Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware? SVCHOST gets up to 150k and slows computer.


  • This topic is locked This topic is locked
39 replies to this topic

#1 xfreakazoidx

xfreakazoidx

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 23 December 2012 - 03:40 AM

Well I'm pretty geeky but when it comes to viruses/malware and stuff I still on rare occasions get something and cannot seem to fix my computer. The problem I am having just over the last few days is when I start the computer everything is fine. Boots fast. But after a few hours time it slows and almost freezes. One of the SVCHost files maxes out about 150k. Not sure if that has anything to do with it. I did look in the services section but don't see anything strange. I have about 20 SVChosts running for some reason. Also I noticed when I use Chrome (the browser) my task manager shows about 7 or 8 of them running after a few minutes.

I've deleted temp files. Ran virus tools (Spybot, Malwarebytes Antimalware, Webroot and Scotty). No infections. I then scandisked and defragged. I even checked any thing to see if it was maybe some schedule programs running but theres nothing. I also ran hardware tests on the CPU, memory and so on to if something maybe was failing. Everything passed. So right now I don't know what this could be. Its why I am thinking it must be malware or something since that SVCHost file goes up to about 150k.

So any ideas? I wasn't sure if I was to upload any files or not. I read the stickies but got kinda lost because of my brain injury.

Edited by xfreakazoidx, 23 December 2012 - 03:41 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 23 December 2012 - 01:34 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 xfreakazoidx

xfreakazoidx
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 23 December 2012 - 03:18 PM

Only problem I had is when I got up this morning my SVChost was at 100,000kb. But after opening chrome it went up fast to nearly 200,000kb.Even after closing chrome it still should 4 chromes open in the task manager. When I ran the "security check" my computer slowed to a crawl and the hard drive light stayed on. It basically froze but I could still move my cursor. So after restarting I was able to run it fine. Here are the results of the programs:


Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Webroot SecureAnywhere
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.2 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 19.0.1084.52
Google Chrome 21.0.1180.60
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/8/2012 9:50:08 AM
System Uptime: 12/23/2012 3:05:42 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET
Processor: AMD Phenom™ 9750 Quad-Core Processor | CPU 1 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 702.854 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 788.721 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Prem C410 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Prem C410 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Prem C410 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart Prem C410 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP222: 12/14/2012 3:09:37 PM - Windows Update
RP223: 12/17/2012 3:12:06 PM - Windows Update
RP224: 12/20/2012 3:14:24 PM - Windows Update
RP225: 12/23/2012 3:50:21 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
7-Zip 9.20
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Production Premium
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Lightroom 3.4 64-bit
Adobe Reader X (10.1.2)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Angry Birds Space
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
Bad Piggies
Bejeweled 3
Bing Bar
Bonjour
BufferChm
C410
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Combined Community Codec Pack 2011-11-11
Command & Conquer™ 4 Tiberian Twilight
Company of Heroes
Company of Heroes: Opposing Fronts
Company of Heroes: Tales of Valor
Compatibility Pack for the 2007 Office system
Counter-Strike: Global Offensive Beta
Coupon Printer for Windows
Creative 3DMIDI Player
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative Diagnostics
Creative Media Toolbox 6
Creative Media Toolbox 6 (Shared Components)
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative System Information
Creative WaveStudio 7
D3DX10
Darkspore™
Destinations
DeviceDiscovery
Digital microscope
DocProc
Dolby Digital Live Pack
Download Updater (AOL Inc.)
DTS Connect Pack
Facebook Video Calling 1.2.0.159
Fax
ffdshow [rev 2527] [2008-12-19]
GameFly
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Garmin Lifetime Updater
Garry's Mod
Garry's Mod 13 Beta
GoldWave v5.25
Google Chrome
GPBaseService2
Hi-Rez Studios Games
Hitman 2: Silent Assassin
Hitman: Absolution
Hitman: Blood Money
Hitman: Codename 47
Hitman: Sniper Challenge
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
iTunes
Java Auto Updater
Java™ 6 Update 34 (64-bit)
Java™ 7 Update 4
JavaFX 2.1.0
LightScribe System Software
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Metro 2033
MicroCapture 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Digital Image Library 9 - Blocker
Microsoft LifeCam
Microsoft Photo Premium 10
Microsoft Picture It! Library 10
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Movie Maker
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Nero BurnExpress
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero Update
Network64
NVIDIA Drivers
NVIDIA PhysX
OCR Software by I.R.I.S. 14.0
OpenAL
Orcs Must Die! 2
Origin
Outerra - Anteworld - Outerra Anteworld Demo
PassportPhoto (remove)
PDF Settings CS5
Peggle Deluxe
Peggle Nights
Photo Common
Photo Gallery
PMB
PrintMaster 12
PS_AIO_07_C410_SW_Min
PxMergeModule
QuickTime
QuickTransfer
Recuva
Red Faction: Armageddon
Saints Row: The Third
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Shockwave
Shop for HP Supplies
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Sound Blaster X-Fi
Source SDK Base 2007
SpeedFan (remove only)
SPORE™
SPORE™ Creepy & Cute Parts Pack
SPORE™ Galactic Adventures
Spybot - Search & Destroy
SpywareBlaster 4.6
Star Wars - Battlefront II
Status
Steam
STK02N 2.3
Titan Quest
Toolbox
Torchlight
Total Audio MP3 Converter v2.2 build 968
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
uTorrentControl2 Toolbar
VirtualCloneDrive
VLC media player 2.0.1
Warhammer 40,000: Dawn of War - Game of the Year Edition
WebReg
Webroot SecureAnywhere
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPatrol
WinZip 11.2
Works Suite OS Pack
Works Synchronization
Worms Armageddon
Worms Revolution
Xilisoft Video Converter Ultimate
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/23/2012 3:06:31 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
12/23/2012 2:58:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/22/2012 5:53:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/22/2012 5:53:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/22/2012 5:51:24 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/22/2012 5:16:31 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/22/2012 5:14:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/22/2012 5:14:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/22/2012 5:14:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/22/2012 5:14:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/22/2012 5:14:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO MpFilter spldr Wanarpv6
12/22/2012 5:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
12/22/2012 5:14:29 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/22/2012 5:14:22 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
12/17/2012 8:19:47 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================






DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.4.1
Run by Owner at 15:14:24 on 2012-12-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6045 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D1031760-89C4-4315-BADE-2D9053F7E07E} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n8zhwix.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-11 22:56; {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n8zhwix.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
FF - ExtSQL: !HIDDEN! 2012-02-10 21:24; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=bc2f1c3c000000000000002618a402cc&q=
FF - user.js: extensions.BabylonToolbar.id - bc2f1c3c000000000000002618a402cc
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15641
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.820:01:48
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-8-16 8704]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-11 55280]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-2-10 110672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-10 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-29 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-29 676936]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-8-24 430136]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-10 1153368]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-2-10 729608]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-2-11 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-29 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-2-11 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-2-10 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-2-11 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-8 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-8 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VMUVC;Vimicro Camera Service VMUVC;C:\Windows\System32\drivers\vmuvc.sys [2012-2-20 198400]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\Windows\System32\drivers\vvftUVC.sys [2012-2-20 303616]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-9 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-12-23 15:48:17 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF3F50C3-9FAF-467D-8C3E-AE067F027F16}\offreg.dll
2012-12-23 15:47:17 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF3F50C3-9FAF-467D-8C3E-AE067F027F16}\mpengine.dll
2012-12-23 08:51:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-12-23 08:51:56 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-12-23 08:51:55 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-12-23 08:51:55 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-12-23 08:51:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-23 08:51:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-23 08:51:10 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-23 08:51:09 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-23 08:49:41 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-23 08:49:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-23 08:49:10 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-23 08:46:38 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-23 08:46:37 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-22 20:15:06 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-18 01:09:09 -------- d-----w- C:\Users\Owner\AppData\Local\AOL
2012-12-18 01:09:08 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2012-12-11 03:02:11 -------- d-----w- C:\Identity
2012-12-08 19:14:08 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-08 19:14:08 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-08 19:14:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-08 19:14:07 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-08 19:02:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-08 19:02:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-08 19:02:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-08 19:02:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-08 19:02:33 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-08 19:02:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-08 19:02:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-08 18:58:55 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-12-08 18:58:55 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-12-08 18:54:07 -------- d-----w- C:\Program Files (x86)\MSECache
2012-12-06 12:24:34 -------- d-----w- C:\Users\Owner\AppData\Roaming\SPORE
2012-12-02 05:10:29 -------- d-----w- C:\Users\Owner\AppData\Local\4A Games
2012-12-02 05:06:13 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-12-02 05:05:40 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-12-02 05:05:11 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2012-12-02 05:05:11 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2012-12-02 05:05:11 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2012-12-02 05:05:11 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2012-12-02 05:05:07 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-12-02 05:05:07 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-11-28 19:21:27 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1EB84AC-6971-46F1-A62B-FCAA1395BAC0}\gapaengine.dll
.
==================== Find3M ====================
.
2012-12-11 01:05:40 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2012-12-11 01:03:47 150776 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-12-11 01:03:47 110672 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-12-11 01:03:47 103408 ----a-w- C:\Windows\System32\WRusr.dll
2012-12-02 05:17:40 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-02 05:17:39 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-19 23:18:22 652160 ----a-w- C:\Windows\couponprinter_x64.ocx
2012-10-19 23:18:02 440704 ----a-w- C:\Windows\CouponPrinter.ocx
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-14 11:26:45 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-10-11 21:10:09 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-10-11 21:10:09 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-10-11 21:10:09 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-10-11 21:10:09 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:15:16.55 ===============

Edited by xfreakazoidx, 23 December 2012 - 03:19 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 23 December 2012 - 03:37 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 xfreakazoidx

xfreakazoidx
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 23 December 2012 - 05:15 PM

I had to run it in Safe Mode because the computer froze up again. While running it that Microsoft Security kept turning itself on no matter how much I turned it off. Luckily it didn't reenable itself until ComboFix was preparing the log. The computer seems slower now on some levels. And when I click the start menu half the icons are white. And when I start something like Notepad it takes a few seconds. Although as minutes go by the icons are reappearing and things to some degree are back to normal. Also alot of the process's like Spybot and Chrome are around 60,000kb. It may be some of the security programs are scanning though. I'll post again if the computer slows to a crawl like before.The SVCHost seems to be steady at 100,000kb though.

I'm kind of aggravated (not by you) about this computer because this is a new hard drive I put in a few months ago (well maybe longer). >.<

Here are the ComboFix results:
ComboFix 12-12-23.01 - Owner 12/23/2012 16:24:24.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6748 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\WRusr.dll-113833-1.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-11-23 to 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 21:37 . 2012-12-23 21:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-23 21:37 . 2012-12-23 21:37 -------- d-----w- c:\users\Mcx1-OWNER-PC\AppData\Local\temp
2012-12-23 21:37 . 2012-12-23 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-23 15:48 . 2012-12-23 15:48 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF3F50C3-9FAF-467D-8C3E-AE067F027F16}\offreg.dll
2012-12-23 15:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF3F50C3-9FAF-467D-8C3E-AE067F027F16}\mpengine.dll
2012-12-23 08:51 . 2012-11-14 02:00 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-12-23 08:51 . 2012-11-14 06:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-23 08:51 . 2012-11-14 06:06 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-12-23 08:51 . 2012-11-14 02:01 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-12-23 08:51 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-12-23 08:51 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-12-23 08:51 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-23 08:51 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-23 08:51 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-23 08:51 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-23 08:49 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-23 08:49 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-23 08:49 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-23 08:46 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-23 08:46 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-22 20:15 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-18 01:09 . 2012-12-18 01:13 -------- d-----w- c:\users\Owner\AppData\Local\AOL
2012-12-18 01:09 . 2012-12-18 01:09 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-12-11 03:02 . 2012-12-11 03:02 -------- d-----w- C:\Identity
2012-12-08 19:14 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-08 19:14 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-08 19:14 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-08 19:14 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-08 19:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-08 19:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-08 19:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-08 19:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-08 19:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-08 19:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-08 19:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-08 18:58 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-12-08 18:58 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-12-08 18:54 . 2012-12-08 18:54 -------- d-----w- c:\program files (x86)\MSECache
2012-12-06 12:24 . 2012-12-18 00:06 -------- d-----w- c:\users\Owner\AppData\Roaming\SPORE
2012-12-02 05:10 . 2012-12-02 05:10 -------- d-----w- c:\users\Owner\AppData\Local\4A Games
2012-12-02 05:06 . 2012-12-02 05:06 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-12-02 05:05 . 2012-12-02 05:05 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-02 05:05 . 2008-10-15 11:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-12-02 05:05 . 2008-10-15 11:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-12-02 05:05 . 2008-10-15 11:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-12-02 05:05 . 2008-10-15 11:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-12-02 05:05 . 2008-10-15 11:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-12-02 05:05 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-11-28 19:21 . 2012-11-28 19:21 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1EB84AC-6971-46F1-A62B-FCAA1395BAC0}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-23 21:20 . 2012-02-11 04:12 150776 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-12-23 21:20 . 2012-02-11 04:12 103408 ----a-w- c:\windows\system32\WRusr.dll
2012-12-23 08:53 . 2012-02-09 22:52 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 01:05 . 2012-11-12 03:55 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
2012-12-11 01:03 . 2012-02-11 04:12 110672 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-12-02 05:17 . 2012-07-16 10:11 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-02 05:17 . 2012-02-16 12:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-13 13:57 . 2012-03-05 09:11 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-11-13 13:57 . 2012-03-05 09:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-19 23:18 . 2012-10-14 04:46 652160 ----a-w- c:\windows\couponprinter_x64.ocx
2012-10-19 23:18 . 2012-10-14 04:45 440704 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-16 08:38 . 2012-12-08 18:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-08 18:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-08 18:59 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-14 11:26 . 2012-10-14 11:26 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-10-11 21:10 . 2012-02-11 02:39 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-11 21:10 . 2012-02-11 02:39 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-11 21:10 . 2012-02-11 02:39 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-11 21:10 . 2012-02-11 02:39 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-04 16:40 . 2012-12-23 08:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-04 03:39 . 2012-10-06 07:37 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-29 23:54 . 2012-09-29 08:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Microsoft Works Update Detection"="c:\program files (x86)\Microsoft Works\WkDetect.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-12-11 729608]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [2012-11-11 9842040]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [2012-11-11 9842040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-26 8704]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-02-11 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-11 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-02-11 79360]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-03-11 198400]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 303616]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-09 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-12-11 110672]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-12-11 729608]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-09-20 363752]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n8zhwix.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-11 22:56; {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n8zhwix.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
FF - ExtSQL: !HIDDEN! 2012-02-10 21:24; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=bc2f1c3c000000000000002618a402cc&q=
FF - user.js: extensions.BabylonToolbar.id - bc2f1c3c000000000000002618a402cc
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15641
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.820:01
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1429066226-164066939-2473231099-1000\Software\SecuROM\License information*]
"datasecu"=hex:37,db,89,a5,87,80,0b,3f,d2,c9,ba,9d,c7,5f,aa,cb,bd,f9,71,22,94,
1e,99,2d,3a,c4,e3,2f,cd,1b,ac,4f,41,13,a4,2f,f3,5c,4b,8f,70,d9,c2,6b,b5,c0,\
"rkeysecu"=hex:d2,c4,5c,3f,c5,12,3e,70,e7,cd,f1,f2,d4,ec,1b,1f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:28,a2,20,4a,ed,1c,3f,cb,c5,82,d6,6a,79,59,75,00,01,71,a8,32,0c,
31,eb,25,ba,d2,ab,a7,18,47,61,d0,fa,f1,5e,c7,86,b9,91,74,79,0f,72,e7,40,46,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:28,a2,20,4a,ed,1c,3f,cb,c5,82,d6,6a,79,59,75,00,01,71,a8,32,0c,
31,eb,25,ba,d2,ab,a7,18,47,61,d0,fa,f1,5e,c7,86,b9,91,74,79,0f,72,e7,40,46,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-23 17:00:08
ComboFix-quarantined-files.txt 2012-12-23 22:00
ComboFix2.txt 2012-10-01 21:06
.
Pre-Run: 754,557,636,608 bytes free
Post-Run: 754,545,565,696 bytes free
.
- - End Of File - - 3FD29F0804F766E49FEB1032971BA3F7

Edited by xfreakazoidx, 23 December 2012 - 05:17 PM.


#6 xfreakazoidx

xfreakazoidx
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 23 December 2012 - 05:32 PM

Just to update since my last post. Explorer crashed twice while the Microsoft Security tried to turn on. Now the computer is running at full speed. However explorer keeps still randomly freezing, but after a minute it seems to be fine. I may just uninstall that MSE program. Other then that everything seems to be fine. I'll give it a few more hours and see if it freezes up again.

---Update 1---
I have restarted it again and it seems to be fine. However the Malewarebytes Anti-Malware program had some sort of shell error when I restarted. Also that one SVCHost is now getting high again. It goes up by 50kb every few seconds. It was at 105,000kb last time I posted. Now its at 120,736kb

---update 2-----
Afer being gone awhile now I left Chrome open along with a document to see if it would freeze when I came home and it didn't. So I think its fixed. But as I said before though the SVChost file is still rising. Currently its at 149,000k. but there is no slow down like there normally is when it gets to this number. Is the that file suppose to get the high to begin with?

---update 3----
It appears to have dropped down to 138,000kb. So it looks good then. I won't post again unless there is a problem again. However feel free to update me if you have anything to add. Thanks for the help!

Edited by xfreakazoidx, 24 December 2012 - 12:20 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 24 December 2012 - 08:56 AM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 xfreakazoidx

xfreakazoidx
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 24 December 2012 - 03:08 PM

Thank you. Here are the results of both. Also any recommended program to that will block Malware? My virus scanners don't seem to do anything against it.

