityCommon.dll - ok
00:02:03.0009 0x0530 [ 93962D7FBE16AA0566A9C90E444C51A9, C87005EECA96680C9360C0439326590E46BBE4AA039A01F5CEBFE3B487589325 ] C:\Windows\System32\SettingSyncInfo.dll
00:02:03.0009 0x0530 C:\Windows\System32\SettingSyncInfo.dll - ok
00:02:03.0024 0x0530 [ B617F2E83951A9A4F495BBA58CF492B2, 7EFB78957D73DEF36264E0C941A442DF7B0B4DB2ADCB9E3602627C2B1F7C88F2 ] C:\Windows\System32\dllhost.exe
00:02:03.0024 0x0530 C:\Windows\System32\dllhost.exe - ok
00:02:03.0040 0x0530 [ 456913A14EAFD876ABDC1FC11DA856FA, 0F12EF00687954B9408A0805F2EC8E5DB6A76F35A2E1CD0DE50D4889DF32E964 ] C:\Windows\System32\taskhostex.exe
00:02:03.0040 0x0530 C:\Windows\System32\taskhostex.exe - ok
00:02:03.0055 0x0530 [ 98D9EC5E81ECFCCEEB94894D19AA9F7E, FBE4C9179B2119C80C7A26C5F7D692E0042F9ACCF6FD26C330F6473C8404CEEB ] C:\Windows\System32\mpr.dll
00:02:03.0055 0x0530 C:\Windows\System32\mpr.dll - ok
00:02:03.0071 0x0530 [ 1C36F01131AA9E8DAF2094B860A3A849, 79E074FF9DFED9B8BF72723D1C4A3CC722DFAB3463F05EA1A4E3409DA83E33DF ] C:\Windows\System32\AtBroker.exe
00:02:03.0071 0x0530 C:\Windows\System32\AtBroker.exe - ok
00:02:03.0087 0x0530 [ 0E925F7BA032920D58DD284B6181A247, BEB43ECDCC0F56A477F59E03B7E4D3C8274FE88AFBE095F1E55DDF4BFA21798D ] C:\Windows\System32\userinit.exe
00:02:03.0087 0x0530 C:\Windows\System32\userinit.exe - ok
00:02:03.0102 0x0530 [ 8BC5E1F477761F75B26E66746828915D, D8163F93274B68E8CC87086566EAA256C0AF3AA5C919B98773650536F0F54E0B ] C:\Windows\System32\HotStartUserAgent.dll
00:02:03.0102 0x0530 C:\Windows\System32\HotStartUserAgent.dll - ok
00:02:03.0102 0x0530 [ 38E669E49C35B6A02A9AF0737C526C0F, 6F1DB7CE5AF490EB700B61388F994CD4D73BA16535CA28FFEDC44A224965EB69 ] C:\Windows\System32\PlaySndSrv.dll
00:02:03.0102 0x0530 C:\Windows\System32\PlaySndSrv.dll - ok
00:02:03.0118 0x0530 [ 38175536133BDC9324910582250CB8DD, 1116D08BADDC34B647D587750697444DAC76AE1068A43C4812577A2FD44266A7 ] C:\Windows\System32\taskeng.exe
00:02:03.0118 0x0530 C:\Windows\System32\taskeng.exe - ok
00:02:03.0133 0x0530 [ CD09341CCD92DA45EA5A0C725270FA51, E171F1724BAA5557720CEB45211F5D59069511467DBBEF0E545D0B94C270FA97 ] C:\Windows\System32\userinitext.dll
00:02:03.0133 0x0530 C:\Windows\System32\userinitext.dll - ok
00:02:03.0149 0x0530 [ A572A1F193C14D7C17AB2BF3029A52BB, 9671A07BB27FF76FD346E5EABB8FDD660631627E665AFBA8CC0D01940DD82439 ] C:\Windows\System32\MsCtfMonitor.dll
00:02:03.0149 0x0530 C:\Windows\System32\MsCtfMonitor.dll - ok
00:02:03.0165 0x0530 [ 1A196FE539A6F81977805B6CE4F90BDC, C7E4BCDC4DCBC69C6850B3EE7BFB948F83E2C023B8AC75983E9A2EA43A5B640D ] C:\Windows\System32\msutb.dll
00:02:03.0165 0x0530 C:\Windows\System32\msutb.dll - ok
00:02:03.0180 0x0530 [ E13A31D5254C25406A7946BDD9B06364, 63B1E9575DC16DA103A0BDFADB0493F0D65ED1F13AE1D7468D9813CB97DC6233 ] C:\Windows\explorer.exe
00:02:03.0180 0x0530 C:\Windows\explorer.exe - ok
00:02:03.0196 0x0530 [ A18100201E7477BB47C72711E092A8F0, 0545B25423FCC5ED3B1B09052D331261559EC1D5C0A6E0FDB063C5151AA070C0 ] C:\Windows\System32\esent.dll
00:02:03.0196 0x0530 C:\Windows\System32\esent.dll - ok
00:02:03.0196 0x0530 [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] C:\Windows\System32\srvsvc.dll
00:02:03.0196 0x0530 C:\Windows\System32\srvsvc.dll - ok
00:02:03.0211 0x0530 [ 467497DF10CF8D4014BD25CCE987EA84, D7FDACE671E3F6697EE9901849F5B2369E0F303E2F0A218514782224487350CE ] C:\Windows\System32\wcmapi.dll
00:02:03.0211 0x0530 C:\Windows\System32\wcmapi.dll - ok
00:02:03.0227 0x0530 [ BC61E429D78796F292D5E9A71C3A967F, A030CA80039C0057822881C1577B0B6276228A9541C79165113979342999528A ] C:\Windows\System32\TSChannel.dll
00:02:03.0227 0x0530 C:\Windows\System32\TSChannel.dll - ok
00:02:03.0243 0x0530 [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] C:\Windows\System32\browser.dll
00:02:03.0243 0x0530 C:\Windows\System32\browser.dll - ok
00:02:03.0258 0x0530 [ 77BA3F9A5E0D3BA8657F14767CC5706D, F09F20FA98DD13BE79F04010478AF275E930EC760EC22529A4C7BDBB9C49AD0A ] C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16502_none_726f4846cc233cf5\GdiPlus.dll
00:02:03.0258 0x0530 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16502_none_726f4846cc233cf5\GdiPlus.dll - ok
00:02:03.0274 0x0530 [ 3C14BC7A5590DFDD754CA7A15CED0A9A, ABC82F9D02A6BD0B90459BD8300F4CEA39AA40D1705CAA34A145FBCADF54F3E2 ] C:\Windows\System32\sscore.dll
00:02:03.0274 0x0530 C:\Windows\System32\sscore.dll - ok
00:02:03.0289 0x0530 [ C5D0659CEA9A87C4C4E82B0464683F19, 8F789FB1E65A1BD5CD1F44FDD3B6ED1CDE1BAFE2A320E95B3401AE25BCD7BF12 ] C:\Windows\System32\sscoreext.dll
00:02:03.0289 0x0530 C:\Windows\System32\sscoreext.dll - ok
00:02:03.0305 0x0530 [ 2640C2240F9B6529AE779D83E8FF2127, E962AF0EC3C1257156D6D7ED9B8FB9D32975361A7AC0CDC32B90DE03DED82179 ] C:\Windows\System32\apphelp.dll
00:02:03.0305 0x0530 C:\Windows\System32\apphelp.dll - ok
00:02:03.0321 0x0530 [ 547D152592C3B4960DD80D9C61F7C8A9, 391730B171A4BE09B6C2C89614ED39B3750529DF43AE652E79CE3E463466611B ] C:\Windows\System32\mi.dll
00:02:03.0321 0x0530 C:\Windows\System32\mi.dll - ok
00:02:03.0336 0x0530 [ 8CABB7DB418AA58CEC8A00E43368EAA7, 1BFD20A806FE6FD4E00240D2940C1CC8D368F312254CF4AF9EFE06780797A1C8 ] C:\Windows\System32\miutils.dll
00:02:03.0336 0x0530 C:\Windows\System32\miutils.dll - ok
00:02:03.0352 0x0530 [ 0AEF3F58E05D5BBCD8A3CF2B393FE465, F9697AA818175E2F07936B90C0FE6C8436A5DFB759D0E5A4CD9B0E5CEE53C563 ] C:\Windows\System32\wmidcom.dll
00:02:03.0352 0x0530 C:\Windows\System32\wmidcom.dll - ok
00:02:03.0368 0x0530 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:02:03.0368 0x0530 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
00:02:03.0383 0x0530 [ 95AB131067CD1695B62DEE20ADDD5071, D9583A13D8F724D5117AEE30EA8FDDA391D4B8F1CEA11D8C995E31A875147D30 ] C:\Windows\System32\resutils.dll
00:02:03.0383 0x0530 C:\Windows\System32\resutils.dll - ok
00:02:03.0383 0x0530 [ 0E658D67C4A79294BC7BBBF4656F0794, 32E4D5728249B40F522C534702D53FDB4B178B9E1DC81B7CF9CBBFF036B3A951 ] C:\Windows\System32\winmm.dll
00:02:03.0399 0x0530 C:\Windows\System32\winmm.dll - ok
00:02:03.0399 0x0530 [ 0F38E5BAB0E4CEBB57987967F5505CD7, A62D430A6A5FE31091FEB210F3D9B2FFE4F55A3068462C3764DEBEDC3096C9ED ] C:\Windows\SysWOW64\ntdll.dll
00:02:03.0399 0x0530 C:\Windows\SysWOW64\ntdll.dll - ok
00:02:03.0414 0x0530 [ 32550CE9B5AFB962A1BB8D995E76688D, 4378B49FFB61233B31AB660B5CB878E3369C2D53CBFA8633DAA8F4423AA12904 ] C:\Windows\System32\clusapi.dll
00:02:03.0414 0x0530 C:\Windows\System32\clusapi.dll - ok
00:02:03.0430 0x0530 [ 1C5F50F98291B7545391BB57C406E615, A811AC0ECC9C2E37612711924F95E2CC57E77DDAAEA0336E06F85ACF1373ACC1 ] C:\Windows\SysWOW64\kernel32.dll
00:02:03.0430 0x0530 C:\Windows\SysWOW64\kernel32.dll - ok
00:02:03.0445 0x0530 [ F9D908DE6B166DAC9B89BF62FA291CE8, D0A918AD60221623BB0278EA94CD6938744617FDBB2054968AFAFC2940648F02 ] C:\Program Files\Bonjour\mdnsNSP.dll
00:02:03.0445 0x0530 C:\Program Files\Bonjour\mdnsNSP.dll - ok
00:02:03.0461 0x0530 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:02:03.0461 0x0530 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
00:02:03.0477 0x0530 [ 04C84B41AD7BC0C663A613CA9E3D3FC5, 3E588C77AC9F2396DDD624F9DB34601728AF417FDED4DC757165A15DEF51B9BD ] C:\Windows\System32\rasadhlp.dll
00:02:03.0477 0x0530 C:\Windows\System32\rasadhlp.dll - ok
00:02:03.0492 0x0530 [ 5A3BF11D81C7F7EE8EDE9A2430B70878, FCB465DB8A773A016A6D4F8460D4B48B54C4976E8CCEA3164296480493B08C95 ] C:\Windows\SysWOW64\KernelBase.dll
00:02:03.0492 0x0530 C:\Windows\SysWOW64\KernelBase.dll - ok
00:02:03.0508 0x0530 [ BA1C3ACD929A71E88B49C2B6E38F92B3, A6087A8AE0C1440BC7C315D7A3AB40CBDC642AA5FB26B528CBC54FBB168839B8 ] C:\Windows\SysWOW64\user32.dll
00:02:03.0508 0x0530 C:\Windows\SysWOW64\user32.dll - ok
00:02:03.0523 0x0530 [ BFEF608CD713A4CD3165D72E2AEB23F2, EBB4D0DC1F695A8A0B4C34AD7FB8099E5A769019FF838EFF1671DC23F048B717 ] C:\Windows\SysWOW64\advapi32.dll
00:02:03.0523 0x0530 C:\Windows\SysWOW64\advapi32.dll - ok
00:02:03.0539 0x0530 [ B59E9810F8A416B9E5354834F26969D4, 266896E8A1807D899633F7EB8A07B262A59B956368F1C42F0D7E933B21C60CF0 ] C:\Windows\SysWOW64\msvcrt.dll
00:02:03.0539 0x0530 C:\Windows\SysWOW64\msvcrt.dll - ok
00:02:03.0555 0x0530 [ 496E036F16467D7B7D12E0794E9FB85D, 33A26F4DD38AEE725E03B3E88D762D4D6171E52E91CE787930EC47045A1B28DC ] C:\Windows\SysWOW64\sechost.dll
00:02:03.0555 0x0530 C:\Windows\SysWOW64\sechost.dll - ok
00:02:03.0570 0x0530 [ E64021308A378207B317A97950B47413, 560B60E7D416C6F4BA48567F4F4C4887F2A2EC411D860A6783942777B77E1AC0 ] C:\Windows\SysWOW64\rpcrt4.dll
00:02:03.0570 0x0530 C:\Windows\SysWOW64\rpcrt4.dll - ok
00:02:03.0586 0x0530 [ 39B721A0FB5F3E9880EE247F04012D8C, FB0DF4CD6A130E2A40F3EDC7C1D8079F1C677D62952E7790C4853FC5E1EF4090 ] C:\Windows\SysWOW64\sspicli.dll
00:02:03.0586 0x0530 C:\Windows\SysWOW64\sspicli.dll - ok
00:02:03.0601 0x0530 [ 0D3C6E1A7EBD401F46E00EDBD61D1A72, 54375377F13A2F686B605812319715523868E978D427C296AD3B74E05BDC0B55 ] C:\Windows\SysWOW64\cryptbase.dll
00:02:03.0601 0x0530 C:\Windows\SysWOW64\cryptbase.dll - ok
00:02:03.0617 0x0530 [ 7DFC3FCD0D5B7FC2F60C344BB384607C, B034A9B7D348C4C438F50E0A5616C2F538F29C6B520C74F17A7154FF2819ACEA ] C:\Windows\SysWOW64\bcryptprimitives.dll
00:02:03.0617 0x0530 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
00:02:03.0633 0x0530 [ B8ECF8A56EEF75468F9ABFECE70AF555, 0B0F821595664D1B6671B4981025E151326CF24ACE433FAA5BF882E633B1CC2D ] C:\Windows\SysWOW64\shlwapi.dll
00:02:03.0633 0x0530 C:\Windows\SysWOW64\shlwapi.dll - ok
00:02:03.0633 0x0530 [ 05DE4C1D408A5A2E599E2DA0F6B909ED, A4D413F8C169A88ED1F313B18E84EAA7DB64C4787BC3298D6BF6A8C6082A4183 ] C:\Windows\SysWOW64\gdi32.dll
00:02:03.0633 0x0530 C:\Windows\SysWOW64\gdi32.dll - ok
00:02:03.0648 0x0530 [ BCAB91AF8542D6C82A22732C172DE2DB, CB89BD7CAD2A440C1202871CF04E86238B30A8B12CCC56C3B0579569AC45B749 ] C:\Windows\SysWOW64\shell32.dll
00:02:03.0648 0x0530 C:\Windows\SysWOW64\shell32.dll - ok
00:02:03.0664 0x0530 [ 15343AA01C41F7AB4FE549499159DB6F, 9166E1F688667BB8E59E52BBB62BECD41C765EE5069A633835639FA5F18471C5 ] C:\Windows\System32\winmmbase.dll
00:02:03.0664 0x0530 C:\Windows\System32\winmmbase.dll - ok
00:02:03.0680 0x0530 [ 828CFD406E60311A9E5414685FA7EEDF, 2561C970B9DF4E1BBD701866D6FD77509B18E0063DC250E61B868C5C7CCB4759 ] C:\Windows\SysWOW64\combase.dll
00:02:03.0680 0x0530 C:\Windows\SysWOW64\combase.dll - ok
00:02:03.0695 0x0530 [ 6ADA7F192919DD51930A73F364129433, B56F5CFBC62EF6809A6941FB12E0A97EE137A05DFD16DFED6C2C7A959824EFB2 ] C:\Windows\SysWOW64\ole32.dll
00:02:03.0695 0x0530 C:\Windows\SysWOW64\ole32.dll - ok
00:02:03.0711 0x0530 [ FA8EC2E971C99F88C3A38D27CBAAA688, DC2F7266FF2B5577D6A3F518FF6F261F7FBD3917BB62EF3A28117A0835D17082 ] C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
00:02:03.0711 0x0530 C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe - ok
00:02:03.0726 0x0530 [ F1F9EEEF647CFA62A7104C054CE0999B, E77C7BB47F927865E7B4D689172321CDB70E296BD9A77CB64FF5C405AEDC6973 ] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\msvcr90.dll
00:02:03.0726 0x0530 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\msvcr90.dll - ok
00:02:03.0742 0x0530 [ EA35B404D87B3A61E7A5FBF6CDA1CF94, 48BE19A9D827F248DA3FF163A9B372E4534C3C35DD2BB063DBBCA36F1FA96556 ] C:\Windows\SysWOW64\oleaut32.dll
00:02:03.0742 0x0530 C:\Windows\SysWOW64\oleaut32.dll - ok
00:02:03.0758 0x0530 [ 7BB3FE507D7143CD54293DA3FB5DF3AB, C919DAD8338A0FF78E0386735E81C4A9408D740475E0F286D8724BF86DF2B72D ] C:\Windows\SysWOW64\crypt32.dll
00:02:03.0758 0x0530 C:\Windows\SysWOW64\crypt32.dll - ok
00:02:03.0773 0x0530 [ 51E886381803D55926A6D50643B9436C, B4AB1D1E7740DE87D7FE5229A43D22546FCEA27F9A92286DE6B2AFE35F15A761 ] C:\Windows\SysWOW64\imm32.dll
00:02:03.0773 0x0530 C:\Windows\SysWOW64\imm32.dll - ok
00:02:03.0789 0x0530 [ B333AC31035042FA1869B79A8BE41469, 60E889A05171BB8D780EAA98C7C6E4A924477C12645ED0322294F94D2B35A039 ] C:\Windows\SysWOW64\msctf.dll
00:02:03.0789 0x0530 C:\Windows\SysWOW64\msctf.dll - ok
00:02:03.0804 0x0530 [ C28F010F8C6AB4341749E2DEDEAC5D06, CB2A4D9361E1505792F3108A57AC7422CDA7ABD9DEB22E30E8388BAC7012AEBE ] C:\Windows\SysWOW64\wintrust.dll
00:02:03.0804 0x0530 C:\Windows\SysWOW64\wintrust.dll - ok
00:02:03.0820 0x0530 [ AFAACBE85092FBD8EE7F54CA7FF3F0F1, BD79E678B1FAA611A9855507B3C02175448D8EA335D52FF93520F1865FF88523 ] C:\Windows\SysWOW64\msasn1.dll
00:02:03.0820 0x0530 C:\Windows\SysWOW64\msasn1.dll - ok
00:02:03.0835 0x0530 [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
00:02:03.0835 0x0530 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe - ok
00:02:03.0851 0x0530 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] C:\Program Files\Bonjour\mDNSResponder.exe
00:02:03.0851 0x0530 C:\Program Files\Bonjour\mDNSResponder.exe - ok
00:02:03.0867 0x0530 [ 823F34D1DEF120A657BB7529ABF4461F, C56D6614F6B3DA13DF7F6AC6B70ACA39D1DB146F7324CF96029CA038C3063DB3 ] C:\Windows\System32\inetsrv\apphostsvc.dll
00:02:03.0867 0x0530 C:\Windows\System32\inetsrv\apphostsvc.dll - ok
00:02:03.0882 0x0530 [ 3B3F1B06FAD6B14AEADD6BF5465386BD, 9B649E668CAAC82A08A0E5F7DCB1F39BF3689CB285153D7F50A491933B750178 ] C:\Windows\System32\inetsrv\iisutil.dll
00:02:03.0882 0x0530 C:\Windows\System32\inetsrv\iisutil.dll - ok
00:02:03.0898 0x0530 [ 921E00A2245BAC544E3DD706FBFD1F54, 429B084DF677B129F5327E5DD4C383C7FD9A8D5C76B055D4C1805A5C76F07DF7 ] C:\Windows\System32\inetsrv\nativerd.dll
00:02:03.0898 0x0530 C:\Windows\System32\inetsrv\nativerd.dll - ok
00:02:03.0898 0x0530 [ F8D4C122F9B78449AE0EE6FE44EAFFA5, 1C330479F2419659B8C3FE408D693582B681B255533B0E3B262F2FBA35702BDD ] C:\Windows\System32\inetsrv\iisres.dll
00:02:03.0898 0x0530 C:\Windows\System32\inetsrv\iisres.dll - ok
00:02:03.0913 0x0530 [ F0E78B119D12BA81F163D48C0FF30B9A, 9622A2F36F03A33E7D145C439BD62D5AEFD53064D60BCC787555D1AF8CB936A9 ] C:\Windows\System32\cryptsvc.dll
00:02:03.0913 0x0530 C:\Windows\System32\cryptsvc.dll - ok
00:02:03.0929 0x0530 [ 3C5846581F329FD6768E5E7C1780151E, 1C55CB41A1A19C38091739FE96D26BBBA40B0FB3CCE00DCA368DFEF89861BB13 ] C:\Windows\System32\cryptcatsvc.dll
00:02:03.0929 0x0530 C:\Windows\System32\cryptcatsvc.dll - ok
00:02:03.0945 0x0530 [ 9C2CB23B77E539D87B4652FA68A6C275, D927888766B5197DF5CAB0A3D2373774BFC00C0A5BEA92495D20C38B5D25FF55 ] C:\Windows\System32\vssapi.dll
00:02:03.0945 0x0530 C:\Windows\System32\vssapi.dll - ok
00:02:03.0960 0x0530 [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] C:\Windows\System32\dps.dll
00:02:03.0960 0x0530 C:\Windows\System32\dps.dll - ok
00:02:03.0976 0x0530 [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] C:\Windows\System32\Drivers\Ndu.sys
00:02:03.0976 0x0530 C:\Windows\System32\Drivers\Ndu.sys - ok
00:02:03.0991 0x0530 [ A17D66A96D0B5D1482927655B9FFD5F4, E6CC83C1FC752A923609B56F22F95D08C58DA9CD9C115C5D66682DBECFEE2846 ] C:\Windows\System32\efscore.dll
00:02:03.0991 0x0530 C:\Windows\System32\efscore.dll - ok
00:02:04.0007 0x0530 [ EB18DA41B719699584FBAEA3116724EC, 5B9578783B04E563EE0989A271F3BC33A733C6453854A1DD04AE2102E8F5E034 ] C:\Windows\System32\efssvc.dll
00:02:04.0007 0x0530 C:\Windows\System32\efssvc.dll - ok
00:02:04.0023 0x0530 [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] C:\Windows\System32\pcasvc.dll
00:02:04.0023 0x0530 C:\Windows\System32\pcasvc.dll - ok
00:02:04.0038 0x0530 [ 70DBB6A8B52B3830922F1C5789E1BEEB, 30288885789753FE19B51A200137E916E10BCD4211EFF50931C19E88824EADC0 ] C:\Windows\System32\Drivers\PEAuth.sys
00:02:04.0038 0x0530 C:\Windows\System32\Drivers\PEAuth.sys - ok
00:02:04.0054 0x0530 [ 1580A33C6CD8E0117247A48C31825D6E, 3A5E9B2A65B8DFCA700AA7C85B2E0CF9EEDA582D479F51CF08C79A13FDEC42C1 ] C:\Windows\System32\aepic.dll
00:02:04.0054 0x0530 C:\Windows\System32\aepic.dll - ok
00:02:04.0070 0x0530 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] C:\Windows\System32\Drivers\secdrv.sys
00:02:04.0070 0x0530 C:\Windows\System32\Drivers\secdrv.sys - ok
00:02:04.0085 0x0530 [ 3E36CBECA4F6D566405603A8737CB118, 8E23E4136E0DA977EE4D6F6A456499E55A5C5546D8D4C5A2DAF2C83079E5AFF4 ] C:\Windows\System32\efsutil.dll
00:02:04.0085 0x0530 C:\Windows\System32\efsutil.dll - ok
00:02:04.0101 0x0530 [ 5579A2CE7756B59F4BB778AFDCAF2096, BD3B9A39DC077EA64502915A5E71593402D2555A04D9979B28DA86678F1D2A7F ] C:\Windows\System32\vsstrace.dll
00:02:04.0101 0x0530 C:\Windows\System32\vsstrace.dll - ok
00:02:04.0116 0x0530 [ 5B5878314B78A6827BA4431C4C3379EB, 88D85CC882FE132B83370F3969D1455B0C6CCB850714E10205D1689BB3F0CE5F ] C:\Windows\System32\mlang.dll
00:02:04.0116 0x0530 C:\Windows\System32\mlang.dll - ok
00:02:04.0132 0x0530 [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] C:\Windows\System32\nlasvc.dll
00:02:04.0132 0x0530 C:\Windows\System32\nlasvc.dll - ok
00:02:04.0147 0x0530 [ C954FE5796A0BFCDCDD8A9C210E9D2C3, B935E2E16F20CBE4172509EB7A71C1CCF52EBFFF629CE64D1F6698A7AE6CFDBA ] C:\Windows\System32\sfc_os.dll
00:02:04.0147 0x0530 C:\Windows\System32\sfc_os.dll - ok
00:02:04.0163 0x0530 [ DC21E1F06343773D7E24362DCEF7944B, E5C13A2D4DEEBEDC6E0E4882FFC56322EA0474A3BD8B1C8A077293F433854F9B ] C:\Windows\System32\sysmain.dll
00:02:04.0163 0x0530 C:\Windows\System32\sysmain.dll - ok
00:02:04.0163 0x0530 [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] C:\Windows\System32\wiaservc.dll
00:02:04.0163 0x0530 C:\Windows\System32\wiaservc.dll - ok
00:02:04.0179 0x0530 [ D47794FC9B672034F4932B47016A4998, C4521A4980B783423F9F809E65AAF281399E66016A0D2B81D85FC71075EE3AAF ] C:\Windows\System32\ncsi.dll
00:02:04.0179 0x0530 C:\Windows\System32\ncsi.dll - ok
00:02:04.0194 0x0530 [ 2935B83ADDED04242622580091251474, 717F1CB2ADDA8D9DE5447FFFD82B1104B8365A32E32952B65F17A9AE4B3E1982 ] C:\Windows\System32\wiatrace.dll
00:02:04.0194 0x0530 C:\Windows\System32\wiatrace.dll - ok
00:02:04.0210 0x0530 [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] C:\Windows\System32\Drivers\tcpipreg.sys
00:02:04.0210 0x0530 C:\Windows\System32\Drivers\tcpipreg.sys - ok
00:02:04.0225 0x0530 [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] C:\Windows\System32\winhttp.dll
00:02:04.0225 0x0530 C:\Windows\System32\winhttp.dll - ok
00:02:04.0241 0x0530 [ 5858AA1B5AF20C37B186971A21460A4E, 5BD4708E4E6AFC22B3AAFE592A7800C9621BFC3833585F00F00FFE6294A42915 ] C:\Windows\System32\ssdpapi.dll
00:02:04.0241 0x0530 C:\Windows\System32\ssdpapi.dll - ok
00:02:04.0257 0x0530 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] C:\Windows\System32\trkwks.dll
00:02:04.0257 0x0530 C:\Windows\System32\trkwks.dll - ok
00:02:04.0272 0x0530 [ 508F0DE3A65183A3D7ADF4C1F20E9696, CBDDDAD6FE5F5AE4A79B24197043BB7A489E6158E1F6766A3F80BAEA084B9B11 ] C:\Windows\System32\PortableDeviceWiaCompat.dll
00:02:04.0272 0x0530 C:\Windows\System32\PortableDeviceWiaCompat.dll - ok
00:02:04.0288 0x0530 [ 64F6AFD2F4F8D0DB5B8770EC59103778, A681B1D160BC2E4855B0C907110870D0FC0BB917C89B35C8327679E0DEC5E1FB ] C:\Windows\System32\PortableDeviceApi.dll
00:02:04.0288 0x0530 C:\Windows\System32\PortableDeviceApi.dll - ok
00:02:04.0303 0x0530 [ F082773EF130B7293E0F6D64B962A118, 8E2F70EBDCE4CE43650323FF34204A2CD7B2D5E6E9708CCFBF4AF929228828E0 ] C:\Windows\System32\deviceassociation.dll
00:02:04.0303 0x0530 C:\Windows\System32\deviceassociation.dll - ok
00:02:04.0319 0x0530 [ 8F625E3E627BC99823E7E168A9AB5625, ACD73EE7B9E0812AD99B646C7D62DEDAB57387431F7EBFD1855F5F3E1AC3F35E ] C:\Windows\System32\wsdchngr.dll
00:02:04.0319 0x0530 C:\Windows\System32\wsdchngr.dll - ok
00:02:04.0335 0x0530 [ AC89ADD10CDAC8D5647928FBE5B94621, 2670131BA80D4729499042EDC5E6AD31DF1DEB3B3A7C30094327BA079C268066 ] C:\Windows\System32\PortableDeviceTypes.dll
00:02:04.0335 0x0530 C:\Windows\System32\PortableDeviceTypes.dll - ok
00:02:04.0335 0x0530 [ 47E892006A6155BE617F526E02CA09DD, 3528CF57B1506DD2277B8C0301C68AA489F83FDDF33DB38F620C55C38488C0A2 ] C:\Windows\System32\fundisc.dll
00:02:04.0335 0x0530 C:\Windows\System32\fundisc.dll - ok
00:02:04.0350 0x0530 [ E24FCC199F4AD27289ACEC15D8A6740C, 84AA1777D751ED135FED09DEF227F25FFB5547AFA2D53300167CCBC05564FAE7 ] C:\Windows\System32\fdPnp.dll
00:02:04.0350 0x0530 C:\Windows\System32\fdPnp.dll - ok
00:02:04.0366 0x0530 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] C:\Windows\System32\wdi.dll
00:02:04.0366 0x0530 C:\Windows\System32\wdi.dll - ok
00:02:04.0381 0x0530 [ BF48F32EE248C3D371DA5DC93BBEADA7, C8E9B685A8F2F99140382557F11E362D899E7EC6693ADEFE762F0A3850585C63 ] C:\Windows\System32\DeviceSetupManager.dll
00:02:04.0381 0x0530 C:\Windows\System32\DeviceSetupManager.dll - ok
00:02:04.0381 0x0530 [ 5419F757A03308D03CB824C5F88612F1, 6A4249D977331DF618D63FCFD3C56A340D1D0B563F3D9924FBCC64E20DED51E0 ] C:\Windows\System32\newdev.dll
00:02:04.0381 0x0530 C:\Windows\System32\newdev.dll - ok
00:02:04.0397 0x0530 [ 94AA5150E35B3ABB7191FE641E3C2473, 48CC776E92579188FF75BADFABF7BDBED0092AF5EE2BDBDEF9C3834A01E39CAB ] C:\Windows\System32\wpdbusenum.dll
00:02:04.0397 0x0530 C:\Windows\System32\wpdbusenum.dll - ok
00:02:04.0413 0x0530 [ 54A59A152C795E4FD51FB247841F57D6, 07DD8A9E518E52A1826399A5DA280F5A523301E6DC3ACFDE1533E1438A1F3C9C ] C:\Windows\System32\diagperf.dll
00:02:04.0413 0x0530 C:\Windows\System32\diagperf.dll - ok
00:02:04.0428 0x0530 [ D1A04DC07552A12553D64404CDBAB3A1, CD6765C36FAF2E7DC61A869B6CB164448C6765F34A70437B9F0B54FD5A617F26 ] C:\Windows\System32\perftrack.dll
00:02:04.0428 0x0530 C:\Windows\System32\perftrack.dll - ok
00:02:04.0428 0x0530 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] C:\Windows\System32\das.dll
00:02:04.0428 0x0530 C:\Windows\System32\das.dll - ok
00:02:04.0444 0x0530 [ 0F57DEA30340B49B06DCB8B077BEF072, B48D794036B68C9E2F2AFBC0D2B2A848445CBE3A325E07010FD70DC9285F4D54 ] C:\Windows\System32\PortableDeviceConnectApi.dll
00:02:04.0444 0x0530 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
00:02:04.0460 0x0530 [ 855E7E347893BDB93245120E137577FB, 893EB173BFA795EDA7211228AFDEE3B74948E458A88BFAEA028EAEDE2D379417 ] C:\Windows\System32\radardt.dll
00:02:04.0460 0x0530 C:\Windows\System32\radardt.dll - ok
00:02:04.0475 0x0530 [ 8B5D475B48506471669B9B46945138B0, 88956FDA549DA91BFE914955450AAE973460BC72870EA3C76B0A0C370B2D3D83 ] C:\Windows\System32\wer.dll
00:02:04.0475 0x0530 C:\Windows\System32\wer.dll - ok
00:02:04.0475 0x0530 [ D64C4AFEE8277F35EF729A2B924666B0, 543AA2B2CD09820437646CFE01AFDBA6B764AA588E663759DEB93CB4F25E09D7 ] C:\Windows\System32\appinfo.dll
00:02:04.0475 0x0530 C:\Windows\System32\appinfo.dll - ok
00:02:04.0491 0x0530 [ 84A464F9BFF154CD560370B515E308AB, 5094835538D0F88BF670BC369DD08174C0E77D38DB862DAAB0A88F56BF523AE2 ] C:\Windows\System32\netprofm.dll
00:02:04.0491 0x0530 C:\Windows\System32\netprofm.dll - ok
00:02:04.0506 0x0530 [ 829562D41F5359BCA0ABC9DBE51B8723, 62ED1EBCD2636219C0BDD3F78895D69B486CAF40E86BA726988623886BD12B07 ] C:\Windows\System32\umb.dll
00:02:04.0506 0x0530 C:\Windows\System32\umb.dll - ok
00:02:04.0522 0x0530 [ C166E3CD90AB0781ECDF10EC765B083A, 0BC4C9A49C2B616F2E06957BF855733981CD3D7EF5D7F01AF544FF0FD42F14D0 ] C:\Windows\System32\netprofmsvc.dll
00:02:04.0522 0x0530 C:\Windows\System32\netprofmsvc.dll - ok
00:02:04.0538 0x0530 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] C:\Windows\System32\Drivers\WUDFRd.sys
00:02:04.0538 0x0530 C:\Windows\System32\Drivers\WUDFRd.sys - ok
00:02:04.0553 0x0530 [ 26D38C1391CD81ADDD791DE136E2FEA7, 56B794F554E223FC4D0827652B84AAC28106DBCE2BF33D83AF1AE2BEDCB6C3FD ] C:\Windows\System32\npmproxy.dll
00:02:04.0553 0x0530 C:\Windows\System32\npmproxy.dll - ok
00:02:04.0584 0x0530 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] C:\Windows\System32\Drivers\WUDFPf.sys
00:02:04.0584 0x0530 C:\Windows\System32\Drivers\WUDFPf.sys - ok
00:02:04.0600 0x0530 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] C:\Windows\System32\WUDFSvc.dll
00:02:04.0600 0x0530 C:\Windows\System32\WUDFSvc.dll - ok
00:02:04.0616 0x0530 [ 8411147754C00B3B096C5C0ED95B3CFC, 8FBE93CBCAECDB7CC05F41B68140668EEA08A0165484DACE6E7CD8EF933BA709 ] C:\Windows\System32\runonce.exe
00:02:04.0616 0x0530 C:\Windows\System32\runonce.exe - ok
00:02:04.0631 0x0530 [ B1DF2D87DC8BF6072699AC8301B37796, D5A6FD1EDB627324DFA1A0555F1777A3313EF29DDE29982C3CE59DAF1ED0D105 ] C:\Windows\System32\WUDFPlatform.dll
00:02:04.0631 0x0530 C:\Windows\System32\WUDFPlatform.dll - ok
00:02:04.0662 0x0530 [ F0408DB6F94E3F0D5ED94B16C097A622, 5DF9FEABA1258882966C3FD59488F6CCDF5D6A1F153176C801C153DFB3CA47D4 ] C:\Windows\SysWOW64\runonce.exe