14:09:32.0882 3724 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:09:33.0616 3724 ============================================================
14:09:33.0616 3724 Current date / time: 2012/12/24 14:09:33.0616
14:09:33.0616 3724 SystemInfo:
14:09:33.0616 3724
14:09:33.0616 3724 OS Version: 6.1.7601 ServicePack: 1.0
14:09:33.0616 3724 Product type: Workstation
14:09:33.0616 3724 ComputerName: OWNER-PC
14:09:33.0616 3724 UserName: Owner
14:09:33.0616 3724 Windows directory: C:\Windows
14:09:33.0616 3724 System windows directory: C:\Windows
14:09:33.0616 3724 Running under WOW64
14:09:33.0616 3724 Processor architecture: Intel x64
14:09:33.0616 3724 Number of processors: 4
14:09:33.0616 3724 Page size: 0x1000
14:09:33.0616 3724 Boot type: Normal boot
14:09:33.0616 3724 ============================================================
14:09:36.0533 3724 BG loaded
14:09:37.0063 3724 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:37.0079 3724 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:37.0110 3724 ============================================================
14:09:37.0110 3724 \Device\Harddisk0\DR0:
14:09:37.0126 3724 MBR partitions:
14:09:37.0126 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:09:37.0126 3724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
14:09:37.0126 3724 \Device\Harddisk1\DR1:
14:09:37.0126 3724 MBR partitions:
14:09:37.0126 3724 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:09:37.0126 3724 ============================================================
14:09:37.0906 3724 C: <-> \Device\Harddisk0\DR0\Partition2
14:09:37.0921 3724 D: <-> \Device\Harddisk1\DR1\Partition1
14:09:37.0921 3724 ============================================================
14:09:37.0921 3724 Initialize success
14:09:37.0921 3724 ============================================================
14:10:28.0709 5988 ============================================================
14:10:28.0709 5988 Scan started
14:10:28.0709 5988 Mode: Manual; SigCheck; TDLFS;
14:10:28.0709 5988 ============================================================
14:10:30.0425 5988 ================ Scan system memory ========================
14:10:30.0425 5988 System memory - ok
14:10:30.0425 5988 ================ Scan services =============================
14:10:30.0940 5988 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:10:31.0252 5988 1394ohci - ok
14:10:31.0283 5988 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:10:31.0299 5988 ACPI - ok
14:10:31.0330 5988 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:10:31.0393 5988 AcpiPmi - ok
14:10:31.0533 5988 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:10:31.0564 5988 AdobeARMservice - ok
14:10:31.0595 5988 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:10:31.0642 5988 adp94xx - ok
14:10:31.0658 5988 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:10:31.0673 5988 adpahci - ok
14:10:31.0705 5988 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:10:31.0720 5988 adpu320 - ok
14:10:31.0751 5988 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:10:31.0923 5988 AeLookupSvc - ok
14:10:31.0954 5988 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:10:32.0017 5988 AFD - ok
14:10:32.0063 5988 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:10:32.0079 5988 agp440 - ok
14:10:32.0095 5988 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:10:32.0204 5988 ALG - ok
14:10:32.0219 5988 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:10:32.0235 5988 aliide - ok
14:10:32.0282 5988 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:10:32.0407 5988 AMD External Events Utility - ok
14:10:32.0485 5988 AMD FUEL Service - ok
14:10:32.0500 5988 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:10:32.0516 5988 amdide - ok
14:10:32.0547 5988 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
14:10:32.0609 5988 amdiox64 - ok
14:10:32.0641 5988 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:10:32.0687 5988 AmdK8 - ok
14:10:33.0296 5988 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:10:33.0421 5988 amdkmdag - ok
14:10:33.0483 5988 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:10:33.0530 5988 amdkmdap - ok
14:10:33.0561 5988 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:10:33.0577 5988 AmdPPM - ok
14:10:33.0623 5988 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:10:33.0655 5988 amdsata - ok
14:10:33.0670 5988 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:10:33.0686 5988 amdsbs - ok
14:10:33.0701 5988 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:10:33.0717 5988 amdxata - ok
14:10:33.0733 5988 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:10:33.0748 5988 AODDriver4.01 - ok
14:10:33.0779 5988 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:10:33.0795 5988 AODDriver4.1 - ok
14:10:33.0842 5988 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:10:34.0029 5988 AppID - ok
14:10:34.0076 5988 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:10:34.0138 5988 AppIDSvc - ok
14:10:34.0169 5988 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:10:34.0201 5988 Appinfo - ok
14:10:34.0310 5988 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:10:34.0325 5988 Apple Mobile Device - ok
14:10:34.0372 5988 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:10:34.0403 5988 arc - ok
14:10:34.0419 5988 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:10:34.0435 5988 arcsas - ok
14:10:34.0497 5988 aspnet_state - ok
14:10:34.0513 5988 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:10:34.0591 5988 AsyncMac - ok
14:10:34.0622 5988 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:10:34.0653 5988 atapi - ok
14:10:34.0684 5988 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:10:34.0715 5988 AtiHDAudioService - ok
14:10:35.0027 5988 [ 322E5C178990F116F00E3D923F4E6B1C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:10:35.0152 5988 atikmdag - ok
14:10:35.0215 5988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:10:35.0324 5988 AudioEndpointBuilder - ok
14:10:35.0339 5988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:10:35.0386 5988 AudioSrv - ok
14:10:35.0417 5988 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:10:35.0495 5988 AxInstSV - ok
14:10:35.0527 5988 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:10:35.0542 5988 b06bdrv - ok
14:10:35.0589 5988 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:10:35.0620 5988 b57nd60a - ok
14:10:35.0761 5988 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
14:10:35.0776 5988 BBSvc - ok
14:10:35.0823 5988 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
14:10:35.0839 5988 BBUpdate - ok
14:10:35.0870 5988 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:10:35.0917 5988 BDESVC - ok
14:10:35.0932 5988 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:10:35.0995 5988 Beep - ok
14:10:36.0041 5988 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:10:36.0088 5988 BFE - ok
14:10:36.0213 5988 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:10:36.0275 5988 BITS - ok
14:10:36.0322 5988 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:10:36.0369 5988 blbdrive - ok
14:10:36.0463 5988 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:10:36.0494 5988 Bonjour Service - ok
14:10:36.0525 5988 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:10:36.0587 5988 bowser - ok
14:10:36.0650 5988 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:10:36.0712 5988 BrFiltLo - ok
14:10:36.0728 5988 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:10:36.0759 5988 BrFiltUp - ok
14:10:36.0790 5988 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:10:36.0853 5988 BridgeMP - ok
14:10:36.0899 5988 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:10:37.0009 5988 Browser - ok
14:10:37.0055 5988 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:10:37.0165 5988 Brserid - ok
14:10:37.0196 5988 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:10:37.0258 5988 BrSerWdm - ok
14:10:37.0289 5988 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:10:37.0367 5988 BrUsbMdm - ok
14:10:37.0367 5988 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:10:37.0430 5988 BrUsbSer - ok
14:10:37.0445 5988 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:10:37.0508 5988 BTHMODEM - ok
14:10:37.0555 5988 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:10:37.0633 5988 bthserv - ok
14:10:37.0882 5988 catchme - ok
14:10:37.0929 5988 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:10:38.0023 5988 cdfs - ok
14:10:38.0116 5988 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:10:38.0257 5988 cdrom - ok
14:10:38.0366 5988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:10:38.0444 5988 CertPropSvc - ok
14:10:38.0475 5988 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:10:38.0569 5988 circlass - ok
14:10:38.0662 5988 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:10:38.0725 5988 CLFS - ok
14:10:38.0756 5988 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:10:38.0990 5988 clr_optimization_v2.0.50727_32 - ok
14:10:39.0317 5988 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:10:39.0364 5988 clr_optimization_v2.0.50727_64 - ok
14:10:39.0723 5988 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:10:40.0160 5988 clr_optimization_v4.0.30319_32 - ok
14:10:40.0238 5988 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:10:40.0347 5988 clr_optimization_v4.0.30319_64 - ok
14:10:40.0378 5988 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:10:40.0441 5988 CmBatt - ok
14:10:40.0487 5988 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:10:40.0503 5988 cmdide - ok
14:10:40.0612 5988 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
14:10:40.0659 5988 CNG - ok
14:10:40.0706 5988 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:10:40.0721 5988 Compbatt - ok
14:10:40.0753 5988 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:10:40.0799 5988 CompositeBus - ok
14:10:40.0815 5988 COMSysApp - ok
14:10:40.0846 5988 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:10:40.0877 5988 crcdisk - ok
14:10:41.0033 5988 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
14:10:41.0065 5988 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:10:41.0065 5988 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:10:41.0096 5988 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
14:10:41.0111 5988 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:10:41.0111 5988 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:10:41.0205 5988 [ D03466C36EF0E5C7694FF38B45271D9D ] Creative Media Toolbox 6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
14:10:41.0221 5988 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:10:41.0221 5988 Creative Media Toolbox 6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:10:41.0283 5988 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:10:41.0361 5988 CryptSvc - ok
14:10:41.0439 5988 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
14:10:41.0455 5988 CT20XUT - ok
14:10:41.0486 5988 [ 148C9C111291C41D6B2ABFB6FBB43856 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
14:10:41.0501 5988 CT20XUT.SYS - ok
14:10:41.0548 5988 [ 397FBD4454E5B2FB77E55D1013DF548C ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
14:10:41.0579 5988 ctac32k - ok
14:10:41.0720 5988 [ 50A8CD4DF066FE57D0C473A2645988CC ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
14:10:41.0751 5988 ctaud2k - ok
14:10:41.0860 5988 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
14:10:41.0954 5988 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
14:10:41.0954 5988 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
14:10:42.0235 5988 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
14:10:42.0281 5988 CTEXFIFX - ok
14:10:42.0422 5988 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
14:10:42.0453 5988 CTEXFIFX.SYS - ok
14:10:42.0500 5988 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
14:10:42.0531 5988 CTHWIUT - ok
14:10:42.0547 5988 [ AE78CA7EE865A28AC841211DB655ACF3 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
14:10:42.0562 5988 CTHWIUT.SYS - ok
14:10:42.0593 5988 [ 757776E207CA5E71E4A16BD1260AE1F2 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
14:10:42.0609 5988 ctprxy2k - ok
14:10:42.0671 5988 [ 9B111EE2F488A8D9C21A13ED4C777795 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
14:10:42.0703 5988 ctsfm2k - ok
14:10:42.0765 5988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:10:42.0843 5988 DcomLaunch - ok
14:10:42.0905 5988 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:10:42.0999 5988 defragsvc - ok
14:10:43.0046 5988 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:10:43.0108 5988 DfsC - ok
14:10:43.0124 5988 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:10:43.0186 5988 Dhcp - ok
14:10:43.0217 5988 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:10:43.0264 5988 discache - ok
14:10:43.0295 5988 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:10:43.0327 5988 Disk - ok
14:10:43.0358 5988 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:10:43.0405 5988 Dnscache - ok
14:10:43.0436 5988 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:10:43.0483 5988 dot3svc - ok
14:10:43.0529 5988 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:10:43.0576 5988 Dot4 - ok
14:10:43.0623 5988 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
14:10:43.0670 5988 Dot4Print - ok
14:10:43.0685 5988 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:10:43.0732 5988 dot4usb - ok
14:10:43.0779 5988 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:10:43.0841 5988 DPS - ok
14:10:43.0857 5988 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:10:43.0904 5988 drmkaud - ok
14:10:43.0951 5988 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:10:43.0982 5988 DXGKrnl - ok
14:10:44.0013 5988 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:10:44.0060 5988 EapHost - ok
14:10:44.0481 5988 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:10:44.0575 5988 ebdrv - ok
14:10:44.0606 5988 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:10:44.0684 5988 EFS - ok
14:10:44.0746 5988 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:10:44.0793 5988 ehRecvr - ok
14:10:44.0809 5988 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:10:44.0840 5988 ehSched - ok
14:10:44.0887 5988 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
14:10:44.0902 5988 ElbyCDIO - ok
14:10:44.0949 5988 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:10:45.0089 5988 elxstor - ok
14:10:45.0105 5988 [ 683DCAF0D4EFC3F95A32E8924849202D ] emupia C:\Windows\system32\drivers\emupia2k.sys
14:10:45.0121 5988 emupia - ok
14:10:45.0167 5988 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:10:45.0199 5988 ErrDev - ok
14:10:45.0245 5988 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:10:45.0339 5988 EventSystem - ok
14:10:45.0370 5988 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:10:45.0417 5988 exfat - ok
14:10:45.0448 5988 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:10:45.0495 5988 fastfat - ok
14:10:45.0573 5988 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:10:45.0604 5988 Fax - ok
14:10:45.0620 5988 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:10:45.0651 5988 fdc - ok
14:10:45.0667 5988 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:10:45.0698 5988 fdPHost - ok
14:10:45.0713 5988 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:10:45.0760 5988 FDResPub - ok
14:10:45.0776 5988 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:10:45.0791 5988 FileInfo - ok
14:10:45.0807 5988 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:10:45.0885 5988 Filetrace - ok
14:10:45.0885 5988 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:10:45.0901 5988 flpydisk - ok
14:10:45.0916 5988 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:10:45.0932 5988 FltMgr - ok
14:10:46.0181 5988 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:10:46.0259 5988 FontCache - ok
14:10:46.0322 5988 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:10:46.0337 5988 FontCache3.0.0.0 - ok
14:10:46.0369 5988 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:10:46.0384 5988 FsDepends - ok
14:10:46.0415 5988 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:10:46.0415 5988 Fs_Rec - ok
14:10:46.0447 5988 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:10:46.0462 5988 fvevol - ok
14:10:46.0493 5988 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:10:46.0493 5988 gagp30kx - ok
14:10:46.0525 5988 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:10:46.0540 5988 GEARAspiWDM - ok
14:10:46.0571 5988 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:10:46.0634 5988 gpsvc - ok
14:10:46.0790 5988 [ 076F366B87575ADC7D152C7A34ACB3DC ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
14:10:46.0837 5988 ha20x22k - ok
14:10:47.0133 5988 [ 4A7533EB52DC9D1847E7F78DEE1CE322 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
14:10:47.0180 5988 ha20x2k - ok
14:10:47.0195 5988 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:10:47.0211 5988 hcw85cir - ok
14:10:47.0258 5988 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:10:47.0289 5988 HdAudAddService - ok
14:10:47.0305 5988 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:10:47.0320 5988 HDAudBus - ok
14:10:47.0336 5988 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:10:47.0351 5988 HidBatt - ok
14:10:47.0351 5988 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:10:47.0367 5988 HidBth - ok
14:10:47.0383 5988 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:10:47.0414 5988 HidIr - ok
14:10:47.0445 5988 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:10:47.0492 5988 hidserv - ok
14:10:47.0570 5988 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:10:47.0601 5988 HidUsb - ok
14:10:47.0648 5988 [ 00C71C3FB915BA353740999ADF447927 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
14:10:47.0695 5988 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
14:10:47.0695 5988 HiPatchService - detected UnsignedFile.Multi.Generic (1)
14:10:47.0710 5988 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:10:47.0788 5988 hkmsvc - ok
14:10:47.0819 5988 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:10:47.0866 5988 HomeGroupListener - ok
14:10:47.0913 5988 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:10:47.0944 5988 HomeGroupProvider - ok
14:10:48.0194 5988 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:10:48.0615 5988 hpqcxs08 - ok
14:10:48.0646 5988 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:10:48.0802 5988 hpqddsvc - ok
14:10:48.0865 5988 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:10:48.0880 5988 HpSAMD - ok
14:10:49.0239 5988 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:10:49.0333 5988 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:10:49.0333 5988 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:10:49.0379 5988 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:10:49.0442 5988 HTTP - ok
14:10:49.0504 5988 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:10:49.0520 5988 hwpolicy - ok
14:10:49.0567 5988 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:10:49.0598 5988 i8042prt - ok
14:10:49.0645 5988 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:10:49.0676 5988 iaStorV - ok
14:10:49.0738 5988 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:10:49.0769 5988 idsvc - ok
14:10:49.0801 5988 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:10:49.0816 5988 iirsp - ok
14:10:49.0847 5988 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:10:49.0910 5988 IKEEXT - ok
14:10:49.0941 5988 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:10:49.0941 5988 intelide - ok
14:10:49.0972 5988 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:10:49.0988 5988 intelppm - ok
14:10:50.0019 5988 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:10:50.0097 5988 IPBusEnum - ok
14:10:50.0128 5988 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:10:50.0191 5988 IpFilterDriver - ok
14:10:50.0253 5988 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:10:50.0331 5988 iphlpsvc - ok
14:10:50.0362 5988 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:10:50.0378 5988 IPMIDRV - ok
14:10:50.0409 5988 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:10:50.0471 5988 IPNAT - ok
14:10:50.0549 5988 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:10:50.0596 5988 iPod Service - ok
14:10:50.0627 5988 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:10:50.0659 5988 IRENUM - ok
14:10:50.0674 5988 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:10:50.0690 5988 isapnp - ok
14:10:50.0752 5988 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:10:50.0815 5988 iScsiPrt - ok
14:10:50.0846 5988 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:10:50.0861 5988 kbdclass - ok
14:10:50.0908 5988 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:10:50.0955 5988 kbdhid - ok
14:10:50.0971 5988 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:10:50.0971 5988 KeyIso - ok
14:10:51.0033 5988 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:10:51.0064 5988 KSecDD - ok
14:10:51.0080 5988 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:10:51.0095 5988 KSecPkg - ok
14:10:51.0111 5988 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:10:51.0142 5988 ksthunk - ok
14:10:51.0189 5988 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:10:51.0236 5988 KtmRm - ok
14:10:51.0283 5988 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:10:51.0314 5988 LanmanServer - ok
14:10:51.0361 5988 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:10:51.0439 5988 LanmanWorkstation - ok
14:10:51.0532 5988 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:10:51.0548 5988 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:10:51.0548 5988 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:10:51.0579 5988 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:10:51.0657 5988 lltdio - ok
14:10:51.0688 5988 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:10:51.0735 5988 lltdsvc - ok
14:10:51.0766 5988 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:10:51.0813 5988 lmhosts - ok
14:10:51.0844 5988 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:10:51.0875 5988 LSI_FC - ok
14:10:51.0891 5988 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:10:51.0907 5988 LSI_SAS - ok
14:10:51.0922 5988 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:10:51.0938 5988 LSI_SAS2 - ok
14:10:51.0953 5988 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:10:51.0969 5988 LSI_SCSI - ok
14:10:51.0985 5988 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:10:52.0047 5988 luafv - ok
14:10:52.0094 5988 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:10:52.0109 5988 MBAMProtector - ok
14:10:52.0187 5988 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:10:52.0219 5988 MBAMScheduler - ok
14:10:52.0515 5988 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:10:52.0546 5988 MBAMService - ok
14:10:52.0593 5988 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:10:52.0624 5988 Mcx2Svc - ok
14:10:52.0640 5988 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:10:52.0655 5988 megasas - ok
14:10:52.0671 5988 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:10:52.0687 5988 MegaSR - ok
14:10:52.0718 5988 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:10:52.0796 5988 MMCSS - ok
14:10:52.0827 5988 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:10:52.0858 5988 Modem - ok
14:10:52.0921 5988 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:10:52.0952 5988 monitor - ok
14:10:52.0999 5988 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:10:53.0014 5988 mouclass - ok
14:10:53.0045 5988 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:10:53.0061 5988 mouhid - ok
14:10:53.0092 5988 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:10:53.0108 5988 mountmgr - ok
14:10:53.0186 5988 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:10:53.0217 5988 MozillaMaintenance - ok
14:10:53.0248 5988 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:10:53.0264 5988 MpFilter - ok
14:10:53.0295 5988 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:10:53.0311 5988 mpio - ok
14:10:53.0326 5988 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:10:53.0357 5988 mpsdrv - ok
14:10:53.0420 5988 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:10:53.0482 5988 MpsSvc - ok
14:10:53.0545 5988 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:10:53.0591 5988 MRxDAV - ok
14:10:53.0685 5988 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:10:53.0732 5988 mrxsmb - ok
14:10:53.0794 5988 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:10:53.0841 5988 mrxsmb10 - ok
14:10:53.0857 5988 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:10:53.0888 5988 mrxsmb20 - ok
14:10:53.0919 5988 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:10:53.0935 5988 msahci - ok
14:10:53.0981 5988 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
14:10:53.0997 5988 MSCamSvc - ok
14:10:54.0028 5988 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:10:54.0059 5988 msdsm - ok
14:10:54.0091 5988 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:10:54.0122 5988 MSDTC - ok
14:10:54.0153 5988 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:10:54.0200 5988 Msfs - ok
14:10:54.0231 5988 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:10:54.0278 5988 mshidkmdf - ok
14:10:54.0340 5988 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
14:10:54.0356 5988 MSHUSBVideo - ok
14:10:54.0403 5988 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:10:54.0418 5988 msisadrv - ok
14:10:54.0449 5988 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:10:54.0512 5988 MSiSCSI - ok
14:10:54.0527 5988 msiserver - ok
14:10:54.0559 5988 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:10:54.0621 5988 MSKSSRV - ok
14:10:54.0683 5988 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:10:54.0699 5988 MsMpSvc - ok
14:10:54.0746 5988 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:10:54.0808 5988 MSPCLOCK - ok
14:10:54.0839 5988 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:10:54.0886 5988 MSPQM - ok
14:10:54.0933 5988 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:10:54.0964 5988 MsRPC - ok
14:10:54.0995 5988 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:10:55.0011 5988 mssmbios - ok
14:10:55.0027 5988 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:10:55.0073 5988 MSTEE - ok
14:10:55.0105 5988 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:10:55.0120 5988 MTConfig - ok
14:10:55.0151 5988 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:10:55.0167 5988 Mup - ok
14:10:55.0292 5988 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:10:55.0354 5988 napagent - ok
14:10:55.0370 5988 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:10:55.0432 5988 NativeWifiP - ok
14:10:55.0588 5988 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
14:10:55.0619 5988 NAUpdate - ok
14:10:55.0682 5988 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:10:55.0713 5988 NDIS - ok
14:10:55.0744 5988 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:10:55.0807 5988 NdisCap - ok
14:10:55.0838 5988 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:10:55.0900 5988 NdisTapi - ok
14:10:55.0947 5988 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:10:56.0009 5988 Ndisuio - ok
14:10:56.0056 5988 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:10:56.0119 5988 NdisWan - ok
14:10:56.0165 5988 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:10:56.0243 5988 NDProxy - ok
14:10:56.0337 5988 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:10:56.0353 5988 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:10:56.0353 5988 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:10:56.0368 5988 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:10:56.0446 5988 NetBIOS - ok
14:10:56.0540 5988 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:10:56.0618 5988 NetBT - ok
14:10:56.0649 5988 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:10:56.0649 5988 Netlogon - ok
14:10:56.0680 5988 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:10:56.0743 5988 Netman - ok
14:10:56.0821 5988 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:10:56.0883 5988 netprofm - ok
14:10:56.0930 5988 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:10:56.0961 5988 NetTcpPortSharing - ok
14:10:56.0977 5988 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:10:57.0008 5988 nfrd960 - ok
14:10:57.0055 5988 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:10:57.0086 5988 NisDrv - ok
14:10:57.0211 5988 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:10:57.0226 5988 NisSrv - ok
14:10:57.0257 5988 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:10:57.0289 5988 NlaSvc - ok
14:10:57.0304 5988 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:10:57.0367 5988 Npfs - ok
14:10:57.0382 5988 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:10:57.0460 5988 nsi - ok
14:10:57.0491 5988 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:10:57.0569 5988 nsiproxy - ok
14:10:57.0647 5988 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:10:57.0741 5988 Ntfs - ok
14:10:57.0757 5988 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:10:57.0819 5988 Null - ok
14:10:57.0881 5988 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
14:10:57.0959 5988 NVENETFD - ok
14:10:57.0991 5988 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:10:58.0037 5988 nvraid - ok
14:10:58.0069 5988 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
14:10:58.0115 5988 nvsmu - ok
14:10:58.0147 5988 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:10:58.0193 5988 nvstor - ok
14:10:58.0240 5988 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:10:58.0271 5988 nv_agp - ok
14:10:58.0318 5988 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:10:58.0381 5988 ohci1394 - ok
14:10:58.0396 5988 [ A29A80A1CF63D0DC27EEFCAF27D34664 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
14:10:58.0459 5988 ossrv - ok
14:10:58.0552 5988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:10:58.0630 5988 p2pimsvc - ok
14:10:58.0708 5988 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:10:58.0771 5988 p2psvc - ok
14:10:58.0802 5988 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:10:58.0833 5988 Parport - ok
14:10:58.0880 5988 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:10:58.0942 5988 partmgr - ok
14:10:58.0973 5988 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:10:59.0005 5988 PcaSvc - ok
14:10:59.0036 5988 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:10:59.0067 5988 pci - ok
14:10:59.0083 5988 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:10:59.0114 5988 pciide - ok
14:10:59.0145 5988 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:10:59.0176 5988 pcmcia - ok
14:10:59.0192 5988 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:10:59.0223 5988 pcw - ok
14:10:59.0270 5988 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:10:59.0348 5988 PEAUTH - ok
14:10:59.0551 5988 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:10:59.0597 5988 PerfHost - ok
14:10:59.0707 5988 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:10:59.0800 5988 pla - ok
14:10:59.0878 5988 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:10:59.0941 5988 PlugPlay - ok
14:11:00.0065 5988 [ AE6C778717DE2F6B0C0B5335036D3363 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
14:11:00.0159 5988 PMBDeviceInfoProvider - ok
14:11:00.0206 5988 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:11:00.0268 5988 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:11:00.0268 5988 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:11:00.0299 5988 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:11:00.0331 5988 PNRPAutoReg - ok
14:11:00.0346 5988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:11:00.0362 5988 PNRPsvc - ok
14:11:00.0393 5988 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:11:00.0440 5988 PolicyAgent - ok
14:11:00.0502 5988 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:11:00.0580 5988 Power - ok
14:11:00.0627 5988 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:11:00.0705 5988 PptpMiniport - ok
14:11:00.0721 5988 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:11:00.0752 5988 Processor - ok
14:11:00.0814 5988 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:11:00.0861 5988 ProfSvc - ok
14:11:00.0892 5988 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:11:00.0908 5988 ProtectedStorage - ok
14:11:00.0955 5988 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:11:01.0033 5988 Psched - ok
14:11:01.0111 5988 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:11:01.0126 5988 PxHlpa64 - ok
14:11:01.0157 5988 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:11:01.0251 5988 ql2300 - ok
14:11:01.0267 5988 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:11:01.0282 5988 ql40xx - ok
14:11:01.0313 5988 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:11:01.0329 5988 QWAVE - ok
14:11:01.0345 5988 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:11:01.0360 5988 QWAVEdrv - ok
14:11:01.0391 5988 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:11:01.0423 5988 RasAcd - ok
14:11:01.0469 5988 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:11:01.0516 5988 RasAgileVpn - ok
14:11:01.0532 5988 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:11:01.0594 5988 RasAuto - ok
14:11:01.0641 5988 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:11:01.0688 5988 Rasl2tp - ok
14:11:01.0766 5988 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:11:01.0813 5988 RasMan - ok
14:11:01.0844 5988 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:11:01.0891 5988 RasPppoe - ok
14:11:01.0906 5988 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:11:01.0969 5988 RasSstp - ok
14:11:02.0015 5988 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:11:02.0062 5988 rdbss - ok
14:11:02.0078 5988 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:11:02.0093 5988 rdpbus - ok
14:11:02.0109 5988 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:11:02.0156 5988 RDPCDD - ok
14:11:02.0187 5988 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:11:02.0249 5988 RDPENCDD - ok
14:11:02.0296 5988 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:11:02.0327 5988 RDPREFMP - ok
14:11:02.0405 5988 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:11:02.0437 5988 RdpVideoMiniport - ok
14:11:02.0468 5988 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:11:02.0530 5988 RDPWD - ok
14:11:02.0577 5988 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:11:02.0608 5988 rdyboost - ok
14:11:02.0671 5988 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:11:02.0717 5988 RemoteAccess - ok
14:11:02.0764 5988 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:11:02.0827 5988 RemoteRegistry - ok
14:11:02.0858 5988 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:11:02.0936 5988 RpcEptMapper - ok
14:11:02.0967 5988 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:11:02.0983 5988 RpcLocator - ok
14:11:03.0045 5988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:11:03.0107 5988 RpcSs - ok
14:11:03.0123 5988 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:11:03.0170 5988 rspndr - ok
14:11:03.0185 5988 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:11:03.0201 5988 SamSs - ok
14:11:03.0217 5988 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:11:03.0232 5988 sbp2port - ok
14:11:03.0404 5988 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:11:03.0451 5988 SBSDWSCService - ok
14:11:03.0482 5988 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:11:03.0544 5988 SCardSvr - ok
14:11:03.0575 5988 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:11:03.0653 5988 scfilter - ok
14:11:03.0700 5988 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:11:03.0747 5988 Schedule - ok
14:11:03.0778 5988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:11:03.0809 5988 SCPolicySvc - ok
14:11:03.0872 5988 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:11:03.0919 5988 SDRSVC - ok
14:11:03.0950 5988 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:11:04.0012 5988 secdrv - ok
14:11:04.0059 5988 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:11:04.0106 5988 seclogon - ok
14:11:04.0137 5988 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:11:04.0199 5988 SENS - ok
14:11:04.0231 5988 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:11:04.0309 5988 SensrSvc - ok
14:11:04.0324 5988 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:11:04.0340 5988 Serenum - ok
14:11:04.0355 5988 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:11:04.0387 5988 Serial - ok
14:11:04.0418 5988 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:11:04.0465 5988 sermouse - ok
14:11:04.0511 5988 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:11:04.0574 5988 SessionEnv - ok
14:11:04.0621 5988 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:11:04.0652 5988 sffdisk - ok
14:11:04.0683 5988 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:11:04.0699 5988 sffp_mmc - ok
14:11:04.0714 5988 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:11:04.0745 5988 sffp_sd - ok
14:11:04.0745 5988 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:11:04.0761 5988 sfloppy - ok
14:11:04.0808 5988 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:11:04.0870 5988 SharedAccess - ok
14:11:04.0901 5988 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:11:04.0948 5988 ShellHWDetection - ok
14:11:04.0979 5988 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:11:04.0995 5988 SiSRaid2 - ok
14:11:05.0011 5988 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:11:05.0026 5988 SiSRaid4 - ok
14:11:05.0089 5988 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:11:05.0104 5988 SkypeUpdate - ok
14:11:05.0120 5988 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:11:05.0151 5988 Smb - ok
14:11:05.0182 5988 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:11:05.0198 5988 SNMPTRAP - ok
14:11:05.0229 5988 [ 7455ED832A33FEF453407F5411C3342D ] speedfan C:\Windows\syswow64\speedfan.sys
14:11:05.0276 5988 speedfan - ok
14:11:05.0291 5988 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:11:05.0323 5988 spldr - ok
14:11:05.0354 5988 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:11:05.0416 5988 Spooler - ok
14:11:05.0744 5988 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:11:05.0869 5988 sppsvc - ok
14:11:05.0884 5988 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:11:05.0931 5988 sppuinotify - ok
14:11:05.0962 5988 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:11:05.0993 5988 srv - ok
14:11:06.0009 5988 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:11:06.0040 5988 srv2 - ok
14:11:06.0056 5988 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:11:06.0087 5988 srvnet - ok
14:11:06.0118 5988 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:11:06.0181 5988 SSDPSRV - ok
14:11:06.0212 5988 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:11:06.0259 5988 SstpSvc - ok
14:11:06.0305 5988 Steam Client Service - ok
14:11:06.0383 5988 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:11:06.0399 5988 stexstor - ok
14:11:06.0461 5988 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:11:06.0508 5988 stisvc - ok
14:11:06.0539 5988 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:11:06.0555 5988 swenum - ok
14:11:06.0789 5988 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:11:06.0945 5988 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:11:06.0945 5988 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:11:06.0961 5988 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:11:07.0007 5988 swprv - ok
14:11:07.0070 5988 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:11:07.0148 5988 SysMain - ok
14:11:07.0195 5988 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:11:07.0226 5988 TabletInputService - ok
14:11:07.0273 5988 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:11:07.0319 5988 TapiSrv - ok
14:11:07.0351 5988 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:11:07.0397 5988 TBS - ok
14:11:07.0491 5988 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:11:07.0569 5988 Tcpip - ok
14:11:07.0616 5988 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:11:07.0647 5988 TCPIP6 - ok
14:11:07.0694 5988 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:11:07.0709 5988 tcpipreg - ok
14:11:07.0741 5988 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:11:07.0787 5988 TDPIPE - ok
14:11:07.0819 5988 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:11:07.0850 5988 TDTCP - ok
14:11:07.0881 5988 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:11:07.0943 5988 tdx - ok
14:11:07.0975 5988 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:11:07.0975 5988 TermDD - ok
14:11:08.0053 5988 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:11:08.0115 5988 TermService - ok
14:11:08.0146 5988 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:11:08.0193 5988 Themes - ok
14:11:08.0209 5988 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:11:08.0255 5988 THREADORDER - ok
14:11:08.0271 5988 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:11:08.0333 5988 TrkWks - ok
14:11:08.0411 5988 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:11:08.0474 5988 TrustedInstaller - ok
14:11:08.0505 5988 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:11:08.0536 5988 tssecsrv - ok
14:11:08.0583 5988 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:11:08.0630 5988 TsUsbFlt - ok
14:11:08.0692 5988 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:11:08.0739 5988 tunnel - ok
14:11:08.0786 5988 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:11:08.0801 5988 uagp35 - ok
14:11:08.0848 5988 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:11:08.0895 5988 udfs - ok
14:11:08.0926 5988 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:11:08.0942 5988 UI0Detect - ok
14:11:08.0957 5988 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:11:08.0973 5988 uliagpkx - ok
14:11:09.0004 5988 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:11:09.0020 5988 umbus - ok
14:11:09.0035 5988 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:11:09.0051 5988 UmPass - ok
14:11:09.0082 5988 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:11:09.0113 5988 upnphost - ok
14:11:09.0145 5988 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:11:09.0176 5988 USBAAPL64 - ok
14:11:09.0207 5988 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:11:09.0223 5988 usbaudio - ok
14:11:09.0238 5988 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:11:09.0269 5988 usbccgp - ok
14:11:09.0285 5988 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:11:09.0301 5988 usbcir - ok
14:11:09.0316 5988 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:11:09.0332 5988 usbehci - ok
14:11:09.0347 5988 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
14:11:09.0379 5988 UsbFltr - ok
14:11:09.0394 5988 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:11:09.0410 5988 usbhub - ok
14:11:09.0441 5988 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:11:09.0457 5988 usbohci - ok
14:11:09.0488 5988 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:11:09.0550 5988 usbprint - ok
14:11:09.0581 5988 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:11:09.0597 5988 usbscan - ok
14:11:09.0628 5988 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:11:09.0659 5988 USBSTOR - ok
14:11:09.0691 5988 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:11:09.0722 5988 usbuhci - ok
14:11:09.0737 5988 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:11:09.0753 5988 usbvideo - ok
14:11:09.0769 5988 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:11:09.0800 5988 UxSms - ok
14:11:09.0831 5988 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:11:09.0847 5988 VaultSvc - ok
14:11:09.0909 5988 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
14:11:09.0940 5988 VClone - ok
14:11:10.0003 5988 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:11:10.0018 5988 vdrvroot - ok
14:11:10.0112 5988 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:11:10.0174 5988 vds - ok
14:11:10.0190 5988 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:11:10.0221 5988 vga - ok
14:11:10.0237 5988 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:11:10.0283 5988 VgaSave - ok
14:11:10.0299 5988 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:11:10.0315 5988 vhdmp - ok
14:11:10.0330 5988 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:11:10.0346 5988 viaide - ok
14:11:10.0361 5988 [ DE96EF88C1EB0CE2FE68BEC3DF1BCAAA ] VMUVC C:\Windows\system32\Drivers\VMUVC.sys
14:11:10.0408 5988 VMUVC - ok
14:11:10.0424 5988 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:11:10.0424 5988 volmgr - ok
14:11:10.0471 5988 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:11:10.0502 5988 volmgrx - ok
14:11:10.0517 5988 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:11:10.0533 5988 volsnap - ok
14:11:10.0549 5988 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:11:10.0564 5988 vsmraid - ok
14:11:10.0627 5988 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:11:10.0720 5988 VSS - ok
14:11:10.0767 5988 [ 9D9FE9E24F03AD87324245F516BEDAE5 ] vvftUVC C:\Windows\system32\drivers\vvftUVC.sys
14:11:10.0798 5988 vvftUVC - ok
14:11:10.0814 5988 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:11:10.0845 5988 vwifibus - ok
14:11:10.0861 5988 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:11:10.0907 5988 W32Time - ok
14:11:10.0923 5988 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:11:10.0939 5988 WacomPen - ok
14:11:10.0970 5988 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:11:11.0001 5988 WANARP - ok
14:11:11.0017 5988 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:11:11.0048 5988 Wanarpv6 - ok
14:11:11.0141 5988 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:11:11.0204 5988 WatAdminSvc - ok
14:11:11.0251 5988 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:11:11.0313 5988 wbengine - ok
14:11:11.0329 5988 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:11:11.0344 5988 WbioSrvc - ok