00:02:04.0662 0x0530 C:\Windows\SysWOW64\runonce.exe - ok
00:02:04.0678 0x0530 [ 7417B004B5BD4B9EC1140890131CD41D, 717212F4628B211803BCA98FF8936DE242127FB94278D5C6CCE9AA309A5C1594 ] C:\Windows\System32\pnpts.dll
00:02:04.0678 0x0530 C:\Windows\System32\pnpts.dll - ok
00:02:04.0694 0x0530 [ CC5512FC3FCCEA164F01592B5979F1BE, E06EA0DDB51EA49775FD102382719700142D124F102F221AB790C9B70A662B94 ] C:\Windows\System32\srumsvc.dll
00:02:04.0694 0x0530 C:\Windows\System32\srumsvc.dll - ok
00:02:04.0709 0x0530 [ 4E743FA4D61A2EF8CA1642F49DC4784D, 7DD986E828266350B2211429FE35165F4B70A5159D947F8AD1CF03E6656B97BF ] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985\comctl32.dll
00:02:04.0709 0x0530 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985\comctl32.dll - ok
00:02:04.0740 0x0530 [ 2D7BB53EA2BB3F213CE558A79EC8448D, B1BF16715C45329B184D0B0DADBB078EE08EF33FCB10C815909F96EBA004C8BA ] C:\Windows\System32\nduprov.dll
00:02:04.0740 0x0530 C:\Windows\System32\nduprov.dll - ok
00:02:04.0756 0x0530 [ 0D97A065E85D59B8F0EE2BD31A679456, 63F2E92CEECDB48E865B44C95F47502E98156A94D52D8D9E520D8227BB8A8AFA ] C:\Windows\System32\wdiasqmmodule.dll
00:02:04.0756 0x0530 C:\Windows\System32\wdiasqmmodule.dll - ok
00:02:04.0772 0x0530 [ D0A82052050909677C648B2496C0909E, 52F3FA666A33CBF1622084D8B894A8E280FC30948AC7191661491D860DEF1E87 ] C:\Windows\System32\wpnsruprov.dll
00:02:04.0772 0x0530 C:\Windows\System32\wpnsruprov.dll - ok
00:02:04.0787 0x0530 [ 9E2E7FE5237CFE3A0529B54C53021CA0, 0FF7EDCB907C08BF1A9422A8EC93F82D93D3A1AED2A1CA05450AB7113F580153 ] C:\Windows\System32\appsruprov.dll
00:02:04.0803 0x0530 C:\Windows\System32\appsruprov.dll - ok
00:02:04.0818 0x0530 [ 71697EDF104E5EACD75822E588FA8149, AEC6646D74CD1419D252017CF3FDD36B63E7EC12BF7A793C0AA1A023E94CAF23 ] C:\Windows\System32\energyprov.dll
00:02:04.0818 0x0530 C:\Windows\System32\energyprov.dll - ok
00:02:04.0834 0x0530 [ AE03E9CBFFB8EDE81B3DA7603E546F56, F8DEB21B67CBD41D0BB8BD8B772C6546D21876CACAFB04ACE807E29E1123CFC5 ] C:\Windows\System32\srumapi.dll
00:02:04.0834 0x0530 C:\Windows\System32\srumapi.dll - ok
00:02:04.0850 0x0530 [ C6A05DDD0F7F30866D306A25C4D94607, 9918ED4446BD044ACA7B7B05238360642BEC37FD498E4A53E944DFB55A296308 ] C:\Windows\System32\DeviceDriverRetrievalClient.dll
00:02:04.0850 0x0530 C:\Windows\System32\DeviceDriverRetrievalClient.dll - ok
00:02:04.0881 0x0530 [ 6C6D0EAE5C49CE73474B28E2D87E9905, 1C83FD60994A3A17C43718C7C6759176422C77A8E6A92ACF46781D7EC15AEE8B ] C:\Windows\System32\DevPropMgr.dll
00:02:04.0881 0x0530 C:\Windows\System32\DevPropMgr.dll - ok
00:02:04.0896 0x0530 [ C182DC37F9C0D3D692ABDB6376374417, 15A57930D27DAC15496A550AF6CACBDC4D9008C009FFC473B7FFC3408137FA71 ] C:\Windows\System32\DDORes.dll
00:02:04.0896 0x0530 C:\Windows\System32\DDORes.dll - ok
00:02:04.0912 0x0530 [ A0CFAE5D60E2011E7531F1921028259C, 8D0E6C024FECE67AEA51B6669CB9469D70B4083E865235BF95DC9F89958D6166 ] C:\Windows\System32\cabinet.dll
00:02:04.0912 0x0530 C:\Windows\System32\cabinet.dll - ok
00:02:04.0928 0x0530 [ 67DE6A97BE80B8BC9E3E239A17A0EA02, 9160391D8FCF0904A7D01A7B8AF9B5B24048D897EF98DEF96DCE2881C338999B ] C:\Windows\System32\DeviceMetadataRetrievalClient.dll
00:02:04.0928 0x0530 C:\Windows\System32\DeviceMetadataRetrievalClient.dll - ok
00:02:04.0959 0x0530 [ 85F7AFD9C7DFD6824BAFDC5E5D7D4E86, D880C850650B42E8C301FCEDD286C8F01A8F9F5146FFF6699F7DFF98AC65958A ] C:\Windows\SysWOW64\SHCore.dll
00:02:04.0959 0x0530 C:\Windows\SysWOW64\SHCore.dll - ok
00:02:04.0959 0x0530 [ BE25D0C01B88DC3F308B59FC5C8DF65A, 569DB0A24FC9357569D826100DB450BF8B1E8EF43697954B082787B8A1C5FDEF ] C:\Windows\SysWOW64\uxtheme.dll
00:02:04.0959 0x0530 C:\Windows\SysWOW64\uxtheme.dll - ok
00:02:04.0990 0x0530 [ 1E0DFBB85EA37AB2BA780EA9AB522026, 41617A92F5F353395F61ED1C2B94A7F720FB58BF379400BBE341BABDFD273331 ] C:\Windows\SysWOW64\setupapi.dll
00:02:04.0990 0x0530 C:\Windows\SysWOW64\setupapi.dll - ok
00:02:05.0006 0x0530 [ 567612D556BBC4FC98169EA98F6EA480, 2B76C6CEB61177DF590FA4B589C448205B543958F691073EFA8248F0245EE75B ] C:\Windows\SysWOW64\cfgmgr32.dll
00:02:05.0006 0x0530 C:\Windows\SysWOW64\cfgmgr32.dll - ok
00:02:05.0021 0x0530 [ B2A25F2C3DCCD9858701E0AF13E5EE4D, 623221CB1610C150AE1F952680118DB42F93A5B3E4B8487552286A6BF4B3853B ] C:\Windows\SysWOW64\devobj.dll
00:02:05.0021 0x0530 C:\Windows\SysWOW64\devobj.dll - ok
00:02:05.0037 0x0530 [ 62F46FB1AED31B289F6A64718A3E5ECF, F1E8D1610CD22685C378286E46FE68CF2A05588A3A447DD0988B03F7B86AEE83 ] C:\Windows\SysWOW64\clbcatq.dll
00:02:05.0037 0x0530 C:\Windows\SysWOW64\clbcatq.dll - ok
00:02:05.0068 0x0530 [ BFDD523AB06AB9932B6327E52C6E9AE6, 7EA9BE9F33ED3B25D519235391B574FFF0110AB1E78D893E397B745CADC9858A ] C:\Windows\SysWOW64\propsys.dll
00:02:05.0068 0x0530 C:\Windows\SysWOW64\propsys.dll - ok
00:02:05.0084 0x0530 [ 7D2306701584AE7B77B8622314B55F78, 89E250231402D7C3685E3A120BAE1F2D4280CE44F2760F8658144ADDB7D86882 ] C:\Windows\SysWOW64\profapi.dll
00:02:05.0084 0x0530 C:\Windows\SysWOW64\profapi.dll - ok
00:02:05.0099 0x0530 [ 7D20883F79FF846AEE49678238BE8A7A, B0C8752AA25FA32E4D313C041BC9869FC076E971ABCCF14CFCBF685F47B0456D ] C:\Windows\SysWOW64\cryptsp.dll
00:02:05.0099 0x0530 C:\Windows\SysWOW64\cryptsp.dll - ok
00:02:05.0115 0x0530 [ 46211947C1F1953B74C33FC80ECD3C6A, EC2DD37028783F77DF1CC4B0BEF4E44F86D938994909D263AA56189B2F1FC489 ] C:\Windows\SysWOW64\rsaenh.dll
00:02:05.0115 0x0530 C:\Windows\SysWOW64\rsaenh.dll - ok
00:02:05.0146 0x0530 [ 0296CECDD7F61A4B92819797D14D5A83, C64DAA0DAFE680392CEF88EED1D311D28F0D5FB4157D44A1FA9F48D532BA85FE ] C:\Windows\SysWOW64\urlmon.dll
00:02:05.0146 0x0530 C:\Windows\SysWOW64\urlmon.dll - ok
00:02:05.0162 0x0530 [ 2E8D3AC86E68F8C08B44DF46585F6BFF, 09D8631816D62AFEB8A1EB895B30EB0F908B6FA8A0A081F01DB8FA97C1851D36 ] C:\Windows\SysWOW64\iertutil.dll
00:02:05.0162 0x0530 C:\Windows\SysWOW64\iertutil.dll - ok
00:02:05.0177 0x0530 [ E4ED4BC8759829BCEB9CE9CA88A64784, AF7C0FEC7517E602CA6BAC5AF9E263899DB979E6565246C4B8F96112DC0094EB ] C:\Windows\SysWOW64\wininet.dll
00:02:05.0177 0x0530 C:\Windows\SysWOW64\wininet.dll - ok
00:02:05.0208 0x0530 [ 6D6B5D52BB81F82F5D0103E6175D1F4F, 14DE1E4C28FC5F8CFFA7D925561DC1F237D55DD663836E20AA4D7485B01C261D ] C:\Program Files (x86)\Google\Update\1.3.21.165\goopdate.dll
00:02:05.0208 0x0530 C:\Program Files (x86)\Google\Update\1.3.21.165\goopdate.dll - ok
00:02:05.0224 0x0530 [ DDF8C39C085D2E98BD030B3E8A1F40B8, 10EC29D288CD416D7E4D04171E820210B661BE99A4EC00567D7C986901257681 ] C:\Windows\SysWOW64\secur32.dll
00:02:05.0224 0x0530 C:\Windows\SysWOW64\secur32.dll - ok
00:02:05.0240 0x0530 [ B3CC9EDFD97F7087013A9A47089DF571, D9D13A76621FFDBBAD5298C8FB5BFE136443FDE264977567839337EC21A9190D ] C:\Windows\SysWOW64\ws2_32.dll
00:02:05.0240 0x0530 C:\Windows\SysWOW64\ws2_32.dll - ok
00:02:05.0255 0x0530 [ 1AFB56F8A39455ACBAB16A29A45C30AC, 2EF2A0DECC9654EE6D265CE6D03DE72C3BB559401731091B97C1962241134CEC ] C:\Windows\SysWOW64\nsi.dll
00:02:05.0255 0x0530 C:\Windows\SysWOW64\nsi.dll - ok
00:02:05.0271 0x0530 [ BD483C1AE32D5B21A22CABE74A9D4798, 02EDAA1C8AEB28E8E9547EF5A455B14A683851CDAA79CA58A2C909DFF04D098D ] C:\Windows\SysWOW64\IPHLPAPI.DLL
00:02:05.0271 0x0530 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
00:02:05.0286 0x0530 [ E896C75EE5CB36A252B1C908E2DDAB2C, 1101BC178BFABDDF0106348350DD99B56E5FD24E3B49E61134E39E5C1EFEE421 ] C:\Windows\SysWOW64\NapiNSP.dll
00:02:05.0286 0x0530 C:\Windows\SysWOW64\NapiNSP.dll - ok
00:02:05.0318 0x0530 [ 5C96F30D1144AB5D8F03DFF045B8C791, EB2705DB5BDA2BFC458635194EF914B26B9E31FD969F4206EACFB61B29261096 ] C:\Windows\SysWOW64\netapi32.dll
00:02:05.0318 0x0530 C:\Windows\SysWOW64\netapi32.dll - ok
00:02:05.0333 0x0530 [ FF3AA70595B26BD3DC0DDB00B90B1B57, 2ECF7D0E7604E03B49372434DD0A27A5B1548456C8A32B547E48E8D0E7513C8E ] C:\Windows\SysWOW64\imagehlp.dll
00:02:05.0333 0x0530 C:\Windows\SysWOW64\imagehlp.dll - ok
00:02:05.0349 0x0530 [ 09D886BA5A4BCC31079A2B12980CCF50, 92FD2987877E84E5DC4D4343B2A2DDBF01B46EB5CDC29E68739099FE37D8273E ] C:\Windows\SysWOW64\msi.dll
00:02:05.0349 0x0530 C:\Windows\SysWOW64\msi.dll - ok
00:02:05.0380 0x0530 [ E31D5851E5F789D29DB955C75C3760BA, 148ABDDAEE387C86662FEEDE347B57F2D23971FD870DE9B603C263E42021E2D9 ] C:\Windows\SysWOW64\pnrpnsp.dll
00:02:05.0380 0x0530 C:\Windows\SysWOW64\pnrpnsp.dll - ok
00:02:05.0396 0x0530 [ FB69B7E36AC72474C26E7EEB996228A3, AC0637C7AB41CE3258FCEFF753654428B47946C934A86F62270F5FCB06B0FFC5 ] C:\Windows\SysWOW64\nlaapi.dll
00:02:05.0396 0x0530 C:\Windows\SysWOW64\nlaapi.dll - ok
00:02:05.0427 0x0530 [ C317E72447B437F99CC750BD876DF30E, 5B4D4BD365F4FEB72662100B1EBC10A155250898599D0A3044862F564D3FCE32 ] C:\Windows\SysWOW64\mswsock.dll
00:02:05.0427 0x0530 C:\Windows\SysWOW64\mswsock.dll - ok
00:02:05.0442 0x0530 [ BB3717D6FC27A22D0403C825A93BC068, DC7B070DA7FDD78099E00C5D2576D878B09C58F61A94968479C2C1BAF14944FD ] C:\Windows\SysWOW64\dnsapi.dll
00:02:05.0442 0x0530 C:\Windows\SysWOW64\dnsapi.dll - ok
00:02:05.0474 0x0530 [ BAB337D3F4C2ECDF883B9CAEC41F49FB, 8C4A7477B1A65029AD9C73FC273FA4A07C95A3410051EA08791FB84FEA050E6B ] C:\Windows\SysWOW64\winrnr.dll
00:02:05.0474 0x0530 C:\Windows\SysWOW64\winrnr.dll - ok
00:02:05.0489 0x0530 [ 40947436A70E0034E41123DF5A0A7702, 5D40FD92DA5CA59C1BADB58AD509DB6A6D613F18660A9A270A53ECA85D34C3A9 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
00:02:05.0489 0x0530 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
00:02:05.0505 0x0530 [ 6FA9D09428E56C11E01066CAF2FB5031, 20F3914606813346D58A0843383CAF0D887DAA856E7A8C6A2774B2615BB2D0CB ] C:\Windows\SysWOW64\msimg32.dll
00:02:05.0505 0x0530 C:\Windows\SysWOW64\msimg32.dll - ok
00:02:05.0520 0x0530 [ 682C3D4982B5375732A4273809365A0A, FA62EB00740311D631C8237DB40E2503B1C9FBAB050AA17970339995C54845BE ] C:\Windows\SysWOW64\version.dll
00:02:05.0520 0x0530 C:\Windows\SysWOW64\version.dll - ok
00:02:05.0536 0x0530 [ 77ADCD16CCEB8A9AD1FD81FC464B1A6B, E066AAC7AD4E3EB3AC59475CD186074D431C743139F6CBB9211391011445C5EC ] C:\Windows\SysWOW64\winnsi.dll
00:02:05.0536 0x0530 C:\Windows\SysWOW64\winnsi.dll - ok
00:02:05.0552 0x0530 [ 7FFC244DFE77909A13F52CF54B1FE475, 5994B8747CBF82E7BA54ECB370D6E66A4FC941775A09FE56A1EA70C4BCB8DE85 ] C:\Windows\SysWOW64\netutils.dll
00:02:05.0552 0x0530 C:\Windows\SysWOW64\netutils.dll - ok
00:02:05.0567 0x0530 [ D8533AF2AAE712047A3CCAC9AC98EDC4, F9AE92E0C151020C6219FAC30B7A303AE7C494199795A7B88B23CB52A0FA9F31 ] C:\Windows\SysWOW64\srvcli.dll
00:02:05.0567 0x0530 C:\Windows\SysWOW64\srvcli.dll - ok
00:02:05.0583 0x0530 [ 182DD861AD25CD72AE6F3B54AE7AA8AD, 4AC95A181AE344B243FE8E90E5A1076BE6F20B8B5258219451AE144203568B02 ] C:\Windows\SysWOW64\wkscli.dll
00:02:05.0583 0x0530 C:\Windows\SysWOW64\wkscli.dll - ok
00:02:05.0598 0x0530 [ E4B3CE98A6DBE4B609133C045D2C8525, CA8739164032C320B180C7D546D31DD4BA9966F32CC76658ECA36E47FE6BE925 ] C:\Windows\SysWOW64\cscapi.dll
00:02:05.0598 0x0530 C:\Windows\SysWOW64\cscapi.dll - ok
00:02:05.0614 0x0530 [ 5192F9A06BC32684ADF938EE16E118D9, 36BBC1B76E3A027DCE485761567A8BB606C86160783E8D9EC3E52F1B316006AD ] C:\Windows\SysWOW64\ntmarta.dll
00:02:05.0614 0x0530 C:\Windows\SysWOW64\ntmarta.dll - ok
00:02:05.0630 0x0530 [ 5125C1F27F8537F33076D0C0151F6B7F, 25D16B44387DC7758CD8F5C50C59B97221DF692D0EF728EF5F12F314204BA6E6 ] C:\Windows\SysWOW64\dbghelp.dll
00:02:05.0630 0x0530 C:\Windows\SysWOW64\dbghelp.dll - ok
00:02:05.0645 0x0530 [ 3588D5D12FF7BFEBF2A4955C36B38EB0, A5B4531EF91F32A02CA13AA0ABD0A32DADB2B979876F2E2B2E7FCB116ABDF3C6 ] C:\Windows\SysWOW64\psapi.dll
00:02:05.0645 0x0530 C:\Windows\SysWOW64\psapi.dll - ok
00:02:05.0661 0x0530 [ 6A0C81508755C7F8EA5C5A4BC0E922CB, EABC691A8BEC3F85E8FA4F3FA72AB1D5D4FF466DCEDCD3B0C419C54EECFEC489 ] C:\Windows\SysWOW64\apphelp.dll
00:02:05.0661 0x0530 C:\Windows\SysWOW64\apphelp.dll - ok
00:02:05.0676 0x0530 [ CF7B0E597C1F34E528285495721DEEE9, 59D8590D487F31DF38E389DF41D96951D14FC759E14F683465C17C0CAABD568F ] C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
00:02:05.0676 0x0530 C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe - ok
00:02:05.0692 0x0530 [ 0DC0DE2966A6DBA4CFBF6639DF44F5BA, 815055681F21099CC227124E5A2F971F0E3C2FD0917DC40E78283F139766F25F ] C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
00:02:05.0692 0x0530 C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe - ok
00:02:05.0708 0x0530 [ D635063008E82F77E9E4563F4C987DDD, 1D4C18A867AEF4704D3761F6EF3AADCF454F70BCDFB2C7D3A143070E8C9EAB85 ] C:\Windows\SysWOW64\mstask.dll
00:02:05.0708 0x0530 C:\Windows\SysWOW64\mstask.dll - ok
00:02:05.0723 0x0530 [ 58EE457D0D49A95A1E981F6F67FB560F, D02158F903713EC4B8CC5A8C8ACC340637150EE61FD89BD12E202B0C1242B0EB ] C:\Windows\SysWOW64\userenv.dll
00:02:05.0723 0x0530 C:\Windows\SysWOW64\userenv.dll - ok
00:02:05.0739 0x0530 [ 55955FB63C2E045AA9915184880B4F27, 19731B1D96A58B58E53BB1A52171C4469DD74B2B3FA27058ECF931FD0FAFC44D ] C:\Windows\System32\cscapi.dll
00:02:05.0739 0x0530 C:\Windows\System32\cscapi.dll - ok
00:02:05.0754 0x0530 [ 04ED9A5B39FFDDDD8314E8F34049022F, 669B87FEABE0BB5BF31AD705D1ED9B3B57306C3C470BD941AD2D5670D97A752F ] C:\Windows\System32\dbghelp.dll
00:02:05.0754 0x0530 C:\Windows\System32\dbghelp.dll - ok
00:02:05.0754 0x0530 [ C2C86942ED94D1CD81F61BEFB3036AF6, CD2E2243AF04D7E7A3E3F78D9B39C7049CD53F1992BF691A1EC4C5CA5FE17C5C ] C:\Windows\SysWOW64\comdlg32.dll
00:02:05.0754 0x0530 C:\Windows\SysWOW64\comdlg32.dll - ok
00:02:05.0770 0x0530 [ 5996C79FB52BDE3FA10F77396654AE42, 910D521315B83BB0D805EACEAC3C83169AA791D1D1E64B417077C01AE21FEB66 ] C:\Windows\SysWOW64\cmd.exe
00:02:05.0770 0x0530 C:\Windows\SysWOW64\cmd.exe - ok
00:02:05.0786 0x0530 [ 7A3B96DE45ED3AB1B6BAA1D0B7B9869B, EC0CC328C6D37B80F5CDFF1D71CEB5C874F3178EB7BE7F08B6571D88569C9975 ] C:\Windows\SysWOW64\comctl32.dll
00:02:05.0786 0x0530 C:\Windows\SysWOW64\comctl32.dll - ok
00:02:05.0801 0x0530 [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] C:\Windows\System32\wbem\WMIsvc.dll
00:02:05.0801 0x0530 C:\Windows\System32\wbem\WMIsvc.dll - ok
00:02:05.0817 0x0530 [ 21CA3869D0EA99C902B26ED697BD78E5, C18AC7A07EF12C3242FEC2E68952F8B91F365ADF755E6E7D1ADE9319C0041CDC ] C:\Windows\System32\wbemcomn.dll
00:02:05.0817 0x0530 C:\Windows\System32\wbemcomn.dll - ok
00:02:05.0832 0x0530 [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] C:\Windows\System32\Drivers\WpdUpFltr.sys
00:02:05.0832 0x0530 C:\Windows\System32\Drivers\WpdUpFltr.sys - ok
00:02:05.0848 0x0530 [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] C:\Windows\System32\Drivers\condrv.sys
00:02:05.0848 0x0530 C:\Windows\System32\Drivers\condrv.sys - ok
00:02:05.0864 0x0530 [ 3E30EF769BC47B9B16515EB66EFF1E2F, 89AF9C53085D234B1102F066FD321EEBC8121670ADA2B845642064EEFB3CA8D4 ] C:\Windows\System32\conhost.exe
00:02:05.0864 0x0530 C:\Windows\System32\conhost.exe - ok
00:02:05.0879 0x0530 [ 8ABFE00F213F2571498F1B8FD7939A98, B557EC9EFD33612BAFE01FFD304B50EFB8C3C19763470560DA950B5AB4A9AC9C ] C:\Windows\System32\WUDFHost.exe
00:02:05.0879 0x0530 C:\Windows\System32\WUDFHost.exe - ok
00:02:05.0895 0x0530 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F, 9DC4BE1A51A3E94DB05369222CFCBA2125DA519EAAC46823EAECD738974463EF ] C:\Windows\System32\WUDFx.dll
00:02:05.0895 0x0530 C:\Windows\System32\WUDFx.dll - ok
00:02:05.0910 0x0530 [ F2E12B5B7EEDE6854104E5AF8AC841A8, 733DD36D212A4793475F917E92755290CFE3942D1751CFC60A94B223F88043EE ] C:\Windows\SysWOW64\cmdext.dll
00:02:05.0910 0x0530 C:\Windows\SysWOW64\cmdext.dll - ok
00:02:05.0926 0x0530 [ BFAB3F19CFB828596BEEF025F328128A, 8FD2E2913889EC74A49F912F345348E90608319D736E343ADDB29DFED5FFAB6A ] C:\Windows\System32\Drivers\UMDF\WpdFs.dll
00:02:05.0926 0x0530 C:\Windows\System32\Drivers\UMDF\WpdFs.dll - ok
00:02:05.0942 0x0530 [ 93E1CA14A87F8728D2715768754AADE0, CFE06870202E72F0C2EDABB54DABB5AB43A7B69843898730851FD9852CA0C7D1 ] C:\Windows\System32\WMVCORE.DLL
00:02:05.0942 0x0530 C:\Windows\System32\WMVCORE.DLL - ok
00:02:05.0957 0x0530 [ D10BBED7FCDC09B8653CE0BB2E2384E1, 337E1369C7D5E78E474FA61DDF04F6A3BF3F0C650B0B387D063317D1EC49797A ] C:\Windows\System32\WMASF.DLL
00:02:05.0957 0x0530 C:\Windows\System32\WMASF.DLL - ok
00:02:05.0957 0x0530 [ 84B46D1BAA5FDD488315B0D34CF77B28, 805B5A931B26BD1042D2BFD55E7908D08D66B816AC3D5F35AE635BD531BB5FAA ] C:\Windows\System32\PortableDeviceClassExtension.dll
00:02:05.0957 0x0530 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
00:02:05.0973 0x0530 [ 9DA86B80AE1339F19CD5D290787EB7B3, 6A9ADE376C135997BA66D911752A2780AC11F88147C76DB8502F254C307F011B ] C:\Windows\SysWOW64\shdocvw.dll
00:02:05.0973 0x0530 C:\Windows\SysWOW64\shdocvw.dll - ok
00:02:05.0988 0x0530 [ C9560BBB239E0EA21EF4BEA39DD85F69, F30A82724F35BBFF445058AF46B86A7BFEA8E51813B72206A3EFA9D3CA7F3DCD ] C:\Users\gwengoetter\AppData\Local\Temp\{AB7C6E2E-39F3-4B9E-A50A-A0616AD4A812}.exe
00:02:05.0988 0x0530 C:\Users\gwengoetter\AppData\Local\Temp\{AB7C6E2E-39F3-4B9E-A50A-A0616AD4A812}.exe - ok
00:02:06.0004 0x0530 [ F8DE2E949B135BA7E45AE18DC82BF262, 195918BB87110095D2A73A325CF971B0FFA926ED75873E36E24146154D4DD525 ] C:\Windows\SysWOW64\pcacli.dll
00:02:06.0004 0x0530 C:\Windows\SysWOW64\pcacli.dll - ok
00:02:06.0020 0x0530 [ 785838B984563D12D4612256D2C78B48, 70537173C440F0CA903153AD2F9CF158F54DC94D4650E418D5D2408238E7BAFE ] C:\Windows\SysWOW64\mpr.dll
00:02:06.0020 0x0530 C:\Windows\SysWOW64\mpr.dll - ok
00:02:06.0035 0x0530 [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] C:\Windows\System32\aelupsvc.dll
00:02:06.0035 0x0530 C:\Windows\System32\aelupsvc.dll - ok
00:02:06.0051 0x0530 [ 0313A5DFA5966E31220C26A6167FD479, 3B5ADB421CEEA9AEFBCA49DC47059EB9C15530323A4FBCCD246488866503006E ] C:\Windows\SysWOW64\sfc_os.dll
00:02:06.0051 0x0530 C:\Windows\SysWOW64\sfc_os.dll - ok
00:02:06.0066 0x0530 [ 4E1278D5040A2D2D274EB98661CBF07E, 16BCFB3D1CD6A2F0C8D6456877E2643DD3AEED7D31027E84DB6BC5675883A97C ] C:\Windows\SysWOW64\devrtl.dll
00:02:06.0066 0x0530 C:\Windows\SysWOW64\devrtl.dll - ok
00:02:06.0082 0x0530 [ 7A4797475ABAD6ECF1BCB08637922ECA, EFD91794165E06139D5488F0EFA53652620AA002F814E6BA6A364B7204CB0A36 ] C:\Windows\SysWOW64\winhttp.dll
00:02:06.0082 0x0530 C:\Windows\SysWOW64\winhttp.dll - ok
00:02:06.0098 0x0530 [ 18D61C0822414ACDBD88EB8AD6319D70, 5D2258330D71B212D1E0FA85FA7A443D69FF7622C9C7AF349F2270B322EEA329 ] C:\Windows\System32\ExplorerFrame.dll
00:02:06.0098 0x0530 C:\Windows\System32\ExplorerFrame.dll - ok
00:02:06.0113 0x0530 [ D0398301E7E94D2B7DFE6D12DE77E809, 7350C112380778B6C1C065F3C5469ECEE70F8BF41492CD9E40ABAB6AC87802F9 ] C:\Windows\System32\cryptnet.dll
00:02:06.0113 0x0530 C:\Windows\System32\cryptnet.dll - ok
00:02:06.0129 0x0530 [ 51187F2413CDB487542290E046B6378E, E5435609622A944E1D2FEB157A20EEFE86ECAE19C3089C2A6DAE703C1BEFF89A ] C:\Windows\System32\twinapi.dll
00:02:06.0129 0x0530 C:\Windows\System32\twinapi.dll - ok
00:02:06.0129 0x0530 [ 1C8E051AA357E5B73B74B4C8FFDCE9C3, 96F948688E3CB12D9CB27A9B9F5DE03B8760C6FA1CBE2D745E25C7E147B724FA ] C:\Windows\System32\actxprxy.dll
00:02:06.0129 0x0530 C:\Windows\System32\actxprxy.dll - ok
00:02:06.0144 0x0530 [ 8620189836543C2A0435BF37C864BCEE, C312E8D757C413CB184AF41B8880CFCF073E2669EAC56066888130E0DEA0B77C ] C:\Windows\System32\twinui.dll
00:02:06.0144 0x0530 C:\Windows\System32\twinui.dll - ok
00:02:06.0160 0x0530 [ 70C3B722AE97E6C6A144EC20E5D7C080, 395F03942442A3EF9B929203E266E1D9A60AB9DA66A27E276896A786ABFC9726 ] C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
00:02:06.0160 0x0530 C:\Windows\System32\windows.immersiveshell.serviceprovider.dll - ok
00:02:06.0176 0x0530 [ C4729C10C3D9E1517EFF2C7AAE72E819, A3F9267805D9F14FA23EA8EB6011D11D6651748B2A80F4FAF613793A06F9C399 ] C:\Windows\System32\gameux.dll
00:02:06.0176 0x0530 C:\Windows\System32\gameux.dll - ok
00:02:06.0191 0x0530 [ 341ADCBB9A744F559C3CF3CA5D3D8934, F08D9693FB24CE50256F9F0FE67C8F79099A7E99AF55DF01346791A1C2453E4E ] C:\Windows\SysWOW64\dwmapi.dll
00:02:06.0191 0x0530 C:\Windows\SysWOW64\dwmapi.dll - ok
00:02:06.0207 0x0530 [ BD7849649C6E85118802010F442F67A8, BDD4BCE48CC70229F8DA63A8B3A8023EB8BD90099AE5DD068D5FFE1CF73A3B26 ] C:\Windows\SysWOW64\webio.dll
00:02:06.0207 0x0530 C:\Windows\SysWOW64\webio.dll - ok
00:02:06.0222 0x0530 [ 7CD424F005ED71204DCB14CF11F1EB0C, 728BF0EDF925815E575583D601F8C53FE6F041257B15FFCE41CB8D6A6ECACBE1 ] C:\Windows\SysWOW64\rasadhlp.dll
00:02:06.0222 0x0530 C:\Windows\SysWOW64\rasadhlp.dll - ok
00:02:06.0238 0x0530 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{5B7EA984-A306-4249-B327-412521911591}.tmp
00:02:06.0238 0x0530 C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{5B7EA984-A306-4249-B327-412521911591}.tmp - ok
00:02:06.0254 0x0530 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{5785E0CE-2836-4EA7-8703-F6C82C866123}.tmp
00:02:06.0254 0x0530 C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{5785E0CE-2836-4EA7-8703-F6C82C866123}.tmp - ok
00:02:06.0269 0x0530 [ 55C11301579A42639736EA3B17A3A588, CBEBDD7C883EF47DB86060AF0F09FD2218161D5FEB0CECEB4A068B9CC63499F8 ] C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{FE318AFE-0481-4C2C-A44B-E3E5E02B95BF}.tmp
00:02:06.0269 0x0530 C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{FE318AFE-0481-4C2C-A44B-E3E5E02B95BF}.tmp - ok
00:02:06.0285 0x0530 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{4495ACA0-AFF7-4481-8E39-9694389523C4}.tmp
00:02:06.0285 0x0530 C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{4495ACA0-AFF7-4481-8E39-9694389523C4}.tmp - ok
00:02:06.0300 0x0530 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{87E6046B-F581-4837-A4C5-F13EC5D4E283}.tmp
00:02:06.0300 0x0530 C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{87E6046B-F581-4837-A4C5-F13EC5D4E283}.tmp - ok
00:02:06.0316 0x0530 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{B590D50C-1A02-42F3-9FA3-D9DB7D5B4A84}.tmp
00:02:06.0316 0x0530 C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{B590D50C-1A02-42F3-9FA3-D9DB7D5B4A84}.tmp - ok
00:02:06.0332 0x0530 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{8951E4EB-F4F2-49D2-8543-EA52A8F21E12}.tmp
00:02:06.0332 0x0530 C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{8951E4EB-F4F2-49D2-8543-EA52A8F21E12}.tmp - ok
00:02:06.0347 0x0530 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{98827784-20E0-443E-B7B1-E62E260F2FC8}.tmp
00:02:06.0347 0x0530 C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{98827784-20E0-443E-B7B1-E62E260F2FC8}.tmp - ok
00:02:06.0363 0x0530 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{1D7D05E1-E8C3-460C-9552-3FE9AF3FB6B5}.tmp
00:02:06.0363 0x0530 C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{1D7D05E1-E8C3-460C-9552-3FE9AF3FB6B5}.tmp - ok
00:02:06.0378 0x0530 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{723E8245-46AC-4381-AD21-7790CF738EAA}.tmp
00:02:06.0378 0x0530 C:\Users\GWENGO~1\AppData\Local\Temp\{1E5931AF-7B29-452F-A300-94DAC2484033}\{723E8245-46AC-4381-AD21-7790CF738EAA}.tmp - ok
00:02:06.0394 0x0530 [ 3BA0480DDE1AD3A1CDC3A300FF501489, 80A1BF0528F2B179F4F679DD3F6CCFB040744FB8E09940ED548F9BC958A22A11 ] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
00:02:06.0394 0x0530 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll - ok
00:02:06.0410 0x0530 [ 1D2BF8A373546ADA00F09DC7496B86AB, 9DFC30F715FE85435FB5468B48CFD52CAC7E54EB9E9B8E6968A017405D8217E3 ] C:\Windows\System32\wpncore.dll
00:02:06.0410 0x0530 C:\Windows\System32\wpncore.dll - ok
00:02:06.0425 0x0530 [ F0814D492176F8A4FD49D852D2AD748E, 6516FDA7A1EAE035C920947D288B1EA86D309BE1B861F64F664FCC8202D239B7 ] C:\Windows\System32\sppc.dll
00:02:06.0425 0x0530 C:\Windows\System32\sppc.dll - ok
00:02:06.0441 0x0530 [ B7F55E2AE978D3D34F7876EE5D689AAE, 2A950042529DC2C6495E691557043B5B15E483079F4135675E495C121F7C0ED0 ] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
00:02:06.0441 0x0530 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe - ok
00:02:06.0456 0x0530 [ FCD59C405ADFADAC1B0729C580F7F70C, DDF1EECFF48A448E56A693EC31895BE9B97445022CC1CF344EF4BCD56B6C8886 ] C:\Windows\System32\wlidprov.dll
00:02:06.0456 0x0530 C:\Windows\System32\wlidprov.dll - ok
00:02:06.0472 0x0530 [ 715A1F4D2A064DA1DDCAC2533FAF780F, DE0D0C6B373910CCAC4BCDBAEDB3EE8FFC69DF2A07BED383986242B73F348618 ] C:\Windows\SysWOW64\wtsapi32.dll
00:02:06.0472 0x0530 C:\Windows\SysWOW64\wtsapi32.dll - ok
00:02:06.0488 0x0530 [ B6A5F92A417ED4BDE54BE170AF0A9E31, 75B8D2D19A74468867913443F3E457E34F445396BE78733E4F9A47A77597AC64 ] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6910_none_d089c358442de345\msvcr80.dll
00:02:06.0488 0x0530 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6910_none_d089c358442de345\msvcr80.dll - ok
00:02:06.0503 0x0530 [ 9314C83DE37182685C788FCA3CEC43A4, BD068BD8C8A82B5C36E40656B6ED9247BBF6089FBB5695BAD5788E3FCFA9A683 ] C:\Windows\System32\thumbcache.dll
00:02:06.0503 0x0530 C:\Windows\System32\thumbcache.dll - ok
00:02:06.0519 0x0530 [ 3D6137DEF42AF8FFAEB03E3084C830AD, 3E6B16D5DC6B5F213472831C30EFD3F5BA7124B3887AC2BED978F41DA59177C4 ] C:\Windows\SysWOW64\devenum.dll
00:02:06.0519 0x0530 C:\Windows\SysWOW64\devenum.dll - ok
00:02:06.0534 0x0530 [ 8E902EE869004D40F350C02C4E63B0CA, 74890562563FAC9C6B59405D08DA21CC67EA43F7FC7F71D462FECC547B42D8DB ] C:\Windows\SysWOW64\winmm.dll
00:02:06.0534 0x0530 C:\Windows\SysWOW64\winmm.dll - ok
00:02:06.0550 0x0530 [ 5C539C92A7704C80EDB45BFD8D7F600F, FE46487489C58F85D46875A4856220C40A1543204B29E8778EA16D45F116DE24 ] C:\Windows\SysWOW64\winmmbase.dll
00:02:06.0550 0x0530 C:\Windows\SysWOW64\winmmbase.dll - ok
00:02:06.0550 0x0530 [ E219BF7BCCFE4881B0C053C7E0B47ECC, 38638803C4586B3583D6B935876EC59CA69A91A909734A864DC6F04D59D70C52 ] C:\Windows\System32\SystemEventsBrokerServer.dll
00:02:06.0550 0x0530 C:\Windows\System32\SystemEventsBrokerServer.dll - ok
00:02:06.0566 0x0530 [ C9DA260FC97E22905A97FFC3D5F42B18, E424CB675532C7323E3628DA0D498FCD34CB636ECC05C6D7F449F61C78606CE9 ] C:\Windows\System32\bi.dll
00:02:06.0566 0x0530 C:\Windows\System32\bi.dll - ok
00:02:06.0581 0x0530 [ 031F55A771669B7279FB427A89724E7C, 3DFCFFCCE6E583366B4830F0A58A42001B260ABA56AA968E5DEE19D964AABF35 ] C:\Windows\SysWOW64\msdmo.dll
00:02:06.0581 0x0530 C:\Windows\SysWOW64\msdmo.dll - ok
00:02:06.0597 0x0530 [ FF4135424A79DCC2998276D8E39C9B4D, B61F57BC38B9C6E0576F1F555C41957D8F187D99D392967A8EBB66C73BFD3CBD ] C:\Windows\System32\TimeBrokerServer.dll
00:02:06.0597 0x0530 C:\Windows\System32\TimeBrokerServer.dll - ok
00:02:06.0612 0x0530 [ D9842A24135F888B12AB5122A12B78D3, DFE470C4B3B206685D822E405FBED984EADA7949F4442CF034E821C6F92F5EF8 ] C:\Windows\SysWOW64\avicap32.dll
00:02:06.0612 0x0530 C:\Windows\SysWOW64\avicap32.dll - ok
00:02:06.0628 0x0530 [ DCB7509F83B2A2089DBE07DDEDB52017, 4DD79932C95C74E4A54B3CF255DF3858A97DF10C3396FF6B2A4620C9C9379E8C ] C:\Windows\System32\WinTypes.dll
00:02:06.0628 0x0530 C:\Windows\System32\WinTypes.dll - ok
00:02:06.0644 0x0530 [ 22F15218BBAAAF1724D06E40FE3FFA8E, F18933681375E98C769C2601C28B79257270FBCDC9EAA9B829327E1D47C769F6 ] C:\Windows\SysWOW64\msvfw32.dll
00:02:06.0644 0x0530 C:\Windows\SysWOW64\msvfw32.dll - ok
00:02:06.0659 0x0530 [ 48067CB53E31B98A394CB12024F26D1B, 9E26CDC31DC57E0DD5CCB2E84C55714475A4B4326A62A339B0F41227CA90529C ] C:\Windows\System32\Windows.Globalization.Fontgroups.dll
00:02:06.0659 0x0530 C:\Windows\System32\Windows.Globalization.Fontgroups.dll - ok
00:02:06.0675 0x0530 [ 15AC3A854C3DD59DFD11EEE2FF63C79A, A9BEB4537A886325E8DC937824ABA8A7FDCCE23AB59EEC381BEFA42A702EC796 ] C:\Windows\SysWOW64\riched20.dll
00:02:06.0675 0x0530 C:\Windows\SysWOW64\riched20.dll - ok
00:02:06.0690 0x0530 [ FA6C8E59B74908550607EBEDCD7BA1E2, BCD5847CA9C6E781E20C4377DF097BC30A32F5D911BFC365BD1329EEB751862A ] C:\Windows\System32\secur32.dll
00:02:06.0690 0x0530 C:\Windows\System32\secur32.dll - ok
00:02:06.0706 0x0530 [ BC9503A901A545FAD807909F8C86B286, EBF9E2E10CE69D90E6020B45ACD3F5711E28B3B79919A489E85EB61ED7AFC1CB ] C:\Windows\SysWOW64\usp10.dll
00:02:06.0706 0x0530 C:\Windows\SysWOW64\usp10.dll - ok
00:02:06.0721 0x0530 [ 4E6C0D003B381CC109A50794A2F1A222, C65C0D5D0B42775539FD89BD08244789381AED33EA2BDB73114E3663CEF3C1E6 ] C:\Windows\System32\stobject.dll
00:02:06.0721 0x0530 C:\Windows\System32\stobject.dll - ok
00:02:06.0737 0x0530 [ C4A6771ABE5F9B2B9B5876175F14E61A, 620D90F024F3C8B16BB2105F6D163A3758C5FE442C2F706C837D72E9844DAADC ] C:\Windows\SysWOW64\msls31.dll
00:02:06.0737 0x0530 C:\Windows\SysWOW64\msls31.dll - ok
00:02:06.0753 0x0530 [ 843D5C2D3032631E400E3ACD1F06312E, D323E76F9FAD7D99F949CFB712307B78EAFB78B4041ED67BA09397318D9C6A8A ] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
00:02:06.0753 0x0530 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe - ok
00:02:06.0768 0x0530 [ BC484B89C153942BF5D8BFBE832274E1, 3F46D93C5B1A6A10BAE3D75E5E385C9E6F3B2121423260F76B60EFE037C71AF8 ] C:\Windows\System32\batmeter.dll
00:02:06.0768 0x0530 C:\Windows\System32\batmeter.dll - ok
00:02:06.0784 0x0530 [ 7C3B449F661D99A9B1033A14033D2987, AE996EDB9B050677C4F82D56092EFDC75F0ADDC97A14E2C46753E2DB3F6BD732 ] C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x64__8wekyb3d8bbwe\msvcr110.dll
00:02:06.0784 0x0530 C:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x64__8wekyb3d8bbwe\msvcr110.dll - ok
00:02:06.0799 0x0530 [ 074223C4D8109C016B5864DEBF356BD8, 8301009C38244CB8457E94ED30456341E5A61469F442D6BC59FD1BD75C178E29 ] C:\Windows\SysWOW64\ExplorerFrame.dll
00:02:06.0799 0x0530 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
00:02:06.0799 0x0530 [ EB003CF63697C3B6AFA9CF769759A5B2, 6E12D9747104032F17607B1EC25D58025C228E52309538903432D10AE2BF2EE6 ] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\wllog.dll
00:02:06.0799 0x0530 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\wllog.dll - ok
00:02:06.0815 0x0530 [ F98FAED087C12A4D94D6ECDA0618C918, E59C99AD78515A1F3EB4FF6CCF596F5B3426335748FF25EF10FC567889993AC3 ] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Service.dll
00:02:06.0815 0x0530 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Service.dll - ok
00:02:06.0831 0x0530 [ D12BEB5E114701442F1FAA92A739E60E, 0C65F1545DA31F228F87125E5CD14D97F61D030C1EB5A454B37A4E5D79F4DD5F ] C:\Windows\System32\prnfldr.dll
00:02:06.0831 0x0530 C:\Windows\System32\prnfldr.dll - ok
00:02:06.0846 0x0530 [ AFE9464D80CFE0B0ECFE906C8A5996A0, 15F76F5F035286209B2BBF95A6959E1AE44C9EFED649F91346FA3BE371100709 ] C:\Windows\System32\winspool.drv
00:02:06.0846 0x0530 C:\Windows\System32\winspool.drv - ok
00:02:06.0862 0x0530 [ FE4D3F3C0F40B9CF957091847704D22E, FC13B33BE3635DBF6718E7A5825D2939649CEC0E77C8822A19254885B0B1B73B ] C:\Windows\SysWOW64\duser.dll
00:02:06.0862 0x0530 C:\Windows\SysWOW64\duser.dll - ok
00:02:06.0877 0x0530 [ CB7242A05FFD365BBBBE102D24786DEE, 8ADB0DCD17FC46AD014196BF52CB793C6D3301E526CD14DB2EB4D41B5F6DB8B9 ] C:\Windows\System32\Windows.Storage.ApplicationData.dll
00:02:06.0877 0x0530 C:\Windows\System32\Windows.Storage.ApplicationData.dll - ok
00:02:06.0893 0x0530 [ 638407A6996B1DD4CB7BB979B8C260DE, 3A52167C25C16507A6E21B5AF400ACB8562969F5AE721D067B8B474B1576231C ] C:\Windows\System32\Windows.Networking.Connectivity.dll
00:02:06.0893 0x0530 C:\Windows\System32\Windows.Networking.Connectivity.dll - ok
00:02:06.0909 0x0530 [ FB11241B62F07C9FFE664610E262C528, 0DECFD4C293D2E5D361B33FFA27C6D231A065BA5D772C82DDDA7378D17CCD5F2 ] C:\Windows\SysWOW64\dui70.dll
00:02:06.0909 0x0530 C:\Windows\SysWOW64\dui70.dll - ok
00:02:06.0924 0x0530 [ 7FD32D1A763D8BDF3A142C99FC21D232, 4FFD803240655393580F42877BB92417AB6A84B2FF8A0877834DA642388F4B90 ] C:\Windows\System32\AudioSes.dll
00:02:06.0924 0x0530 C:\Windows\System32\AudioSes.dll - ok
00:02:06.0940 0x0530 [ 043B150DA8B3559BD7AE701D3496D232, 77C16D0F380E4ECE02020B0ADE20ED07F06E4DC1264DA4F1AA9E458420D8E960 ] C:\Windows\System32\DXP.dll
00:02:06.0940 0x0530 C:\Windows\System32\DXP.dll - ok
00:02:06.0955 0x0530 [ 7ECD8DF63A762BDE3F481BC4239FB9AB, FDBBC7F277C89B53A4D6C52708137B6C80464F0A296C9447FD9E68ADC319887A ] C:\Windows\System32\shdocvw.dll
00:02:06.0955 0x0530 C:\Windows\System32\shdocvw.dll - ok
00:02:06.0971 0x0530 [ 5A5E57A0E1D3674AE9ADBC9CAD80428D, AADCCEC98FE2F4CE21CFB1DAD4876EC3B70E8658C50664E538E5135411C244D5 ] C:\Windows\System32\Syncreg.dll
00:02:06.0971 0x0530 C:\Windows\System32\Syncreg.dll - ok
00:02:06.0987 0x0530 [ DD236E26397C1C79D55684F5A72E1C3C, 17EB26C3ED2D4BBAF1D6CF85F60DD5B11181F483FE5DCFBF6C17354469C0C4C8 ] C:\Windows\System32\PhotoMetadataHandler.dll
00:02:06.0987 0x0530 C:\Windows\System32\PhotoMetadataHandler.dll - ok
00:02:07.0002 0x0530 [ 923260FAA0F64A90FA63F7EAC08881AF, E3CA4F7D24C3F489D7E95EC992BA76082A6FBCE5F936B1187BBD95D6445849EF ] C:\Windows\System32\AltTab.dll
00:02:07.0002 0x0530 C:\Windows\System32\AltTab.dll - ok
00:02:07.0002 0x0530 [ 56C91F36ADE867F0EDFE0BC6179AC2BC, 4DA83009D6BCA72B3C4DBCB7171980815E4A76C8358B51015AC20DDDD62D7151 ] C:\Windows\System32\WPDShServiceObj.dll
00:02:07.0018 0x0530 C:\Windows\System32\WPDShServiceObj.dll - ok
00:02:07.0018 0x0530 [ 4681211F6D66604F34646FA6EB84D989, 6FDBE1002BA2A10904423DF7C75E51F2655D95E2B12F8DD91A65AA3BFFCAFF23 ] C:\Program Files\Windows Portable Devices\sqmapi.dll
00:02:07.0018 0x0530 C:\Program Files\Windows Portable Devices\sqmapi.dll - ok
00:02:07.0033 0x0530 [ A084CB0B1898CE603EEF210DF7C13C2D, 7C333124881D25D4315071BD45F4CE6AC159D7DD2A1999CC23A2041E55CE6DFE ] C:\Windows\System32\pnidui.dll
00:02:07.0033 0x0530 C:\Windows\System32\pnidui.dll - ok
00:02:07.0049 0x0530 [ 4B5A42E0FDD2012B6940CC14F447E8D8, EE6BD4C910C4DF5A519AC9B4FC6E05BECC8BC73CDFC28C6884D1125DC767E55C ] C:\Windows\System32\NcaApi.dll
00:02:07.0049 0x0530 C:\Windows\System32\NcaApi.dll - ok
00:02:07.0065 0x0530 [ 185C71A41C02724A56BA625578651817, 0C0C41CBEE1887EDAFE00F17EDE00156206083791F6B50CFC96AC49C4ED15BA8 ] C:\Windows\System32\NetworkStatus.dll
00:02:07.0065 0x0530 C:\Windows\System32\NetworkStatus.dll - ok
00:02:07.0080 0x0530 [ 0208CAE5E09FA01DA2649702AE9616F6, 8321F929353905A2AE4E78D86AB1EFEDB133917F05FF9B433F1DD4E45E737765 ] C:\Windows\System32\srchadmin.dll
00:02:07.0080 0x0530 C:\Windows\System32\srchadmin.dll - ok
00:02:07.0096 0x0530 [ E7BE2296105069DA0C8F9206F070C6EF, 7C11FE31594B68671ECE5E117198F30DD1AFC197154AA0654FE13A188DB8CAD1 ] C:\Windows\System32\SearchIndexer.exe
00:02:07.0096 0x0530 C:\Windows\System32\SearchIndexer.exe - ok
00:02:07.0112 0x0530 [ AAA384C8F6412103973518D60FCEAAD0, FBD00C65F43869674D0ED2D3FAA080DE56DF88A0615D3527873C8830E6ED99C0 ] C:\Windows\System32\bthprops.cpl
00:02:07.0112 0x0530 C:\Windows\System32\bthprops.cpl - ok
00:02:07.0127 0x0530 [ D9309C43C47D40315585871D9C6FED3C, D518F452ADFFA2FF03D1FC1FC46818EEF1C19AAA24ECA4A8D648186A6C3A153E ] C:\Windows\System32\tquery.dll
00:02:07.0127 0x0530 C:\Windows\System32\tquery.dll - ok
00:02:07.0143 0x0530 [ D8DCEE270674DDB6503730CC4C2F1691, AC58EB378CA65642487F8660637A9F4A2E9CAADED71D71D8020F1D7CE94EF03F ] C:\Windows\System32\BluetoothApis.dll
00:02:07.0143 0x0530 C:\Windows\System32\BluetoothApis.dll - ok
00:02:07.0158 0x0530 [ 78E10345A0A592BDDACFB40EB8444B5B, B695A4CF89213F4412B5E4E4758303BB352144C291E9CB508AF3AC59E6701B0C ] C:\Windows\System32\mssrch.dll
00:02:07.0158 0x0530 C:\Windows\System32\mssrch.dll - ok
00:02:07.0158 0x0530 [ 94F97611FFCFF810BF8CB0D467BADA60, 890E3A39E0A65027A093BF0A209D2A55B25E857CAF61D939D96E47F3BF7BAE32 ] C:\Windows\System32\msidle.dll
00:02:07.0158 0x0530 C:\Windows\System32\msidle.dll - ok
00:02:07.0174 0x0530 [ C3C9A444FA26DB4B993AE3DA6C3DD683, DAB64EF3B645AF351B729D759046F22138F4F819674A8B8767D20AB0C3F5AE87 ] C:\Windows\System32\mssprxy.dll
00:02:07.0174 0x0530 C:\Windows\System32\mssprxy.dll - ok
00:02:07.0190 0x0530 [ 16B0D0C1D0CFDB8F5F3DE9849487B509, 6B449796A7B1611C6C7FA6A3535B57E7C351FED057494E1FE0ABE3F44F133084 ] C:\Windows\System32\SyncCenter.dll
00:02:07.0190 0x0530 C:\Windows\System32\SyncCenter.dll - ok
00:02:07.0205 0x0530 [ B16BA8C18B51D0FDF120B1ED4E07C399, 2B6BF47C9205CC6D36FE53741943B0CA6219422C331552B98AE11CC2AF1C4551 ] C:\Windows\System32\hgcpl.dll
00:02:07.0205 0x0530 C:\Windows\System32\hgcpl.dll - ok
00:02:07.0221 0x0530 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] C:\Windows\System32\provsvc.dll
00:02:07.0221 0x0530 C:\Windows\System32\provsvc.dll - ok
00:02:07.0236 0x0530 [ D240CBB72679D6B4B5B07619F0A07F06, 13F98D58584A22C7AD4412914E068E9C92E3968B16131F7D012CD399766D8048 ] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\shared\bici.dll
00:02:07.0236 0x0530 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\shared\bici.dll - ok
00:02:07.0252 0x0530 [ 3E4CC1E808A0FC8F487036349F4E6810, 6B0267590F32E930E61346DAB4AC47A9276A45E4ACFEF72BF50EDEC1EC39A014 ] C:\Windows\System32\threadpoolwinrt.dll
00:02:07.0252 0x0530 C:\Windows\System32\threadpoolwinrt.dll - ok
00:02:07.0268 0x0530 [ 797769FC191B03A01661CB5F855CFD30, EC758F2B8BCA4BA42CEC882360CC0DE12822EF9B751276E46B496BB6BD09D8A2 ] C:\Windows\System32\biwinrt.dll
00:02:07.0268 0x0530 C:\Windows\System32\biwinrt.dll - ok
00:02:07.0283 0x0530 [ 924DAF97890A77590835B83E53CEC382, 882EDBF736F91FFE406B097464028190F806F25F1B8A8BCE04430C304BDA33D5 ] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.dll
00:02:07.0283 0x0530 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.dll - ok
00:02:07.0299 0x0530 [ 45005B77B9DACCE166D44ADA87240325, D507C0419C864CF839F2E7D4CD62378C1A361AEF5530F476F7758B87096B5720 ] C:\Windows\System32\Windows.ApplicationModel.dll
00:02:07.0299 0x0530 C:\Windows\System32\Windows.ApplicationModel.dll - ok
00:02:07.0314 0x0530 [ 30454C0337F045E79C2906E9DC039CC5, 385BB49DB6FBE96D8CB84EE73D336966CE552DDF8248593566EF5228B197E18E ] C:\Windows\System32\RuntimeBroker.exe
00:02:07.0314 0x0530 C:\Windows\System32\RuntimeBroker.exe - ok
00:02:07.0330 0x0530 [ 5F59C3E414CC8A05FFB4D86FFCB13CD4, B3D45EC5A23EF8D171B9006FB5F940689AB2168FD8A04AF88961BFE36AFF45B1 ] C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
00:02:07.0330 0x0530 C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll - ok
00:02:07.0346 0x0530 [ 7BBA721129208393DD4E9F34C01B37AD, DD1617589B35F21D673210E7ECC6E5D578FA32FB452F7B7279961F57DB750DBC ] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Shared.Market.dll
00:02:07.0346 0x0530 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Shared.Market.dll - ok
00:02:07.0361 0x0530 [ ABE4B349D12138772B0D3B1B55C5F2A8, 524BD0CAD64C89F265C349D11F703535111D4DC8DB2A9CA7E17C5C5DFACCABF5 ] C:\Windows\System32\MrmCoreR.dll
00:02:07.0361 0x0530 C:\Windows\System32\MrmCoreR.dll - ok
00:02:07.0377 0x0530 [ AEE89C0F144223B97EEDBAAE41CE181A, DF1842423F273D4860B44E7B1E340F0CA2E13FDEC7211027F17D64E45CDF3B46 ] C:\Windows\System32\wpnapps.dll
00:02:07.0377 0x0530 C:\Windows\System32\wpnapps.dll - ok
00:02:07.0392 0x0530 [ 649C7C38E573F1ACD68E23C0EDC941A4, 75C41C30D58D4736AF3432E0C98F427E34CABA26C0716F663DAAF8F2CFE52732 ] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Calendar.dll
00:02:07.0392 0x0530 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Calendar.dll - ok
00:02:07.0408 0x0530 [ 83C4E13852335E1EAC12AA62A2F01E52, 3647F74F779F7298E08117EEA7C7C03AB99AA2177649E8FE7C9DDC4ECC9A2380 ] C:\Windows\SysWOW64\winsta.dll
00:02:07.0408 0x0530 C:\Windows\SysWOW64\winsta.dll - ok
00:02:07.0408 0x0530 [ DA3021EFAC1D185AC725AFCCD3398521, 7FBA9E570984C0A9C96C5D39FCC63533F5019663D12830F0A83E15604775F999 ] C:\Windows\System32\msi.dll
00:02:07.0408 0x0530 C:\Windows\System32\msi.dll - ok
00:02:07.0424 0x0530 [ 520C138EB08059060D30C92BE5F817FE, 9A27DAFD99D9D352B72E510561B15138659A6074FCE5EAB9DFE66403405F9D49 ] C:\Windows\System32\msiltcfg.dll
00:02:07.0424 0x0530 C:\Windows\System32\msiltcfg.dll - ok
00:02:07.0439 0x0530 [ 5EFD801A12FB267405B24945012F5E1A, D4E5535FEC97DEF597E443C3CEFF70C5A8301C1DD4FE235F4B239C8B88446694 ] C:\Windows\System32\linkinfo.dll
00:02:07.0439 0x0530 C:\Windows\System32\linkinfo.dll - ok
00:02:07.0455 0x0530 [ 9AFF71FCC5424D72DB0E2D3E4804ABF0, A8541E419A8732ED19E0C8366507EF28B6B722BA8392FC71DCACFD741B7FDBF4 ] C:\Windows\System32\apprepapi.dll
00:02:07.0455 0x0530 C:\Windows\System32\apprepapi.dll - ok
00:02:07.0470 0x0530 [ 7E4ABC81E85DBBAB259376B0E7646C12, 6B201324317EC388DCA9CFCE0ACD86FC534136134F78DD233D7EC54D90C940DE ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
00:02:07.0470 0x0530 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe - ok
00:02:07.0486 0x0530 [ BBFFB477EA4470766227D00C6B01E715, D7F2C3BABACD80D8BF88E14BC4269DC119116AC291CC2C6AB7ECC0F23FFE6C4F ] C:\Windows\System32\dsound.dll
00:02:07.0486 0x0530 C:\Windows\System32\dsound.dll - ok
00:02:07.0502 0x0530 [ AF433565E5E02857C5D0AFFD932AF150, F87E322C81988EC00EAF0EB0A7327614676CE7B0BD243C74831508E820CC3210 ] C:\Windows\System32\msimg32.dll
00:02:07.0502 0x0530 C:\Windows\System32\msimg32.dll - ok
00:02:07.0517 0x0530 [ 0805289E121F3E3C458C970B08314EB2, D9B448A04C09F525F599D0369CF9A197F471AABDA0A97201760C46D2EB8F3CDE ] C:\Windows\System32\RtkCfg64.dll
00:02:07.0517 0x0530 C:\Windows\System32\RtkCfg64.dll - ok
00:02:07.0548 0x0530 [ 5A8C58C9A5E5D816001DCEE21CB8D8BC, 84206B1786A6A25FFB42428BB5B26B809F36E58D54E2C2B3A322C2FDBEF32A58 ] C:\Windows\System32\RtkAPO64.dll
00:02:07.0548 0x0530 C:\Windows\System32\RtkAPO64.dll - ok
00:02:07.0564 0x0530 [ AB168DB41491E3D043A99110F1E148DE, 597EA16A7C0D26A62194111C7ED07057FF367048EAC9DC63D3660B1B3867FB62 ] C:\Windows\System32\AudioEng.dll
00:02:07.0564 0x0530 C:\Windows\System32\AudioEng.dll - ok
00:02:07.0580 0x0530 [ A2418204EBFA6F41DE3DF2FBB46B7F3F, 18BF0FDF8EF215F73C5ED7E13ED8D0C662BA1313FB9928545A2BC50AC88B719B ] C:\Windows\System32\pcacli.dll
00:02:07.0580 0x0530 C:\Windows\System32\pcacli.dll - ok
00:02:07.0595 0x0530 [ EBA655700A35328F4E61266DD35FB71F, 86DC1671FF61C98880DEBCC7A8E965ED507907EAA722ADBC3BD31870B7CAE7AC ] C:\Windows\System32\pcadm.dll
00:02:07.0595 0x0530 C:\Windows\System32\pcadm.dll - ok
00:02:07.0611 0x0530 [ D1359CC23ED08735385DAEA734431796, 6F3A5725655D160A1532DCF95D4911C1BA8E0D8EE1820D8A2D05F6F051760EF8 ] C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe
00:02:07.0611 0x0530 C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe - ok
00:02:07.0626 0x0530 [ 2E7E74F1EFAB3C102E69A61BD7372AB8, 17824F9F318E0AA9631BE5A0E5796B8466FC228C01031C70C9538F21954A01FD ] C:\Windows\SysWOW64\certcli.dll
00:02:07.0626 0x0530 C:\Windows\SysWOW64\certcli.dll - ok
00:02:07.0658 0x0530 [ FF7BBCC36387CE6E4A1EDA4910F675F4, EDADEE5F8FFC9B7E025F734F6F7EA245E949F8F74B3815602BF5570A5EEBF99D ] C:\Windows\SysWOW64\certca.dll
00:02:07.0658 0x0530 C:\Windows\SysWOW64\certca.dll - ok
00:02:07.0673 0x0530 [ 916A341C23C8A1D7CB2D338CBD95D41F, 98DC223F630CD26A348AEDE8B1F0BD181878AA519A28B9E061A0AFF62EC81863 ] C:\Windows\SysWOW64\atl.dll
00:02:07.0673 0x0530 C:\Windows\SysWOW64\atl.dll - ok
00:02:07.0689 0x0530 [ 1496430C99C30396065A0A7050D9C7B6, B6FE3AA6FD681FB137B18ADDE907D3C1836FA9881DA54F5F884F83B5D60BB535 ] C:\Windows\SysWOW64\Wldap32.dll
00:02:07.0689 0x0530 C:\Windows\SysWOW64\Wldap32.dll - ok
00:02:07.0720 0x0530 [ AAA96E8E31FC7239F9D74DECB71C850A, 5E87A524FF672DCFD197A8EEBF988E3770AF9DF291FE50954BDB93B41C3CBD10 ] C:\Windows\SysWOW64\comsvcs.dll
00:02:07.0720 0x0530 C:\Windows\SysWOW64\comsvcs.dll - ok
00:02:07.0736 0x0530 [ 38161F642AA7A2882914DDB0E90FF41C, 76236F618A6646BFD286641543E068285B71169FBF44381BB7EE6396EA67EC24 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
00:02:07.0736 0x0530 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - ok
00:02:07.0751 0x0530 [ BF0102205681BD2957E36ED3EEFFC296, 3ABEAE3270C64B137A265037A7B8AFE6823AA95A70DBE2404CEC905D7CA6379F ] C:\Windows\SysWOW64\atiadlxy.dll
00:02:07.0751 0x0530 C:\Windows\SysWOW64\atiadlxy.dll - ok
00:02:07.0782 0x0530 [ A2B03204078BBB32CDD3AF779717FCC4, 3B6E1867FD458042583A676D6A7E8884BB4D60080D70FBBC61ACBE595739C84C ] C:\Windows\SysWOW64\wsock32.dll
00:02:07.0782 0x0530 C:\Windows\SysWOW64\wsock32.dll - ok
00:02:07.0798 0x0530 [ 4E2A0C91A8246AB25B140695123EAECA, 0DE6C55BF83BE439025055F0776CE4129E42122E30ACEA5BAAFFD65DAF863CB8 ] C:\Windows\SysWOW64\msxml6.dll
00:02:07.0798 0x0530 C:\Windows\SysWOW64\msxml6.dll - ok
00:02:07.0814 0x0530 [ C3CD50F19851FB3DB7A9418B32E1FEC1, 4155CD6FC9C3918D36F0230DA0519A4BF9B25FBC715F6BB44E6485896D9FD204 ] C:\Windows\SysWOW64\samcli.dll
00:02:07.0814 0x0530 C:\Windows\SysWOW64\samcli.dll - ok
00:02:07.0829 0x0530 [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
00:02:07.0829 0x0530 C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe - ok
00:02:07.0860 0x0530 [ C3A5FFD57C2563204CD9351F0C7A0DEA, 107899DBCF33DB6844B59D27C768069635B6A21E1BD20B9A1E7DCF3A7F895657 ] C:\Program Files (x86)\CyberLink\Power2Go8\msvcp71.dll
00:02:07.0860 0x0530 C:\Program Files (x86)\CyberLink\Power2Go8\msvcp71.dll - ok
00:02:07.0876 0x0530 [ A1A6FC56A1D0DADC164637FE43C40605, 8C43448D07F7827F5761B30EB0A903E1B2EFD8F460787F03404C8098B136AE33 ] C:\Program Files (x86)\CyberLink\Power2Go8\msvcr71.dll
00:02:07.0876 0x0530 C:\Program Files (x86)\CyberLink\Power2Go8\msvcr71.dll - ok
00:02:07.0892 0x0530 [ 3126A761946ADC65C6BA511971EF033D, A5F6B1BFD5562FC34ADC9EEE49D6DAD52401B55D691B1427A5AEBC94BD46E9B9 ] C:\Windows\SysWOW64\MMDevAPI.dll
00:02:07.0892 0x0530 C:\Windows\SysWOW64\MMDevAPI.dll - ok
00:02:07.0907 0x0530 [ 6B50023FF6E54F254A179963CE848C0C, 3CE53D816ECC872D23A57407B4EEBED48B63070BBF7D4BA911D2DF2B36EF19E1 ] C:\Windows\SysWOW64\AudioSes.dll
00:02:07.0907 0x0530 C:\Windows\SysWOW64\AudioSes.dll - ok
00:02:07.0923 0x0530 [ 2E86BBA86CFD3392FAB6BFEAD07DB43F, 20BC527A0B253DF36463FCD3E85C1439869B6D8C5EA5D5BA0C7445464C9D7C29 ] C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
00:02:07.0923 0x0530 C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll - ok
00:02:07.0938 0x0530 [ 6C20BD6E46D606CB40A13C22D52B90C7, 3AC55198B0DEEDF8CDC818D76466B3600FE03EDCCC57AF7A4E2DCAAC053089A4 ] C:\Windows\SysWOW64\powrprof.dll
00:02:07.0938 0x0530 C:\Windows\SysWOW64\powrprof.dll - ok
00:02:07.0954 0x0530 [ E12E86E54E00B36A70081E9A8DC6A5FC, 0475C0B19B1AAF1D3CC804CD344C031603C948804C030365F83DFF1BD1E78005 ] C:\Windows\SysWOW64\ieframe.dll
00:02:07.0954 0x0530 C:\Windows\SysWOW64\ieframe.dll - ok
00:02:07.0985 0x0530 [ F1361853DCE62DA4540B5CFC072F7CB0, CBA22F51B96BAF6BDEC42CCEEEB428C641B84C5AAFCA07FE732CC9AED8FC4D8C ] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16502_none_ba1c7f1de09f65fb\GdiPlus.dll
00:02:07.0985 0x0530 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16502_none_ba1c7f1de09f65fb\GdiPlus.dll - ok
00:02:08.0001 0x0530 [ 9333BDF45BCD2CCA6E73F6848DADD3E7, 97129E229ED36BF141C037E1100102C0DFBC17EF9CD1A7F224C3EF875EB9CA8B ] C:\Windows\SysWOW64\wmp.dll
00:02:08.0001 0x0530 C:\Windows\SysWOW64\wmp.dll - ok
00:02:08.0016 0x0530 [ E4301756EADB8C9D9B5987EE23D67A28, A72A17F392FEEB6408478061F2DE3306A8B992D0F6D8069DDE1953C20FE58491 ] C:\Windows\SysWOW64\wmploc.DLL
00:02:08.0016 0x0530 C:\Windows\SysWOW64\wmploc.DLL - ok
00:02:08.0032 0x0530 [ 5F0C892688E48610D097945E3D529B22, F044FFB2D40A0647DE3FDE683D0DE1B4C01284B4F2FD8CF90179522BFD2D43D7 ] C:\Windows\SysWOW64\mshtml.dll
00:02:08.0032 0x0530 C:\Windows\SysWOW64\mshtml.dll - ok
00:02:08.0063 0x0530 [ B35B97FC934A9A7D02232094128CD636, 08F9E36F7DB86325986712210DF1B235DAC4F76FB599D2756E863A9FAFEBD57B ] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
00:02:08.0063 0x0530 C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe - ok
00:02:08.0079 0x0530 [ 78A83B17F5DDA47FAC0B0643456F7BAC, FCD46D2CBE9F7664D447998EC109D7DC7EBEBE38477D57D81F2F487C575264D7 ] C:\Windows\SysWOW64\ctfmon.exe
00:02:08.0079 0x0530 C:\Windows\SysWOW64\ctfmon.exe - ok
00:02:08.0094 0x0530 [ 9E6CBEBB6F31CE3938E23DA5B4093A67, 01F0F128D53B74DDCE15F5D2A141743B801A42828A6AB17ADB443107FBBAFAC0 ] C:\Windows\SysWOW64\MsCtfMonitor.dll
00:02:08.0094 0x0530 C:\Windows\SysWOW64\MsCtfMonitor.dll - ok
00:02:08.0126 0x0530 [ 748471EFE8585048869D60A517132AA6, DDB3339363C8D3E832224BFE00044BC4D11158702CA6C695E795453D763C0489 ] C:\Windows\SysWOW64\msutb.dll
00:02:08.0126 0x0530 C:\Windows\SysWOW64\msutb.dll - ok
00:02:08.0141 0x0530 [ CA6ADE4F7761BB15B3325356DC3B82BB, 0EA4CD410DA764916EA201C0C1E16752E0D3DC9D8571510782AF4AAE62509AF7 ] C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
00:02:08.0141 0x0530 C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll - ok
00:02:08.0157 0x0530 [ 12916E0642E92561C98B18A2A2D01B14, 4C28478CFE25E1F29AEF8BA6F2FAF3E6C2B34BF18CA77052813903E10ADDCCD5 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
00:02:08.0157 0x0530 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
00:02:08.0172 0x0530 [ 94044DDF85DA3D6D95035BDB417E5BEF, 1559D323213AF9962025FBDBD2F0F891D0995CB18D60BE944F239D4087FDF1D0 ] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