14:11:11.0407 5988 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:11:11.0438 5988 wcncsvc - ok
14:11:11.0469 5988 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:11:11.0516 5988 WcsPlugInService - ok
14:11:11.0531 5988 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:11:11.0531 5988 Wd - ok
14:11:11.0578 5988 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:11:11.0609 5988 Wdf01000 - ok
14:11:11.0641 5988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:11:11.0719 5988 WdiServiceHost - ok
14:11:11.0719 5988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:11:11.0734 5988 WdiSystemHost - ok
14:11:11.0828 5988 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:11:11.0875 5988 WebClient - ok
14:11:11.0890 5988 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:11:11.0953 5988 Wecsvc - ok
14:11:11.0968 5988 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:11:11.0999 5988 wercplsupport - ok
14:11:12.0046 5988 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:11:12.0093 5988 WerSvc - ok
14:11:12.0109 5988 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:11:12.0140 5988 WfpLwf - ok
14:11:12.0171 5988 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:11:12.0187 5988 WIMMount - ok
14:11:12.0218 5988 WinDefend - ok
14:11:12.0218 5988 WinHttpAutoProxySvc - ok
14:11:12.0327 5988 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:11:12.0389 5988 Winmgmt - ok
14:11:12.0701 5988 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:11:12.0779 5988 WinRM - ok
14:11:12.0842 5988 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:11:12.0873 5988 WinUsb - ok
14:11:12.0920 5988 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:11:12.0951 5988 Wlansvc - ok
14:11:13.0060 5988 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:11:13.0123 5988 wlidsvc - ok
14:11:13.0169 5988 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:11:13.0201 5988 WmiAcpi - ok
14:11:13.0247 5988 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:11:13.0294 5988 wmiApSrv - ok
14:11:13.0310 5988 WMPNetworkSvc - ok
14:11:13.0325 5988 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:11:13.0341 5988 WPCSvc - ok
14:11:13.0388 5988 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:11:13.0419 5988 WPDBusEnum - ok
14:11:13.0450 5988 [ 4CD757CA088CCD7E96B9BE5FBBC00508 ] WRkrn C:\Windows\system32\drivers\WRkrn.sys
14:11:13.0466 5988 WRkrn - ok
14:11:13.0653 5988 [ B9D4F5F7E7CEE6DA5F8008EAD894D08A ] WRSVC C:\Program Files\Webroot\WRSA.exe
14:11:13.0700 5988 WRSVC - ok
14:11:13.0747 5988 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:11:13.0825 5988 ws2ifsl - ok
14:11:13.0871 5988 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:11:13.0903 5988 wscsvc - ok
14:11:13.0918 5988 WSearch - ok
14:11:13.0996 5988 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:11:14.0059 5988 wuauserv - ok
14:11:14.0105 5988 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:11:14.0168 5988 WudfPf - ok
14:11:14.0199 5988 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:11:14.0230 5988 WUDFRd - ok
14:11:14.0277 5988 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:11:14.0308 5988 wudfsvc - ok
14:11:14.0371 5988 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:11:14.0433 5988 WwanSvc - ok
14:11:14.0511 5988 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:11:14.0542 5988 YahooAUService - ok
14:11:14.0542 5988 ================ Scan global ===============================
14:11:14.0589 5988 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:11:14.0620 5988 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:11:14.0667 5988 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:11:14.0714 5988 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:11:14.0745 5988 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:11:14.0745 5988 [Global] - ok
14:11:14.0745 5988 ================ Scan MBR ==================================
14:11:14.0776 5988 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:11:15.0525 5988 \Device\Harddisk0\DR0 - ok
14:11:15.0556 5988 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
14:11:15.0650 5988 \Device\Harddisk1\DR1 - ok
14:11:15.0650 5988 ================ Scan VBR ==================================
14:11:15.0650 5988 [ 856ABD699DEBB6470562EDA111FCB94D ] \Device\Harddisk0\DR0\Partition1
14:11:15.0665 5988 \Device\Harddisk0\DR0\Partition1 - ok
14:11:15.0697 5988 [ 876E72354CB71C1EB4F7C12984F64A76 ] \Device\Harddisk0\DR0\Partition2
14:11:15.0697 5988 \Device\Harddisk0\DR0\Partition2 - ok
14:11:15.0728 5988 [ DC5BC5EC37190E4F7908108FF74FB668 ] \Device\Harddisk1\DR1\Partition1
14:11:15.0728 5988 \Device\Harddisk1\DR1\Partition1 - ok
14:11:15.0728 5988 ================ Scan active images ========================
14:11:15.0728 5988 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
14:11:15.0728 5988 C:\Windows\System32\drivers\crashdmp.sys - ok
14:11:15.0743 5988 [ 9BBD8B5855BC6578957F82341F9CDE5A ] C:\Windows\System32\drivers\Diskdump.sys
14:11:15.0743 5988 C:\Windows\System32\drivers\Diskdump.sys - ok
14:11:15.0743 5988 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
14:11:15.0743 5988 C:\Windows\System32\drivers\dumpfve.sys - ok
14:11:15.0759 5988 [ DAB0E87525C10052BF65F06152F37E4A ] C:\Windows\System32\drivers\nvstor.sys
14:11:15.0759 5988 C:\Windows\System32\drivers\nvstor.sys - ok
14:11:15.0759 5988 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
14:11:15.0759 5988 C:\Windows\System32\drivers\beep.sys - ok
14:11:15.0775 5988 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
14:11:15.0775 5988 C:\Windows\System32\drivers\cdrom.sys - ok
14:11:15.0775 5988 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
14:11:15.0775 5988 C:\Windows\System32\drivers\null.sys - ok
14:11:15.0775 5988 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
14:11:15.0775 5988 C:\Windows\System32\drivers\vga.sys - ok
14:11:15.0790 5988 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
14:11:15.0790 5988 C:\Windows\System32\drivers\videoprt.sys - ok
14:11:15.0790 5988 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
14:11:15.0790 5988 C:\Windows\System32\drivers\watchdog.sys - ok
14:11:15.0806 5988 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
14:11:15.0806 5988 C:\Windows\System32\drivers\msfs.sys - ok
14:11:15.0806 5988 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
14:11:15.0806 5988 C:\Windows\System32\drivers\npfs.sys - ok
14:11:15.0806 5988 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
14:11:15.0806 5988 C:\Windows\System32\drivers\RDPCDD.sys - ok
14:11:15.0821 5988 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
14:11:15.0821 5988 C:\Windows\System32\drivers\RDPENCDD.sys - ok
14:11:15.0821 5988 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
14:11:15.0821 5988 C:\Windows\System32\drivers\RDPREFMP.sys - ok
14:11:15.0821 5988 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
14:11:15.0821 5988 C:\Windows\System32\drivers\afd.sys - ok
14:11:15.0837 5988 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
14:11:15.0837 5988 C:\Windows\System32\drivers\tdx.sys - ok
14:11:15.0837 5988 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
14:11:15.0837 5988 C:\Windows\System32\drivers\netbios.sys - ok
14:11:15.0837 5988 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
14:11:15.0837 5988 C:\Windows\System32\drivers\netbt.sys - ok
14:11:15.0853 5988 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
14:11:15.0853 5988 C:\Windows\System32\drivers\pacer.sys - ok
14:11:15.0853 5988 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
14:11:15.0853 5988 C:\Windows\System32\drivers\wanarp.sys - ok
14:11:15.0868 5988 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
14:11:15.0868 5988 C:\Windows\System32\drivers\wfplwf.sys - ok
14:11:15.0868 5988 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
14:11:15.0868 5988 C:\Windows\System32\drivers\ws2ifsl.sys - ok
14:11:15.0884 5988 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
14:11:15.0884 5988 C:\Windows\System32\drivers\mssmbios.sys - ok
14:11:15.0884 5988 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
14:11:15.0884 5988 C:\Windows\System32\drivers\nsiproxy.sys - ok
14:11:15.0899 5988 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
14:11:15.0899 5988 C:\Windows\System32\drivers\rdbss.sys - ok
14:11:15.0899 5988 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
14:11:15.0899 5988 C:\Windows\System32\drivers\termdd.sys - ok
14:11:15.0899 5988 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
14:11:15.0899 5988 C:\Windows\System32\drivers\blbdrive.sys - ok
14:11:15.0915 5988 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
14:11:15.0915 5988 C:\Windows\System32\drivers\dfsc.sys - ok
14:11:15.0915 5988 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
14:11:15.0915 5988 C:\Windows\System32\drivers\discache.sys - ok
14:11:15.0931 5988 [ A05FC7ECA0966EBB70E4D17B855A853B ] C:\Windows\System32\drivers\ElbyCDIO.sys
14:11:15.0931 5988 C:\Windows\System32\drivers\ElbyCDIO.sys - ok
14:11:15.0931 5988 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
14:11:15.0931 5988 C:\Windows\System32\drivers\tunnel.sys - ok
14:11:15.0931 5988 [ 1E56388B3FE0D031C44144EB8C4D6217 ] C:\Windows\System32\drivers\amdppm.sys
14:11:15.0931 5988 C:\Windows\System32\drivers\amdppm.sys - ok
14:11:15.0946 5988 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] C:\Windows\System32\drivers\nvsmu.sys
14:11:15.0946 5988 C:\Windows\System32\drivers\nvsmu.sys - ok
14:11:15.0946 5988 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
14:11:15.0946 5988 C:\Windows\System32\drivers\usbport.sys - ok
14:11:15.0946 5988 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
14:11:15.0946 5988 C:\Windows\System32\drivers\usbehci.sys - ok
14:11:15.0946 5988 [ 9840FC418B4CBD632D3D0A667A725C31 ] C:\Windows\System32\drivers\usbohci.sys
14:11:15.0946 5988 C:\Windows\System32\drivers\usbohci.sys - ok
14:11:15.0962 5988 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
14:11:15.0962 5988 C:\Windows\System32\ntdll.dll - ok
14:11:15.0962 5988 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
14:11:15.0962 5988 C:\Windows\System32\smss.exe - ok
14:11:15.0962 5988 [ A87D604AEA360176311474C87A63BB88 ] C:\Windows\System32\drivers\1394ohci.sys
14:11:15.0962 5988 C:\Windows\System32\drivers\1394ohci.sys - ok
14:11:15.0977 5988 [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
14:11:15.0977 5988 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
14:11:15.0977 5988 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
14:11:15.0977 5988 C:\Windows\System32\autochk.exe - ok
14:11:15.0993 5988 [ A85B4F2EF3A7304A5399EF0526423040 ] C:\Windows\System32\drivers\nvm62x64.sys
14:11:15.0993 5988 C:\Windows\System32\drivers\nvm62x64.sys - ok
14:11:15.0993 5988 [ 961A81A84FDD700E361E8294528A37BA ] C:\Windows\System32\drivers\atikmpag.sys
14:11:15.0993 5988 C:\Windows\System32\drivers\atikmpag.sys - ok
14:11:16.0009 5988 [ 322E5C178990F116F00E3D923F4E6B1C ] C:\Windows\System32\drivers\atikmdag.sys
14:11:16.0009 5988 C:\Windows\System32\drivers\atikmdag.sys - ok
14:11:16.0009 5988 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
14:11:16.0009 5988 C:\Windows\System32\drivers\dxgkrnl.sys - ok
14:11:16.0024 5988 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
14:11:16.0024 5988 C:\Windows\System32\drivers\dxgmms1.sys - ok
14:11:16.0024 5988 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
14:11:16.0024 5988 C:\Windows\System32\drivers\hdaudbus.sys - ok
14:11:16.0040 5988 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
14:11:16.0040 5988 C:\Windows\System32\drivers\drmk.sys - ok
14:11:16.0040 5988 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
14:11:16.0040 5988 C:\Windows\System32\drivers\ks.sys - ok
14:11:16.0040 5988 [ 50A8CD4DF066FE57D0C473A2645988CC ] C:\Windows\System32\drivers\ctaud2k.sys
14:11:16.0040 5988 C:\Windows\System32\drivers\ctaud2k.sys - ok
14:11:16.0055 5988 [ A29A80A1CF63D0DC27EEFCAF27D34664 ] C:\Windows\System32\drivers\ctoss2k.sys
14:11:16.0055 5988 C:\Windows\System32\drivers\ctoss2k.sys - ok
14:11:16.0055 5988 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
14:11:16.0055 5988 C:\Windows\System32\drivers\portcls.sys - ok
14:11:16.0055 5988 [ 757776E207CA5E71E4A16BD1260AE1F2 ] C:\Windows\System32\drivers\ctprxy2k.sys
14:11:16.0055 5988 C:\Windows\System32\drivers\ctprxy2k.sys - ok
14:11:16.0071 5988 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
14:11:16.0071 5988 C:\Windows\System32\drivers\ksthunk.sys - ok
14:11:16.0071 5988 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
14:11:16.0071 5988 C:\Windows\System32\drivers\agilevpn.sys - ok
14:11:16.0071 5988 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
14:11:16.0071 5988 C:\Windows\System32\drivers\CompositeBus.sys - ok
14:11:16.0087 5988 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
14:11:16.0087 5988 C:\Windows\System32\drivers\ndistapi.sys - ok
14:11:16.0087 5988 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
14:11:16.0087 5988 C:\Windows\System32\drivers\ndiswan.sys - ok
14:11:16.0102 5988 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
14:11:16.0102 5988 C:\Windows\System32\drivers\rasl2tp.sys - ok
14:11:16.0102 5988 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
14:11:16.0102 5988 C:\Windows\System32\drivers\wmiacpi.sys - ok
14:11:16.0118 5988 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
14:11:16.0118 5988 C:\Windows\System32\drivers\kbdclass.sys - ok
14:11:16.0118 5988 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
14:11:16.0118 5988 C:\Windows\System32\drivers\raspppoe.sys - ok
14:11:16.0133 5988 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
14:11:16.0133 5988 C:\Windows\System32\drivers\raspptp.sys - ok
14:11:16.0133 5988 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
14:11:16.0133 5988 C:\Windows\System32\drivers\rassstp.sys - ok
14:11:16.0149 5988 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] C:\Windows\System32\drivers\amdiox64.sys
14:11:16.0149 5988 C:\Windows\System32\drivers\amdiox64.sys - ok
14:11:16.0149 5988 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
14:11:16.0149 5988 C:\Windows\System32\drivers\mouclass.sys - ok
14:11:16.0165 5988 [ 1B1E264203D4EF9D3DA1987AD70355AB ] C:\Windows\System32\drivers\scsiport.sys
14:11:16.0165 5988 C:\Windows\System32\drivers\scsiport.sys - ok
14:11:16.0165 5988 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
14:11:16.0165 5988 C:\Windows\System32\drivers\swenum.sys - ok
14:11:16.0165 5988 [ FD911873C0BB6945FA38C16E9A2B58F9 ] C:\Windows\System32\drivers\VClone.sys
14:11:16.0165 5988 C:\Windows\System32\drivers\VClone.sys - ok
14:11:16.0180 5988 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
14:11:16.0180 5988 C:\Windows\System32\drivers\umbus.sys - ok
14:11:16.0180 5988 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
14:11:16.0180 5988 C:\Windows\System32\drivers\usbhub.sys - ok
14:11:16.0180 5988 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
14:11:16.0180 5988 C:\Windows\System32\drivers\ndproxy.sys - ok
14:11:16.0180 5988 [ 076F366B87575ADC7D152C7A34ACB3DC ] C:\Windows\System32\drivers\ha20x22k.sys
14:11:16.0180 5988 C:\Windows\System32\drivers\ha20x22k.sys - ok
14:11:16.0196 5988 [ B0790FF0E25B7A2674296052F2162C1A ] C:\Windows\System32\drivers\AtihdW76.sys
14:11:16.0196 5988 C:\Windows\System32\drivers\AtihdW76.sys - ok
14:11:16.0196 5988 [ 683DCAF0D4EFC3F95A32E8924849202D ] C:\Windows\System32\drivers\emupia2k.sys
14:11:16.0196 5988 C:\Windows\System32\drivers\emupia2k.sys - ok
14:11:16.0196 5988 [ 9B111EE2F488A8D9C21A13ED4C777795 ] C:\Windows\System32\drivers\ctsfm2k.sys
14:11:16.0196 5988 C:\Windows\System32\drivers\ctsfm2k.sys - ok
14:11:16.0211 5988 [ AE78CA7EE865A28AC841211DB655ACF3 ] C:\Windows\System32\drivers\CTHWIUT.sys
14:11:16.0211 5988 C:\Windows\System32\drivers\CTHWIUT.sys - ok
14:11:16.0211 5988 [ 148C9C111291C41D6B2ABFB6FBB43856 ] C:\Windows\System32\drivers\CT20XUT.sys
14:11:16.0211 5988 C:\Windows\System32\drivers\CT20XUT.sys - ok
14:11:16.0211 5988 [ 6F9C3C6C78F5296F4BC7102FB0F7CB65 ] C:\Windows\System32\drivers\CTEXFIFX.sys
14:11:16.0211 5988 C:\Windows\System32\drivers\CTEXFIFX.sys - ok
14:11:16.0227 5988 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
14:11:16.0227 5988 C:\Windows\System32\ws2_32.dll - ok
14:11:16.0227 5988 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
14:11:16.0227 5988 C:\Windows\System32\comdlg32.dll - ok
14:11:16.0227 5988 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
14:11:16.0227 5988 C:\Windows\System32\usp10.dll - ok
14:11:16.0243 5988 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
14:11:16.0243 5988 C:\Windows\System32\imagehlp.dll - ok
14:11:16.0243 5988 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
14:11:16.0243 5988 C:\Windows\System32\urlmon.dll - ok
14:11:16.0243 5988 [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll
14:11:16.0243 5988 C:\Windows\System32\kernel32.dll - ok
14:11:16.0258 5988 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
14:11:16.0258 5988 C:\Windows\System32\user32.dll - ok
14:11:16.0258 5988 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
14:11:16.0258 5988 C:\Windows\System32\clbcatq.dll - ok
14:11:16.0258 5988 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
14:11:16.0258 5988 C:\Windows\System32\normaliz.dll - ok
14:11:16.0274 5988 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
14:11:16.0274 5988 C:\Windows\System32\difxapi.dll - ok
14:11:16.0274 5988 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
14:11:16.0274 5988 C:\Windows\System32\rpcrt4.dll - ok
14:11:16.0274 5988 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
14:11:16.0274 5988 C:\Windows\System32\shell32.dll - ok
14:11:16.0289 5988 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
14:11:16.0289 5988 C:\Windows\System32\advapi32.dll - ok
14:11:16.0289 5988 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
14:11:16.0289 5988 C:\Windows\System32\ole32.dll - ok
14:11:16.0289 5988 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
14:11:16.0289 5988 C:\Windows\System32\wininet.dll - ok
14:11:16.0305 5988 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
14:11:16.0305 5988 C:\Windows\System32\imm32.dll - ok
14:11:16.0305 5988 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
14:11:16.0305 5988 C:\Windows\System32\sechost.dll - ok
14:11:16.0305 5988 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
14:11:16.0305 5988 C:\Windows\System32\shlwapi.dll - ok
14:11:16.0321 5988 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
14:11:16.0321 5988 C:\Windows\System32\iertutil.dll - ok
14:11:16.0321 5988 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
14:11:16.0321 5988 C:\Windows\System32\msvcrt.dll - ok
14:11:16.0336 5988 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
14:11:16.0336 5988 C:\Windows\System32\lpk.dll - ok
14:11:16.0336 5988 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
14:11:16.0336 5988 C:\Windows\System32\Wldap32.dll - ok
14:11:16.0352 5988 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
14:11:16.0352 5988 C:\Windows\System32\oleaut32.dll - ok
14:11:16.0352 5988 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
14:11:16.0352 5988 C:\Windows\System32\nsi.dll - ok
14:11:16.0352 5988 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
14:11:16.0352 5988 C:\Windows\System32\psapi.dll - ok
14:11:16.0367 5988 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
14:11:16.0367 5988 C:\Windows\System32\setupapi.dll - ok
14:11:16.0367 5988 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
14:11:16.0367 5988 C:\Windows\System32\drivers\usbd.sys - ok
14:11:16.0367 5988 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
14:11:16.0367 5988 C:\Windows\System32\drivers\usbccgp.sys - ok
14:11:16.0383 5988 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
14:11:16.0383 5988 C:\Windows\System32\drivers\hidclass.sys - ok
14:11:16.0383 5988 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
14:11:16.0383 5988 C:\Windows\System32\drivers\hidparse.sys - ok
14:11:16.0383 5988 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
14:11:16.0383 5988 C:\Windows\System32\drivers\hidusb.sys - ok
14:11:16.0399 5988 [ 68BAD03835873D4BBBDE95CBB135A395 ] C:\Windows\System32\drivers\UsbFltr.sys
14:11:16.0399 5988 C:\Windows\System32\drivers\UsbFltr.sys - ok
14:11:16.0399 5988 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
14:11:16.0399 5988 C:\Windows\System32\gdi32.dll - ok
14:11:16.0414 5988 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
14:11:16.0414 5988 C:\Windows\System32\msctf.dll - ok
14:11:16.0414 5988 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
14:11:16.0430 5988 C:\Windows\System32\drivers\kbdhid.sys - ok
14:11:16.0430 5988 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
14:11:16.0430 5988 C:\Windows\System32\drivers\mouhid.sys - ok
14:11:16.0445 5988 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
14:11:16.0445 5988 C:\Windows\System32\wintrust.dll - ok
14:11:16.0445 5988 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
14:11:16.0445 5988 C:\Windows\System32\cfgmgr32.dll - ok
14:11:16.0445 5988 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
14:11:16.0445 5988 C:\Windows\System32\devobj.dll - ok
14:11:16.0461 5988 [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll
14:11:16.0461 5988 C:\Windows\System32\KernelBase.dll - ok
14:11:16.0461 5988 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
14:11:16.0461 5988 C:\Windows\System32\comctl32.dll - ok
14:11:16.0477 5988 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
14:11:16.0477 5988 C:\Windows\System32\crypt32.dll - ok
14:11:16.0492 5988 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] C:\Windows\System32\drivers\usbscan.sys
14:11:16.0492 5988 C:\Windows\System32\drivers\usbscan.sys - ok
14:11:16.0492 5988 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
14:11:16.0492 5988 C:\Windows\System32\msasn1.dll - ok
14:11:16.0492 5988 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
14:11:16.0492 5988 C:\Windows\SysWOW64\normaliz.dll - ok
14:11:16.0508 5988 [ 73188F58FB384E75C4063D29413CEE3D ] C:\Windows\System32\drivers\usbprint.sys
14:11:16.0508 5988 C:\Windows\System32\drivers\usbprint.sys - ok
14:11:16.0508 5988 [ FD05A02B0370BC3000F402E543CA5814 ] C:\Windows\System32\drivers\Dot4usb.sys
14:11:16.0508 5988 C:\Windows\System32\drivers\Dot4usb.sys - ok
14:11:16.0523 5988 [ B42ED0320C6E41102FDE0005154849BB ] C:\Windows\System32\drivers\Dot4.sys
14:11:16.0523 5988 C:\Windows\System32\drivers\Dot4.sys - ok
14:11:16.0523 5988 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
14:11:16.0523 5988 C:\Windows\System32\drivers\USBSTOR.SYS - ok
14:11:16.0539 5988 [ E9F5969233C5D89F3C35E3A66A52A361 ] C:\Windows\System32\drivers\Dot4Prt.sys
14:11:16.0539 5988 C:\Windows\System32\drivers\Dot4Prt.sys - ok
14:11:16.0539 5988 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
14:11:16.0539 5988 C:\Windows\System32\drivers\dxapi.sys - ok
14:11:16.0539 5988 [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys
14:11:16.0539 5988 C:\Windows\System32\win32k.sys - ok
14:11:16.0555 5988 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
14:11:16.0555 5988 C:\Windows\System32\csrsrv.dll - ok
14:11:16.0555 5988 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
14:11:16.0555 5988 C:\Windows\System32\csrss.exe - ok
14:11:16.0555 5988 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
14:11:16.0555 5988 C:\Windows\System32\basesrv.dll - ok
14:11:16.0570 5988 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll
14:11:16.0570 5988 C:\Windows\System32\winsrv.dll - ok
14:11:16.0570 5988 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
14:11:16.0570 5988 C:\Windows\System32\drivers\monitor.sys - ok
14:11:16.0570 5988 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
14:11:16.0570 5988 C:\Windows\System32\tsddd.dll - ok
14:11:16.0586 5988 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
14:11:16.0586 5988 C:\Windows\System32\sxssrv.dll - ok
14:11:16.0586 5988 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
14:11:16.0586 5988 C:\Windows\System32\wininit.exe - ok
14:11:16.0586 5988 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
14:11:16.0586 5988 C:\Windows\System32\KBDUS.DLL - ok
14:11:16.0601 5988 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
14:11:16.0601 5988 C:\Windows\System32\profapi.dll - ok
14:11:16.0601 5988 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
14:11:16.0601 5988 C:\Windows\System32\RpcRtRemote.dll - ok
14:11:16.0601 5988 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
14:11:16.0601 5988 C:\Windows\System32\cdd.dll - ok
14:11:16.0617 5988 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
14:11:16.0617 5988 C:\Windows\System32\sxs.dll - ok
14:11:16.0617 5988 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
14:11:16.0617 5988 C:\Windows\System32\WlS0WndH.dll - ok
14:11:16.0617 5988 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
14:11:16.0617 5988 C:\Windows\System32\cryptbase.dll - ok
14:11:16.0633 5988 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
14:11:16.0633 5988 C:\Windows\System32\apphelp.dll - ok
14:11:16.0633 5988 [ 685527DA09EBFB681E98C515978BDEE2 ] C:\Windows\System32\lsasrv.dll
14:11:16.0633 5988 C:\Windows\System32\lsasrv.dll - ok
14:11:16.0633 5988 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
14:11:16.0633 5988 C:\Windows\System32\lsass.exe - ok
14:11:16.0648 5988 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
14:11:16.0648 5988 C:\Windows\System32\lsm.exe - ok
14:11:16.0648 5988 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
14:11:16.0648 5988 C:\Windows\System32\services.exe - ok
14:11:16.0648 5988 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
14:11:16.0648 5988 C:\Windows\System32\sspisrv.dll - ok
14:11:16.0664 5988 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
14:11:16.0664 5988 C:\Windows\System32\scesrv.dll - ok
14:11:16.0664 5988 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
14:11:16.0664 5988 C:\Windows\System32\scext.dll - ok
14:11:16.0664 5988 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
14:11:16.0664 5988 C:\Windows\System32\secur32.dll - ok
14:11:16.0679 5988 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
14:11:16.0679 5988 C:\Windows\System32\sspicli.dll - ok
14:11:16.0679 5988 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
14:11:16.0679 5988 C:\Windows\System32\sysntfy.dll - ok
14:11:16.0679 5988 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
14:11:16.0679 5988 C:\Windows\System32\wmsgapi.dll - ok
14:11:16.0695 5988 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
14:11:16.0695 5988 C:\Windows\System32\samsrv.dll - ok
14:11:16.0695 5988 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
14:11:16.0695 5988 C:\Windows\System32\srvcli.dll - ok
14:11:16.0711 5988 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
14:11:16.0711 5988 C:\Windows\System32\cryptdll.dll - ok
14:11:16.0711 5988 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
14:11:16.0711 5988 C:\Windows\System32\wevtapi.dll - ok
14:11:16.0711 5988 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
14:11:16.0711 5988 C:\Windows\System32\authz.dll - ok
14:11:16.0726 5988 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
14:11:16.0726 5988 C:\Windows\System32\cngaudit.dll - ok
14:11:16.0742 5988 [ 9B3718651DDE8A75FC4E8D6542A250D8 ] C:\Windows\System32\ncrypt.dll
14:11:16.0742 5988 C:\Windows\System32\ncrypt.dll - ok
14:11:16.0742 5988 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
14:11:16.0742 5988 C:\Windows\System32\bcrypt.dll - ok
14:11:16.0742 5988 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
14:11:16.0742 5988 C:\Windows\System32\msprivs.dll - ok
14:11:16.0742 5988 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
14:11:16.0757 5988 C:\Windows\System32\netjoin.dll - ok
14:11:16.0757 5988 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
14:11:16.0757 5988 C:\Windows\System32\negoexts.dll - ok
14:11:16.0757 5988 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
14:11:16.0757 5988 C:\Windows\System32\cryptsp.dll - ok
14:11:16.0773 5988 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
14:11:16.0773 5988 C:\Windows\System32\kerberos.dll - ok
14:11:16.0773 5988 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
14:11:16.0773 5988 C:\Windows\System32\msv1_0.dll - ok
14:11:16.0773 5988 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
14:11:16.0773 5988 C:\Windows\System32\mswsock.dll - ok
14:11:16.0789 5988 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
14:11:16.0789 5988 C:\Windows\System32\wship6.dll - ok
14:11:16.0789 5988 [ CB2ABB2DA1E9C977302A78D86D4AE3B0 ] C:\Windows\System32\atmfd.dll
14:11:16.0789 5988 C:\Windows\System32\atmfd.dll - ok
14:11:16.0789 5988 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
14:11:16.0789 5988 C:\Windows\System32\netlogon.dll - ok
14:11:16.0804 5988 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
14:11:16.0804 5988 C:\Windows\System32\dnsapi.dll - ok
14:11:16.0804 5988 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
14:11:16.0804 5988 C:\Windows\System32\logoncli.dll - ok
14:11:16.0820 5988 [ B7D42CB36C08FA017E73FF2433CD7287 ] C:\Windows\System32\schannel.dll
14:11:16.0820 5988 C:\Windows\System32\schannel.dll - ok
14:11:16.0820 5988 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
14:11:16.0820 5988 C:\Windows\System32\wdigest.dll - ok
14:11:16.0835 5988 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
14:11:16.0835 5988 C:\Windows\System32\rsaenh.dll - ok
14:11:16.0835 5988 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
14:11:16.0835 5988 C:\Windows\System32\TSpkg.dll - ok
14:11:16.0851 5988 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
14:11:16.0851 5988 C:\Windows\System32\pku2u.dll - ok
14:11:16.0851 5988 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
14:11:16.0851 5988 C:\Windows\System32\bcryptprimitives.dll - ok
14:11:16.0851 5988 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
14:11:16.0851 5988 C:\Windows\System32\efslsaext.dll - ok
14:11:16.0867 5988 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
14:11:16.0867 5988 C:\Windows\System32\scecli.dll - ok
14:11:16.0867 5988 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
14:11:16.0867 5988 C:\Windows\System32\ubpm.dll - ok
14:11:16.0882 5988 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
14:11:16.0882 5988 C:\Windows\System32\winsta.dll - ok
14:11:16.0882 5988 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
14:11:16.0882 5988 C:\Windows\System32\svchost.exe - ok
14:11:16.0898 5988 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
14:11:16.0898 5988 C:\Windows\System32\umpnpmgr.dll - ok
14:11:16.0898 5988 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
14:11:16.0898 5988 C:\Windows\System32\devrtl.dll - ok
14:11:16.0913 5988 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
14:11:16.0913 5988 C:\Windows\System32\SPInf.dll - ok
14:11:16.0913 5988 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
14:11:16.0913 5988 C:\Windows\System32\gpapi.dll - ok
14:11:16.0929 5988 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
14:11:16.0929 5988 C:\Windows\System32\userenv.dll - ok
14:11:16.0929 5988 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
14:11:16.0929 5988 C:\Windows\System32\umpo.dll - ok
14:11:16.0945 5988 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
14:11:16.0945 5988 C:\Windows\System32\winlogon.exe - ok
14:11:16.0945 5988 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
14:11:16.0945 5988 C:\Windows\System32\pcwum.dll - ok
14:11:16.0945 5988 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
14:11:16.0945 5988 C:\Windows\System32\powrprof.dll - ok
14:11:16.0960 5988 [ B9D4F5F7E7CEE6DA5F8008EAD894D08A ] C:\Program Files\Webroot\WRSA.exe
14:11:16.0960 5988 C:\Program Files\Webroot\WRSA.exe - ok
14:11:16.0960 5988 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
14:11:16.0960 5988 C:\Windows\SysWOW64\ntdll.dll - ok
14:11:16.0960 5988 [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll
14:11:16.0960 5988 C:\Windows\System32\wow64.dll - ok
14:11:16.0976 5988 [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll
14:11:16.0976 5988 C:\Windows\System32\wow64cpu.dll - ok
14:11:16.0976 5988 [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll
14:11:16.0976 5988 C:\Windows\System32\wow64win.dll - ok
14:11:16.0976 5988 [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll
14:11:16.0976 5988 C:\Windows\SysWOW64\kernel32.dll - ok
14:11:16.0991 5988 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
14:11:16.0991 5988 C:\Windows\SysWOW64\advapi32.dll - ok
14:11:16.0991 5988 [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll
14:11:16.0991 5988 C:\Windows\SysWOW64\KernelBase.dll - ok
14:11:16.0991 5988 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
14:11:16.0991 5988 C:\Windows\SysWOW64\crypt32.dll - ok
14:11:17.0007 5988 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
14:11:17.0007 5988 C:\Windows\SysWOW64\cryptbase.dll - ok
14:11:17.0007 5988 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
14:11:17.0007 5988 C:\Windows\SysWOW64\msvcrt.dll - ok
14:11:17.0007 5988 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
14:11:17.0007 5988 C:\Windows\SysWOW64\rpcrt4.dll - ok
14:11:17.0023 5988 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
14:11:17.0023 5988 C:\Windows\SysWOW64\sechost.dll - ok
14:11:17.0023 5988 [ BFB26890612FB8AE8B0463EBEBE84B7E ] C:\Windows\SysWOW64\sspicli.dll
14:11:17.0023 5988 C:\Windows\SysWOW64\sspicli.dll - ok
14:11:17.0023 5988 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
14:11:17.0023 5988 C:\Windows\SysWOW64\ddraw.dll - ok
14:11:17.0038 5988 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
14:11:17.0038 5988 C:\Windows\SysWOW64\msasn1.dll - ok
14:11:17.0038 5988 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
14:11:17.0038 5988 C:\Windows\SysWOW64\user32.dll - ok
14:11:17.0038 5988 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
14:11:17.0038 5988 C:\Windows\SysWOW64\gdi32.dll - ok
14:11:17.0054 5988 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
14:11:17.0054 5988 C:\Windows\SysWOW64\lpk.dll - ok
14:11:17.0054 5988 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
14:11:17.0054 5988 C:\Windows\SysWOW64\usp10.dll - ok
14:11:17.0054 5988 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
14:11:17.0054 5988 C:\Windows\SysWOW64\dciman32.dll - ok
14:11:17.0069 5988 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
14:11:17.0069 5988 C:\Windows\SysWOW64\setupapi.dll - ok
14:11:17.0069 5988 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
14:11:17.0069 5988 C:\Windows\SysWOW64\cfgmgr32.dll - ok
14:11:17.0085 5988 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
14:11:17.0085 5988 C:\Windows\SysWOW64\oleaut32.dll - ok
14:11:17.0101 5988 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
14:11:17.0101 5988 C:\Windows\SysWOW64\ole32.dll - ok
14:11:17.0101 5988 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
14:11:17.0101 5988 C:\Windows\SysWOW64\devobj.dll - ok
14:11:17.0101 5988 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
14:11:17.0101 5988 C:\Windows\SysWOW64\dsound.dll - ok
14:11:17.0116 5988 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
14:11:17.0116 5988 C:\Windows\SysWOW64\dwmapi.dll - ok
14:11:17.0116 5988 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
14:11:17.0116 5988 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
14:11:17.0116 5988 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
14:11:17.0116 5988 C:\Windows\SysWOW64\netapi32.dll - ok
14:11:17.0132 5988 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
14:11:17.0132 5988 C:\Windows\SysWOW64\netutils.dll - ok
14:11:17.0132 5988 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
14:11:17.0132 5988 C:\Windows\SysWOW64\nsi.dll - ok
14:11:17.0132 5988 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
14:11:17.0132 5988 C:\Windows\SysWOW64\powrprof.dll - ok
14:11:17.0147 5988 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
14:11:17.0147 5988 C:\Windows\SysWOW64\samcli.dll - ok
14:11:17.0147 5988 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
14:11:17.0147 5988 C:\Windows\SysWOW64\srvcli.dll - ok
14:11:17.0147 5988 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
14:11:17.0147 5988 C:\Windows\SysWOW64\winmm.dll - ok
14:11:17.0163 5988 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
14:11:17.0163 5988 C:\Windows\SysWOW64\winnsi.dll - ok
14:11:17.0163 5988 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
14:11:17.0163 5988 C:\Windows\SysWOW64\wkscli.dll - ok
14:11:17.0179 5988 [ A113AFEED3159A1ED52D78CB0226006D ] C:\Windows\SysWOW64\secur32.dll
14:11:17.0179 5988 C:\Windows\SysWOW64\secur32.dll - ok
14:11:17.0179 5988 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
14:11:17.0179 5988 C:\Windows\SysWOW64\wininet.dll - ok
14:11:17.0179 5988 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
14:11:17.0179 5988 C:\Windows\SysWOW64\iertutil.dll - ok
14:11:17.0194 5988 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
14:11:17.0194 5988 C:\Windows\SysWOW64\shlwapi.dll - ok
14:11:17.0194 5988 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
14:11:17.0194 5988 C:\Windows\SysWOW64\urlmon.dll - ok
14:11:17.0194 5988 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
14:11:17.0194 5988 C:\Windows\SysWOW64\imm32.dll - ok
14:11:17.0210 5988 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
14:11:17.0210 5988 C:\Windows\SysWOW64\msctf.dll - ok
14:11:17.0210 5988 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
14:11:17.0210 5988 C:\Windows\SysWOW64\winspool.drv - ok
14:11:17.0210 5988 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
14:11:17.0210 5988 C:\Windows\SysWOW64\wintrust.dll - ok
14:11:17.0225 5988 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
14:11:17.0225 5988 C:\Windows\SysWOW64\shell32.dll - ok
14:11:17.0225 5988 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
14:11:17.0225 5988 C:\Windows\SysWOW64\ws2_32.dll - ok
14:11:17.0225 5988 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
14:11:17.0225 5988 C:\Windows\SysWOW64\mswsock.dll - ok
14:11:17.0241 5988 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
14:11:17.0241 5988 C:\Windows\SysWOW64\profapi.dll - ok
14:11:17.0241 5988 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
14:11:17.0241 5988 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
14:11:17.0241 5988 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
14:11:17.0241 5988 C:\Windows\SysWOW64\dnsapi.dll - ok
14:11:17.0257 5988 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
14:11:17.0257 5988 C:\Windows\SysWOW64\NapiNSP.dll - ok
14:11:17.0272 5988 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
14:11:17.0272 5988 C:\Windows\SysWOW64\pnrpnsp.dll - ok
14:11:17.0272 5988 [ 4355CF8BD07B0E48C111FC3D2F36D313 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
14:11:17.0272 5988 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
14:11:17.0288 5988 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
14:11:17.0288 5988 C:\Windows\SysWOW64\psapi.dll - ok
14:11:17.0288 5988 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
14:11:17.0288 5988 C:\Windows\SysWOW64\winrnr.dll - ok
14:11:17.0303 5988 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
14:11:17.0303 5988 C:\Windows\System32\drivers\luafv.sys - ok
14:11:17.0303 5988 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
14:11:17.0303 5988 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
14:11:17.0303 5988 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
14:11:17.0303 5988 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
14:11:17.0319 5988 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
14:11:17.0319 5988 C:\Windows\SysWOW64\rasadhlp.dll - ok
14:11:17.0319 5988 [ A8FE8F2783B2929B56F5370A89356CE9 ] C:\Windows\System32\drivers\mbam.sys
14:11:17.0319 5988 C:\Windows\System32\drivers\mbam.sys - ok
14:11:17.0319 5988 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
14:11:17.0319 5988 C:\Windows\System32\drivers\WUDFPf.sys - ok
14:11:17.0335 5988 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
14:11:17.0335 5988 C:\Windows\System32\RpcEpMap.dll - ok
14:11:17.0335 5988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
14:11:17.0335 5988 C:\Windows\System32\rpcss.dll - ok
14:11:17.0335 5988 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
14:11:17.0335 5988 C:\Windows\System32\wshqos.dll - ok
14:11:17.0350 5988 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
14:11:17.0350 5988 C:\Windows\System32\WSHTCPIP.DLL - ok
14:11:17.0350 5988 [ BCF8F2758AA5C451F8E366C66A98BBFE ] C:\Program Files\Microsoft Security Client\MpSvc.dll
14:11:17.0350 5988 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
14:11:17.0350 5988 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:11:17.0350 5988 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
14:11:17.0366 5988 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
14:11:17.0366 5988 C:\Windows\System32\FirewallAPI.dll - ok
14:11:17.0366 5988 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
14:11:17.0366 5988 C:\Windows\System32\LogonUI.exe - ok
14:11:17.0381 5988 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
14:11:17.0381 5988 C:\Windows\System32\authui.dll - ok
14:11:17.0381 5988 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
14:11:17.0381 5988 C:\Windows\System32\version.dll - ok
14:11:17.0397 5988 [ 2F67DEE6452EBC9F4A6C97A1CCC232FE ] C:\Program Files\Microsoft Security Client\MpClient.dll
14:11:17.0397 5988 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
14:11:17.0397 5988 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
14:11:17.0397 5988 C:\Windows\System32\wtsapi32.dll - ok
14:11:17.0413 5988 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
14:11:17.0413 5988 C:\Windows\System32\ntmarta.dll - ok
14:11:17.0413 5988 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
14:11:17.0413 5988 C:\Windows\System32\cryptui.dll - ok
14:11:17.0428 5988 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
14:11:17.0428 5988 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
14:11:17.0428 5988 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
14:11:17.0428 5988 C:\Windows\SysWOW64\wtsapi32.dll - ok
14:11:17.0444 5988 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
14:11:17.0444 5988 C:\Windows\SysWOW64\userenv.dll - ok
14:11:17.0444 5988 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
14:11:17.0444 5988 C:\Windows\SysWOW64\winsta.dll - ok
14:11:17.0444 5988 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
14:11:17.0444 5988 C:\Windows\SysWOW64\clbcatq.dll - ok
14:11:17.0459 5988 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
14:11:17.0459 5988 C:\Windows\SysWOW64\cryptsp.dll - ok
14:11:17.0459 5988 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
14:11:17.0459 5988 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
14:11:17.0459 5988 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
14:11:17.0459 5988 C:\Windows\SysWOW64\rsaenh.dll - ok
14:11:17.0475 5988 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
14:11:17.0475 5988 C:\Windows\SysWOW64\wbemcomn.dll - ok
14:11:17.0475 5988 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
14:11:17.0475 5988 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
14:11:17.0475 5988 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
14:11:17.0475 5988 C:\Windows\SysWOW64\propsys.dll - ok
14:11:17.0491 5988 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
14:11:17.0491 5988 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
14:11:17.0491 5988 [ 5F10310A5A9273475AA04930DFE16742 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
14:11:17.0491 5988 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
14:11:17.0491 5988 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\SqmApi.dll
14:11:17.0491 5988 C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
14:11:17.0506 5988 [ 5EC60409BD50953BD4F892B18840039E ] C:\Windows\System32\atiesrxx.exe
14:11:17.0506 5988 C:\Windows\System32\atiesrxx.exe - ok
14:11:17.0506 5988 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
14:11:17.0506 5988 C:\Windows\System32\samlib.dll - ok
14:11:17.0522 5988 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
14:11:17.0522 5988 C:\Windows\System32\shacct.dll - ok
14:11:17.0522 5988 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
14:11:17.0522 5988 C:\Windows\System32\propsys.dll - ok
14:11:17.0537 5988 [ BF62F3BC1BE0700804EC394BB77F02C4 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
14:11:17.0537 5988 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
14:11:17.0537 5988 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
14:11:17.0537 5988 C:\Windows\System32\fltLib.dll - ok
14:11:17.0537 5988 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
14:11:17.0537 5988 C:\Windows\System32\uxtheme.dll - ok
14:11:17.0553 5988 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
14:11:17.0553 5988 C:\Windows\SysWOW64\linkinfo.dll - ok
14:11:17.0553 5988 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
14:11:17.0553 5988 C:\Windows\SysWOW64\ntshrui.dll - ok
14:11:17.0553 5988 [ FF7E814CBFEC3C27922C13BB94667416 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
14:11:17.0553 5988 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
14:11:17.0569 5988 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] C:\Windows\System32\drivers\MpFilter.sys
14:11:17.0569 5988 C:\Windows\System32\drivers\MpFilter.sys - ok
14:11:17.0569 5988 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
14:11:17.0569 5988 C:\Windows\SysWOW64\cscapi.dll - ok
14:11:17.0584 5988 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
14:11:17.0584 5988 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
14:11:17.0584 5988 [ 12FD09889C8A6141C8D10F7AE48BBAC8 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
14:11:17.0584 5988 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
14:11:17.0584 5988 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll

14:11:17.0584 5988 C:\Windows\System32\wevtsvc.dll - ok
14:11:17.0600 5988 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
14:11:17.0600 5988 C:\Windows\SysWOW64\slc.dll - ok
14:11:17.0600 5988 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll
14:11:17.0600 5988 C:\Windows\SysWOW64\fltLib.dll - ok
14:11:17.0615 5988 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
14:11:17.0615 5988 C:\Windows\SysWOW64\ntmarta.dll - ok
14:11:17.0615 5988 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
14:11:17.0615 5988 C:\Windows\SysWOW64\Wldap32.dll - ok
14:11:17.0631 5988 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
14:11:17.0631 5988 C:\Windows\System32\dui70.dll - ok
14:11:17.0631 5988 [ D527EF4364D2D00443470940B177EAD4 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9070F4F0-7222-4F20-80DD-9B26039AA130}\mpengine.dll
14:11:17.0631 5988 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9070F4F0-7222-4F20-80DD-9B26039AA130}\mpengine.dll - ok
14:11:17.0647 5988 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
14:11:17.0647 5988 C:\Windows\System32\duser.dll - ok
14:11:17.0647 5988 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
14:11:17.0647 5988 C:\Windows\System32\SndVolSSO.dll - ok
14:11:17.0662 5988 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
14:11:17.0662 5988 C:\Windows\System32\audiosrv.dll - ok
14:11:17.0662 5988 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
14:11:17.0662 5988 C:\Windows\System32\avrt.dll - ok
14:11:17.0678 5988 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
14:11:17.0678 5988 C:\Windows\System32\mmcss.dll - ok
14:11:17.0678 5988 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
14:11:17.0678 5988 C:\Windows\System32\hid.dll - ok
14:11:17.0693 5988 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
14:11:17.0693 5988 C:\Windows\System32\MMDevAPI.dll - ok
14:11:17.0693 5988 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
14:11:17.0693 5988 C:\Windows\System32\netprofm.dll - ok
14:11:17.0693 5988 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
14:11:17.0693 5988 C:\Windows\System32\dwmapi.dll - ok
14:11:17.0709 5988 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
14:11:17.0709 5988 C:\Windows\System32\xmllite.dll - ok
14:11:17.0709 5988 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
14:11:17.0709 5988 C:\Windows\System32\WindowsCodecs.dll - ok
14:11:17.0709 5988 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
14:11:17.0709 5988 C:\Windows\System32\audiodg.exe - ok
14:11:17.0725 5988 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
14:11:17.0725 5988 C:\Windows\System32\adtschema.dll - ok
14:11:17.0725 5988 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
14:11:17.0725 5988 C:\Windows\System32\winbrand.dll - ok
14:11:17.0725 5988 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
14:11:17.0725 5988 C:\Windows\System32\VaultCredProvider.dll - ok
14:11:17.0740 5988 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
14:11:17.0740 5988 C:\Windows\System32\BioCredProv.dll - ok
14:11:17.0740 5988 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
14:11:17.0740 5988 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
14:11:17.0756 5988 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
14:11:17.0756 5988 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
14:11:17.0756 5988 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
14:11:17.0756 5988 C:\Windows\System32\WUDFPlatform.dll - ok
14:11:17.0756 5988 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
14:11:17.0756 5988 C:\Windows\System32\winbio.dll - ok
14:11:17.0771 5988 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
14:11:17.0771 5988 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe - ok
14:11:17.0771 5988 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
14:11:17.0771 5988 C:\Windows\System32\credui.dll - ok
14:11:17.0771 5988 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
14:11:17.0771 5988 C:\Windows\System32\drivers\fltMgr.sys - ok
14:11:17.0771 5988 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
14:11:17.0771 5988 C:\Windows\SysWOW64\oleacc.dll - ok
14:11:17.0787 5988 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
14:11:17.0787 5988 C:\Windows\System32\gpsvc.dll - ok
14:11:17.0787 5988 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
14:11:17.0787 5988 C:\Windows\System32\netapi32.dll - ok
14:11:17.0787 5988 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
14:11:17.0787 5988 C:\Windows\System32\profsvc.dll - ok
14:11:17.0803 5988 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
14:11:17.0803 5988 C:\Windows\System32\vaultcli.dll - ok
14:11:17.0803 5988 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
14:11:17.0803 5988 C:\Windows\System32\MPSSVC.dll - ok
14:11:17.0818 5988 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
14:11:17.0818 5988 C:\Windows\System32\netutils.dll - ok
14:11:17.0818 5988 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
14:11:17.0818 5988 C:\Windows\System32\PSHED.DLL - ok
14:11:17.0834 5988 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
14:11:17.0834 5988 C:\Windows\System32\wkscli.dll - ok
14:11:17.0849 5988 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
14:11:17.0849 5988 C:\Windows\System32\samcli.dll - ok
14:11:17.0849 5988 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
14:11:17.0849 5988 C:\Windows\System32\certCredProvider.dll - ok
14:11:17.0865 5988 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
14:11:17.0865 5988 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
14:11:17.0865 5988 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
14:11:17.0865 5988 C:\Windows\System32\atl.dll - ok
14:11:17.0881 5988 [ 1ECB3FFBF22B8A7C958CCF8F96119FC0 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
14:11:17.0881 5988 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
14:11:17.0881 5988 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
14:11:17.0881 5988 C:\Windows\System32\nlaapi.dll - ok
14:11:17.0881 5988 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
14:11:17.0881 5988 C:\Windows\System32\themeservice.dll - ok
14:11:17.0896 5988 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
14:11:17.0896 5988 C:\Windows\System32\dsrole.dll - ok
14:11:17.0896 5988 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
14:11:17.0896 5988 C:\Windows\System32\slc.dll - ok
14:11:17.0896 5988 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
14:11:17.0896 5988 C:\Windows\System32\es.dll - ok
14:11:17.0912 5988 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
14:11:17.0912 5988 C:\Windows\System32\comres.dll - ok
14:11:17.0912 5988 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
14:11:17.0912 5988 C:\Windows\System32\Sens.dll - ok
14:11:17.0912 5988 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
14:11:17.0912 5988 C:\Windows\System32\uxsms.dll - ok
14:11:17.0927 5988 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
14:11:17.0927 5988 C:\Windows\System32\WUDFSvc.dll - ok
14:11:17.0927 5988 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
14:11:17.0927 5988 C:\Windows\System32\drivers\lltdio.sys - ok
14:11:17.0927 5988 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
14:11:17.0927 5988 C:\Windows\System32\drivers\rspndr.sys - ok
14:11:17.0943 5988 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
14:11:17.0943 5988 C:\Windows\System32\rasplap.dll - ok
14:11:17.0959 5988 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
14:11:17.0959 5988 C:\Windows\System32\rasapi32.dll - ok
14:11:17.0959 5988 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
14:11:17.0959 5988 C:\Windows\System32\IPHLPAPI.DLL - ok
14:11:17.0959 5988 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
14:11:17.0959 5988 C:\Windows\System32\lmhsvc.dll - ok
14:11:17.0974 5988 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
14:11:17.0974 5988 C:\Windows\System32\nsisvc.dll - ok
14:11:17.0974 5988 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
14:11:17.0974 5988 C:\Windows\SysWOW64\webio.dll - ok
14:11:17.0974 5988 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
14:11:17.0974 5988 C:\Windows\SysWOW64\winhttp.dll - ok
14:11:17.0990 5988 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
14:11:17.0990 5988 C:\Windows\System32\dhcpcore.dll - ok
14:11:17.0990 5988 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
14:11:17.0990 5988 C:\Windows\System32\nrpsrv.dll - ok
14:11:17.0990 5988 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
14:11:17.0990 5988 C:\Windows\System32\winnsi.dll - ok
14:11:18.0005 5988 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
14:11:18.0005 5988 C:\Windows\System32\dnsrslvr.dll - ok
14:11:18.0005 5988 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
14:11:18.0005 5988 C:\Windows\System32\rasman.dll - ok
14:11:18.0021 5988 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
14:11:18.0021 5988 C:\Windows\System32\rtutils.dll - ok
14:11:18.0021 5988 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
14:11:18.0021 5988 C:\Windows\System32\FWPUCLNT.DLL - ok
14:11:18.0037 5988 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
14:11:18.0037 5988 C:\Windows\System32\UXInit.dll - ok
14:11:18.0037 5988 [ A375E101F5D90F4E217C3F668159A952 ] C:\Windows\System32\atieclxx.exe
14:11:18.0037 5988 C:\Windows\System32\atieclxx.exe - ok
14:11:18.0052 5988 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
14:11:18.0052 5988 C:\Windows\System32\dhcpcore6.dll - ok
14:11:18.0052 5988 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
14:11:18.0052 5988 C:\Windows\System32\dhcpcsvc6.dll - ok
14:11:18.0068 5988 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
14:11:18.0068 5988 C:\Windows\System32\dhcpcsvc.dll - ok
14:11:18.0068 5988 [ 6B97200F1FA6427E4E3D8CC7E50FF49A ] C:\Windows\System32\atiadlxx.dll
14:11:18.0068 5988 C:\Windows\System32\atiadlxx.dll - ok
14:11:18.0083 5988 [ AF78F66116814FDD6677CEBD73035CDD ] C:\Windows\SysWOW64\schannel.dll
14:11:18.0083 5988 C:\Windows\SysWOW64\schannel.dll - ok
14:11:18.0083 5988 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
14:11:18.0083 5988 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
14:11:18.0083 5988 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
14:11:18.0083 5988 C:\Windows\SysWOW64\wship6.dll - ok
14:11:18.0099 5988 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
14:11:18.0099 5988 C:\Windows\System32\imageres.dll - ok
14:11:18.0099 5988 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
14:11:18.0099 5988 C:\Windows\System32\dnsext.dll - ok
14:11:18.0099 5988 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
14:11:18.0099 5988 C:\Windows\System32\shsvcs.dll - ok
14:11:18.0115 5988 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
14:11:18.0115 5988 C:\Windows\System32\schedsvc.dll - ok
14:11:18.0115 5988 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
14:11:18.0115 5988 C:\Windows\System32\ktmw32.dll - ok
14:11:18.0115 5988 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
14:11:18.0115 5988 C:\Windows\System32\fveapi.dll - ok
14:11:18.0130 5988 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
14:11:18.0130 5988 C:\Windows\System32\fvecerts.dll - ok
14:11:18.0130 5988 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
14:11:18.0130 5988 C:\Windows\System32\taskcomp.dll - ok
14:11:18.0146 5988 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
14:11:18.0146 5988 C:\Windows\System32\tbs.dll - ok
14:11:18.0146 5988 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
14:11:18.0146 5988 C:\Windows\System32\drivers\http.sys - ok
14:11:18.0161 5988 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
14:11:18.0161 5988 C:\Windows\System32\spoolsv.exe - ok
14:11:18.0161 5988 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
14:11:18.0161 5988 C:\Windows\System32\wiarpc.dll - ok
14:11:18.0177 5988 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
14:11:18.0177 5988 C:\Windows\System32\BFE.DLL - ok
14:11:18.0177 5988 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
14:11:18.0177 5988 C:\Windows\System32\drivers\srvnet.sys - ok
14:11:18.0193 5988 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
14:11:18.0193 5988 C:\Windows\System32\drivers\bowser.sys - ok
14:11:18.0193 5988 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
14:11:18.0193 5988 C:\Windows\System32\drivers\mpsdrv.sys - ok
14:11:18.0208 5988 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
14:11:18.0208 5988 C:\Windows\System32\drivers\mrxsmb.sys - ok
14:11:18.0208 5988 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
14:11:18.0208 5988 C:\Windows\System32\drivers\mrxsmb10.sys - ok
14:11:18.0208 5988 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
14:11:18.0208 5988 C:\Windows\System32\drivers\mrxsmb20.sys - ok
14:11:18.0224 5988 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
14:11:18.0224 5988 C:\Windows\System32\drivers\srv2.sys - ok
14:11:18.0224 5988 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
14:11:18.0224 5988 C:\Windows\System32\drivers\srv.sys - ok
14:11:18.0239 5988 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
14:11:18.0239 5988 C:\Windows\System32\wfapigp.dll - ok
14:11:18.0255 5988 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
14:11:18.0255 5988 C:\Windows\System32\wkssvc.dll - ok
14:11:18.0255 5988 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
14:11:18.0255 5988 C:\Windows\System32\browser.dll - ok
14:11:18.0271 5988 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
14:11:18.0271 5988 C:\Windows\System32\netmsg.dll - ok
14:11:18.0271 5988 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
14:11:18.0271 5988 C:\Windows\System32\srvsvc.dll - ok
14:11:18.0271 5988 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
14:11:18.0271 5988 C:\Windows\System32\sscore.dll - ok
14:11:18.0286 5988 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
14:11:18.0286 5988 C:\Windows\System32\clusapi.dll - ok
14:11:18.0286 5988 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
14:11:18.0286 5988 C:\Windows\System32\mscms.dll - ok
14:11:18.0286 5988 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
14:11:18.0286 5988 C:\Windows\System32\resutils.dll - ok
14:11:18.0302 5988 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
14:11:18.0302 5988 C:\Windows\System32\pcasvc.dll - ok
14:11:18.0302 5988 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
14:11:18.0302 5988 C:\Windows\System32\snmptrap.exe - ok
14:11:18.0302 5988 [ E9A0777DCA9148157E0EF9B71D7DE353 ] C:\Windows\System32\RdpGroupPolicyExtension.dll
14:11:18.0302 5988 C:\Windows\System32\RdpGroupPolicyExtension.dll - ok
14:11:18.0302 5988 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
14:11:18.0302 5988 C:\Windows\System32\winspool.drv - ok
14:11:18.0317 5988 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
14:11:18.0317 5988 C:\Windows\System32\provsvc.dll - ok
14:11:18.0317 5988 [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
14:11:18.0317 5988 C:\Program Files\Bonjour\mdnsNSP.dll - ok
14:11:18.0317 5988 [ AF528B4ECA925F63D437F76E87D8971D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
14:11:18.0317 5988 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
14:11:18.0333 5988 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
14:11:18.0333 5988 C:\Windows\System32\rasadhlp.dll - ok
14:11:18.0333 5988 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
14:11:18.0333 5988 C:\Windows\System32\sstpsvc.dll - ok
14:11:18.0333 5988 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
14:11:18.0333 5988 C:\Windows\System32\localspl.dll - ok
14:11:18.0349 5988 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
14:11:18.0349 5988 C:\Windows\System32\umb.dll - ok
14:11:18.0349 5988 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
14:11:18.0349 5988 C:\Windows\System32\spoolss.dll - ok
14:11:18.0364 5988 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
14:11:18.0364 5988 C:\Windows\System32\PrintIsolationProxy.dll - ok
14:11:18.0364 5988 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
14:11:18.0364 5988 C:\Windows\System32\FXSMON.dll - ok
14:11:18.0380 5988 [ 72BC5B1F4AEC15A44381178CAE623A4B ] C:\Windows\System32\hpf3l101.dll
14:11:18.0380 5988 C:\Windows\System32\hpf3l101.dll - ok
14:11:18.0380 5988 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
14:11:18.0380 5988 C:\Windows\System32\tcpmon.dll - ok
14:11:18.0380 5988 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
14:11:18.0380 5988 C:\Windows\System32\snmpapi.dll - ok
14:11:18.0395 5988 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
14:11:18.0395 5988 C:\Windows\System32\wsnmp32.dll - ok
14:11:18.0395 5988 [ 5B8580B819BE32EEC18CE1FEC52A4BCE ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
14:11:18.0395 5988 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
14:11:18.0395 5988 [ 0E7045E24F78351E021D3C01566DBBA3 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
14:11:18.0395 5988 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
14:11:18.0411 5988 [ B2DE3A0C9FDC9D052534CF20DD5AEC75 ] C:\Windows\SysWOW64\WRusr.dll
14:11:18.0411 5988 C:\Windows\SysWOW64\WRusr.dll - ok
14:11:18.0411 5988 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
14:11:18.0411 5988 C:\Windows\System32\wscapi.dll - ok
14:11:18.0427 5988 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
14:11:18.0427 5988 C:\Windows\SysWOW64\msimg32.dll - ok
14:11:18.0427 5988 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll
14:11:18.0427 5988 C:\Windows\System32\msxml6.dll - ok
14:11:18.0442 5988 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
14:11:18.0442 5988 C:\Windows\System32\usbmon.dll - ok
14:11:18.0442 5988 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
14:11:18.0442 5988 C:\Windows\System32\WSDMon.dll - ok
14:11:18.0442 5988 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
14:11:18.0442 5988 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
14:11:18.0458 5988 [ 3326166011C9BC13D6A8EFD856E9921C ] C:\Windows\System32\conhost.exe
14:11:18.0458 5988 C:\Windows\System32\conhost.exe - ok
14:11:18.0458 5988 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
14:11:18.0458 5988 C:\Windows\System32\WSDApi.dll - ok
14:11:18.0458 5988 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
14:11:18.0473 5988 C:\Windows\System32\dllhost.exe - ok
14:11:18.0473 5988 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
14:11:18.0473 5988 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
14:11:18.0473 5988 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
14:11:18.0473 5988 C:\Windows\System32\cabinet.dll - ok
14:11:18.0489 5988 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
14:11:18.0489 5988 C:\Windows\System32\IDStore.dll - ok
14:11:18.0489 5988 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
14:11:18.0489 5988 C:\Windows\System32\taskhost.exe - ok
14:11:18.0489 5988 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
14:11:18.0489 5988 C:\Windows\System32\webservices.dll - ok
14:11:18.0505 5988 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
14:11:18.0505 5988 C:\Windows\System32\PlaySndSrv.dll - ok
14:11:18.0505 5988 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
14:11:18.0505 5988 C:\Windows\System32\AtBroker.exe - ok
14:11:18.0505 5988 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
14:11:18.0505 5988 C:\Windows\System32\mpr.dll - ok
14:11:18.0520 5988 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
14:11:18.0520 5988 C:\Windows\System32\winmm.dll - ok
14:11:18.0520 5988 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
14:11:18.0520 5988 C:\Windows\System32\HotStartUserAgent.dll - ok
14:11:18.0536 5988 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
14:11:18.0536 5988 C:\Windows\System32\MsCtfMonitor.dll - ok
14:11:18.0536 5988 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
14:11:18.0536 5988 C:\Windows\System32\msutb.dll - ok
14:11:18.0536 5988 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
14:11:18.0536 5988 C:\Windows\System32\p2pcollab.dll - ok
14:11:18.0551 5988 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
14:11:18.0551 5988 C:\Windows\System32\userinit.exe - ok
14:11:18.0551 5988 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
14:11:18.0551 5988 C:\Windows\System32\dwm.exe - ok
14:11:18.0551 5988 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
14:11:18.0551 5988 C:\Windows\System32\dwmredir.dll - ok
14:11:18.0551 5988 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
14:11:18.0551 5988 C:\Windows\System32\fundisc.dll - ok
14:11:18.0567 5988 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
14:11:18.0567 5988 C:\Windows\System32\dwmcore.dll - ok
14:11:18.0567 5988 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
14:11:18.0567 5988 C:\Windows\System32\fdPnp.dll - ok
14:11:18.0567 5988 [ 42B82145FD3FFDA86A62E61154B0AEBE ] C:\Windows\System32\spool\prtprocs\x64\hpfpp101.dll
14:11:18.0567 5988 C:\Windows\System32\spool\prtprocs\x64\hpfpp101.dll - ok
14:11:18.0583 5988 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
14:11:18.0583 5988 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
14:11:18.0583 5988 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
14:11:18.0583 5988 C:\Windows\System32\QAGENTRT.DLL - ok
14:11:18.0583 5988 [ 548CB980D7876E207CC9F8B60C1587A3 ] C:\Windows\System32\win32spl.dll
14:11:18.0583 5988 C:\Windows\System32\win32spl.dll - ok
14:11:18.0598 5988 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
14:11:18.0598 5988 C:\Windows\System32\fveui.dll - ok
14:11:18.0598 5988 [ CA9E3BD4752FA2C084F5CD35FD8D0025 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
14:11:18.0598 5988 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
14:11:18.0598 5988 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
14:11:18.0598 5988 C:\Windows\System32\d3d10_1.dll - ok
14:11:18.0614 5988 [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
14:11:18.0614 5988 C:\Windows\System32\slwga.dll - ok
14:11:18.0614 5988 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
14:11:18.0614 5988 C:\Windows\System32\sppc.dll - ok
14:11:18.0614 5988 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
14:11:18.0614 5988 C:\Windows\explorer.exe - ok
14:11:18.0629 5988 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
14:11:18.0629 5988 C:\Windows\System32\inetpp.dll - ok
14:11:18.0629 5988 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
14:11:18.0629 5988 C:\Windows\System32\rundll32.exe - ok
14:11:18.0629 5988 [ D874D6335B8B43959260A057DBB7FA0F ] C:\Windows\System32\WRusr.dll
14:11:18.0629 5988 C:\Windows\System32\WRusr.dll - ok
14:11:18.0645 5988 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
14:11:18.0645 5988 C:\Windows\SysWOW64\apphelp.dll - ok
14:11:18.0645 5988 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
14:11:18.0645 5988 C:\Windows\System32\oleacc.dll - ok
14:11:18.0645 5988 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
14:11:18.0645 5988 C:\Windows\System32\cscapi.dll - ok
14:11:18.0661 5988 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
14:11:18.0661 5988 C:\Windows\System32\d3d10_1core.dll - ok
14:11:18.0661 5988 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
14:11:18.0661 5988 C:\Windows\System32\msimg32.dll - ok
14:11:18.0661 5988 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
14:11:18.0661 5988 C:\Windows\System32\dxgi.dll - ok
14:11:18.0676 5988 [ D5D3E0A732985D0B969E3BD72C3575EC ] C:\Windows\System32\aticfx64.dll