00:02:08.0172 0x0530 C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll - ok
00:02:08.0204 0x0530 [ 874C8B1317C58FFE62D4D6AA591EABE2, A928241B03B0106F57625C78811EBD65262A695401E921C1425AB6596D5DC202 ] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\msvcp90.dll
00:02:08.0204 0x0530 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\msvcp90.dll - ok
00:02:08.0219 0x0530 [ FBFCA1A574D47EE575448B719CBBF2E4, B7CAB2D0D95679B05EFC8E1303BAA65C9B3B80527C3FD3AECDC0D2E59919D36E ] C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
00:02:08.0219 0x0530 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL - ok
00:02:08.0235 0x0530 [ 22076F17EFC477FF430112DB54BBACD3, 77AA025C9E892B24D20B6A57B4F817D487258319C5BA0F92C9C5616504075DBE ] C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
00:02:08.0235 0x0530 C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll - ok
00:02:08.0266 0x0530 [ 95599A40AA517A9C566DF79C62A4A97A, C45C49CE8A7B5332CB25C00EE76E8B14CA062B59AEF54B40FF58E1216075B1B7 ] C:\Program Files (x86)\CyberLink\Power2Go8\MUITransfer\MUITransfer.dll
00:02:08.0266 0x0530 C:\Program Files (x86)\CyberLink\Power2Go8\MUITransfer\MUITransfer.dll - ok
00:02:08.0282 0x0530 [ 4F583ABEF86D3B9DD2C0D24C9E41138E, 0CF8059493DF2AA7E56BDC0791A328FBBFC670423ADF6D8BB810D899FEBF293A ] C:\Windows\SysWOW64\winspool.drv
00:02:08.0282 0x0530 C:\Windows\SysWOW64\winspool.drv - ok
00:02:08.0297 0x0530 [ 650AF47F102A7F5470DE6DED33B3BF9B, 912A1AD986342B391F7EC41C44A444130F60F976DD19C37693EB366EB6CD76BA ] C:\Windows\SysWOW64\msxml3.dll
00:02:08.0297 0x0530 C:\Windows\SysWOW64\msxml3.dll - ok
00:02:08.0313 0x0530 [ 0F3B2F57676DEBB7F86B74A51BEC079C, 7ECCCD1519D119D12D345E3AA4A3027705F6107ABEC6ADEF41CCFF83EECA2C24 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
00:02:08.0313 0x0530 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
00:02:08.0344 0x0530 [ 84F0DC88E6AE4B49B032509868B4BD73, A9453FEDD2D317C9B47FA27D0E6AEF0A0157333F8D83418487AB41067AF184D5 ] C:\Windows\SysWOW64\dhcpcsvc.dll
00:02:08.0344 0x0530 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
00:02:08.0360 0x0530 [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
00:02:08.0360 0x0530 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
00:02:08.0375 0x0530 [ 7320560F4A6FA26EC432D0E4AFE6112F, 80B657202720B18F2869F3B7F25F3CDEECB87235D2B63477C82824FD9ADBA873 ] C:\Windows\SysWOW64\SensApi.dll
00:02:08.0375 0x0530 C:\Windows\SysWOW64\SensApi.dll - ok
00:02:08.0406 0x0530 [ D86F25F0AD6CA6E77A9F67641EEB6722, 15066B624C54A3FEDEEB840330E45B7F24A411941DB39DFB75177225409C57B4 ] C:\Program Files\Internet Explorer\sqmapi.dll
00:02:08.0406 0x0530 C:\Program Files\Internet Explorer\sqmapi.dll - ok
00:02:08.0422 0x0530 [ 20354292FCF33D1AFB30023D296105FD, 363F0B76AB92F939F690F0847F8A7F3D81F48E7BB015524795AE7D2FCBCBE127 ] C:\Program Files (x86)\CyberLink\Power2Go8\Language\Enu\P2GRC.dll
00:02:08.0422 0x0530 C:\Program Files (x86)\CyberLink\Power2Go8\Language\Enu\P2GRC.dll - ok
00:02:08.0438 0x0530 [ 1D679AFA99F6237A200278948225B8D9, ED41EDEDBB753B10B031FAD85EA9A37721228FE4E40855F8E134F0E09E1E5D33 ] C:\Program Files (x86)\CyberLink\Power2Go8\Boomerang\x86\BoomerangLib.dll
00:02:08.0438 0x0530 C:\Program Files (x86)\CyberLink\Power2Go8\Boomerang\x86\BoomerangLib.dll - ok
00:02:08.0453 0x0530 [ 64E93ED82EB4A29208B862A3F592CA36, B16203F2F06D6B1D7EB85A086EDAAA1298550FD50763D4498B93A0B208048857 ] C:\Windows\SysWOW64\dpapi.dll
00:02:08.0453 0x0530 C:\Windows\SysWOW64\dpapi.dll - ok
00:02:08.0469 0x0530 [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] C:\Windows\System32\Drivers\cdfs.sys
00:02:08.0469 0x0530 C:\Windows\System32\Drivers\cdfs.sys - ok
00:02:08.0500 0x0530 [ 58B8702C20DE211D1FCB248D2FDD71D1, B2F6E3BA6FB5250F0E70555B39D34F19ADA760BDDA7E1A44113B97C3A1FD3F8B ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
00:02:08.0500 0x0530 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
00:02:08.0516 0x0530 [ 42CE4017883CE7E119C55A6813E57110, 5749CCC1C0344AC8BA0A60B1960C46A54DE758AFD2D05EF8E6F1C1F7E121F3DF ] C:\Windows\SysWOW64\WindowsCodecs.dll
00:02:08.0516 0x0530 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
00:02:08.0531 0x0530 [ BC83108B18756547013ED443B8CDB31B, B2AD109C15EAA92079582787B7772BA0A2F034F7D075907FF87028DF0EAEA671 ] C:\Windows\SysWOW64\msvcp100.dll
00:02:08.0531 0x0530 C:\Windows\SysWOW64\msvcp100.dll - ok
00:02:08.0562 0x0530 [ 0E37FBFA79D349D672456923EC5FBBE3, 8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18 ] C:\Windows\SysWOW64\msvcr100.dll
00:02:08.0562 0x0530 C:\Windows\SysWOW64\msvcr100.dll - ok
00:02:08.0578 0x0530 [ 73AF7AD0C9FD76981865219563D884CC, D69DD72E0945080C483D72218A533D1E4C32611E38BA00C1CC4B25405BA59C46 ] C:\Windows\SysWOW64\msimtf.dll
00:02:08.0578 0x0530 C:\Windows\SysWOW64\msimtf.dll - ok
00:02:08.0594 0x0530 [ EFAAA955B7D44729B250160A3DDDB6C5, A7C4B20E28E5CCCE0D30CA248720E44C934CDD5740A821E03C0BC93E74090173 ] C:\Windows\SysWOW64\mlang.dll
00:02:08.0594 0x0530 C:\Windows\SysWOW64\mlang.dll - ok
00:02:08.0609 0x0530 [ 4D77A4ECFAFCCE6CEE0F8FEE88E637A8, 35E8CA22F77D91E5C0E010CE1027E4129F5DAB74430DC4CEAE06D317F3FB9A88 ] C:\Windows\SysWOW64\dxgi.dll
00:02:08.0609 0x0530 C:\Windows\SysWOW64\dxgi.dll - ok
00:02:08.0640 0x0530 [ 8F873F084FE66CC8E51213BC84851FFD, 665E4CE739D0CA65CAE048A676A79E9C371A245D33CCBDB36A51A9B4275EBFBC ] C:\Windows\SysWOW64\jscript9.dll
00:02:08.0640 0x0530 C:\Windows\SysWOW64\jscript9.dll - ok
00:02:08.0656 0x0530 [ 9FD2CEC87F35C41A357EBF03F3C7DED5, 9FC035333EAD0F99298376931A627809632FD36078EE8C454FD14F700EA7CA97 ] C:\Windows\SysWOW64\d2d1.dll
00:02:08.0656 0x0530 C:\Windows\SysWOW64\d2d1.dll - ok
00:02:08.0672 0x0530 [ 22891B2E50FA5985C502CA57C2A4E08B, 9C877D50D49892E389AEBBFFC68E96B732AC730916BFCF081915E5F21D432CC8 ] C:\Windows\SysWOW64\DWrite.dll
00:02:08.0672 0x0530 C:\Windows\SysWOW64\DWrite.dll - ok
00:02:08.0687 0x0530 [ 90631B0DB654DC4D54F4D51752623E73, 0056ACF5B78C592404E044F8B300200D78DC929B3ECEF6D06BB82747A3373AEF ] C:\Windows\SysWOW64\d3d11.dll
00:02:08.0687 0x0530 C:\Windows\SysWOW64\d3d11.dll - ok
00:02:08.0703 0x0530 [ EB65EAC36E3750AF09DD4F91F98EB3A3, 4527182B1DA46DA73CBC49196F1EF1DF7045B31EA4643B8C42A241917F009309 ] C:\Windows\SysWOW64\d3d10warp.dll
00:02:08.0703 0x0530 C:\Windows\SysWOW64\d3d10warp.dll - ok
00:02:08.0734 0x0530 [ 078E0DD99212DBC2E20004AE0D8E1BD8, DEC8D38844D3BB157476622FA0EB95A9EB3CE2B05B7E7539AEFD5306DA1B0EDC ] C:\Windows\System32\RMapi.dll
00:02:08.0734 0x0530 C:\Windows\System32\RMapi.dll - ok
00:02:08.0734 0x0530 [ 735D4C58ADC1F4DE5A59850078910218, BBBE7A15C1078F6BC7045BCC0C216F6C0203F66C3D921D84334EB80F8D94FF13 ] C:\Windows\System32\wbem\wbemcore.dll
00:02:08.0734 0x0530 C:\Windows\System32\wbem\wbemcore.dll - ok
00:02:08.0750 0x0530 [ E54F732758B5BB7405C2F4E05A64D6E1, 072FE1A984150196D02FED1D88D380DE000211EB396E2C6388B55A6EA72BC301 ] C:\Windows\System32\wbem\esscli.dll
00:02:08.0750 0x0530 C:\Windows\System32\wbem\esscli.dll - ok
00:02:08.0765 0x0530 [ 19304E66115DD1400182211B4FD7E73A, 5E15C03A18B56142DC243125BB7EE1F66A5FD1DAE08B0DC5B5871A2C2035BB5D ] C:\Windows\System32\wbem\fastprox.dll
00:02:08.0765 0x0530 C:\Windows\System32\wbem\fastprox.dll - ok
00:02:08.0781 0x0530 [ 4811A86C4CA6EDC58D316A29E56629F6, EEED60D7D8BC534CF9A2F782FB01A22C6DA2606104937E1A1548105D84EF4DE8 ] C:\Windows\System32\wbem\wmiutils.dll
00:02:08.0781 0x0530 C:\Windows\System32\wbem\wmiutils.dll - ok
00:02:08.0796 0x0530 [ 616285E00B6B7F2DE84891F6D094528B, 7B71CA5D755FBC9E46A8CEECE364768AFF8B8BE64A73A27D690853D1F2CD763F ] C:\Windows\System32\wbem\repdrvfs.dll
00:02:08.0796 0x0530 C:\Windows\System32\wbem\repdrvfs.dll - ok
00:02:08.0812 0x0530 [ E6C7752237B3A615A190D9EE23ECF152, 25198F8092C93695EA947DAD2BEE644BB0B51BA51C30E69B4B47CB182A1941BC ] C:\Windows\System32\wbem\WmiPrvSD.dll
00:02:08.0812 0x0530 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
00:02:08.0828 0x0530 [ 54482D83FF8501A46BB0B349FED0DAEB, 3506E8039D63F737F6858E1E63EBBC669EE19F2B6B6EC033E89F3BE05A0231D1 ] C:\Windows\System32\ncobjapi.dll
00:02:08.0828 0x0530 C:\Windows\System32\ncobjapi.dll - ok
00:02:08.0843 0x0530 [ E296B0D7842DD5478605B6C86573E52F, D03A634475192424ECC266301E36E47DF3632A5BA075DC449BB9DC8B4F3CEAE1 ] C:\Windows\System32\wbem\wbemess.dll
00:02:08.0843 0x0530 C:\Windows\System32\wbem\wbemess.dll - ok
00:02:08.0859 0x0530 [ AE216A0329FAC7804DC4DFEA49254F0D, 5242ED8D536A05073213BB60AA6F02BAC07B0C7B626D842D03B677249F7C82A0 ] C:\Windows\System32\ntshrui.dll
00:02:08.0859 0x0530 C:\Windows\System32\ntshrui.dll - ok
00:02:08.0874 0x0530 [ 7308CF302FAD17A77A2EB87ACE9185E0, 6A65DBDB143EBFC35DEECD89A6F2A2CED318EC1950270370BB1A4A0E143D6B2C ] C:\Windows\System32\networkexplorer.dll
00:02:08.0874 0x0530 C:\Windows\System32\networkexplorer.dll - ok
00:02:08.0890 0x0530 [ 8F6A65D15A0CB3653E2CA3A3B937F6B6, 96E9299A311C5499BE3EDB1855AF2F0637ED52F2CF64940E02714EDEA34A9E86 ] C:\Windows\System32\EhStorShell.dll
00:02:08.0890 0x0530 C:\Windows\System32\EhStorShell.dll - ok
00:02:08.0906 0x0530 [ CE0BD323EB9BDFD140271E550CBA4111, D3082F0BC6FD634B581D86E41FBCDA3285451A5555F3E34DBAA5699147546D44 ] C:\Windows\System32\TimeBrokerClient.dll
00:02:08.0906 0x0530 C:\Windows\System32\TimeBrokerClient.dll - ok
00:02:08.0921 0x0530 [ E7E53DAE852983E46C6E5A37F154684A, A983B3A49795FE73D76FAA9769B94BC90168A67D0443618B9D35490EADB1ACDB ] C:\Windows\System32\SystemEventsBrokerClient.dll
00:02:08.0921 0x0530 C:\Windows\System32\SystemEventsBrokerClient.dll - ok
00:02:08.0937 0x0530 [ E1F5ACD2E86DFC938AD781EC162B745D, 576B4326B5F4AE66BA92DE0B892492558AC5997CAB61AE0966AF2839AED57922 ] C:\Windows\System32\wbem\NCProv.dll
00:02:08.0937 0x0530 C:\Windows\System32\wbem\NCProv.dll - ok
00:02:08.0937 0x0530 [ 1E09DFA4048196C9D3CC40C485A39422, BD27CF59078BD01CECE12CF14D9E10DAB902D50B0A9E61ABF0A9C045A8FE8845 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
00:02:08.0937 0x0530 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe - ok
00:02:08.0952 0x0530 [ CCA14076376D8D0161BA4EDC5A2CA81C, 7709325BF3EDDB45EADEF356A0C2E66A06BC6E9E14F8E81DE1B543C05AA129CB ] C:\Windows\System32\mscoree.dll
00:02:08.0952 0x0530 C:\Windows\System32\mscoree.dll - ok
00:02:08.0968 0x0530 [ 0FA29BD2E724CBBEB2D430384A181CA3, 261E838C8CB8350E695E334018F33FF422746A12325B6B9DBDDD68974FB2E11D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
00:02:08.0968 0x0530 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
00:02:08.0984 0x0530 [ 17953D6E22AC355462D35C0D1C78890A, 786017AA66ECBAAE77BC4242A95A90D4084D0FC010CAF59A9F964A7D306067F0 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
00:02:08.0984 0x0530 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll - ok
00:02:08.0999 0x0530 [ ACA30B753EF16345AE2100E40603BF14, FCEA9D8CAA29DAB6C8956373F9B3CBFBBC8F0BEE201BE5F7695E679586F3D599 ] C:\Windows\System32\msvcr110_clr0400.dll
00:02:08.0999 0x0530 C:\Windows\System32\msvcr110_clr0400.dll - ok
00:02:09.0015 0x0530 [ A999A58CF4D1BCC28132FA2087F4CD97, 8258701F4C9EC8003637687D59E62DB341F47405B2654F8E3E8B11E3560BC022 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\5a23c5e185cb978f73c67718f6e061a4\mscorlib.ni.dll
00:02:09.0015 0x0530 C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\5a23c5e185cb978f73c67718f6e061a4\mscorlib.ni.dll - ok
00:02:09.0030 0x0530 [ F49519495912C9A986C662D84F775E19, 86C944469120EAF366784F79918BCD244404DDA50341FF793C9DBE1DE891C10C ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
00:02:09.0030 0x0530 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll - ok
00:02:09.0046 0x0530 [ E8279050F1E2EC0B4FFA889DE5EAD4B1, A7B1F0F217272D7067B6BFD16EABFA7D050F9D5A20867C5A5AA3756C6BF22072 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System\67f7ddcb264bac2f465b439bb19616b1\System.ni.dll
00:02:09.0046 0x0530 C:\Windows\assembly\NativeImages_v4.0.30319_64\System\67f7ddcb264bac2f465b439bb19616b1\System.ni.dll - ok
00:02:09.0062 0x0530 [ C6CE7BDDC01CBAA8D75663AB4F07C1A5, 1AB353F8755435EB69F27C716535C537C19F747E4CFCBEBD7AA7222BBD3C232A ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\cf1915ed6a814500f9a717ba191f236c\System.Drawing.ni.dll
00:02:09.0062 0x0530 C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\cf1915ed6a814500f9a717ba191f236c\System.Drawing.ni.dll - ok
00:02:09.0077 0x0530 [ C0D020112EB740B9B37022A11813E5E6, 7C65C3B6A67CC5A98FCC2EFF7BA87866330854AEDB46E5F666DCEAAA5390616B ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e89c7acb2c7edd3ed966ccdd4ef9aaaf\System.Windows.Forms.ni.dll
00:02:09.0077 0x0530 C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e89c7acb2c7edd3ed966ccdd4ef9aaaf\System.Windows.Forms.ni.dll - ok
00:02:09.0093 0x0530 [ 0690D8FA8B4C99DE254D7F3F5FECD412, 72A2A867035F8E7A11DE2F61F64A35E90DF3411AF060BCCF77829A2CB244EA72 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt73a1fc9d#\028ea3f17ca4bc28ecff0cffa860aac8\System.Runtime.Remoting.ni.dll
00:02:09.0093 0x0530 C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt73a1fc9d#\028ea3f17ca4bc28ecff0cffa860aac8\System.Runtime.Remoting.ni.dll - ok
00:02:09.0108 0x0530 [ 74CDE657245C114B98816E89B8D4CCD1, E293559EA2E2208AB2A7BDD2F3462933F525F682B55496E5F730915FD543ECD2 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
00:02:09.0108 0x0530 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - ok
00:02:09.0140 0x0530 [ 5183458862DC6EE8FDC1E3B8CEEC6361, 47B80C2E5B5D049C856D71DED5B1B8427466C6D60B6B85979408E6827ADE9EB9 ] C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
00:02:09.0140 0x0530 C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll - ok
00:02:09.0155 0x0530 [ BB258D7748337F6B61993CCCBA1D5241, EB7EFC8647F4CB1DE7E0DFD306749157AF304DC205AE00453CEEE0875B452A65 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\4334f45efbe62a6415f2cb7393c59f74\System.Xml.ni.dll
00:02:09.0155 0x0530 C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\4334f45efbe62a6415f2cb7393c59f74\System.Xml.ni.dll - ok
00:02:09.0171 0x0530 [ 4DD132420ACA4709F310505374F7AAA3, CC24443436B9DCA4567F490D8EB6A9920F08F8896C5D5F9470D06F91ECFABDE0 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\3145945493fbcef888aa44b0081134cc\System.Core.ni.dll
00:02:09.0171 0x0530 C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\3145945493fbcef888aa44b0081134cc\System.Core.ni.dll - ok
00:02:09.0202 0x0530 [ B035BDC7F7000C9498733CC6FC6B8D2F, 83D0AC358F215000E4D6FF40A551276F1CBF8DF7600463AC32A1A7648560703A ] C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\8517b132cbe0b329b40bc6a9ef106828\System.Configuration.ni.dll
00:02:09.0202 0x0530 C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\8517b132cbe0b329b40bc6a9ef106828\System.Configuration.ni.dll - ok
00:02:09.0202 0x0530 [ 7F38EFD2A0A2C393E8348A73073D6F8E, 21A208CE81C416E0894D2ACF2AE7F62549B9910C268B75F5DF75DC7ABF5504F3 ] C:\Windows\System32\localspl.dll
00:02:09.0202 0x0530 C:\Windows\System32\localspl.dll - ok
00:02:09.0233 0x0530 [ 55A07D76F345CD44070890FFC693BEF6, 0CDD712CD1EC6D6ED9F9505948BDA17F099BFC4BB80157C395FC95975F852CFD ] C:\Windows\System32\spoolss.dll
00:02:09.0233 0x0530 C:\Windows\System32\spoolss.dll - ok
00:02:09.0249 0x0530 [ 7D8902670720152867617016CE940ED8, 476AF47041B60B961321A052FC43A0252041D29D1AECF964646DC900218791F4 ] C:\Windows\System32\PrintIsolationProxy.dll
00:02:09.0249 0x0530 C:\Windows\System32\PrintIsolationProxy.dll - ok
00:02:09.0280 0x0530 [ 67FC2C86490CB84F4AD74B6F5AF3A89C, 788F8675BFC96C0CF5CD290E6DEC96BA680E328B4D016BEFDCCEA24CBC8794AE ] C:\Windows\System32\hpbprtmon.dll
00:02:09.0280 0x0530 C:\Windows\System32\hpbprtmon.dll - ok
00:02:09.0296 0x0530 [ 06F13BD51FB6A9B199B73C1605238BBF, 2B808A652E288BD6F198F9A7CBCF3C2DDBA5371F9C00E660DF015DC8D442D28C ] C:\Windows\System32\hpbrprtmon.dll
00:02:09.0296 0x0530 C:\Windows\System32\hpbrprtmon.dll - ok
00:02:09.0311 0x0530 [ E8DF2DAD385DAAB92D55AD1332538F5A, 44893ADD7FA4B496EE51FACE04B1FD6DBC147AE88EE8006CEE55DA795D2ADC36 ] C:\Windows\System32\FXSMON.dll
00:02:09.0311 0x0530 C:\Windows\System32\FXSMON.dll - ok
00:02:09.0327 0x0530 [ 62A0ED06E9FF55EEF51B27EC4839EE0B, C206495B66EC9CBCDE0D7D9A2F420ADEF750B81BBD75A578F0A15F66864A0C98 ] C:\Windows\System32\hpz3lw71.dll
00:02:09.0327 0x0530 C:\Windows\System32\hpz3lw71.dll - ok
00:02:09.0358 0x0530 [ AF5A41782DBD2010497851B8E955BD2A, ECC6908FF5501D2A0D99005CEBDC3BB43D9AFC0005A459322AE26AE09D42424F ] C:\Windows\System32\tcpmon.dll
00:02:09.0358 0x0530 C:\Windows\System32\tcpmon.dll - ok
00:02:09.0374 0x0530 [ 85EBAAA913E187B65FB5B47EA36FA306, 57B20E164248A04BF117892E30F4303806E9C2C3E424B7F2FF17D3A9DF78E487 ] C:\Windows\System32\snmpapi.dll
00:02:09.0374 0x0530 C:\Windows\System32\snmpapi.dll - ok
00:02:09.0389 0x0530 [ ADB778A085E71B9835F3FA776878184B, 4CC4EACB11BC70B35A123D5995251255215420C5BDB56785847FA7D1F1604065 ] C:\Windows\System32\wsnmp32.dll
00:02:09.0389 0x0530 C:\Windows\System32\wsnmp32.dll - ok
00:02:09.0405 0x0530 [ E583B7B3CCACE9E3880C16E119585245, AD5AB545D0F1A6FD1C6066CA81F5F6D9085602E842AADC70D71FF4E243C75207 ] C:\Windows\System32\usbmon.dll
00:02:09.0405 0x0530 C:\Windows\System32\usbmon.dll - ok
00:02:09.0436 0x0530 [ B852BB8E1D0902064346A09A7B32FC17, 26FFA667560B01945406C98735858EA159194D00AB03F035E245716C0CBA0283 ] C:\Windows\System32\WSDMon.dll
00:02:09.0436 0x0530 C:\Windows\System32\WSDMon.dll - ok
00:02:09.0452 0x0530 [ 70B5BD19740464A41B835C082819B74D, 3462AB4DFEA29E3E336464B2F49814FC941655A731098B619ED84D59C816A1F6 ] C:\Windows\System32\WSDApi.dll
00:02:09.0452 0x0530 C:\Windows\System32\WSDApi.dll - ok
00:02:09.0467 0x0530 [ 509192E80BF34E985C4D277A8FFF2893, C0FFAC035C24DCDD0C945CD95265ED14604937A199AB453891AEE6BD36544833 ] C:\Windows\System32\webservices.dll
00:02:09.0467 0x0530 C:\Windows\System32\webservices.dll - ok
00:02:09.0483 0x0530 [ 7038DC41C455ABF75BC988BE052655F4, E9327B5F8159E12920DE46B066659316CE07F2C7C5CC1396D9BDDB1771013F2C ] C:\Windows\System32\drvstore.dll
00:02:09.0483 0x0530 C:\Windows\System32\drvstore.dll - ok
00:02:09.0498 0x0530 [ D1CA3C8C5DC6DC357CE4C08F0BCC1EEE, C15346A5C57B541C4CC6552C40B65DB27902E7DA81A6C330612A4AEDA71ACA36 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
00:02:09.0498 0x0530 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
00:02:09.0514 0x0530 [ 6FB9BE56891EA4E85B4C9BDD4E9AFA69, CC29187582D78060AB7D910BF0D1E68F6B6E6DF7A71755205A2D466C32CD098D ] C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll
00:02:09.0514 0x0530 C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll - ok
00:02:09.0545 0x0530 [ D3C5AF952553891757230BABDF49F286, D6EF0AF759E7C0A93BD2221A04421A1EEFC4C0BB18186920D78BB550B3638FA1 ] C:\Windows\System32\win32spl.dll
00:02:09.0545 0x0530 C:\Windows\System32\win32spl.dll - ok
00:02:09.0561 0x0530 [ 644F1A561B82F670A7A9A613FA8C462B, 9E322E21E59F8AE88AC52B5557D982EFEB0091C47DF3DCECC461013340B636EF ] C:\Windows\System32\inetpp.dll
00:02:09.0561 0x0530 C:\Windows\System32\inetpp.dll - ok
00:02:09.0576 0x0530 [ 1263AABC78A04C45C093EBA201937724, BB7F35C54F6F8926AF7ADF930F3A864947715A20E148E8C7BAE981DF1C02C46E ] C:\Windows\System32\spool\drivers\x64\3\hpbxjobsvr1202.dll
00:02:09.0576 0x0530 C:\Windows\System32\spool\drivers\x64\3\hpbxjobsvr1202.dll - ok
00:02:09.0608 0x0530 [ EA9FCF8A296C372473D29E4424EEF800, 88E63B700595F9A195AF42A3A5F3D0AC8FBC2E76D0DADB4EFFE7A27C37A69D63 ] C:\Windows\System32\bidispl.dll
00:02:09.0608 0x0530 C:\Windows\System32\bidispl.dll - ok
00:02:09.0623 0x0530 [ 7AF293EE3DA29D62A2E3627D17A6FF90, 9627FD7003FD7EA114BBADAD87E0831A74684017280B4B6FCCB4FE0012DF99CC ] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
00:02:09.0623 0x0530 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe - ok
00:02:09.0639 0x0530 [ 475968A048FB44A90AF63F8FA7E6C8BD, B569C1B827795D3DDF5756510E6BF95EA38AEC6D2BB78D1885BA85DE82F2FF9C ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
00:02:09.0639 0x0530 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
00:02:09.0670 0x0530 [ 2D43B15DA25E6CDC39C733730D48F110, 69B08A736A04B0D9B352788F90B9D716EA816B1A460B373F8FF60DA35D594A06 ] C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6910_none_88dc8c812fb1ba3f\msvcr80.dll
00:02:09.0670 0x0530 C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6910_none_88dc8c812fb1ba3f\msvcr80.dll - ok
00:02:09.0686 0x0530 [ 3242444227FC8EF3D42506A95C5979AF, 47E3E67B928F4C300586CE24E7234DBBC87CD68401A10B328C06E327C8D84BA4 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
00:02:09.0686 0x0530 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe - ok
00:02:09.0701 0x0530 [ 67EC459E42D3081DD8FD34356F7CAFC1, 1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\msvcr100.dll
00:02:09.0701 0x0530 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\msvcr100.dll - ok
00:02:09.0717 0x0530 [ 9952A0BC27A92EF155FB1DBE0D308A3F, 6F9958CD5F839FD539D5EF24BA3C5C09B95D34129A4A2E215986D4145CA2D6D7 ] C:\Windows\SysWOW64\quartz.dll
00:02:09.0717 0x0530 C:\Windows\SysWOW64\quartz.dll - ok
00:02:09.0732 0x0530 [ 118BA3061B4040BDC17432B775F3A292, 7C10B57FA298AFBB48F471D4C277C3678819ED6E9E33B0ADE492AF9B04DD05B3 ] C:\Windows\SysWOW64\d3d9.dll
00:02:09.0732 0x0530 C:\Windows\SysWOW64\d3d9.dll - ok
00:02:09.0748 0x0530 [ E8C88BBBDBE4F42B3B60411D9E8A81A9, C423ABE532E829FFE94A171A979210803A7804865C40EC67264E2DA76A53E858 ] C:\Windows\SysWOW64\aticfx32.dll
00:02:09.0748 0x0530 C:\Windows\SysWOW64\aticfx32.dll - ok
00:02:09.0764 0x0530 [ 38ABF593173F8B255BFDEAA984DD7630, 8185F5532A3AD86E15DE5F13705635329494FE8EF31AE8C67E26393D329CF3E7 ] C:\Windows\SysWOW64\atiu9pag.dll
00:02:09.0764 0x0530 C:\Windows\SysWOW64\atiu9pag.dll - ok
00:02:09.0779 0x0530 [ 726BA31E42CC48006EC693366ECDFB5C, 1C8E9FF16C8EB31C5AD7EFD8955F1FD0C45A5B47B7206BBCBEDA51EEB573CDD5 ] C:\Windows\SysWOW64\atiumdag.dll
00:02:09.0779 0x0530 C:\Windows\SysWOW64\atiumdag.dll - ok
00:02:09.0795 0x0530 [ 07E1640189FCDCA448E25214DD887093, 8A9CED056A3ACC490013E0D43728B4E8E58A0DCCFBBB0B8F03DD8BB3BBD842B5 ] C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\5848fcf9a0850ec22147469a939a6f8d\WindowsBase.ni.dll
00:02:09.0795 0x0530 C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\5848fcf9a0850ec22147469a939a6f8d\WindowsBase.ni.dll - ok
00:02:09.0810 0x0530 [ E1C037A7E05FD39E6C1AF93CEEFDC53A, D20B056BE5CEB5D471170D6627157D8848376FF319BFE12C7331B0F2C0EBB4A4 ] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
00:02:09.0810 0x0530 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe - ok
00:02:09.0826 0x0530 [ C2E7171F4B4144912ACDC7790AA19020, C99712C2655A3F49A52BEDB8B9A7AB18873A88EDCCFE51012B6A4DD8EDD4042D ] C:\Windows\SysWOW64\atiumdva.dll
00:02:09.0826 0x0530 C:\Windows\SysWOW64\atiumdva.dll - ok
00:02:09.0842 0x0530 [ 5F4A80C0313FA9E80CB7285F56D388D2, F601AA9AD16204027608BA0BE89CDC612F2C6B47CA6D1C7E6BA6F5F469CC83DF ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\92569e1135c02f1fadea705767e6668e\mscorlib.ni.dll
00:02:09.0842 0x0530 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\92569e1135c02f1fadea705767e6668e\mscorlib.ni.dll - ok
00:02:09.0857 0x0530 [ 7E4F79C4A74C8152C1160A99B46F3B76, 4CE9D3E66BEE106EB37C807689709234E9D8E58C52BF6A7F948926861727444C ] C:\Windows\SysWOW64\dxva2.dll
00:02:09.0857 0x0530 C:\Windows\SysWOW64\dxva2.dll - ok
00:02:10.0185 0x0530 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.0.9200.16384 ), 0x60100 ( disabled : updated )
00:02:10.0232 0x0530 AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\WSCStub.exe ( 20.2.0.0 ), 0x50000 ( disabled : updated )
00:02:10.0232 0x0530 FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\WSCStub.exe ( 20.2.0.0 ), 0x50010 ( disabled )
00:02:10.0247 0x0530 Win FW state via NFP2: enabled
00:02:10.0247 0x0530 ============================================================
00:02:10.0247 0x0530 Scan finished
00:02:10.0247 0x0530 ============================================================
00:02:10.0278 0x0bf4 Detected object count: 2
00:02:10.0278 0x0bf4 Actual detected object count: 2
00:22:07.0035 0x0bf4 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:07.0035 0x0bf4 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:22:07.0035 0x0bf4 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:07.0035 0x0bf4 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

and log.txt

Volume in drive C is OS
Volume Serial Number is E06B-164C

Directory of C:\Users\gwengoetter\AppData\Roaming

11/30/2013 11:46 PM <DIR> .
11/30/2013 11:46 PM <DIR> ..
11/15/2013 03:51 PM <DIR> .minecraft
10/15/2013 05:18 PM <DIR> Admyaw
02/04/2013 12:13 PM <DIR> Adobe
10/15/2013 05:27 PM <DIR> Agtime
09/20/2013 05:32 PM <DIR> Akakdio
10/15/2013 05:30 PM <DIR> Amadhe
10/15/2013 05:09 PM <DIR> Aqbudyno
10/15/2013 05:36 PM <DIR> Aruzfu
12/28/2012 11:30 AM <DIR> ATI
02/09/2013 04:55 PM 114,176 BabMaint.exe
09/20/2013 05:31 PM <DIR> BabSolution
10/15/2013 05:03 PM <DIR> Baekta
09/20/2013 05:30 PM <DIR> Boeqro
10/15/2013 05:13 PM <DIR> Ceufsu
02/18/2013 08:33 PM <DIR> CyberLink
09/20/2013 05:34 PM <DIR> Daiszaco
09/20/2013 05:35 PM <DIR> Dionba
10/15/2013 05:20 PM <DIR> Edocaqa
10/15/2013 04:57 PM <DIR> Efufgyv
10/15/2013 05:42 PM <DIR> Elseokyd
10/15/2013 05:38 PM <DIR> Endyexi
10/15/2013 05:37 PM <DIR> Eqqoavf
10/15/2013 04:56 PM <DIR> Fotusui
10/15/2013 05:01 PM <DIR> Gaekyzf
09/20/2013 05:55 PM <DIR> Gaxymi
10/15/2013 05:45 PM <DIR> Gitepy
12/28/2012 02:34 PM <DIR> Hewlett-Packard
10/15/2013 05:16 PM <DIR> Hoorula
10/15/2013 05:05 PM <DIR> Hufeus
10/15/2013 05:11 PM <DIR> Huoweply
12/29/2012 06:36 PM <DIR> Identities
09/20/2013 05:40 PM <DIR> Idkeis
09/20/2013 05:42 PM <DIR> Inalfad
09/20/2013 05:48 PM <DIR> Irduime
10/15/2013 04:58 PM <DIR> Itpoyq
10/15/2013 05:25 PM <DIR> Ivsawo
10/15/2013 05:09 PM <DIR> Izleyqu
09/20/2013 05:29 PM <DIR> Kaodzyiq
09/20/2013 05:31 PM <DIR> Laimge
09/20/2013 05:41 PM <DIR> Lowoto
10/15/2013 05:43 PM <DIR> Luamwua
09/20/2013 05:46 PM <DIR> Lutizya
10/15/2013 05:37 PM <DIR> Luzutii
12/28/2012 12:24 PM <DIR> Macromedia
01/27/2013 07:32 PM <DIR> mozilla
10/15/2013 05:02 PM <DIR> Myergiac
10/15/2013 05:04 PM <DIR> Nuzomuyp
10/15/2013 05:28 PM <DIR> Ogosymyf
09/20/2013 05:33 PM <DIR> Oluxin
09/20/2013 05:55 PM <DIR> Osepote
09/20/2013 05:39 PM <DIR> Osvanux
09/20/2013 05:48 PM <DIR> Otyfetce
10/15/2013 04:59 PM <DIR> Oxydesul
09/20/2013 05:34 PM <DIR> Pebylye
10/15/2013 05:14 PM <DIR> Poziic
09/20/2013 05:51 PM <DIR> Puetak
10/15/2013 05:17 PM <DIR> Qiquazo
09/20/2013 05:52 PM <DIR> Qiumho
10/15/2013 05:13 PM <DIR> Quezare
10/15/2013 05:16 PM <DIR> Rikeyfo
07/19/2013 05:42 PM <DIR> Search Protection
09/20/2013 05:36 PM <DIR> Siumta
10/15/2013 05:34 PM <DIR> Sueles
09/26/2013 02:53 PM <DIR> TS3Client
10/15/2013 05:21 PM <DIR> Tuevpy
10/15/2013 05:46 PM <DIR> Tykidiu
10/15/2013 04:54 PM <DIR> Ubxyumy
10/15/2013 05:41 PM <DIR> Udatihyc
10/15/2013 05:23 PM <DIR> Ugytah
10/15/2013 05:28 PM <DIR> Ugzadim
10/15/2013 05:08 PM <DIR> Ukusfe
09/20/2013 05:37 PM <DIR> Umqoyh
04/17/2013 07:08 PM <DIR> Uniblue
09/08/2013 07:43 PM <DIR> uTorrent
09/20/2013 05:47 PM <DIR> Uvhyez
10/15/2013 05:00 PM <DIR> Uvifcei
10/15/2013 05:07 PM <DIR> Viidfouc
10/15/2013 05:39 PM <DIR> Voymug
02/18/2013 11:33 PM <DIR> WebApp
10/15/2013 05:46 PM <DIR> Weoqceu
06/27/2013 05:28 PM <DIR> WildTangent
09/20/2013 05:52 PM <DIR> Wyugekeh
09/20/2013 05:39 PM <DIR> Xeehlo
10/15/2013 05:06 PM <DIR> Ydxoew
09/20/2013 05:45 PM <DIR> Yfxuowve
10/15/2013 04:56 PM <DIR> Ynogivi
10/15/2013 05:00 PM <DIR> Yskuxop
10/15/2013 05:32 PM <DIR> Ysnuud
10/15/2013 05:42 PM <DIR> Zuliqyp
1 File(s) 114,176 bytes
90 Dir(s) 311,389,491,200 bytes free

#10
Buddierdl

Posted 02 December 2013 - 09:24 AM

Trusted Helper

Malware Removal
2,524 posts

Okay, please run FRST again and get a new scan for me so we can see where we stand.

Also, please run this batch file the same way as before.