14:11:18.0676 5988 C:\Windows\System32\aticfx64.dll - ok
14:11:18.0676 5988 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
14:11:18.0676 5988 C:\Windows\System32\ExplorerFrame.dll - ok
14:11:18.0676 5988 [ BC83F508CF61A96A494A04DB1A0D19AA ] C:\Windows\System32\atiuxp64.dll
14:11:18.0676 5988 C:\Windows\System32\atiuxp64.dll - ok
14:11:18.0692 5988 [ 97803F15CFBF63DB99AC278CB27F671B ] C:\Windows\System32\atidxx64.dll
14:11:18.0692 5988 C:\Windows\System32\atidxx64.dll - ok
14:11:18.0692 5988 [ 86B2787F580D7CFB232F5BA0935E5F11 ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
14:11:18.0692 5988 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe - ok
14:11:18.0707 5988 [ 37D44BFEA9B50D75764660ADC35C83AC ] C:\Windows\System32\msvcp100.dll
14:11:18.0707 5988 C:\Windows\System32\msvcp100.dll - ok
14:11:18.0707 5988 [ B88DA7FD10BDBB3754D98AFD39677C29 ] C:\Windows\System32\msvcr100.dll
14:11:18.0707 5988 C:\Windows\System32\msvcr100.dll - ok
14:11:18.0723 5988 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
14:11:18.0723 5988 C:\Windows\System32\EhStorShell.dll - ok
14:11:18.0723 5988 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys
14:11:18.0723 5988 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys - ok
14:11:18.0739 5988 [ 46C9203F426F5EA8524794E591152283 ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
14:11:18.0739 5988 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll - ok
14:11:18.0739 5988 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
14:11:18.0739 5988 C:\Windows\System32\ntshrui.dll - ok
14:11:18.0739 5988 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
14:11:18.0739 5988 C:\Windows\System32\IconCodecService.dll - ok
14:11:18.0754 5988 [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:11:18.0754 5988 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
14:11:18.0754 5988 [ E2DEA77BAAAED15CA1CE0C8E017C7F2F ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\device.dll
14:11:18.0754 5988 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\device.dll - ok
14:11:18.0754 5988 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
14:11:18.0754 5988 C:\Windows\System32\runonce.exe - ok
14:11:18.0770 5988 [ 7AE92C896AF9ABFBDB18C1D055B6EBA7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll
14:11:18.0770 5988 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll - ok
14:11:18.0770 5988 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
14:11:18.0770 5988 C:\Windows\SysWOW64\runonce.exe - ok
14:11:18.0770 5988 [ 06A754FE28A06F780A099703CFCAAA22 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
14:11:18.0770 5988 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll - ok
14:11:18.0785 5988 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
14:11:18.0785 5988 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
14:11:18.0785 5988 [ 9C963A14F955AF99F6DF0C1F5FC5AF9B ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\platform.dll
14:11:18.0785 5988 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\platform.dll - ok
14:11:18.0801 5988 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
14:11:18.0801 5988 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
14:11:18.0801 5988 [ 92DA9EDE07390B4352B29DD82079E398 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
14:11:18.0801 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
14:11:18.0801 5988 [ D339D7F6E52AECCA9C0898CB547B2902 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
14:11:18.0801 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
14:11:18.0817 5988 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
14:11:18.0817 5988 C:\Windows\SysWOW64\version.dll - ok
14:11:18.0817 5988 [ 5F3347EBA403EE64780980A5BAF10304 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
14:11:18.0817 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
14:11:18.0817 5988 [ 638C7596B493F5F77DB9EF6BAD8FE46C ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
14:11:18.0817 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
14:11:18.0832 5988 [ 26655CA3645C49DA4A79AC18FE84EE11 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
14:11:18.0832 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
14:11:18.0832 5988 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
14:11:18.0832 5988 C:\Windows\SysWOW64\wsock32.dll - ok
14:11:18.0848 5988 [ 09B7E7CD6F202247B3CF2306108589C2 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
14:11:18.0848 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
14:11:18.0863 5988 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
14:11:18.0863 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
14:11:18.0863 5988 [ 518D71FB636A68AD95A53849EB3EE7DD ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
14:11:18.0863 5988 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll - ok
14:11:18.0863 5988 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
14:11:18.0863 5988 C:\Windows\System32\wlanapi.dll - ok
14:11:18.0879 5988 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
14:11:18.0879 5988 C:\Windows\System32\wlanutil.dll - ok
14:11:18.0879 5988 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
14:11:18.0879 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
14:11:18.0879 5988 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
14:11:18.0879 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
14:11:18.0895 5988 [ 24AA9776D6AB032071B61C88089AEA59 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
14:11:18.0895 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
14:11:18.0895 5988 [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
14:11:18.0895 5988 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
14:11:18.0895 5988 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\SysWOW64\dnssd.dll
14:11:18.0895 5988 C:\Windows\SysWOW64\dnssd.dll - ok
14:11:18.0910 5988 [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
14:11:18.0910 5988 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
14:11:18.0910 5988 [ F48FEB7DA35821DA15E0B006DCB9A169 ] C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
14:11:18.0910 5988 C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE - ok
14:11:18.0910 5988 [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
14:11:18.0910 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
14:11:18.0926 5988 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
14:11:18.0926 5988 C:\Windows\SysWOW64\msi.dll - ok
14:11:18.0926 5988 [ E53B389AABC47A86A41884E94C9A3012 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
14:11:18.0926 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
14:11:18.0941 5988 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
14:11:18.0941 5988 C:\Windows\SysWOW64\SensApi.dll - ok
14:11:18.0941 5988 [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
14:11:18.0941 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
14:11:18.0941 5988 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] C:\Program Files\Bonjour\mDNSResponder.exe
14:11:18.0941 5988 C:\Program Files\Bonjour\mDNSResponder.exe - ok
14:11:18.0957 5988 [ 5E33C164DC7FA74728D8A83036C438BB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
14:11:18.0957 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
14:11:18.0957 5988 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
14:11:18.0957 5988 C:\Windows\System32\cryptsvc.dll - ok
14:11:18.0957 5988 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
14:11:18.0957 5988 C:\Windows\System32\dps.dll - ok
14:11:18.0973 5988 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
14:11:18.0973 5988 C:\Windows\System32\cryptnet.dll - ok
14:11:18.0973 5988 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
14:11:18.0973 5988 C:\Windows\System32\fdPHost.dll - ok
14:11:18.0973 5988 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
14:11:18.0973 5988 C:\Windows\System32\fdWSD.dll - ok
14:11:18.0988 5988 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
14:11:18.0988 5988 C:\Windows\System32\taskschd.dll - ok
14:11:18.0988 5988 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
14:11:18.0988 5988 C:\Windows\System32\FDResPub.dll - ok
14:11:18.0988 5988 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
14:11:18.0988 5988 C:\Windows\System32\mlang.dll - ok
14:11:19.0004 5988 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
14:11:19.0004 5988 C:\Windows\System32\vssapi.dll - ok
14:11:19.0004 5988 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
14:11:19.0004 5988 C:\Windows\System32\winhttp.dll - ok
14:11:19.0004 5988 [ 00C71C3FB915BA353740999ADF447927 ] C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
14:11:19.0004 5988 C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe - ok
14:11:19.0019 5988 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
14:11:19.0019 5988 C:\Windows\System32\mscoree.dll - ok
14:11:19.0019 5988 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
14:11:19.0019 5988 C:\Windows\System32\webio.dll - ok
14:11:19.0019 5988 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
14:11:19.0019 5988 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
14:11:19.0035 5988 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
14:11:19.0035 5988 C:\Windows\System32\fdSSDP.dll - ok
14:11:19.0035 5988 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
14:11:19.0035 5988 C:\Windows\System32\ssdpapi.dll - ok
14:11:19.0051 5988 [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
14:11:19.0051 5988 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
14:11:19.0051 5988 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
14:11:19.0051 5988 C:\Windows\System32\vsstrace.dll - ok
14:11:19.0051 5988 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
14:11:19.0051 5988 C:\Windows\System32\httpapi.dll - ok
14:11:19.0066 5988 [ 01AEA2F16FE0C522DDFD7FAFFC959C6A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll
14:11:19.0066 5988 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll - ok
14:11:19.0066 5988 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
14:11:19.0066 5988 C:\Windows\SysWOW64\cmd.exe - ok
14:11:19.0082 5988 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
14:11:19.0082 5988 C:\Windows\SysWOW64\winbrand.dll - ok
14:11:19.0082 5988 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
14:11:19.0082 5988 C:\Windows\SysWOW64\ieframe.dll - ok
14:11:19.0097 5988 [ 859CFCE4A0F72916911BD9F6C6E84581 ] C:\Windows\SysWOW64\ncrypt.dll
14:11:19.0097 5988 C:\Windows\SysWOW64\ncrypt.dll - ok
14:11:19.0097 5988 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
14:11:19.0097 5988 C:\Windows\SysWOW64\bcrypt.dll - ok
14:11:19.0113 5988 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
14:11:19.0113 5988 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
14:11:19.0113 5988 [ 3ABB7ADB9CCBCD24D6C55201A3842A94 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
14:11:19.0113 5988 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
14:11:19.0113 5988 [ 8BE887F1743FBB39ED2C9CA2937742D6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll
14:11:19.0113 5988 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll - ok
14:11:19.0129 5988 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
14:11:19.0129 5988 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
14:11:19.0129 5988 [ 020C2F610BE801B9B50AF1BFF4A5B24B ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\c9866f6c2cae33d2c38ab32da622a167\System.ServiceProcess.ni.dll
14:11:19.0129 5988 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\c9866f6c2cae33d2c38ab32da622a167\System.ServiceProcess.ni.dll - ok
14:11:19.0129 5988 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\SysWOW64\svchost.exe
14:11:19.0129 5988 C:\Windows\SysWOW64\svchost.exe - ok
14:11:19.0144 5988 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
14:11:19.0144 5988 C:\Windows\System32\IKEEXT.DLL - ok
14:11:19.0144 5988 [ 098A91C54546A3B878DAD6A7E90A455B ] C:\Windows\System32\IPBusEnum.dll
14:11:19.0144 5988 C:\Windows\System32\IPBusEnum.dll - ok
14:11:19.0144 5988 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:11:19.0144 5988 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe - ok
14:11:19.0160 5988 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
14:11:19.0160 5988 C:\Windows\SysWOW64\shdocvw.dll - ok
14:11:19.0160 5988 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
14:11:19.0160 5988 C:\Windows\System32\fdProxy.dll - ok
14:11:19.0175 5988 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
14:11:19.0175 5988 C:\Windows\System32\vpnikeapi.dll - ok
14:11:19.0175 5988 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
14:11:19.0175 5988 C:\Windows\System32\shfolder.dll - ok
14:11:19.0175 5988 [ 6C57BA95C820865BCFB96C53CE7C2C68 ] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
14:11:19.0175 5988 C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll - ok
14:11:19.0191 5988 [ 8B7997B0C843AE353C7AD4FC520DBE47 ] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
14:11:19.0191 5988 C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll - ok
14:11:19.0191 5988 [ 85B16A92B117A5A800032ECD904B86DB ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:11:19.0191 5988 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
14:11:19.0191 5988 [ A4B3A9FFA483F8CB36E56C19448DDE36 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll
14:11:19.0191 5988 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll - ok
14:11:19.0207 5988 [ D86A39BF100069444D026D22D9A6E555 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:11:19.0207 5988 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll - ok
14:11:19.0207 5988 [ C0F7C25EEFB1C5FD554AAA801201A83C ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
14:11:19.0207 5988 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll - ok
14:11:19.0207 5988 [ A8AD2773202A3913D1E1564BD5703183 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
14:11:19.0207 5988 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll - ok
14:11:19.0222 5988 [ 2A6B16AAD88A449B9E124FBF2D308E07 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
14:11:19.0222 5988 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll - ok
14:11:19.0222 5988 [ 20E2469DB709FC675E655CEAA11BE312 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:11:19.0222 5988 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe - ok
14:11:19.0222 5988 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
14:11:19.0222 5988 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
14:11:19.0238 5988 [ 8EB9DF4D405524D5EF69AE9ECB0EDD16 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll
14:11:19.0238 5988 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll - ok
14:11:19.0238 5988 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
14:11:19.0238 5988 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
14:11:19.0253 5988 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
14:11:19.0253 5988 C:\Windows\SysWOW64\mpr.dll - ok
14:11:19.0253 5988 [ A592A054D78750B4D73ABAA4C94DECDF ] C:\Program Files\Microsoft LifeCam\MSCamS64.exe
14:11:19.0253 5988 C:\Program Files\Microsoft LifeCam\MSCamS64.exe - ok
14:11:19.0253 5988 [ BE165318E0052A91F7EA36F515B5F2B1 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcp90.dll
14:11:19.0253 5988 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcp90.dll - ok
14:11:19.0269 5988 [ 0D7BE936A44E6B70F822D272A5CEBC22 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll
14:11:19.0269 5988 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll - ok
14:11:19.0269 5988 [ 12E33DD823D74680DE6F33BFA359EFB3 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
14:11:19.0269 5988 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe - ok
14:11:19.0269 5988 [ 74F7559C028245A9CC1645F1EC687FC9 ] C:\Program Files\Microsoft LifeCam\CAL264.dll
14:11:19.0269 5988 C:\Program Files\Microsoft LifeCam\CAL264.dll - ok
14:11:19.0285 5988 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] C:\Windows\System32\drivers\NisDrvWFP.sys
14:11:19.0285 5988 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
14:11:19.0285 5988 [ 2334DC48997BA203B794DF3EE70521DB ] C:\Windows\System32\HPZinw12.dll
14:11:19.0285 5988 C:\Windows\System32\HPZinw12.dll - ok
14:11:19.0285 5988 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
14:11:19.0285 5988 C:\Windows\System32\netman.dll - ok
14:11:19.0300 5988 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
14:11:19.0300 5988 C:\Windows\System32\wsock32.dll - ok
14:11:19.0300 5988 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
14:11:19.0300 5988 C:\Windows\System32\nlasvc.dll - ok
14:11:19.0300 5988 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
14:11:19.0300 5988 C:\Windows\System32\drivers\PEAuth.sys - ok
14:11:19.0316 5988 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
14:11:19.0316 5988 C:\Windows\System32\ncsi.dll - ok
14:11:19.0316 5988 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
14:11:19.0316 5988 C:\Windows\System32\aepic.dll - ok
14:11:19.0316 5988 [ AE6C778717DE2F6B0C0B5335036D3363 ] C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
14:11:19.0316 5988 C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe - ok
14:11:19.0331 5988 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
14:11:19.0331 5988 C:\Windows\System32\devenum.dll - ok
14:11:19.0331 5988 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
14:11:19.0331 5988 C:\Windows\System32\sfc.dll - ok
14:11:19.0347 5988 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
14:11:19.0347 5988 C:\Windows\System32\sfc_os.dll - ok
14:11:19.0347 5988 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
14:11:19.0347 5988 C:\Windows\System32\msdmo.dll - ok
14:11:19.0363 5988 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
14:11:19.0363 5988 C:\Windows\System32\wdmaud.drv - ok
14:11:19.0363 5988 [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
14:11:19.0363 5988 C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
14:11:19.0378 5988 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
14:11:19.0378 5988 C:\Windows\SysWOW64\uxtheme.dll - ok
14:11:19.0378 5988 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
14:11:19.0378 5988 C:\Windows\System32\AudioSes.dll - ok
14:11:19.0394 5988 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] C:\Windows\System32\HPZipm12.dll
14:11:19.0394 5988 C:\Windows\System32\HPZipm12.dll - ok
14:11:19.0394 5988 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
14:11:19.0394 5988 C:\Windows\System32\ksuser.dll - ok
14:11:19.0409 5988 [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files (x86)\Skype\Updater\Updater.exe
14:11:19.0409 5988 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
14:11:19.0409 5988 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
14:11:19.0409 5988 C:\Windows\System32\drivers\secdrv.sys - ok
14:11:19.0409 5988 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
14:11:19.0409 5988 C:\Windows\System32\IPSECSVC.DLL - ok
14:11:19.0425 5988 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
14:11:19.0425 5988 C:\Windows\System32\seclogon.dll - ok
14:11:19.0425 5988 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
14:11:19.0425 5988 C:\Windows\System32\msacm32.dll - ok
14:11:19.0425 5988 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
14:11:19.0425 5988 C:\Windows\System32\msacm32.drv - ok
14:11:19.0441 5988 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
14:11:19.0441 5988 C:\Windows\System32\aeevts.dll - ok
14:11:19.0441 5988 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
14:11:19.0441 5988 C:\Windows\System32\midimap.dll - ok
14:11:19.0441 5988 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
14:11:19.0441 5988 C:\Windows\System32\FwRemoteSvr.dll - ok
14:11:19.0456 5988 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
14:11:19.0456 5988 C:\Windows\System32\ssdpsrv.dll - ok
14:11:19.0456 5988 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
14:11:19.0456 5988 C:\Windows\System32\sysmain.dll - ok
14:11:19.0472 5988 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
14:11:19.0472 5988 C:\Windows\System32\tapisrv.dll - ok
14:11:19.0472 5988 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
14:11:19.0472 5988 C:\Windows\System32\wiaservc.dll - ok
14:11:19.0487 5988 [ 625D390D5CBA512166571019E5EFECFB ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\98059f32b988a3e2d869e9b3bf56db17\System.Management.ni.dll
14:11:19.0487 5988 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\98059f32b988a3e2d869e9b3bf56db17\System.Management.ni.dll - ok
14:11:19.0487 5988 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
14:11:19.0487 5988 C:\Windows\System32\drivers\tcpipreg.sys - ok
14:11:19.0503 5988 [ 2E648163254233755035B46DD7B89123 ] C:\Windows\System32\termsrv.dll
14:11:19.0503 5988 C:\Windows\System32\termsrv.dll - ok
14:11:19.0503 5988 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
14:11:19.0503 5988 C:\Windows\System32\wiatrace.dll - ok
14:11:19.0519 5988 [ 357CABBF155AFD1D3926E62539D2A3A7 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:11:19.0519 5988 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
14:11:19.0519 5988 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
14:11:19.0519 5988 C:\Windows\System32\wbem\WMIsvc.dll - ok
14:11:19.0519 5988 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
14:11:19.0519 5988 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
14:11:19.0519 5988 [ 7E236CC26FF0C2513819FA453E2C5371 ] C:\Windows\System32\icaapi.dll
14:11:19.0519 5988 C:\Windows\System32\icaapi.dll - ok
14:11:19.0534 5988 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
14:11:19.0534 5988 C:\Windows\System32\trkwks.dll - ok
14:11:19.0534 5988 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
14:11:19.0534 5988 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
14:11:19.0534 5988 [ 988121D083B7AB61D4A7E244290BAAB0 ] C:\Windows\System32\lsmproxy.dll
14:11:19.0534 5988 C:\Windows\System32\lsmproxy.dll - ok
14:11:19.0550 5988 [ E377BBA01F34E4183C32E5BBD688CE83 ] C:\Windows\System32\regapi.dll
14:11:19.0550 5988 C:\Windows\System32\regapi.dll - ok
14:11:19.0550 5988 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
14:11:19.0550 5988 C:\Windows\System32\SensApi.dll - ok
14:11:19.0565 5988 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
14:11:19.0565 5988 C:\Windows\System32\wbemcomn.dll - ok
14:11:19.0565 5988 [ 4C1244FEF74C60A4B1B151C76609CBE2 ] C:\Windows\System32\wsdchngr.dll
14:11:19.0565 5988 C:\Windows\System32\wsdchngr.dll - ok
14:11:19.0581 5988 [ 5DCD11D0B1CB71E2B035B30670365C35 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll
14:11:19.0581 5988 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll - ok
14:11:19.0581 5988 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
14:11:19.0581 5988 C:\Windows\System32\wer.dll - ok
14:11:19.0597 5988 [ 2A97EF1FE488EFC934741BE6E7197882 ] C:\Windows\System32\hposwia_p04i.dll
14:11:19.0597 5988 C:\Windows\System32\hposwia_p04i.dll - ok
14:11:19.0597 5988 [ 6D5DCC1579B3961D791ABDE286A1CB5E ] C:\Windows\System32\rdpwsx.dll
14:11:19.0597 5988 C:\Windows\System32\rdpwsx.dll - ok
14:11:19.0612 5988 [ 1B4A711265FEA91259553D7B4E83394B ] C:\Windows\System32\tlscsp.dll
14:11:19.0612 5988 C:\Windows\System32\tlscsp.dll - ok
14:11:19.0612 5988 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
14:11:19.0612 5988 C:\Windows\System32\wbem\WinMgmtR.dll - ok
14:11:19.0612 5988 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