Attached Files

list.bat 136bytes 148 downloads

#11
lawnguybri

Posted 02 December 2013 - 11:36 PM

Member

Topic Starter
Member
102 posts

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013
Ran by gwengoetter (administrator) on GOETTERS4BACON on 03-12-2013 00:26:21
Running from C:\Users\gwengoetter\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [21504 2012-07-25] (Microsoft Corporation)
HKCU\...\Run: [Vougowloypqiuxg] - C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe [203884 2013-01-27] ()
HKCU\...\Run: [Iproanvaelmuy] - C:\Users\gwengoetter\AppData\Roaming\Pyixih\wytyiz.exe
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume4\Users\GWENGO~1\AppData\Local\Temp\sxxoiiv\sjgudmy\wow.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM - {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {19DB2D13-91DA-4DA4-A080-AB75B9B9484D} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKCU - {19DB2D13-91DA-4DA4-A080-AB75B9B9484D} URL = http://search.yahoo....p={searchTerms}
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll No File
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll No File
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()

Chrome:
=======
CHR HomePage: hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ch", "hxxp://www1.delta-search.com/?affID=122123&babsrc=HP_ss&mntrId=E06B083E8E0CFBEA"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\gwengoetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaidocmldibgopdbjiopphnjhaehnbn\10.16.70.501_0
CHR Extension: (SearchGBY) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.73_0
CHR Extension: (Norton Identity Protection) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0
CHR Extension: (Gmail) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dbjmkjlcdkfccfpgpbieancamjhaclga] - C:\Program Files (x86)\LyricsNotes\116.crx
CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\gwengoetter\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\gwengoetter\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [icmijdhkcgeclpfjmibnginbbkfcbpep] - C:\Program Files\SearchGBY\Extensions\Chrome\searchgby.chrome.v0.9.70.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [143928 2012-10-10] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [208736 2012-11-26] (AVG Technologies CZ, s.r.o.)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [1384608 2012-11-30] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-02] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-01-02] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130109.001\IDSvia64.sys [513184 2013-01-01] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130110.005\ENG64.SYS [126112 2013-01-02] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130110.005\EX64.SYS [2084000 2013-01-02] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS [37496 2012-01-11] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1402000.013\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-09-01] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation)
U4 PCSUService;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-30 23:45 - 2013-11-30 23:44 - 00000127 _____ C:\Users\gwengoetter\Desktop\list.bat
2013-11-30 23:45 - 2013-11-30 23:41 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\gwengoetter\Desktop\tdsskiller.exe
2013-11-30 13:47 - 2013-11-30 13:48 - 00048965 _____ C:\Users\gwengoetter\Desktop\Addition.txt
2013-11-30 13:45 - 2013-12-03 00:26 - 00014848 _____ C:\Users\gwengoetter\Desktop\FRST.txt
2013-11-30 13:45 - 2013-11-30 23:50 - 00000000 ____D C:\FRST
2013-11-30 13:45 - 2013-11-30 12:22 - 01959070 _____ (Farbar) C:\Users\gwengoetter\Desktop\FRST64.exe
2013-11-30 13:45 - 2013-11-24 11:11 - 01091882 _____ C:\Users\gwengoetter\Desktop\adwcleaner.exe
2013-11-24 17:12 - 2012-10-16 20:57 - 00602112 _____ (OldTimer Tools) C:\Users\gwengoetter\Desktop\OTL.exe
2013-11-17 20:53 - 2013-11-17 20:54 - 00559368 _____ C:\windows\Minidump\111713-22183-01.dmp
2013-11-15 15:36 - 2013-11-15 15:36 - 00561816 _____ C:\windows\Minidump\111513-21949-01.dmp
2013-11-12 16:21 - 2013-11-12 16:22 - 00564264 _____ C:\windows\Minidump\111213-53399-01.dmp
2013-11-10 18:48 - 2013-11-10 18:48 - 00561816 _____ C:\windows\Minidump\111013-21184-01.dmp
2013-11-10 17:15 - 2013-11-10 17:15 - 00560592 _____ C:\windows\Minidump\111013-22354-01.dmp
2013-11-09 22:46 - 2013-11-09 22:46 - 00560592 _____ C:\windows\Minidump\110913-22354-01.dmp
2013-11-07 18:34 - 2013-11-07 18:34 - 00561816 _____ C:\windows\Minidump\110713-28844-01.dmp
2013-11-07 16:59 - 2013-11-07 17:00 - 00560592 _____ C:\windows\Minidump\110713-22838-01.dmp
2013-11-06 16:01 - 2013-11-06 16:01 - 00561816 _____ C:\windows\Minidump\110613-23212-01.dmp

==================== One Month Modified Files and Folders =======

2013-12-03 00:26 - 2013-11-30 13:45 - 00014848 _____ C:\Users\gwengoetter\Desktop\FRST.txt
2013-12-03 00:08 - 2013-01-27 18:51 - 00000938 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 23:43 - 2013-04-03 00:31 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-02 23:00 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2013-12-02 13:53 - 2012-12-28 11:34 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2093230720-1359758338-2908893637-1001
2013-12-02 04:08 - 2013-01-27 18:51 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 00:03 - 2012-07-26 02:28 - 00876320 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-01 00:00 - 2012-08-31 23:56 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-11-30 23:58 - 2013-04-17 19:08 - 00000382 _____ C:\windows\Tasks\dsmonitor.job
2013-11-30 23:58 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-30 23:57 - 2012-07-26 00:26 - 00524288 ___SH C:\windows\system32\config\BBI
2013-11-30 23:50 - 2013-11-30 13:45 - 00000000 ____D C:\FRST
2013-11-30 23:44 - 2013-11-30 23:45 - 00000127 _____ C:\Users\gwengoetter\Desktop\list.bat
2013-11-30 23:41 - 2013-11-30 23:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\gwengoetter\Desktop\tdsskiller.exe
2013-11-30 13:48 - 2013-11-30 13:47 - 00048965 _____ C:\Users\gwengoetter\Desktop\Addition.txt
2013-11-30 13:44 - 2012-07-26 02:21 - 00037308 _____ C:\windows\setupact.log
2013-11-30 12:22 - 2013-11-30 13:45 - 01959070 _____ (Farbar) C:\Users\gwengoetter\Desktop\FRST64.exe
2013-11-24 17:10 - 2012-12-28 11:23 - 01905612 _____ C:\windows\WindowsUpdate.log
2013-11-24 17:09 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\NDF
2013-11-24 11:11 - 2013-11-30 13:45 - 01091882 _____ C:\Users\gwengoetter\Desktop\adwcleaner.exe
2013-11-17 20:54 - 2013-11-17 20:53 - 00559368 _____ C:\windows\Minidump\111713-22183-01.dmp
2013-11-17 20:53 - 2012-12-28 19:41 - 502150463 _____ C:\windows\MEMORY.DMP
2013-11-17 20:53 - 2012-12-28 19:41 - 00000000 ____D C:\windows\Minidump
2013-11-17 20:53 - 2012-08-01 21:02 - 00041064 _____ C:\windows\PFRO.log
2013-11-17 03:24 - 2013-01-27 18:57 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-15 15:51 - 2013-01-01 22:24 - 00000000 ____D C:\Users\gwengoetter\AppData\Roaming\.minecraft
2013-11-15 15:36 - 2013-11-15 15:36 - 00561816 _____ C:\windows\Minidump\111513-21949-01.dmp
2013-11-12 16:22 - 2013-11-12 16:21 - 00564264 _____ C:\windows\Minidump\111213-53399-01.dmp
2013-11-10 18:48 - 2013-11-10 18:48 - 00561816 _____ C:\windows\Minidump\111013-21184-01.dmp
2013-11-10 17:15 - 2013-11-10 17:15 - 00560592 _____ C:\windows\Minidump\111013-22354-01.dmp
2013-11-09 22:46 - 2013-11-09 22:46 - 00560592 _____ C:\windows\Minidump\110913-22354-01.dmp
2013-11-07 18:34 - 2013-11-07 18:34 - 00561816 _____ C:\windows\Minidump\110713-28844-01.dmp
2013-11-07 17:00 - 2013-11-07 16:59 - 00560592 _____ C:\windows\Minidump\110713-22838-01.dmp
2013-11-06 16:01 - 2013-11-06 16:01 - 00561816 _____ C:\windows\Minidump\110613-23212-01.dmp

Some content of TEMP:
====================
C:\Users\gwengoetter\AppData\Local\Temp\1347692656.exe
C:\Users\gwengoetter\AppData\Local\Temp\1347718124.exe
C:\Users\gwengoetter\AppData\Local\Temp\1356745641.exe
C:\Users\gwengoetter\AppData\Local\Temp\1356754460.exe
C:\Users\gwengoetter\AppData\Local\Temp\1366243624itinstallerp.exe
C:\Users\gwengoetter\AppData\Local\Temp\9573063.exe
C:\Users\gwengoetter\AppData\Local\Temp\autolrcstmp.exe
C:\Users\gwengoetter\AppData\Local\Temp\COMAP.EXE
C:\Users\gwengoetter\AppData\Local\Temp\Couponscom.exe
C:\Users\gwengoetter\AppData\Local\Temp\driverscanner.exe
C:\Users\gwengoetter\AppData\Local\Temp\GUninstaller.exe
C:\Users\gwengoetter\AppData\Local\Temp\installerp.exe
C:\Users\gwengoetter\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\gwengoetter\AppData\Local\Temp\instloffer.exe
C:\Users\gwengoetter\AppData\Local\Temp\Java_Update_ec7b11b5.exe
C:\Users\gwengoetter\AppData\Local\Temp\msimg32.dll
C:\Users\gwengoetter\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\gwengoetter\AppData\Local\Temp\setup.exe
C:\Users\gwengoetter\AppData\Local\Temp\tbVgr0.dll
C:\Users\gwengoetter\AppData\Local\Temp\uninst1.exe
C:\Users\gwengoetter\AppData\Local\Temp\{AB7C6E2E-39F3-4B9E-A50A-A0616AD4A812}.exe
C:\Users\gwengoetter\AppData\Local\Temp\{F7804FF2-C3B5-4478-9050-1CDC6CA8B081}-30.0.1599.101_30.0.1599.69_chrome_updater.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-30 13:38

==================== End Of Log ============================

Log:

Volume in drive C is OS
Volume Serial Number is E06B-164C

Directory of C:\Users\gwengoetter\AppData\Roaming

11/30/2013 11:46 PM <DIR> .
11/30/2013 11:46 PM <DIR> ..
11/15/2013 03:51 PM <DIR> .minecraft
10/15/2013 05:18 PM <DIR> Admyaw
02/04/2013 12:13 PM <DIR> Adobe
10/15/2013 05:27 PM <DIR> Agtime
09/20/2013 05:32 PM <DIR> Akakdio
10/15/2013 05:30 PM <DIR> Amadhe
10/15/2013 05:09 PM <DIR> Aqbudyno
10/15/2013 05:36 PM <DIR> Aruzfu
12/28/2012 11:30 AM <DIR> ATI
02/09/2013 04:55 PM 114,176 BabMaint.exe
09/20/2013 05:31 PM <DIR> BabSolution
10/15/2013 05:03 PM <DIR> Baekta
09/20/2013 05:30 PM <DIR> Boeqro
10/15/2013 05:13 PM <DIR> Ceufsu
02/18/2013 08:33 PM <DIR> CyberLink
09/20/2013 05:34 PM <DIR> Daiszaco
09/20/2013 05:35 PM <DIR> Dionba
10/15/2013 05:20 PM <DIR> Edocaqa
10/15/2013 04:57 PM <DIR> Efufgyv
10/15/2013 05:42 PM <DIR> Elseokyd
10/15/2013 05:38 PM <DIR> Endyexi
10/15/2013 05:37 PM <DIR> Eqqoavf
10/15/2013 04:56 PM <DIR> Fotusui
10/15/2013 05:01 PM <DIR> Gaekyzf
09/20/2013 05:55 PM <DIR> Gaxymi
10/15/2013 05:45 PM <DIR> Gitepy
12/28/2012 02:34 PM <DIR> Hewlett-Packard
10/15/2013 05:16 PM <DIR> Hoorula
10/15/2013 05:05 PM <DIR> Hufeus
10/15/2013 05:11 PM <DIR> Huoweply
12/29/2012 06:36 PM <DIR> Identities
09/20/2013 05:40 PM <DIR> Idkeis
09/20/2013 05:42 PM <DIR> Inalfad
09/20/2013 05:48 PM <DIR> Irduime
10/15/2013 04:58 PM <DIR> Itpoyq
10/15/2013 05:25 PM <DIR> Ivsawo
10/15/2013 05:09 PM <DIR> Izleyqu
09/20/2013 05:29 PM <DIR> Kaodzyiq
09/20/2013 05:31 PM <DIR> Laimge
09/20/2013 05:41 PM <DIR> Lowoto
10/15/2013 05:43 PM <DIR> Luamwua
09/20/2013 05:46 PM <DIR> Lutizya
10/15/2013 05:37 PM <DIR> Luzutii
12/28/2012 12:24 PM <DIR> Macromedia
01/27/2013 07:32 PM <DIR> mozilla
10/15/2013 05:02 PM <DIR> Myergiac
10/15/2013 05:04 PM <DIR> Nuzomuyp
10/15/2013 05:28 PM <DIR> Ogosymyf
09/20/2013 05:33 PM <DIR> Oluxin
09/20/2013 05:55 PM <DIR> Osepote
09/20/2013 05:39 PM <DIR> Osvanux
09/20/2013 05:48 PM <DIR> Otyfetce
10/15/2013 04:59 PM <DIR> Oxydesul
09/20/2013 05:34 PM <DIR> Pebylye
10/15/2013 05:14 PM <DIR> Poziic
09/20/2013 05:51 PM <DIR> Puetak
10/15/2013 05:17 PM <DIR> Qiquazo
09/20/2013 05:52 PM <DIR> Qiumho
10/15/2013 05:13 PM <DIR> Quezare
10/15/2013 05:16 PM <DIR> Rikeyfo
07/19/2013 05:42 PM <DIR> Search Protection
09/20/2013 05:36 PM <DIR> Siumta
10/15/2013 05:34 PM <DIR> Sueles
09/26/2013 02:53 PM <DIR> TS3Client
10/15/2013 05:21 PM <DIR> Tuevpy
10/15/2013 05:46 PM <DIR> Tykidiu
10/15/2013 04:54 PM <DIR> Ubxyumy
10/15/2013 05:41 PM <DIR> Udatihyc
10/15/2013 05:23 PM <DIR> Ugytah
10/15/2013 05:28 PM <DIR> Ugzadim
10/15/2013 05:08 PM <DIR> Ukusfe
09/20/2013 05:37 PM <DIR> Umqoyh
04/17/2013 07:08 PM <DIR> Uniblue
09/08/2013 07:43 PM <DIR> uTorrent
09/20/2013 05:47 PM <DIR> Uvhyez
10/15/2013 05:00 PM <DIR> Uvifcei
10/15/2013 05:07 PM <DIR> Viidfouc
10/15/2013 05:39 PM <DIR> Voymug
02/18/2013 11:33 PM <DIR> WebApp
10/15/2013 05:46 PM <DIR> Weoqceu
06/27/2013 05:28 PM <DIR> WildTangent
09/20/2013 05:52 PM <DIR> Wyugekeh
09/20/2013 05:39 PM <DIR> Xeehlo
10/15/2013 05:06 PM <DIR> Ydxoew
09/20/2013 05:45 PM <DIR> Yfxuowve
10/15/2013 04:56 PM <DIR> Ynogivi
10/15/2013 05:00 PM <DIR> Yskuxop
10/15/2013 05:32 PM <DIR> Ysnuud
10/15/2013 05:42 PM <DIR> Zuliqyp
1 File(s) 114,176 bytes
90 Dir(s) 311,389,491,200 bytes free
C:\Users\gwengoetter\AppData\Roaming\.minecraft
C:\Users\gwengoetter\AppData\Roaming\Admyaw
C:\Users\gwengoetter\AppData\Roaming\Adobe
C:\Users\gwengoetter\AppData\Roaming\Agtime
C:\Users\gwengoetter\AppData\Roaming\Akakdio
C:\Users\gwengoetter\AppData\Roaming\Amadhe
C:\Users\gwengoetter\AppData\Roaming\Aqbudyno
C:\Users\gwengoetter\AppData\Roaming\Aruzfu
C:\Users\gwengoetter\AppData\Roaming\ATI
C:\Users\gwengoetter\AppData\Roaming\BabSolution
C:\Users\gwengoetter\AppData\Roaming\Baekta
C:\Users\gwengoetter\AppData\Roaming\Boeqro
C:\Users\gwengoetter\AppData\Roaming\Ceufsu
C:\Users\gwengoetter\AppData\Roaming\CyberLink
C:\Users\gwengoetter\AppData\Roaming\Daiszaco
C:\Users\gwengoetter\AppData\Roaming\Dionba
C:\Users\gwengoetter\AppData\Roaming\Edocaqa
C:\Users\gwengoetter\AppData\Roaming\Efufgyv
C:\Users\gwengoetter\AppData\Roaming\Elseokyd
C:\Users\gwengoetter\AppData\Roaming\Endyexi
C:\Users\gwengoetter\AppData\Roaming\Eqqoavf
C:\Users\gwengoetter\AppData\Roaming\Fotusui
C:\Users\gwengoetter\AppData\Roaming\Gaekyzf
C:\Users\gwengoetter\AppData\Roaming\Gaxymi
C:\Users\gwengoetter\AppData\Roaming\Gitepy
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard
C:\Users\gwengoetter\AppData\Roaming\Hoorula
C:\Users\gwengoetter\AppData\Roaming\Hufeus
C:\Users\gwengoetter\AppData\Roaming\Huoweply
C:\Users\gwengoetter\AppData\Roaming\Identities
C:\Users\gwengoetter\AppData\Roaming\Idkeis
C:\Users\gwengoetter\AppData\Roaming\Inalfad
C:\Users\gwengoetter\AppData\Roaming\Irduime
C:\Users\gwengoetter\AppData\Roaming\Itpoyq
C:\Users\gwengoetter\AppData\Roaming\Ivsawo
C:\Users\gwengoetter\AppData\Roaming\Izleyqu
C:\Users\gwengoetter\AppData\Roaming\Kaodzyiq
C:\Users\gwengoetter\AppData\Roaming\Laimge
C:\Users\gwengoetter\AppData\Roaming\Lowoto
C:\Users\gwengoetter\AppData\Roaming\Luamwua
C:\Users\gwengoetter\AppData\Roaming\Lutizya
C:\Users\gwengoetter\AppData\Roaming\Luzutii
C:\Users\gwengoetter\AppData\Roaming\Macromedia
C:\Users\gwengoetter\AppData\Roaming\Microsoft
C:\Users\gwengoetter\AppData\Roaming\mozilla
C:\Users\gwengoetter\AppData\Roaming\Myergiac
C:\Users\gwengoetter\AppData\Roaming\Nuzomuyp
C:\Users\gwengoetter\AppData\Roaming\Ogosymyf
C:\Users\gwengoetter\AppData\Roaming\Oluxin
C:\Users\gwengoetter\AppData\Roaming\Osepote
C:\Users\gwengoetter\AppData\Roaming\Osvanux
C:\Users\gwengoetter\AppData\Roaming\Otyfetce
C:\Users\gwengoetter\AppData\Roaming\Oxydesul
C:\Users\gwengoetter\AppData\Roaming\Pebylye
C:\Users\gwengoetter\AppData\Roaming\Poziic
C:\Users\gwengoetter\AppData\Roaming\Puetak
C:\Users\gwengoetter\AppData\Roaming\Qiquazo
C:\Users\gwengoetter\AppData\Roaming\Qiumho
C:\Users\gwengoetter\AppData\Roaming\Quezare
C:\Users\gwengoetter\AppData\Roaming\Rikeyfo
C:\Users\gwengoetter\AppData\Roaming\Search Protection
C:\Users\gwengoetter\AppData\Roaming\Siumta
C:\Users\gwengoetter\AppData\Roaming\Sueles
C:\Users\gwengoetter\AppData\Roaming\TS3Client
C:\Users\gwengoetter\AppData\Roaming\Tuevpy
C:\Users\gwengoetter\AppData\Roaming\Tykidiu
C:\Users\gwengoetter\AppData\Roaming\Ubxyumy
C:\Users\gwengoetter\AppData\Roaming\Udatihyc
C:\Users\gwengoetter\AppData\Roaming\Ugytah
C:\Users\gwengoetter\AppData\Roaming\Ugzadim
C:\Users\gwengoetter\AppData\Roaming\Ukusfe
C:\Users\gwengoetter\AppData\Roaming\Umqoyh
C:\Users\gwengoetter\AppData\Roaming\Uniblue
C:\Users\gwengoetter\AppData\Roaming\uTorrent
C:\Users\gwengoetter\AppData\Roaming\Uvhyez
C:\Users\gwengoetter\AppData\Roaming\Uvifcei
C:\Users\gwengoetter\AppData\Roaming\Viidfouc
C:\Users\gwengoetter\AppData\Roaming\Voymug
C:\Users\gwengoetter\AppData\Roaming\WebApp
C:\Users\gwengoetter\AppData\Roaming\Weoqceu
C:\Users\gwengoetter\AppData\Roaming\WildTangent
C:\Users\gwengoetter\AppData\Roaming\Wyugekeh
C:\Users\gwengoetter\AppData\Roaming\Xeehlo
C:\Users\gwengoetter\AppData\Roaming\Ydxoew
C:\Users\gwengoetter\AppData\Roaming\Yfxuowve
C:\Users\gwengoetter\AppData\Roaming\Ynogivi
C:\Users\gwengoetter\AppData\Roaming\Yskuxop
C:\Users\gwengoetter\AppData\Roaming\Ysnuud
C:\Users\gwengoetter\AppData\Roaming\Zuliqyp
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets
C:\Users\gwengoetter\AppData\Roaming\.minecraft\bin
C:\Users\gwengoetter\AppData\Roaming\.minecraft\crash-reports
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries
C:\Users\gwengoetter\AppData\Roaming\.minecraft\logs
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resourcepacks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves
C:\Users\gwengoetter\AppData\Roaming\.minecraft\screenshots
C:\Users\gwengoetter\AppData\Roaming\.minecraft\stats
C:\Users\gwengoetter\AppData\Roaming\.minecraft\texturepacks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\texturepacks-mp-cache
C:\Users\gwengoetter\AppData\Roaming\.minecraft\versions
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\icons
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\lang
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\music
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\records
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\ambient
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\damage
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\dig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\fire
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\fireworks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\liquid
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\minecart
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\note
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\portal
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\random
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\step
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\tile
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\ambient\cave
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\ambient\weather
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\bat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\blaze
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\cat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\chicken
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\cow
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\creeper
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\enderdragon
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\endermen
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\ghast
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\horse
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\irongolem
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\magmacube
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\pig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\sheep
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\silverfish
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\skeleton
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\slime
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\spider
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\villager
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\wither
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\wolf
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\zombiepig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\horse\donkey
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\horse\skeleton
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\horse\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\tile\piston
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\ambient
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\damage
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\dig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\fire
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\fireworks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\liquid
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\minecart
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\music
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\note
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\portal
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\random
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\records
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\step
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\tile
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\ambient\cave
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\ambient\weather
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\bat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\blaze
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\cat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\chicken
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\cow
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\creeper
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\enderdragon
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\endermen
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\ghast
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\horse
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\irongolem
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\magmacube
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\pig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\sheep
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\silverfish
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\skeleton
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\slime
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\spider
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\villager
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\wither
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\wolf
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\zombiepig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\horse\donkey
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\horse\skeleton
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\horse\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\tile\piston
C:\Users\gwengoetter\AppData\Roaming\.minecraft\bin\natives
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\argo
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\commons-io
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\io
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\java3d
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\argo\argo
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\argo\argo\2.25_fixed
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\ibm
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\mojang
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\code
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\guava
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\code\gson
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.2.2
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.2.4
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\guava\guava
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\14.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\15.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\ibm\icu
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j-core-mojang
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j-core-mojang\51.2
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\mojang\authlib
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\1.3
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\codecjorbis
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\codecwav
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\libraryjavasound
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\librarylwjglopenal
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\soundsystem
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\codecjorbis\20101023
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\codecwav\20101023
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\libraryjavasound\20101123
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\librarylwjglopenal\20100824
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\soundsystem\20120107
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\commons-io\commons-io
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.4
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\io\netty
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\io\netty\netty-all
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\io\netty\netty-all\4.0.10.Final
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\java3d\vecmath
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\java3d\vecmath\1.3.1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jinput
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jutils
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput-platform
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput\2.0.5
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput-platform\2.0.5
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jutils\jutils
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jutils\jutils\1.0.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\trove4j
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\4.5
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\trove4j\trove4j
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\trove4j\trove4j\3.0.3
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\bouncycastle
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\commons
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.0-beta9
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.0-beta9
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\bouncycastle\bcprov-jdk15on
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\bouncycastle\bcprov-jdk15on\1.47
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl-platform
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl_util
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl\2.9.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl-platform\2.9.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl_util\2.9.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\music
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newmusic
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\pe
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\streaming
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\ambient
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\damage
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\fire
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\liquid
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\note
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\portal
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\random
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\step
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\tile
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\ambient\cave
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\ambient\weather
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\blaze
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\cat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\endermen
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\ghast
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\irongolem
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\wolf
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\tile\piston
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound\step
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\ambient
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\damage
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\dig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\fire
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\fireworks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\liquid
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\minecart
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\note
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\portal
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\random
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\step
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\tile
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\ambient\cave
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\ambient\weather
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\bat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\blaze
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\cat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\chicken
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\cow
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\creeper
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\enderdragon
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\endermen
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\ghast
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\irongolem
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\magmacube
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\pig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\sheep
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\silverfish
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\skeleton
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\slime
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\spider
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\wither
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\wolf
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\zombiepig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\tile\piston
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\crayola
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\nmy butt
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Not Boxx I swear
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\data
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\DIM-1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\DIM1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\players
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\stats
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\data
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\DIM-1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\DIM1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\players
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\stats
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\DIM-1\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\crayola\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\data
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\DIM-1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\DIM1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\players
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\stats
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\DIM-1\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\DIM1\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\data
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\DIM-1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\DIM1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\players
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\DIM-1\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World\data
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World\DIM-1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World\DIM1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World\players
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\nmy butt\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Not Boxx I swear\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\versions\1.6.2
C:\Users\gwengoetter\AppData\Roaming\.minecraft\versions\1.6.4
C:\Users\gwengoetter\AppData\Roaming\.minecraft\versions\1.7.2
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player
C:\Users\gwengoetter\AppData\Roaming\Adobe\Headlights
C:\Users\gwengoetter\AppData\Roaming\Adobe\Linguistics
C:\Users\gwengoetter\AppData\Roaming\Adobe\LogTransport2
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\Collab
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\Forms
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\JSCache
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\Security
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\ServicesRdr
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\Security\CRLCache
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\APSPrivateData2
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\AssetCache
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\NativeCache
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\APSPrivateData2\0
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\APSPrivateData2\0\513b3740
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\AssetCache\ME8ER4AY
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\NativeCache\1F5BB7D0585FEE6C480A34FECC6E28FB
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\NativeCache\D61CB49E10A2FAF92ED8094C6B29015D
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\NativeCache\1F5BB7D0585FEE6C480A34FECC6E28FB\7f51d506
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\NativeCache\D61CB49E10A2FAF92ED8094C6B29015D\513b3740
C:\Users\gwengoetter\AppData\Roaming\ATI\ACE
C:\Users\gwengoetter\AppData\Roaming\BabSolution\Shared
C:\Users\gwengoetter\AppData\Roaming\CyberLink\MediaCache
C:\Users\gwengoetter\AppData\Roaming\CyberLink\PowerCinema
C:\Users\gwengoetter\AppData\Roaming\CyberLink\PowerDVD
C:\Users\gwengoetter\AppData\Roaming\CyberLink\PowerDVD10
C:\Users\gwengoetter\AppData\Roaming\CyberLink\PowerDVD10\Remix
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Connected Remote
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Setup
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Support Framework
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Connected Remote\data
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Setup\Metrics
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Setup\REGDATA
C:\Users\gwengoetter\AppData\Roaming\Identities\{0C9FE623-9FA0-42B5-A218-6D349696DF5A}
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\#AppContainer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\0.static.collegehumor.cvcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\a.blip.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\a.huluad.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ads.static.blip.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\allnaturaldaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\allwomenhealthtips.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\anomaly.realgravity.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\appassets.kickstatic.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\as1.suitesmart.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\atv-videos.s3.amazonaws.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\barons1.vbz.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\baronsflow.vbz.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cache.btrll.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cache.vindicosuite.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn-static.liverail.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.adnxs.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.blend.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.blinkx.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.bodystrength.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.connectwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.dailylife.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.exoticjourney.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.fuelpit.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.innovid.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.intergi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.moderncommerce.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.modernyouth.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.oggifinogi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.optimatic.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.pazoo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.pebble.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.populace.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.roadplan.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.smartask.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.springboard.gorillanation.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.tremormedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.baronsmedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn4.telemetryverification.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn457.telemetryverification.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.blend.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.bodystrength.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.connectwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.dailylife.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.exoticjourney.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.fuelpit.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.moderncommerce.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.modernyouth.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.pebble.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.populace.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.roadplan.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.smartask.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\celebritychef.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\celebritytravel.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cloud.nmg.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\colo.cachefly.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\convoad.technoratimedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\core.insightexpressai.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\core.mochibot.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\crackle.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\d2s1vwfhtsw5uw.cloudfront.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\djz2ltq9087h8.cloudfront.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\effectivemeasure.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\elitetv.elitedaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\embedr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\files.provenpixel.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\filmtrailers.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\flash.quantserve.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\freshhealthdaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\gamegameandmoregame.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\games.intergi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\graphics.streamray.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hiro.viewster.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.veevr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ideasgames.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\imagecache.blastro.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\images-na.ssl-images-amazon.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img-cdn.mediaplex.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\kittyflix.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\knowlera.vo.llnwd.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\lifeminute.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\live.sekindo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\matomy.thesyndicationserver.co.uk
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.mtvnservices.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\mochiads.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\mochibot.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\mosaic5.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\musicblvd.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\objects.tremormedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\p.jwpcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.healthination.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.hulu.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.longtailvideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.ooyala.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.videopublishing.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\releases.flowplayer.org
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s.colo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s.delvenetworks.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s.ytimg.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s1.evcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s3.amazonaws.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s3.bizu.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\secure-us.imrworldwide.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\shared.mefeedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\software.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static-cdn1.ustream.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static-cf-1.hgcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.2blu.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.dealer.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.eyeviewads.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.filmannex.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.poptropica.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static1.dmcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\synd.travelplus.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.fameup.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.gamecentral.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.kineto.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.matomy.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mediashakers.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mothernist.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.nikita.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.split.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.ybrant.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\therockwar.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\travelbig.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ui.mevio.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\us.accserver.eu
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\us.selectmedia.asia
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\video-vcdn.fastclick.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\video.mojo24.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\vox-static.liverail.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\vplayerf.dailyrx.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\wittyandpretty.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.addedauto.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.all-allergies.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.celebhush.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.clipstravel.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.crackle.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.dailymotion.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.entrepreneur.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.fashionbetty.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.howtohawk.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.hulu.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.ideasgames.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.knownfitness.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.momsguidebook.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.moneynewsdaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.mynetsports.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.onlinetravelvideos.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.perfectlyorganizedspaces.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.recipesabove.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.rotatesys.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.securepaths.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.sportlifevideos.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.tdameritrade.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.technicultr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.thedailymeal.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.toyota.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.traileraddict.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.webmovietrailers.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\yumyumarcade.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\#AppContainer\skype.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\0.static.collegehumor.cvcdn.com\moogaloop
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\0.static.collegehumor.cvcdn.com\moogaloop\moogaloop.jukebox.1.0.50.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com\[[IMPORT]]\79423.analytics.edgesuite.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin\csma.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\allnaturaldaily.com\flowplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\allwomenhealthtips.com\flowplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\anomaly.realgravity.com\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\anomaly.realgravity.com\flash\rg_all.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\as1.suitesmart.com\_f5e.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com\pa
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com\pa\global-assets
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com\pa\global-assets\1.0
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com\pa\global-assets\1.0\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com\pa\global-assets\1.0\swf\caapmfso.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\barons1.vbz.netdna-cdn.com\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\barons1.vbz.netdna-cdn.com\flow\dist
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\barons1.vbz.netdna-cdn.com\flow\dist\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\barons1.vbz.netdna-cdn.com\flow\dist\swf\flowplayer-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\baronsflow.vbz.netdna-cdn.com\dist
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\baronsflow.vbz.netdna-cdn.com\dist\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\baronsflow.vbz.netdna-cdn.com\dist\swf\flowplayer-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.blinkx.com\f2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.blinkx.com\f2\player.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.intergi.com\AdLoader.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com\bolt
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com\bolt.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com\wplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com\bolt\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com\bolt\swf\bolt.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.springboard.gorillanation.com\mediaplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.springboard.gorillanation.com\mediaplayer\springboard
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.springboard.gorillanation.com\mediaplayer\springboard\mediaplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com\js
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com\js\flowplayer2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com\js\flowplayer2\dist
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com\js\flowplayer2\dist\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com\js\flowplayer2\dist\swf\flowplayer-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash\kdp3
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash\kdp3\v3.8.9
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash\kdp3\v3.9.3
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash\kdp3\v3.8.9\kdp3.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash\kdp3\v3.9.3\kdp3.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash\kdp3
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash\kdp3\v3.6.17
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash\kdp3\v3.6.17\kdp3.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash\kdp3\v3.6.17\plugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash\kdp3\v3.6.17\plugins\closedCaptionsFlexiblePlugin.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp\95104100
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp\95104100\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp\95104100\flash\kdp3
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp\95104100\flash\kdp3\v3.8.4
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp\95104100\flash\kdp3\v3.8.4\kdp3.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\[[IMPORT]]\79423.analytics.edgesuite.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin\csma.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]\cdata.carambo.la
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]\cdata.carambo.la\Layer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]\cdata.carambo.la\Layer\client
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]\cdata.carambo.la\Layer\client\CarambolaClient_v3.0.4.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]\cdata.carambo.la\Layer\client\CarambolaClient_v3.1.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\core.insightexpressai.com\adserver
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\core.insightexpressai.com\adserver\fscookie
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\core.insightexpressai.com\adserver\fscookie\fscookie.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\embedr.com\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\embedr.com\swf\flowplayer.commercial-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\embedr.com\swf\flowplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\files.provenpixel.com\video
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\files.provenpixel.com\video\flowplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\files.provenpixel.com\video\flowplayer\flowplayer-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\freshhealthdaily.com\flowplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\graphics.streamray.com\images
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\graphics.streamray.com\images\cams
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\graphics.streamray.com\images\cams\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com\wp-content
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com\wp-content\themes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com\wp-content\themes\premiumnews
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com\wp-content\themes\premiumnews\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com\wp-content\themes\premiumnews\flow\flowplayer-3.2.15.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hiro.viewster.com\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hiro.viewster.com\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hiro.viewster.com\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hiro.viewster.com\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.veevr.com\q4z7c2x6
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.veevr.com\q4z7c2x6\cds
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.veevr.com\q4z7c2x6\cds\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.veevr.com\q4z7c2x6\cds\swf\flowplayer.commercial-3.2.12.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\imagecache.blastro.com\images
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\imagecache.blastro.com\images\flashplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\imagecache.blastro.com\images\flashplayer\flvPlayer-parallel-2013-10-08.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\##49EE19BE7F7E2B06
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\[[IMPORT]]\lp.longtailvideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\[[IMPORT]]\lp.longtailvideo.com\5
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\[[IMPORT]]\lp.longtailvideo.com\5\yume
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\[[IMPORT]]\lp.longtailvideo.com\5\yume\yume-h.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\knowlera.vo.llnwd.net\o18
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\knowlera.vo.llnwd.net\o18\data
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\knowlera.vo.llnwd.net\o18\data\play
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\knowlera.vo.llnwd.net\o18\data\play\KPShare.swf.3.9.6
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\matomy.thesyndicationserver.co.uk\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\matomy.thesyndicationserver.co.uk\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\matomy.thesyndicationserver.co.uk\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\matomy.thesyndicationserver.co.uk\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.mtvnservices.com\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.mtvnservices.com\player\prime
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.mtvnservices.com\player\prime\mediaplayerprime.2.5.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp\11100
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp\11100\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp\11100\flash\kdp3
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp\11100\flash\kdp3\v3.8.2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp\11100\flash\kdp3\v3.8.2\kdp3.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.healthination.com\flowplayer.unlimited-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.8
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.9
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.8\s
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.8\s\MediaPlayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.9\s
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.9\s\MediaPlayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\5235204
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\pv2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\5235204\25147011_20130927190456496_stripe800x90.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\pv2\25815290
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\pv2\25815290\20131106144439011
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\pv2\25815290\20131106144439011\banner_300x250.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\pv2\25815290\20131106144439011\overlay.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static-cdn1.ustream.tv\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static-cdn1.ustream.tv\swf\live
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.2blu.net\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.2blu.net\swf\flowplayer-3.2.15.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.dealer.com\apps
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.dealer.com\apps\video
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.dealer.com\apps\video\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.dealer.com\apps\video\player\player.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.eyeviewads.com\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.eyeviewads.com\flow\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.eyeviewads.com\flow\player\flowplayer.commercial-3.2.9.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\synd.travelplus.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\synd.travelplus.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\synd.travelplus.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\synd.travelplus.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium\scripts\premiumPluginsAdomtry
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium\scripts\premiumPluginsAdomtry\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\premium\scripts\premiumPluginsSynd
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\premium\scripts\premiumPluginsSynd\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.fameup.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.fameup.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.fameup.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.fameup.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.gamecentral.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.gamecentral.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.gamecentral.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.gamecentral.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.kineto.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.kineto.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.kineto.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.kineto.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.matomy.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.matomy.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.matomy.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.matomy.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mothernist.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mothernist.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mothernist.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mothernist.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.nikita.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.nikita.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.nikita.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.nikita.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.split.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.split.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.split.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.split.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.ybrant.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.ybrant.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.ybrant.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.ybrant.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\therockwar.com\flowplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly\n5v4k3c2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly\n5v4k3c2\cds
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly\n5v4k3c2\cds\www
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly\n5v4k3c2\cds\www\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly\n5v4k3c2\cds\www\swf\flowplayer.commercial-3.2.15.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ui.mevio.com\widgets
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ui.mevio.com\widgets\mwm
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ui.mevio.com\widgets\mwm\MevioBPFX.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\us.selectmedia.asia\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\us.selectmedia.asia\player\flowplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\us.selectmedia.asia\player\flowplayer\flowplayer-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\video.mojo24.com\files
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\video.mojo24.com\files\flowplayer.commercial-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net\[[IMPORT]]\lp.longtailvideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net\[[IMPORT]]\lp.longtailvideo.com\5
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net\[[IMPORT]]\lp.longtailvideo.com\5\yume
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net\[[IMPORT]]\lp.longtailvideo.com\5\yume\yume-h.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com\[[IMPORT]]\lp.longtailvideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com\[[IMPORT]]\lp.longtailvideo.com\5
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com\[[IMPORT]]\lp.longtailvideo.com\5\yume
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com\[[IMPORT]]\lp.longtailvideo.com\5\yume\yume-h.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\vplayerf.dailyrx.com\flowplayer.commercial-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10\scripts\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external\flowplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external\flowplayer\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com\wp-content
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com\wp-content\themes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com\wp-content\themes\Aggregate
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com\wp-content\themes\Aggregate\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com\wp-content\themes\Aggregate\swf\flowplayer-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com\js
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com\js\flowplayer2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com\js\flowplayer2\dist
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com\js\flowplayer2\dist\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com\js\flowplayer2\dist\swf\flowplayer-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.hulu.com\cram.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10\scripts\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external\flowplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external\flowplayer\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com\[[IMPORT]]\79423.analytics.edgesuite.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin\csma.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.perfectlyorganizedspaces.com\common
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.perfectlyorganizedspaces.com\common\flowplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.perfectlyorganizedspaces.com\common\flowplayer\flowplayer.commercial-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.securepaths.com\securepaths.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.traileraddict.com\player.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\yumyumarcade.com\games
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\yumyumarcade.com\games\deep-diver-2.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\yumyumarcade.com\games\deep-diver-2.swf\#cactigames
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#0.static.collegehumor.cvcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.blip.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.huluad.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#admin.brightcove.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ads.static.blip.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#allnaturaldaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#allwomenhealthtips.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#appassets.kickstatic.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#atv-videos.s3.amazonaws.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#barons1.vbz.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#baronsflow.vbz.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.btrll.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.vindicosuite.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.adnxs.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.blend.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.blinkx.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.bodystrength.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.connectwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.dailylife.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.exoticjourney.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.fuelpit.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.innovid.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.intergi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.moderncommerce.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.modernyouth.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.oggifinogi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.optimatic.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.pazoo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.pebble.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.playwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.populace.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.roadplan.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.smartask.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.springboard.gorillanation.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.tremormedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn2.baronsmedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn2.gourmandia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn4.telemetryverification.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn457.telemetryverification.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdnbakmi.kaltura.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.blend.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.bodystrength.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.connectwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.dailylife.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.exoticjourney.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.fuelpit.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.moderncommerce.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.modernyouth.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.pebble.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.populace.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.roadplan.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.smartask.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#celebritychef.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#celebritytravel.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cfiles.5min.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#colo.cachefly.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#convoad.technoratimedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.insightexpressai.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.mochibot.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#crackle.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d2s1vwfhtsw5uw.cloudfront.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#djz2ltq9087h8.cloudfront.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#effectivemeasure.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#elitetv.elitedaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#embedr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#files.provenpixel.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#filmtrailers.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#freshhealthdaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#gamegameandmoregame.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#games.intergi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#graphics.streamray.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#healthencore.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#hiro.viewster.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#hwcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#hwcdn.veevr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ideasgames.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#imagecache.blastro.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images-na.ssl-images-amazon.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img-cdn.mediaplex.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img.indymusic.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#kittyflix.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#knowlera.vo.llnwd.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lifeminute.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#live.sekindo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#matomy.thesyndicationserver.co.uk
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.spinmediavideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochiads.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochibot.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mosaic5.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#musicblvd.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#p.jwpcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.healthination.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.hulu.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.longtailvideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.onescreen.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.ooyala.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.videopublishing.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.colo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.delvenetworks.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s0.2mdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s1.evcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s3.amazonaws.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s3.bizu.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secure-us.imrworldwide.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#shared.mefeedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#software.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static-cdn1.ustream.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static-cf-1.hgcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.2blu.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.dealer.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.eyeviewads.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.filmannex.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.poptropica.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static1.dmcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#synd.travelplus.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.audiencetv.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.coffeetable.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.fameup.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.gamecentral.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.kineto.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.matomy.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.mediashakers.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.mothernist.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.nikita.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.split.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.vidtur.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.ybrant.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#therockwar.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#travelbig.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tycdn01.trailer.ly
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ui.mevio.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.accserver.eu
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.selectmedia.asia
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video-vcdn.fastclick.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.mojo24.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#videos.hollywoodhighlights.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#videos.nightlifetelevision.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vplayerf.dailyrx.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#wittyandpretty.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.addedauto.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.all-allergies.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.bhg.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.buzzya.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.celebhush.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.clipstravel.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.crackle.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dailymotion.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.entrepreneur.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.fashionbetty.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.gourmandia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.howtohawk.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.hulu.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ideasgames.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.knownfitness.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.lhj.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.momsguidebook.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.moneynewsdaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mynetsports.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.nascar.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.onlinetravelvideos.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.perfectlyorganizedspaces.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.recipesabove.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.rotatesys.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.securepaths.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.sportlifevideos.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.tdameritrade.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.technicultr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.thedailymeal.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.toyota.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.traileraddict.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.webmovietrailers.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#yumyumarcade.com
C:\Users\gwengoetter\AppData\Roaming\Microsoft\CLR Security Config
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Credentials
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Crypto
C:\Users\gwengoetter\AppData\Roaming\Microsoft\HTML Help
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Network
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Protect
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Speech
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Spelling
C:\Users\gwengoetter\AppData\Roaming\Microsoft\SystemCertificates
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Vault
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows
C:\Users\gwengoetter\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Crypto\RSA
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2093230720-1359758338-2908893637-1001
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\77IQO8S2
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\7I18R7ZR
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\CYBOTW44
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\KK04CHNQ
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Network\Connections
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Network\Connections\Pbk
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Protect\S-1-5-21-2093230720-1359758338-2908893637-1001
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Speech\Files
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Speech\Files\UserLexicons
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Spelling\en-US
C:\Users\gwengoetter\AppData\Roaming\Microsoft\SystemCertificates\My
C:\Users\gwengoetter\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
C:\Users\gwengoetter\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
C:\Users\gwengoetter\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\AccountPictures
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\IECompatCache
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\IECompatUACache
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_A
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_B
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_U
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_W
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_X
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_Y
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_Z
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Network Shortcuts
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\PrivacIE
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Recent
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\SendTo
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Templates
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Themes
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Cookies\Low
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles
C:\Users\gwengoetter\AppData\Roaming\mozilla\firefox
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache
C:\Users\gwengoetter\AppData\Roaming\TS3Client\chats
C:\Users\gwengoetter\AppData\Roaming\TS3Client\logs
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\remote
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\Z3hZK3BBeWN0cUphOFRJbS9YQ3VneGZIaUVvPQ==
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\ZFprei9GN0RpU0dDakU1MFNFd0VETnNHUnlBPQ==
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\remote\i46.tinypic.com
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\remote\i49.tinypic.com
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\Z3hZK3BBeWN0cUphOFRJbS9YQ3VneGZIaUVvPQ==\channels
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\Z3hZK3BBeWN0cUphOFRJbS9YQ3VneGZIaUVvPQ==\clients
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\Z3hZK3BBeWN0cUphOFRJbS9YQ3VneGZIaUVvPQ==\icons
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\ZFprei9GN0RpU0dDakU1MFNFd0VETnNHUnlBPQ==\channels
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\ZFprei9GN0RpU0dDakU1MFNFd0VETnNHUnlBPQ==\clients
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\ZFprei9GN0RpU0dDakU1MFNFd0VETnNHUnlBPQ==\icons
C:\Users\gwengoetter\AppData\Roaming\TS3Client\chats\Z3hZK3BBeWN0cUphOFRJbS9YQ3VneGZIaUVvPQ==
C:\Users\gwengoetter\AppData\Roaming\TS3Client\chats\ZFprei9GN0RpU0dDakU1MFNFd0VETnNHUnlBPQ==
C:\Users\gwengoetter\AppData\Roaming\Uniblue\DriverScanner
C:\Users\gwengoetter\AppData\Roaming\Uniblue\DriverScanner\drivers
C:\Users\gwengoetter\AppData\Roaming\Uniblue\DriverScanner\_temp
C:\Users\gwengoetter\AppData\Roaming\uTorrent\apps
C:\Users\gwengoetter\AppData\Roaming\uTorrent\dlimagecache
C:\Users\gwengoetter\AppData\Roaming\uTorrent\share
C:\Users\gwengoetter\AppData\Roaming\uTorrent\updates
C:\Users\gwengoetter\AppData\Roaming\WildTangent\Logs

#12
Buddierdl

Posted 04 December 2013 - 08:52 AM

Trusted Helper

Malware Removal
2,524 posts

Okay, download this new fixlist.txt to your desktop and replace the old one. Then run FRST in fix mode once more and post the fixlog.txt and a fresh FRST scan.

Then,

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the all of the options are checked:
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Let me know how the computer is running.

Attached Files

fixlist.txt 3.77KB 158 downloads

#13
lawnguybri

Posted 04 December 2013 - 11:38 PM

Member

Topic Starter
Member
102 posts

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-11-2013
Ran by gwengoetter at 2013-12-05 00:16:44 Run:2
Running from C:\Users\gwengoetter\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\gwengoetter\AppData\Local\Temp\sxxoiiv\sjgudmy\wow.dll
C:\Users\gwengoetter\AppData\Local\Temp\sxxoiiv
HKCU\...\Run: [Vougowloypqiuxg] - C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe [203884 2013-01-27] ()
HKCU\...\Run: [Iproanvaelmuy] - C:\Users\gwengoetter\AppData\Roaming\Pyixih\wytyiz.exe
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume4\Users\GWENGO~1\AppData\Local\Temp\sxxoiiv\sjgudmy\wow.dll ATTENTION! ====> ZeroAccess?
C:\Users\gwengoetter\AppData\Roaming\Admyaw
C:\Users\gwengoetter\AppData\Roaming\Agtime
C:\Users\gwengoetter\AppData\Roaming\Akakdio
C:\Users\gwengoetter\AppData\Roaming\Amadhe
C:\Users\gwengoetter\AppData\Roaming\Aqbudyno
C:\Users\gwengoetter\AppData\Roaming\Aruzfu
C:\Users\gwengoetter\AppData\Roaming\BabSolution
C:\Users\gwengoetter\AppData\Roaming\Baekta
C:\Users\gwengoetter\AppData\Roaming\Boeqro
C:\Users\gwengoetter\AppData\Roaming\Ceufsu
C:\Users\gwengoetter\AppData\Roaming\Daiszaco
C:\Users\gwengoetter\AppData\Roaming\Dionba
C:\Users\gwengoetter\AppData\Roaming\Edocaqa
C:\Users\gwengoetter\AppData\Roaming\Efufgyv
C:\Users\gwengoetter\AppData\Roaming\Elseokyd
C:\Users\gwengoetter\AppData\Roaming\Endyexi
C:\Users\gwengoetter\AppData\Roaming\Eqqoavf
C:\Users\gwengoetter\AppData\Roaming\Fotusui
C:\Users\gwengoetter\AppData\Roaming\Gaekyzf
C:\Users\gwengoetter\AppData\Roaming\Gaxymi
C:\Users\gwengoetter\AppData\Roaming\Gitepy
C:\Users\gwengoetter\AppData\Roaming\Hoorula
C:\Users\gwengoetter\AppData\Roaming\Hufeus
C:\Users\gwengoetter\AppData\Roaming\Huoweply
C:\Users\gwengoetter\AppData\Roaming\Idkeis
C:\Users\gwengoetter\AppData\Roaming\Inalfad
C:\Users\gwengoetter\AppData\Roaming\Irduime
C:\Users\gwengoetter\AppData\Roaming\Itpoyq
C:\Users\gwengoetter\AppData\Roaming\Ivsawo
C:\Users\gwengoetter\AppData\Roaming\Izleyqu
C:\Users\gwengoetter\AppData\Roaming\Kaodzyiq
C:\Users\gwengoetter\AppData\Roaming\Laimge
C:\Users\gwengoetter\AppData\Roaming\Lowoto
C:\Users\gwengoetter\AppData\Roaming\Luamwua
C:\Users\gwengoetter\AppData\Roaming\Lutizya
C:\Users\gwengoetter\AppData\Roaming\Luzutii
C:\Users\gwengoetter\AppData\Roaming\Myergiac
C:\Users\gwengoetter\AppData\Roaming\Nuzomuyp
C:\Users\gwengoetter\AppData\Roaming\Ogosymyf
C:\Users\gwengoetter\AppData\Roaming\Oluxin
C:\Users\gwengoetter\AppData\Roaming\Osepote
C:\Users\gwengoetter\AppData\Roaming\Osvanux
C:\Users\gwengoetter\AppData\Roaming\Otyfetce
C:\Users\gwengoetter\AppData\Roaming\Oxydesul
C:\Users\gwengoetter\AppData\Roaming\Pebylye
C:\Users\gwengoetter\AppData\Roaming\Poziic
C:\Users\gwengoetter\AppData\Roaming\Puetak
C:\Users\gwengoetter\AppData\Roaming\Qiquazo
C:\Users\gwengoetter\AppData\Roaming\Qiumho
C:\Users\gwengoetter\AppData\Roaming\Quezare
C:\Users\gwengoetter\AppData\Roaming\Rikeyfo
C:\Users\gwengoetter\AppData\Roaming\Search Protection
C:\Users\gwengoetter\AppData\Roaming\Siumta
C:\Users\gwengoetter\AppData\Roaming\Sueles
C:\Users\gwengoetter\AppData\Roaming\Tuevpy
C:\Users\gwengoetter\AppData\Roaming\Tykidiu
C:\Users\gwengoetter\AppData\Roaming\Ubxyumy
C:\Users\gwengoetter\AppData\Roaming\Udatihyc
C:\Users\gwengoetter\AppData\Roaming\Ugytah
C:\Users\gwengoetter\AppData\Roaming\Ugzadim
C:\Users\gwengoetter\AppData\Roaming\Ukusfe
C:\Users\gwengoetter\AppData\Roaming\Umqoyh
C:\Users\gwengoetter\AppData\Roaming\Uvhyez
C:\Users\gwengoetter\AppData\Roaming\Uvifcei
C:\Users\gwengoetter\AppData\Roaming\Viidfouc
C:\Users\gwengoetter\AppData\Roaming\Voymug
C:\Users\gwengoetter\AppData\Roaming\Weoqceu
C:\Users\gwengoetter\AppData\Roaming\Wyugekeh
C:\Users\gwengoetter\AppData\Roaming\Xeehlo
C:\Users\gwengoetter\AppData\Roaming\Ydxoew
C:\Users\gwengoetter\AppData\Roaming\Yfxuowve
C:\Users\gwengoetter\AppData\Roaming\Ynogivi
C:\Users\gwengoetter\AppData\Roaming\Yskuxop
C:\Users\gwengoetter\AppData\Roaming\Ysnuud
C:\Users\gwengoetter\AppData\Roaming\Zuliqyp
*****************

"C:\Users\gwengoetter\AppData\Local\Temp\sxxoiiv\sjgudmy\wow.dll" => File/Directory not found.
"C:\Users\gwengoetter\AppData\Local\Temp\sxxoiiv" => File/Directory not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Vougowloypqiuxg => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Iproanvaelmuy => Value deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
C:\Users\gwengoetter\AppData\Roaming\Admyaw => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Agtime => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Akakdio => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Amadhe => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Aqbudyno => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Aruzfu => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\BabSolution => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Baekta => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Boeqro => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Ceufsu => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Daiszaco => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Dionba => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Edocaqa => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Efufgyv => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Elseokyd => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Endyexi => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Eqqoavf => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Fotusui => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Gaekyzf => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Gaxymi => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Gitepy => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Hoorula => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Hufeus => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Huoweply => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Idkeis => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Inalfad => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Irduime => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Itpoyq => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Ivsawo => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Izleyqu => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Kaodzyiq => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Laimge => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Lowoto => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Luamwua => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Lutizya => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Luzutii => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Myergiac => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Nuzomuyp => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Ogosymyf => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Oluxin => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Osepote => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Osvanux => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Otyfetce => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Oxydesul => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Pebylye => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Poziic => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Puetak => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Qiquazo => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Qiumho => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Quezare => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Rikeyfo => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Search Protection => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Siumta => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Sueles => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Tuevpy => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Tykidiu => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Ubxyumy => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Udatihyc => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Ugytah => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Ugzadim => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Ukusfe => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Umqoyh => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Uvhyez => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Uvifcei => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Viidfouc => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Voymug => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Weoqceu => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Wyugekeh => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Xeehlo => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Ydxoew => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Yfxuowve => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Ynogivi => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Yskuxop => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Ysnuud => Moved successfully.
C:\Users\gwengoetter\AppData\Roaming\Zuliqyp => Moved successfully.

==== End of Fixlog ====

FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013
Ran by gwengoetter (administrator) on GOETTERS4BACON on 05-12-2013 00:17:17
Running from C:\Users\gwengoetter\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [21504 2012-07-25] (Microsoft Corporation)
HKCU\...\Run: [Vougowloypqiuxg] - C:\Users\gwengoetter\AppData\Roaming\Ubxyumy\udnia.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM - {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {19DB2D13-91DA-4DA4-A080-AB75B9B9484D} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKCU - {19DB2D13-91DA-4DA4-A080-AB75B9B9484D} URL = http://search.yahoo....p={searchTerms}
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll No File
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll No File
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()

Chrome:
=======
CHR HomePage: hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ch", "hxxp://www1.delta-search.com/?affID=122123&babsrc=HP_ss&mntrId=E06B083E8E0CFBEA"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\gwengoetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaidocmldibgopdbjiopphnjhaehnbn\10.16.70.501_0
CHR Extension: (SearchGBY) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.73_0
CHR Extension: (Norton Identity Protection) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0
CHR Extension: (Gmail) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dbjmkjlcdkfccfpgpbieancamjhaclga] - C:\Program Files (x86)\LyricsNotes\116.crx
CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\gwengoetter\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\gwengoetter\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [icmijdhkcgeclpfjmibnginbbkfcbpep] - C:\Program Files\SearchGBY\Extensions\Chrome\searchgby.chrome.v0.9.70.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [143928 2012-10-10] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [208736 2012-11-26] (AVG Technologies CZ, s.r.o.)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [1384608 2012-11-30] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-02] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-01-02] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130109.001\IDSvia64.sys [513184 2013-01-01] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130110.005\ENG64.SYS [126112 2013-01-02] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130110.005\EX64.SYS [2084000 2013-01-02] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1402000.013\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1402000.013\SRTSPX64.SYS [37496 2012-01-11] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1402000.013\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-09-01] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1402000.013\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation)
U4 PCSUService;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-05 00:15 - 2013-12-05 00:12 - 00360881 _____ (Farbar) C:\Users\gwengoetter\Desktop\FSS.exe
2013-12-03 00:31 - 2013-12-03 00:21 - 00000136 _____ C:\Users\gwengoetter\Desktop\list2.bat
2013-11-30 23:45 - 2013-11-30 23:44 - 00000127 _____ C:\Users\gwengoetter\Desktop\list.bat
2013-11-30 23:45 - 2013-11-30 23:41 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\gwengoetter\Desktop\tdsskiller.exe
2013-11-30 13:47 - 2013-11-30 13:48 - 00048965 _____ C:\Users\gwengoetter\Desktop\Addition.txt
2013-11-30 13:45 - 2013-12-05 00:17 - 00014706 _____ C:\Users\gwengoetter\Desktop\FRST.txt
2013-11-30 13:45 - 2013-11-30 23:50 - 00000000 ____D C:\FRST
2013-11-30 13:45 - 2013-11-30 12:22 - 01959070 _____ (Farbar) C:\Users\gwengoetter\Desktop\FRST64.exe
2013-11-30 13:45 - 2013-11-24 11:11 - 01091882 _____ C:\Users\gwengoetter\Desktop\adwcleaner.exe
2013-11-24 17:12 - 2012-10-16 20:57 - 00602112 _____ (OldTimer Tools) C:\Users\gwengoetter\Desktop\OTL.exe
2013-11-17 20:53 - 2013-11-17 20:54 - 00559368 _____ C:\windows\Minidump\111713-22183-01.dmp
2013-11-15 15:36 - 2013-11-15 15:36 - 00561816 _____ C:\windows\Minidump\111513-21949-01.dmp
2013-11-12 16:21 - 2013-11-12 16:22 - 00564264 _____ C:\windows\Minidump\111213-53399-01.dmp
2013-11-10 18:48 - 2013-11-10 18:48 - 00561816 _____ C:\windows\Minidump\111013-21184-01.dmp
2013-11-10 17:15 - 2013-11-10 17:15 - 00560592 _____ C:\windows\Minidump\111013-22354-01.dmp
2013-11-09 22:46 - 2013-11-09 22:46 - 00560592 _____ C:\windows\Minidump\110913-22354-01.dmp
2013-11-07 18:34 - 2013-11-07 18:34 - 00561816 _____ C:\windows\Minidump\110713-28844-01.dmp
2013-11-07 16:59 - 2013-11-07 17:00 - 00560592 _____ C:\windows\Minidump\110713-22838-01.dmp
2013-11-06 16:01 - 2013-11-06 16:01 - 00561816 _____ C:\windows\Minidump\110613-23212-01.dmp

==================== One Month Modified Files and Folders =======

2013-12-05 00:17 - 2013-11-30 13:45 - 00014706 _____ C:\Users\gwengoetter\Desktop\FRST.txt
2013-12-05 00:17 - 2012-07-26 02:28 - 00876320 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-05 00:13 - 2012-12-28 11:34 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2093230720-1359758338-2908893637-1001
2013-12-05 00:12 - 2013-12-05 00:15 - 00360881 _____ (Farbar) C:\Users\gwengoetter\Desktop\FSS.exe
2013-12-05 00:10 - 2012-08-31 23:56 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-12-05 00:08 - 2013-04-17 19:08 - 00000382 _____ C:\windows\Tasks\dsmonitor.job
2013-12-05 00:08 - 2013-01-27 18:51 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-05 00:08 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-03 16:08 - 2013-01-27 18:51 - 00000938 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 15:43 - 2013-04-03 00:31 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 15:00 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2013-12-03 00:21 - 2013-12-03 00:31 - 00000136 _____ C:\Users\gwengoetter\Desktop\list2.bat
2013-11-30 23:57 - 2012-07-26 00:26 - 00524288 ___SH C:\windows\system32\config\BBI
2013-11-30 23:50 - 2013-11-30 13:45 - 00000000 ____D C:\FRST
2013-11-30 23:44 - 2013-11-30 23:45 - 00000127 _____ C:\Users\gwengoetter\Desktop\list.bat
2013-11-30 23:41 - 2013-11-30 23:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\gwengoetter\Desktop\tdsskiller.exe
2013-11-30 13:48 - 2013-11-30 13:47 - 00048965 _____ C:\Users\gwengoetter\Desktop\Addition.txt
2013-11-30 13:44 - 2012-07-26 02:21 - 00037308 _____ C:\windows\setupact.log
2013-11-30 12:22 - 2013-11-30 13:45 - 01959070 _____ (Farbar) C:\Users\gwengoetter\Desktop\FRST64.exe
2013-11-24 17:10 - 2012-12-28 11:23 - 01905612 _____ C:\windows\WindowsUpdate.log
2013-11-24 17:09 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\NDF
2013-11-24 11:11 - 2013-11-30 13:45 - 01091882 _____ C:\Users\gwengoetter\Desktop\adwcleaner.exe
2013-11-17 20:54 - 2013-11-17 20:53 - 00559368 _____ C:\windows\Minidump\111713-22183-01.dmp
2013-11-17 20:53 - 2012-12-28 19:41 - 502150463 _____ C:\windows\MEMORY.DMP
2013-11-17 20:53 - 2012-12-28 19:41 - 00000000 ____D C:\windows\Minidump
2013-11-17 20:53 - 2012-08-01 21:02 - 00041064 _____ C:\windows\PFRO.log
2013-11-17 03:24 - 2013-01-27 18:57 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-15 15:51 - 2013-01-01 22:24 - 00000000 ____D C:\Users\gwengoetter\AppData\Roaming\.minecraft
2013-11-15 15:36 - 2013-11-15 15:36 - 00561816 _____ C:\windows\Minidump\111513-21949-01.dmp
2013-11-12 16:22 - 2013-11-12 16:21 - 00564264 _____ C:\windows\Minidump\111213-53399-01.dmp
2013-11-10 18:48 - 2013-11-10 18:48 - 00561816 _____ C:\windows\Minidump\111013-21184-01.dmp
2013-11-10 17:15 - 2013-11-10 17:15 - 00560592 _____ C:\windows\Minidump\111013-22354-01.dmp
2013-11-09 22:46 - 2013-11-09 22:46 - 00560592 _____ C:\windows\Minidump\110913-22354-01.dmp
2013-11-07 18:34 - 2013-11-07 18:34 - 00561816 _____ C:\windows\Minidump\110713-28844-01.dmp
2013-11-07 17:00 - 2013-11-07 16:59 - 00560592 _____ C:\windows\Minidump\110713-22838-01.dmp
2013-11-06 16:01 - 2013-11-06 16:01 - 00561816 _____ C:\windows\Minidump\110613-23212-01.dmp

Some content of TEMP:
====================
C:\Users\gwengoetter\AppData\Local\Temp\1347692656.exe
C:\Users\gwengoetter\AppData\Local\Temp\1347718124.exe
C:\Users\gwengoetter\AppData\Local\Temp\1356745641.exe
C:\Users\gwengoetter\AppData\Local\Temp\1356754460.exe
C:\Users\gwengoetter\AppData\Local\Temp\1366243624itinstallerp.exe
C:\Users\gwengoetter\AppData\Local\Temp\9573063.exe
C:\Users\gwengoetter\AppData\Local\Temp\autolrcstmp.exe
C:\Users\gwengoetter\AppData\Local\Temp\COMAP.EXE
C:\Users\gwengoetter\AppData\Local\Temp\Couponscom.exe
C:\Users\gwengoetter\AppData\Local\Temp\driverscanner.exe
C:\Users\gwengoetter\AppData\Local\Temp\GUninstaller.exe
C:\Users\gwengoetter\AppData\Local\Temp\installerp.exe
C:\Users\gwengoetter\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\gwengoetter\AppData\Local\Temp\instloffer.exe
C:\Users\gwengoetter\AppData\Local\Temp\Java_Update_ec7b11b5.exe
C:\Users\gwengoetter\AppData\Local\Temp\msimg32.dll
C:\Users\gwengoetter\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\gwengoetter\AppData\Local\Temp\setup.exe
C:\Users\gwengoetter\AppData\Local\Temp\tbVgr0.dll
C:\Users\gwengoetter\AppData\Local\Temp\uninst1.exe
C:\Users\gwengoetter\AppData\Local\Temp\{F7804FF2-C3B5-4478-9050-1CDC6CA8B081}-30.0.1599.101_30.0.1599.69_chrome_updater.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-30 13:38

==================== End Of Log ============================

FSS txt:

Farbar Service Scanner Version: 23-11-2013
Ran by gwengoetter (administrator) on 05-12-2013 at 00:35:56
Running from "C:\Users\gwengoetter\Desktop"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#14
Buddierdl

Posted 05 December 2013 - 07:48 AM

Trusted Helper

Malware Removal
2,524 posts

Ok. Still a little bit left. Could you please delete the log.txt that was created on your desktop by my batch file, then run list.bat again to get a fresh log for me.

#15
lawnguybri

Posted 05 December 2013 - 08:41 AM

Member

Topic Starter
Member
102 posts

Volume in drive C is OS
Volume Serial Number is E06B-164C

Directory of C:\Users\gwengoetter\AppData\Roaming

C:\Users\gwengoetter\AppData\Roaming\.minecraft
C:\Users\gwengoetter\AppData\Roaming\Adobe
C:\Users\gwengoetter\AppData\Roaming\ATI
C:\Users\gwengoetter\AppData\Roaming\CyberLink
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard
C:\Users\gwengoetter\AppData\Roaming\Identities
C:\Users\gwengoetter\AppData\Roaming\Macromedia
C:\Users\gwengoetter\AppData\Roaming\Microsoft
C:\Users\gwengoetter\AppData\Roaming\mozilla
C:\Users\gwengoetter\AppData\Roaming\TS3Client
C:\Users\gwengoetter\AppData\Roaming\Uniblue
C:\Users\gwengoetter\AppData\Roaming\uTorrent
C:\Users\gwengoetter\AppData\Roaming\WebApp
C:\Users\gwengoetter\AppData\Roaming\WildTangent
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets
C:\Users\gwengoetter\AppData\Roaming\.minecraft\bin
C:\Users\gwengoetter\AppData\Roaming\.minecraft\crash-reports
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries
C:\Users\gwengoetter\AppData\Roaming\.minecraft\logs
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resourcepacks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves
C:\Users\gwengoetter\AppData\Roaming\.minecraft\screenshots
C:\Users\gwengoetter\AppData\Roaming\.minecraft\stats
C:\Users\gwengoetter\AppData\Roaming\.minecraft\texturepacks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\texturepacks-mp-cache
C:\Users\gwengoetter\AppData\Roaming\.minecraft\versions
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\icons
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\lang
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\music
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\records
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\ambient
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\damage
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\dig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\fire
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\fireworks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\liquid
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\minecart
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\note
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\portal
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\random
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\step
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\tile
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\ambient\cave
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\ambient\weather
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\bat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\blaze
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\cat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\chicken
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\cow
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\creeper
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\enderdragon
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\endermen
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\ghast
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\horse
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\irongolem
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\magmacube
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\pig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\sheep
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\silverfish
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\skeleton
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\slime
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\spider
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\villager
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\wither
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\wolf
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\zombiepig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\horse\donkey
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\horse\skeleton
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\mob\horse\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sound\tile\piston
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\ambient
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\damage
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\dig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\fire
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\fireworks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\liquid
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\minecart
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\music
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\note
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\portal
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\random
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\records
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\step
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\tile
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\ambient\cave
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\ambient\weather
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\bat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\blaze
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\cat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\chicken
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\cow
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\creeper
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\enderdragon
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\endermen
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\ghast
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\horse
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\irongolem
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\magmacube
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\pig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\sheep
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\silverfish
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\skeleton
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\slime
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\spider
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\villager
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\wither
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\wolf
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\zombiepig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\horse\donkey
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\horse\skeleton
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\mob\horse\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\assets\sounds\tile\piston
C:\Users\gwengoetter\AppData\Roaming\.minecraft\bin\natives
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\argo
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\commons-io
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\io
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\java3d
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\argo\argo
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\argo\argo\2.25_fixed
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\ibm
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\mojang
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\code
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\guava
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\code\gson
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.2.2
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.2.4
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\guava\guava
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\14.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\15.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\ibm\icu
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j-core-mojang
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j-core-mojang\51.2
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\mojang\authlib
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\1.3
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\codecjorbis
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\codecwav
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\libraryjavasound
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\librarylwjglopenal
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\soundsystem
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\codecjorbis\20101023
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\codecwav\20101023
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\libraryjavasound\20101123
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\librarylwjglopenal\20100824
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\com\paulscode\soundsystem\20120107
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\commons-io\commons-io
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.4
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\io\netty
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\io\netty\netty-all
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\io\netty\netty-all\4.0.10.Final
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\java3d\vecmath
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\java3d\vecmath\1.3.1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jinput
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jutils
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput-platform
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput\2.0.5
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput-platform\2.0.5
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jutils\jutils
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\java\jutils\jutils\1.0.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\trove4j
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\4.5
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\trove4j\trove4j
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\net\sf\trove4j\trove4j\3.0.3
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\bouncycastle
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\commons
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.0-beta9
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.0-beta9
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\bouncycastle\bcprov-jdk15on
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\bouncycastle\bcprov-jdk15on\1.47
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl-platform
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl_util
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl\2.9.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl-platform\2.9.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl_util\2.9.0
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\music
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newmusic
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\pe
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\streaming
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\ambient
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\damage
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\fire
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\liquid
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\note
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\portal
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\random
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\step
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\tile
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\ambient\cave
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\ambient\weather
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\blaze
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\cat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\endermen
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\ghast
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\irongolem
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\magmacube
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\silverfish
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\wolf
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\mob\zombiepig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\newsound\tile\piston
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound\step
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\ambient
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\damage
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\dig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\fire
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\fireworks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\liquid
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\minecart
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\note
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\portal
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\random
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\step
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\tile
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\ambient\cave
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\ambient\weather
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\bat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\blaze
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\cat
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\chicken
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\cow
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\creeper
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\enderdragon
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\endermen
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\ghast
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\irongolem
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\magmacube
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\pig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\sheep
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\silverfish
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\skeleton
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\slime
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\spider
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\wither
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\wolf
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\zombie
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\mob\zombiepig
C:\Users\gwengoetter\AppData\Roaming\.minecraft\resources\sound3\tile\piston
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\crayola
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\nmy butt
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Not Boxx I swear
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\data
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\DIM-1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\DIM1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\players
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\bottle caps are family\stats
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\data
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\DIM-1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\DIM1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\players
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\stats
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Crackers_10\DIM-1\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\crayola\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\data
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\DIM-1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\DIM1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\players
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\stats
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\DIM-1\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\in belgiam eating forks\DIM1\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\data
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\DIM-1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\DIM1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\players
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\KILL MYSELF\DIM-1\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World\data
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World\DIM-1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World\DIM1
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World\players
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\New World\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\nmy butt\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\saves\Not Boxx I swear\region
C:\Users\gwengoetter\AppData\Roaming\.minecraft\versions\1.6.2
C:\Users\gwengoetter\AppData\Roaming\.minecraft\versions\1.6.4
C:\Users\gwengoetter\AppData\Roaming\.minecraft\versions\1.7.2
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player
C:\Users\gwengoetter\AppData\Roaming\Adobe\Headlights
C:\Users\gwengoetter\AppData\Roaming\Adobe\Linguistics
C:\Users\gwengoetter\AppData\Roaming\Adobe\LogTransport2
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\Collab
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\Forms
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\JSCache
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\Security
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\ServicesRdr
C:\Users\gwengoetter\AppData\Roaming\Adobe\Acrobat\11.0\Security\CRLCache
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\APSPrivateData2
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\AssetCache
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\NativeCache
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\APSPrivateData2\0
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\APSPrivateData2\0\513b3740
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\AssetCache\ME8ER4AY
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\NativeCache\1F5BB7D0585FEE6C480A34FECC6E28FB
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\NativeCache\D61CB49E10A2FAF92ED8094C6B29015D
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\NativeCache\1F5BB7D0585FEE6C480A34FECC6E28FB\7f51d506
C:\Users\gwengoetter\AppData\Roaming\Adobe\Flash Player\NativeCache\D61CB49E10A2FAF92ED8094C6B29015D\513b3740
C:\Users\gwengoetter\AppData\Roaming\ATI\ACE
C:\Users\gwengoetter\AppData\Roaming\CyberLink\MediaCache
C:\Users\gwengoetter\AppData\Roaming\CyberLink\PowerCinema
C:\Users\gwengoetter\AppData\Roaming\CyberLink\PowerDVD
C:\Users\gwengoetter\AppData\Roaming\CyberLink\PowerDVD10
C:\Users\gwengoetter\AppData\Roaming\CyberLink\PowerDVD10\Remix
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Connected Remote
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Setup
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Support Framework
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Connected Remote\data
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Setup\Metrics
C:\Users\gwengoetter\AppData\Roaming\Hewlett-Packard\HP Setup\REGDATA
C:\Users\gwengoetter\AppData\Roaming\Identities\{0C9FE623-9FA0-42B5-A218-6D349696DF5A}
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\#AppContainer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\0.static.collegehumor.cvcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\a.blip.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\a.huluad.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ads.static.blip.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\allnaturaldaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\allwomenhealthtips.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\anomaly.realgravity.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\appassets.kickstatic.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\as1.suitesmart.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\atv-videos.s3.amazonaws.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\barons1.vbz.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\baronsflow.vbz.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cache.btrll.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cache.vindicosuite.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn-static.liverail.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.adnxs.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.blend.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.blinkx.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.bodystrength.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.connectwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.dailylife.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.exoticjourney.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.fuelpit.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.innovid.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.intergi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.moderncommerce.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.modernyouth.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.oggifinogi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.optimatic.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.pazoo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.pebble.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.populace.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.roadplan.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.smartask.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.springboard.gorillanation.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.tremormedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.baronsmedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn4.telemetryverification.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn457.telemetryverification.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.blend.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.bodystrength.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.connectwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.dailylife.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.exoticjourney.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.fuelpit.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.moderncommerce.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.modernyouth.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.pebble.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.populace.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.roadplan.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdns.smartask.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\celebritychef.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\celebritytravel.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cloud.nmg.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\colo.cachefly.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\convoad.technoratimedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\core.insightexpressai.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\core.mochibot.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\crackle.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\d2s1vwfhtsw5uw.cloudfront.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\djz2ltq9087h8.cloudfront.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\effectivemeasure.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\elitetv.elitedaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\embedr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\files.provenpixel.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\filmtrailers.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\flash.quantserve.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\freshhealthdaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\gamegameandmoregame.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\games.intergi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\graphics.streamray.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hiro.viewster.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.veevr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ideasgames.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\imagecache.blastro.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\images-na.ssl-images-amazon.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img-cdn.mediaplex.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\kittyflix.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\knowlera.vo.llnwd.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\lifeminute.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\live.sekindo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\matomy.thesyndicationserver.co.uk
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.mtvnservices.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\mochiads.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\mochibot.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\mosaic5.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\musicblvd.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\objects.tremormedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\p.jwpcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.healthination.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.hulu.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.longtailvideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.ooyala.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.videopublishing.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\releases.flowplayer.org
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s.colo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s.delvenetworks.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s.ytimg.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s1.evcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s3.amazonaws.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s3.bizu.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\secure-us.imrworldwide.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\shared.mefeedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\software.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static-cdn1.ustream.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static-cf-1.hgcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.2blu.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.dealer.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.eyeviewads.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.filmannex.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.poptropica.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static1.dmcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\synd.travelplus.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.fameup.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.gamecentral.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.kineto.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.matomy.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mediashakers.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mothernist.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.nikita.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.split.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.ybrant.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\therockwar.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\travelbig.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ui.mevio.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\us.accserver.eu
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\us.selectmedia.asia
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\video-vcdn.fastclick.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\video.mojo24.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\vox-static.liverail.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\vplayerf.dailyrx.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\wittyandpretty.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.addedauto.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.all-allergies.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.celebhush.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.clipstravel.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.crackle.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.dailymotion.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.entrepreneur.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.fashionbetty.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.howtohawk.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.hulu.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.ideasgames.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.knownfitness.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.momsguidebook.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.moneynewsdaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.mynetsports.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.onlinetravelvideos.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.perfectlyorganizedspaces.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.recipesabove.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.rotatesys.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.securepaths.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.sportlifevideos.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.tdameritrade.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.technicultr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.thedailymeal.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.toyota.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.traileraddict.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.webmovietrailers.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\yumyumarcade.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\#AppContainer\skype.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\0.static.collegehumor.cvcdn.com\moogaloop
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\0.static.collegehumor.cvcdn.com\moogaloop\moogaloop.jukebox.1.0.50.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com\[[IMPORT]]\79423.analytics.edgesuite.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\admin.brightcove.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin\csma.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\allnaturaldaily.com\flowplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\allwomenhealthtips.com\flowplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\anomaly.realgravity.com\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\anomaly.realgravity.com\flash\rg_all.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\as1.suitesmart.com\_f5e.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com\pa
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com\pa\global-assets
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com\pa\global-assets\1.0
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com\pa\global-assets\1.0\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\bankofamerica.com\pa\global-assets\1.0\swf\caapmfso.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\barons1.vbz.netdna-cdn.com\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\barons1.vbz.netdna-cdn.com\flow\dist
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\barons1.vbz.netdna-cdn.com\flow\dist\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\barons1.vbz.netdna-cdn.com\flow\dist\swf\flowplayer-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\baronsflow.vbz.netdna-cdn.com\dist
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\baronsflow.vbz.netdna-cdn.com\dist\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\baronsflow.vbz.netdna-cdn.com\dist\swf\flowplayer-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.blinkx.com\f2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.blinkx.com\f2\player.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.intergi.com\AdLoader.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com\bolt
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com\bolt.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com\wplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com\bolt\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.playwire.com\bolt\swf\bolt.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.springboard.gorillanation.com\mediaplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.springboard.gorillanation.com\mediaplayer\springboard
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn.springboard.gorillanation.com\mediaplayer\springboard\mediaplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com\js
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com\js\flowplayer2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com\js\flowplayer2\dist
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com\js\flowplayer2\dist\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdn2.gourmandia.com\js\flowplayer2\dist\swf\flowplayer-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash\kdp3
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash\kdp3\v3.8.9
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash\kdp3\v3.9.3
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash\kdp3\v3.8.9\kdp3.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\1459571\sp\145957100\flash\kdp3\v3.9.3\kdp3.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash\kdp3
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash\kdp3\v3.6.17
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash\kdp3\v3.6.17\kdp3.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash\kdp3\v3.6.17\plugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\585231\sp\58523100\flash\kdp3\v3.6.17\plugins\closedCaptionsFlexiblePlugin.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp\95104100
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp\95104100\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp\95104100\flash\kdp3
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp\95104100\flash\kdp3\v3.8.4
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\p\951041\sp\95104100\flash\kdp3\v3.8.4\kdp3.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\[[IMPORT]]\79423.analytics.edgesuite.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cdnbakmi.kaltura.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin\csma.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]\cdata.carambo.la
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]\cdata.carambo.la\Layer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]\cdata.carambo.la\Layer\client
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]\cdata.carambo.la\Layer\client\CarambolaClient_v3.0.4.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\cfiles.5min.com\[[IMPORT]]\cdata.carambo.la\Layer\client\CarambolaClient_v3.1.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\core.insightexpressai.com\adserver
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\core.insightexpressai.com\adserver\fscookie
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\core.insightexpressai.com\adserver\fscookie\fscookie.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\embedr.com\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\embedr.com\swf\flowplayer.commercial-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\embedr.com\swf\flowplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\files.provenpixel.com\video
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\files.provenpixel.com\video\flowplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\files.provenpixel.com\video\flowplayer\flowplayer-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\freshhealthdaily.com\flowplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\graphics.streamray.com\images
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\graphics.streamray.com\images\cams
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\graphics.streamray.com\images\cams\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com\wp-content
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com\wp-content\themes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com\wp-content\themes\premiumnews
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com\wp-content\themes\premiumnews\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\healthencore.com\wp-content\themes\premiumnews\flow\flowplayer-3.2.15.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hiro.viewster.com\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hiro.viewster.com\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hiro.viewster.com\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hiro.viewster.com\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.veevr.com\q4z7c2x6
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.veevr.com\q4z7c2x6\cds
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.veevr.com\q4z7c2x6\cds\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\hwcdn.veevr.com\q4z7c2x6\cds\swf\flowplayer.commercial-3.2.12.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\imagecache.blastro.com\images
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\imagecache.blastro.com\images\flashplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\imagecache.blastro.com\images\flashplayer\flvPlayer-parallel-2013-10-08.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\##49EE19BE7F7E2B06
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\[[IMPORT]]\lp.longtailvideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\[[IMPORT]]\lp.longtailvideo.com\5
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\[[IMPORT]]\lp.longtailvideo.com\5\yume
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\img.indymusic.tv\[[IMPORT]]\lp.longtailvideo.com\5\yume\yume-h.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\knowlera.vo.llnwd.net\o18
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\knowlera.vo.llnwd.net\o18\data
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\knowlera.vo.llnwd.net\o18\data\play
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\knowlera.vo.llnwd.net\o18\data\play\KPShare.swf.3.9.6
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\matomy.thesyndicationserver.co.uk\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\matomy.thesyndicationserver.co.uk\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\matomy.thesyndicationserver.co.uk\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\matomy.thesyndicationserver.co.uk\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.mtvnservices.com\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.mtvnservices.com\player\prime
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.mtvnservices.com\player\prime\mediaplayerprime.2.5.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp\11100
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp\11100\flash
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp\11100\flash\kdp3
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp\11100\flash\kdp3\v3.8.2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\media.spinmediavideo.com\p\111\sp\11100\flash\kdp3\v3.8.2\kdp3.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.healthination.com\flowplayer.unlimited-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.8
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.9
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.8\s
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.8\s\MediaPlayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.9\s
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\player.onescreen.net\1.9\s\MediaPlayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\5235204
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\pv2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\5235204\25147011_20130927190456496_stripe800x90.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\pv2\25815290
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\pv2\25815290\20131106144439011
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\pv2\25815290\20131106144439011\banner_300x250.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\s0.2mdn.net\ads\richmedia\studio\pv2\25815290\20131106144439011\overlay.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static-cdn1.ustream.tv\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static-cdn1.ustream.tv\swf\live
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.2blu.net\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.2blu.net\swf\flowplayer-3.2.15.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.dealer.com\apps
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.dealer.com\apps\video
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.dealer.com\apps\video\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.dealer.com\apps\video\player\player.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.eyeviewads.com\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.eyeviewads.com\flow\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\static.eyeviewads.com\flow\player\flowplayer.commercial-3.2.9.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\synd.travelplus.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\synd.travelplus.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\synd.travelplus.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\synd.travelplus.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium\scripts\premiumPluginsAdomtry
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.audiencetv.hiro.tv\premium\scripts\premiumPluginsAdomtry\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\premium\scripts\premiumPluginsSynd
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.coffeetable.hiro.tv\premium\scripts\premiumPluginsSynd\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.fameup.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.fameup.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.fameup.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.fameup.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.gamecentral.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.gamecentral.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.gamecentral.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.gamecentral.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.kineto.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.kineto.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.kineto.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.kineto.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.matomy.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.matomy.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.matomy.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.matomy.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mothernist.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mothernist.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mothernist.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.mothernist.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.nikita.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.nikita.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.nikita.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.nikita.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.split.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.split.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.split.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.split.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\premium
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\premium\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\premium\scripts\premiumPlugins
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.vidtur.hiro.tv\premium\scripts\premiumPlugins\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.ybrant.hiro.tv\iframes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.ybrant.hiro.tv\iframes\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.ybrant.hiro.tv\iframes\scripts\flow
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tag.ybrant.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\therockwar.com\flowplayer.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly\n5v4k3c2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly\n5v4k3c2\cds
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly\n5v4k3c2\cds\www
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly\n5v4k3c2\cds\www\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\tycdn01.trailer.ly\n5v4k3c2\cds\www\swf\flowplayer.commercial-3.2.15.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ui.mevio.com\widgets
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ui.mevio.com\widgets\mwm
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\ui.mevio.com\widgets\mwm\MevioBPFX.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\us.selectmedia.asia\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\us.selectmedia.asia\player\flowplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\us.selectmedia.asia\player\flowplayer\flowplayer-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\video.mojo24.com\files
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\video.mojo24.com\files\flowplayer.commercial-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net\[[IMPORT]]\lp.longtailvideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net\[[IMPORT]]\lp.longtailvideo.com\5
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net\[[IMPORT]]\lp.longtailvideo.com\5\yume
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.hollywoodhighlights.net\[[IMPORT]]\lp.longtailvideo.com\5\yume\yume-h.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com\[[IMPORT]]\lp.longtailvideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com\[[IMPORT]]\lp.longtailvideo.com\5
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com\[[IMPORT]]\lp.longtailvideo.com\5\yume
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\videos.nightlifetelevision.com\[[IMPORT]]\lp.longtailvideo.com\5\yume\yume-h.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\vplayerf.dailyrx.com\flowplayer.commercial-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10\scripts\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external\flowplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.bhg.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external\flowplayer\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com\wp-content
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com\wp-content\themes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com\wp-content\themes\Aggregate
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com\wp-content\themes\Aggregate\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.buzzya.com\wp-content\themes\Aggregate\swf\flowplayer-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com\js
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com\js\flowplayer2
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com\js\flowplayer2\dist
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com\js\flowplayer2\dist\swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.gourmandia.com\js\flowplayer2\dist\swf\flowplayer-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.hulu.com\cram.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10\scripts
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10\scripts\player
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external\flowplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.lhj.com\videos\FileResource\themes\projects\root\3.10\scripts\player\external\flowplayer\flowplayer.commercial-3.2.7.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com\[[IMPORT]]
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com\[[IMPORT]]\79423.analytics.edgesuite.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.nascar.com\[[IMPORT]]\79423.analytics.edgesuite.net\csma\plugin\csma.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.perfectlyorganizedspaces.com\common
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.perfectlyorganizedspaces.com\common\flowplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.perfectlyorganizedspaces.com\common\flowplayer\flowplayer.commercial-3.2.16.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.securepaths.com\securepaths.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\www.traileraddict.com\player.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\yumyumarcade.com\games
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\yumyumarcade.com\games\deep-diver-2.swf
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\84XHMD9C\yumyumarcade.com\games\deep-diver-2.swf\#cactigames
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#0.static.collegehumor.cvcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.blip.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.huluad.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#admin.brightcove.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ads.static.blip.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#allnaturaldaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#allwomenhealthtips.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#anomaly.realgravity.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#appassets.kickstatic.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#atv-videos.s3.amazonaws.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#barons1.vbz.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#baronsflow.vbz.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.btrll.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.vindicosuite.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.adnxs.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.blend.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.blinkx.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.bodystrength.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.connectwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.dailylife.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.exoticjourney.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.fuelpit.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.innovid.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.intergi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.moderncommerce.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.modernyouth.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.oggifinogi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.optimatic.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.pazoo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.pebble.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.playwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.populace.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.roadplan.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.smartask.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.springboard.gorillanation.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.tremormedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn2.baronsmedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn2.gourmandia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn4.telemetryverification.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn457.telemetryverification.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdnbakmi.kaltura.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.blend.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.bodystrength.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.connectwire.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.dailylife.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.exoticjourney.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.fuelpit.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.moderncommerce.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.modernyouth.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.pebble.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.populace.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.roadplan.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.smartask.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#celebritychef.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#celebritytravel.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cfiles.5min.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cloud.nmg.netdna-cdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#colo.cachefly.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#convoad.technoratimedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.insightexpressai.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.mochibot.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#crackle.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d2s1vwfhtsw5uw.cloudfront.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#djz2ltq9087h8.cloudfront.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#effectivemeasure.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#elitetv.elitedaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#embedr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#files.provenpixel.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#filmtrailers.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#freshhealthdaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#gamegameandmoregame.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#games.intergi.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#graphics.streamray.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#healthencore.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#hiro.viewster.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#hwcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#hwcdn.veevr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ideasgames.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#imagecache.blastro.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images-na.ssl-images-amazon.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img-cdn.mediaplex.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img.indymusic.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#kittyflix.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#knowlera.vo.llnwd.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lifeminute.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#live.sekindo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#matomy.thesyndicationserver.co.uk
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.spinmediavideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochiads.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochibot.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mosaic5.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#musicblvd.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#p.jwpcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.healthination.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.hulu.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.longtailvideo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.onescreen.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.ooyala.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.videopublishing.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.colo.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.delvenetworks.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s0.2mdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s1.evcdn.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s3.amazonaws.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s3.bizu.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secure-us.imrworldwide.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#shared.mefeedia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#software.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static-cdn1.ustream.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static-cf-1.hgcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.2blu.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.dealer.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.eyeviewads.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.filmannex.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.poptropica.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static1.dmcdn.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#synd.travelplus.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.audiencetv.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.coffeetable.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.fameup.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.gamecentral.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.kineto.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.matomy.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.mediashakers.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.mothernist.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.nikita.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.split.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.vidtur.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.ybrant.hiro.tv
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#therockwar.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#travelbig.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tycdn01.trailer.ly
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ui.mevio.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.accserver.eu
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.selectmedia.asia
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video-vcdn.fastclick.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.mojo24.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#videos.hollywoodhighlights.net
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#videos.nightlifetelevision.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vplayerf.dailyrx.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#wittyandpretty.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.addedauto.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.all-allergies.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.bhg.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.buzzya.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.celebhush.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.clipstravel.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.crackle.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dailymotion.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.entrepreneur.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.fashionbetty.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.gourmandia.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.howtohawk.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.hulu.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ideasgames.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.knownfitness.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.lhj.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.momsguidebook.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.moneynewsdaily.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mynetsports.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.nascar.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.onlinetravelvideos.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.perfectlyorganizedspaces.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.recipesabove.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.rotatesys.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.securepaths.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.sportlifevideos.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.tdameritrade.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.technicultr.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.thedailymeal.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.toyota.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.traileraddict.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.webmovietrailers.com
C:\Users\gwengoetter\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#yumyumarcade.com
C:\Users\gwengoetter\AppData\Roaming\Microsoft\CLR Security Config
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Credentials
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Crypto
C:\Users\gwengoetter\AppData\Roaming\Microsoft\HTML Help
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Network
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Protect
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Speech
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Spelling
C:\Users\gwengoetter\AppData\Roaming\Microsoft\SystemCertificates
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Vault
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows
C:\Users\gwengoetter\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Crypto\RSA
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2093230720-1359758338-2908893637-1001
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\77IQO8S2
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\7I18R7ZR
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\CYBOTW44
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\KK04CHNQ
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Network\Connections
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Network\Connections\Pbk
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Protect\S-1-5-21-2093230720-1359758338-2908893637-1001
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Speech\Files
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Speech\Files\UserLexicons
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Spelling\en-US
C:\Users\gwengoetter\AppData\Roaming\Microsoft\SystemCertificates\My
C:\Users\gwengoetter\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
C:\Users\gwengoetter\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
C:\Users\gwengoetter\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\AccountPictures
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\IECompatCache
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\IECompatUACache
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_A
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_B
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_U
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_W
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_X
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_Y
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\LockScreen_Z
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Network Shortcuts
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\PrivacIE
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Recent
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\SendTo
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Templates
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Themes
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Cookies\Low
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader
C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles
C:\Users\gwengoetter\AppData\Roaming\mozilla\firefox
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache
C:\Users\gwengoetter\AppData\Roaming\TS3Client\chats
C:\Users\gwengoetter\AppData\Roaming\TS3Client\logs
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\remote
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\Z3hZK3BBeWN0cUphOFRJbS9YQ3VneGZIaUVvPQ==
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\ZFprei9GN0RpU0dDakU1MFNFd0VETnNHUnlBPQ==
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\remote\i46.tinypic.com
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\remote\i49.tinypic.com
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\Z3hZK3BBeWN0cUphOFRJbS9YQ3VneGZIaUVvPQ==\channels
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\Z3hZK3BBeWN0cUphOFRJbS9YQ3VneGZIaUVvPQ==\clients
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\Z3hZK3BBeWN0cUphOFRJbS9YQ3VneGZIaUVvPQ==\icons
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\ZFprei9GN0RpU0dDakU1MFNFd0VETnNHUnlBPQ==\channels
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\ZFprei9GN0RpU0dDakU1MFNFd0VETnNHUnlBPQ==\clients
C:\Users\gwengoetter\AppData\Roaming\TS3Client\cache\ZFprei9GN0RpU0dDakU1MFNFd0VETnNHUnlBPQ==\icons
C:\Users\gwengoetter\AppData\Roaming\TS3Client\chats\Z3hZK3BBeWN0cUphOFRJbS9YQ3VneGZIaUVvPQ==
C:\Users\gwengoetter\AppData\Roaming\TS3Client\chats\ZFprei9GN0RpU0dDakU1MFNFd0VETnNHUnlBPQ==
C:\Users\gwengoetter\AppData\Roaming\Uniblue\DriverScanner
C:\Users\gwengoetter\AppData\Roaming\Uniblue\DriverScanner\drivers
C:\Users\gwengoetter\AppData\Roaming\Uniblue\DriverScanner\_temp
C:\Users\gwengoetter\AppData\Roaming\uTorrent\apps
C:\Users\gwengoetter\AppData\Roaming\uTorrent\dlimagecache
C:\Users\gwengoetter\AppData\Roaming\uTorrent\share
C:\Users\gwengoetter\AppData\Roaming\uTorrent\updates
C:\Users\gwengoetter\AppData\Roaming\WildTangent\Logs