14:11:19.0612 5988 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
14:11:19.0612 5988 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
14:11:19.0612 5988 C:\Windows\System32\wbem\fastprox.dll - ok
14:11:19.0628 5988 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
14:11:19.0628 5988 C:\Windows\System32\wbem\wbemcore.dll - ok
14:11:19.0628 5988 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
14:11:19.0628 5988 C:\Windows\System32\WinSCard.dll - ok
14:11:19.0628 5988 [ 8F69EE5E0EB0779DC3E90DFD8D8E8683 ] C:\Windows\System32\rdpcorets.dll
14:11:19.0628 5988 C:\Windows\System32\rdpcorets.dll - ok
14:11:19.0643 5988 [ 5D0E28A22860E487148B2820309C0063 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll
14:11:19.0643 5988 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll - ok
14:11:19.0643 5988 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
14:11:19.0643 5988 C:\Windows\System32\ntdsapi.dll - ok
14:11:19.0643 5988 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
14:11:19.0643 5988 C:\Windows\System32\wbem\wbemprox.dll - ok
14:11:19.0659 5988 [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
14:11:19.0659 5988 C:\Windows\System32\wscsvc.dll - ok
14:11:19.0659 5988 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
14:11:19.0659 5988 C:\Windows\System32\dbghelp.dll - ok
14:11:19.0659 5988 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] C:\Windows\System32\Mcx2Svc.dll
14:11:19.0659 5988 C:\Windows\System32\Mcx2Svc.dll - ok
14:11:19.0659 5988 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
14:11:19.0659 5988 C:\Windows\System32\NapiNSP.dll - ok
14:11:19.0675 5988 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
14:11:19.0675 5988 C:\Windows\System32\wbem\esscli.dll - ok
14:11:19.0675 5988 [ 4D842C5081F06E61BFF461CF87D13525 ] C:\Windows\ehome\ehtrace.dll
14:11:19.0675 5988 C:\Windows\ehome\ehtrace.dll - ok
14:11:19.0675 5988 [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
14:11:19.0675 5988 C:\Windows\System32\wmi.dll - ok
14:11:19.0690 5988 [ 794D4B48DFB6E999537C7C3947863463 ] C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
14:11:19.0690 5988 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe - ok
14:11:19.0690 5988 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
14:11:19.0690 5988 C:\Windows\System32\iphlpsvc.dll - ok
14:11:19.0690 5988 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
14:11:19.0690 5988 C:\Windows\System32\pnrpnsp.dll - ok
14:11:19.0706 5988 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
14:11:19.0706 5988 C:\Windows\System32\winrnr.dll - ok
14:11:19.0706 5988 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
14:11:19.0706 5988 C:\Windows\System32\sqmapi.dll - ok
14:11:19.0706 5988 [ FFDAE493D48DEFE7936C735A175ACB6D ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
14:11:19.0706 5988 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
14:11:19.0721 5988 [ 1E8D06AAE74FED674C1156B3FEA911C2 ] C:\Windows\SysWOW64\Faultrep.dll
14:11:19.0721 5988 C:\Windows\SysWOW64\Faultrep.dll - ok
14:11:19.0721 5988 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\SysWOW64\wer.dll
14:11:19.0721 5988 C:\Windows\SysWOW64\wer.dll - ok
14:11:19.0721 5988 [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll
14:11:19.0721 5988 C:\Windows\System32\msxml3.dll - ok
14:11:19.0721 5988 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
14:11:19.0721 5988 C:\Windows\System32\wdscore.dll - ok
14:11:19.0737 5988 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
14:11:19.0737 5988 C:\Windows\System32\rasmans.dll - ok
14:11:19.0737 5988 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
14:11:19.0737 5988 C:\Windows\System32\eappprxy.dll - ok
14:11:19.0753 5988 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
14:11:19.0753 5988 C:\Windows\System32\wbem\wbemsvc.dll - ok
14:11:19.0753 5988 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
14:11:19.0753 5988 C:\Windows\System32\rastapi.dll - ok
14:11:19.0768 5988 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
14:11:19.0768 5988 C:\Windows\System32\tapi32.dll - ok
14:11:19.0768 5988 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
14:11:19.0768 5988 C:\Windows\SysWOW64\ntdsapi.dll - ok
14:11:19.0784 5988 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
14:11:19.0784 5988 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
14:11:19.0784 5988 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
14:11:19.0784 5988 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
14:11:19.0799 5988 [ 6B44700917F45B19B96B46B345B6F0E7 ] C:\Program Files (x86)\Spybot - Search & Destroy\SDMain.exe
14:11:19.0799 5988 C:\Program Files (x86)\Spybot - Search & Destroy\SDMain.exe - ok
14:11:19.0799 5988 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\SysWOW64\wscapi.dll
14:11:19.0799 5988 C:\Windows\SysWOW64\wscapi.dll - ok
14:11:19.0815 5988 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\SysWOW64\wscisvif.dll
14:11:19.0815 5988 C:\Windows\SysWOW64\wscisvif.dll - ok
14:11:19.0815 5988 [ 7DF186D86CF8C571A12AAB788C777F84 ] C:\Windows\SysWOW64\wscproxystub.dll
14:11:19.0815 5988 C:\Windows\SysWOW64\wscproxystub.dll - ok
14:11:19.0831 5988 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
14:11:19.0831 5988 C:\Windows\SysWOW64\sxs.dll - ok
14:11:19.0831 5988 [ 244C6722289F4869068992FD7D8A8832 ] C:\Windows\SysWOW64\wbem\wbemdisp.dll
14:11:19.0831 5988 C:\Windows\SysWOW64\wbem\wbemdisp.dll - ok
14:11:19.0846 5988 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\SysWOW64\wbem\wmiutils.dll
14:11:19.0846 5988 C:\Windows\SysWOW64\wbem\wmiutils.dll - ok
14:11:19.0846 5988 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
14:11:19.0846 5988 C:\Windows\System32\wbem\wmiutils.dll - ok
14:11:19.0862 5988 [ D790CAFEFF0291D0AF8C76F5A1EE2E4E ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
14:11:19.0862 5988 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
14:11:19.0862 5988 [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll
14:11:19.0862 5988 C:\Windows\System32\d3d9.dll - ok
14:11:19.0877 5988 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
14:11:19.0877 5988 C:\Windows\System32\netcfgx.dll - ok
14:11:19.0877 5988 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
14:11:19.0877 5988 C:\Windows\System32\wbem\repdrvfs.dll - ok
14:11:19.0893 5988 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
14:11:19.0893 5988 C:\Windows\System32\hnetcfg.dll - ok
14:11:19.0893 5988 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
14:11:19.0893 5988 C:\Windows\System32\nci.dll - ok
14:11:19.0893 5988 [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
14:11:19.0893 5988 C:\Windows\System32\d3d8thk.dll - ok
14:11:19.0909 5988 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] C:\Windows\System32\drivers\tdtcp.sys
14:11:19.0909 5988 C:\Windows\System32\drivers\tdtcp.sys - ok
14:11:19.0909 5988 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] C:\Windows\System32\drivers\tssecsrv.sys
14:11:19.0909 5988 C:\Windows\System32\drivers\tssecsrv.sys - ok
14:11:19.0909 5988 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
14:11:19.0909 5988 C:\Windows\System32\unimdm.tsp - ok
14:11:19.0924 5988 [ E61608AA35E98999AF9AAEEEA6114B0A ] C:\Windows\System32\drivers\rdpwd.sys
14:11:19.0924 5988 C:\Windows\System32\drivers\rdpwd.sys - ok
14:11:19.0924 5988 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
14:11:19.0924 5988 C:\Windows\System32\dssenh.dll - ok
14:11:19.0940 5988 [ 5B236296E233CAA6BF86BE0C6501A224 ] C:\Windows\System32\rdpcorekmts.dll
14:11:19.0940 5988 C:\Windows\System32\rdpcorekmts.dll - ok
14:11:19.0940 5988 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
14:11:19.0940 5988 C:\Windows\System32\uniplat.dll - ok
14:11:19.0955 5988 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
14:11:19.0955 5988 C:\Windows\System32\hidphone.tsp - ok
14:11:19.0955 5988 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
14:11:19.0955 5988 C:\Windows\System32\kmddsp.tsp - ok
14:11:19.0971 5988 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
14:11:19.0971 5988 C:\Windows\System32\ndptsp.tsp - ok
14:11:19.0971 5988 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
14:11:19.0971 5988 C:\Windows\System32\rasppp.dll - ok
14:11:19.0971 5988 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
14:11:19.0971 5988 C:\Windows\System32\eappcfg.dll - ok
14:11:19.0971 5988 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
14:11:19.0971 5988 C:\Windows\System32\vpnike.dll - ok
14:11:19.0987 5988 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
14:11:19.0987 5988 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
14:11:19.0987 5988 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\SysWOW64\ncobjapi.dll
14:11:19.0987 5988 C:\Windows\SysWOW64\ncobjapi.dll - ok
14:11:19.0987 5988 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
14:11:19.0987 5988 C:\Windows\System32\ncobjapi.dll - ok
14:11:20.0002 5988 [ 207CF171B1C6B8AE50C1FBF87363EEBC ] C:\Windows\SysWOW64\raschap.dll
14:11:20.0002 5988 C:\Windows\SysWOW64\raschap.dll - ok
14:11:20.0002 5988 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
14:11:20.0002 5988 C:\Windows\System32\raschap.dll - ok
14:11:20.0002 5988 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\SysWOW64\credui.dll
14:11:20.0002 5988 C:\Windows\SysWOW64\credui.dll - ok
14:11:20.0018 5988 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
14:11:20.0018 5988 C:\Windows\System32\wbem\wbemess.dll - ok
14:11:20.0018 5988 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
14:11:20.0018 5988 C:\Windows\System32\ipnathlp.dll - ok
14:11:20.0033 5988 [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\SysWOW64\mprapi.dll
14:11:20.0033 5988 C:\Windows\SysWOW64\mprapi.dll - ok
14:11:20.0033 5988 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
14:11:20.0033 5988 C:\Windows\System32\mprapi.dll - ok
14:11:20.0049 5988 [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\SysWOW64\netshell.dll
14:11:20.0049 5988 C:\Windows\SysWOW64\netshell.dll - ok
14:11:20.0049 5988 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
14:11:20.0049 5988 C:\Windows\System32\netshell.dll - ok
14:11:20.0049 5988 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
14:11:20.0049 5988 C:\Windows\System32\wbem\NCProv.dll - ok
14:11:20.0049 5988 [ 7D4DC95A1F5E0818E74A399960569EA1 ] C:\Windows\SysWOW64\wuapi.dll
14:11:20.0049 5988 C:\Windows\SysWOW64\wuapi.dll - ok
14:11:20.0065 5988 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
14:11:20.0065 5988 C:\Windows\System32\wuapi.dll - ok
14:11:20.0065 5988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] C:\Windows\System32\certprop.dll
14:11:20.0065 5988 C:\Windows\System32\certprop.dll - ok
14:11:20.0065 5988 [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\SysWOW64\cabinet.dll
14:11:20.0065 5988 C:\Windows\SysWOW64\cabinet.dll - ok
14:11:20.0080 5988 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\SysWOW64\wdi.dll
14:11:20.0080 5988 C:\Windows\SysWOW64\wdi.dll - ok
14:11:20.0080 5988 [ 79E80B10FE8F6662E0C9162A68C43444 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
14:11:20.0080 5988 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
14:11:20.0080 5988 [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\SysWOW64\WinSCard.dll
14:11:20.0080 5988 C:\Windows\SysWOW64\WinSCard.dll - ok
14:11:20.0096 5988 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
14:11:20.0096 5988 C:\Windows\System32\wdi.dll - ok
14:11:20.0096 5988 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
14:11:20.0096 5988 C:\Windows\SysWOW64\netprofm.dll - ok
14:11:20.0096 5988 [ 132045285DCC8654C14F1CFB4A8DCDA1 ] C:\Program Files\Microsoft Security Client\NisLog.dll
14:11:20.0096 5988 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
14:11:20.0111 5988 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\SysWOW64\wmsgapi.dll
14:11:20.0111 5988 C:\Windows\SysWOW64\wmsgapi.dll - ok
14:11:20.0111 5988 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
14:11:20.0111 5988 C:\Windows\SysWOW64\nlaapi.dll - ok
14:11:20.0127 5988 [ FB633DCC8664E4CCACF562DB5BAE38CF ] C:\Windows\SysWOW64\wups.dll
14:11:20.0127 5988 C:\Windows\SysWOW64\wups.dll - ok
14:11:20.0127 5988 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
14:11:20.0127 5988 C:\Windows\System32\wups.dll - ok
14:11:20.0143 5988 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
14:11:20.0143 5988 C:\Windows\SysWOW64\npmproxy.dll - ok
14:11:20.0143 5988 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
14:11:20.0143 5988 C:\Windows\System32\npmproxy.dll - ok
14:11:20.0143 5988 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
14:11:20.0143 5988 C:\Windows\SysWOW64\gpapi.dll - ok
14:11:20.0158 5988 [ 5DA42D24712E00728CEA2342A65009B2 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:11:20.0158 5988 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll - ok
14:11:20.0158 5988 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
14:11:20.0158 5988 C:\Windows\SysWOW64\shfolder.dll - ok
14:11:20.0174 5988 [ F37882F128EFACEFE353E0BAE2766909 ] C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:11:20.0174 5988 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL - ok
14:11:20.0174 5988 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
14:11:20.0174 5988 C:\Windows\System32\wpdbusenum.dll - ok
14:11:20.0189 5988 [ 4AE380F39A0032EAB7DD953030B26D28 ] C:\Windows\SysWOW64\SessEnv.dll
14:11:20.0189 5988 C:\Windows\SysWOW64\SessEnv.dll - ok
14:11:20.0189 5988 [ 0B6231BF38174A1628C4AC812CC75804 ] C:\Windows\System32\SessEnv.dll
14:11:20.0189 5988 C:\Windows\System32\SessEnv.dll - ok
14:11:20.0189 5988 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
14:11:20.0189 5988 C:\Windows\System32\diagperf.dll - ok
14:11:20.0205 5988 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
14:11:20.0205 5988 C:\Windows\System32\perftrack.dll - ok
14:11:20.0205 5988 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] C:\Windows\SysWOW64\hidserv.dll
14:11:20.0205 5988 C:\Windows\SysWOW64\hidserv.dll - ok
14:11:20.0221 5988 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
14:11:20.0221 5988 C:\Windows\System32\hidserv.dll - ok
14:11:20.0221 5988 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
14:11:20.0221 5988 C:\Windows\System32\pnpts.dll - ok
14:11:20.0236 5988 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
14:11:20.0236 5988 C:\Windows\SysWOW64\hid.dll - ok
14:11:20.0236 5988 [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\SysWOW64\PortableDeviceApi.dll
14:11:20.0236 5988 C:\Windows\SysWOW64\PortableDeviceApi.dll - ok
14:11:20.0252 5988 [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\SysWOW64\radardt.dll
14:11:20.0252 5988 C:\Windows\SysWOW64\radardt.dll - ok
14:11:20.0252 5988 [ 20C7F2ADAE249D6708941BC8CDD9735F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1EB84AC-6971-46F1-A62B-FCAA1395BAC0}\gapaengine.dll
14:11:20.0252 5988 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1EB84AC-6971-46F1-A62B-FCAA1395BAC0}\gapaengine.dll - ok
14:11:20.0252 5988 [ D729084195C952B7ED14AA6DA4B44DCA ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1EB84AC-6971-46F1-A62B-FCAA1395BAC0}\nisfull.vdm
14:11:20.0252 5988 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1EB84AC-6971-46F1-A62B-FCAA1395BAC0}\nisfull.vdm - ok
14:11:20.0267 5988 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
14:11:20.0267 5988 C:\Windows\System32\PortableDeviceApi.dll - ok
14:11:20.0267 5988 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
14:11:20.0267 5988 C:\Windows\System32\radardt.dll - ok
14:11:20.0283 5988 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
14:11:20.0283 5988 C:\Windows\SysWOW64\sfc.dll - ok
14:11:20.0283 5988 [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\SysWOW64\Apphlpdm.dll
14:11:20.0283 5988 C:\Windows\SysWOW64\Apphlpdm.dll - ok
14:11:20.0299 5988 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
14:11:20.0299 5988 C:\Windows\System32\Apphlpdm.dll - ok
14:11:20.0299 5988 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
14:11:20.0299 5988 C:\Windows\System32\wdiasqmmodule.dll - ok
14:11:20.0314 5988 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
14:11:20.0314 5988 C:\Windows\SysWOW64\sfc_os.dll - ok
14:11:20.0314 5988 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\SysWOW64\FXSRESM.dll
14:11:20.0314 5988 C:\Windows\SysWOW64\FXSRESM.dll - ok
14:11:20.0330 5988 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
14:11:20.0330 5988 C:\Windows\System32\FXSRESM.dll - ok
14:11:20.0330 5988 [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\SysWOW64\PortableDeviceConnectApi.dll
14:11:20.0330 5988 C:\Windows\SysWOW64\PortableDeviceConnectApi.dll - ok
14:11:20.0345 5988 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
14:11:20.0345 5988 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
14:11:20.0345 5988 [ DDA4CAF29D8C0A297F886BFE561E6659 ] C:\Windows\System32\drivers\WUDFRd.sys
14:11:20.0345 5988 C:\Windows\System32\drivers\WUDFRd.sys - ok
14:11:20.0361 5988 [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
14:11:20.0361 5988 C:\Windows\System32\WUDFHost.exe - ok
14:11:20.0361 5988 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\SysWOW64\dsrole.dll
14:11:20.0361 5988 C:\Windows\SysWOW64\dsrole.dll - ok
14:11:20.0377 5988 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Owner\AppData\Local\temp\426C367F-37EC-45D4-991D-51C8D21EA378.exe
14:11:20.0377 5988 C:\Users\Owner\AppData\Local\temp\426C367F-37EC-45D4-991D-51C8D21EA378.exe - ok
14:11:20.0377 5988 [ D9A9702E43A5859896F34898D5FD3FEC ] C:\Windows\SysWOW64\msxml6.dll
14:11:20.0377 5988 C:\Windows\SysWOW64\msxml6.dll - ok
14:11:20.0392 5988 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
14:11:20.0392 5988 C:\Windows\System32\WUDFx.dll - ok
14:11:20.0392 5988 [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
14:11:20.0392 5988 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
14:11:20.0392 5988 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
14:11:20.0392 5988 C:\Windows\SysWOW64\imagehlp.dll - ok
14:11:20.0408 5988 [ 0F416E23DD2EB4DEBE70608020CFD283 ] C:\Windows\SysWOW64\WMVCORE.DLL
14:11:20.0408 5988 C:\Windows\SysWOW64\WMVCORE.DLL - ok
14:11:20.0408 5988 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\SysWOW64\xmllite.dll
14:11:20.0408 5988 C:\Windows\SysWOW64\xmllite.dll - ok
14:11:20.0423 5988 [ 9864D52F15AD32094A636C6B5281D9E7 ] C:\Windows\System32\WMVCORE.DLL
14:11:20.0423 5988 C:\Windows\System32\WMVCORE.DLL - ok
14:11:20.0423 5988 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
14:11:20.0423 5988 C:\Windows\System32\aelupsvc.dll - ok
14:11:20.0439 5988 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
14:11:20.0439 5988 C:\Windows\SysWOW64\cryptnet.dll - ok
14:11:20.0439 5988 [ A7DD56261518373F70F23079EB3CD0A2 ] C:\Windows\SysWOW64\WMASF.DLL
14:11:20.0439 5988 C:\Windows\SysWOW64\WMASF.DLL - ok
14:11:20.0455 5988 [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
14:11:20.0455 5988 C:\Windows\System32\WMASF.DLL - ok
14:11:20.0455 5988 [ 81490FDAE27F0082E5CC2DC78DCA96FA ] C:\Windows\SysWOW64\PortableDeviceClassExtension.dll
14:11:20.0455 5988 C:\Windows\SysWOW64\PortableDeviceClassExtension.dll - ok
14:11:20.0455 5988 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
14:11:20.0455 5988 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
14:11:20.0470 5988 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\SysWOW64\PortableDeviceTypes.dll
14:11:20.0470 5988 C:\Windows\SysWOW64\PortableDeviceTypes.dll - ok
14:11:20.0470 5988 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
14:11:20.0470 5988 C:\Windows\System32\PortableDeviceTypes.dll - ok
14:11:20.0486 5988 [ 2F03490092C032392FB6FF635222B9B2 ] C:\Windows\SysWOW64\apisetschema.dll
14:11:20.0486 5988 C:\Windows\SysWOW64\apisetschema.dll - ok
14:11:20.0486 5988 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
14:11:20.0486 5988 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
14:11:20.0486 5988 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
14:11:20.0486 5988 C:\Windows\SysWOW64\EhStorShell.dll - ok
14:11:20.0501 5988 [ 198366199A9F342EF87978D79308B49F ] C:\Windows\SysWOW64\RacEngn.dll
14:11:20.0501 5988 C:\Windows\SysWOW64\RacEngn.dll - ok
14:11:20.0501 5988 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\SysWOW64\wevtapi.dll
14:11:20.0501 5988 C:\Windows\SysWOW64\wevtapi.dll - ok
14:11:20.0501 5988 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
14:11:20.0501 5988 C:\Windows\SysWOW64\imageres.dll - ok
14:11:20.0517 5988 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
14:11:20.0517 5988 C:\Windows\System32\wscisvif.dll - ok
14:11:20.0517 5988 [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\SysWOW64\sqmapi.dll
14:11:20.0517 5988 C:\Windows\SysWOW64\sqmapi.dll - ok
14:11:20.0533 5988 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
14:11:20.0533 5988 C:\Windows\System32\wscproxystub.dll - ok
14:11:20.0533 5988 [ B6C756FA661C5EB7B3547E60647F87A7 ] C:\Windows\SysWOW64\sqlceoledb30.dll
14:11:20.0533 5988 C:\Windows\SysWOW64\sqlceoledb30.dll - ok
14:11:20.0548 5988 [ 13CDD3FF0961A2EC6D9829A1640DD6DC ] C:\Windows\SysWOW64\sqlcese30.dll
14:11:20.0548 5988 C:\Windows\SysWOW64\sqlcese30.dll - ok
14:11:20.0548 5988 [ 60236C8C3B8C2D8B9A59326890533EB8 ] C:\Windows\SysWOW64\sqlceqp30.dll
14:11:20.0548 5988 C:\Windows\SysWOW64\sqlceqp30.dll - ok
14:11:20.0548 5988 [ 81C0FA250EF6DC1C6B3FA2BCE81D6C2E ] C:\Windows\SysWOW64\WinSATAPI.dll
14:11:20.0548 5988 C:\Windows\SysWOW64\WinSATAPI.dll - ok
14:11:20.0564 5988 [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\SysWOW64\dxgi.dll
14:11:20.0564 5988 C:\Windows\SysWOW64\dxgi.dll - ok
14:11:20.0564 5988 [ 0CAED8C2A5A594AFC49EDB74D241EC9F ] C:\Windows\SysWOW64\en-US\KernelBase.dll.mui
14:11:20.0564 5988 C:\Windows\SysWOW64\en-US\KernelBase.dll.mui - ok
14:11:20.0579 5988 [ C2A9093E56551AACD417926F14F848E8 ] C:\Windows\SysWOW64\msxml6r.dll
14:11:20.0579 5988 C:\Windows\SysWOW64\msxml6r.dll - ok
14:11:20.0579 5988 [ 330A6E9A4A6FA657EBB094FCD82EFA9D ] C:\Windows\SysWOW64\en-US\WinSATAPI.dll.mui
14:11:20.0579 5988 C:\Windows\SysWOW64\en-US\WinSATAPI.dll.mui - ok
14:11:20.0579 5988 [ B39B8CC163C41B12FE83E777199F3378 ] C:\Windows\SysWOW64\tzres.dll
14:11:20.0579 5988 C:\Windows\SysWOW64\tzres.dll - ok
14:11:20.0595 5988 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\SysWOW64\taskschd.dll
14:11:20.0595 5988 C:\Windows\SysWOW64\taskschd.dll - ok
14:11:20.0595 5988 [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\SysWOW64\dimsjob.dll
14:11:20.0595 5988 C:\Windows\SysWOW64\dimsjob.dll - ok
14:11:20.0595 5988 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
14:11:20.0595 5988 C:\Windows\System32\dimsjob.dll - ok
14:11:20.0595 5988 [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\SysWOW64\pautoenr.dll
14:11:20.0595 5988 C:\Windows\SysWOW64\pautoenr.dll - ok
14:11:20.0611 5988 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
14:11:20.0611 5988 C:\Windows\System32\pautoenr.dll - ok
14:11:20.0611 5988 [ 61B1ED5F429EFAC7E2036769870AB93E ] C:\Windows\SysWOW64\certcli.dll
14:11:20.0611 5988 C:\Windows\SysWOW64\certcli.dll - ok
14:11:20.0611 5988 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
14:11:20.0611 5988 C:\Windows\System32\certcli.dll - ok
14:11:20.0626 5988 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
14:11:20.0626 5988 C:\Windows\SysWOW64\atl.dll - ok
14:11:20.0626 5988 [ 29BC473072568C072EC8B176498DE996 ] C:\Windows\SysWOW64\CertEnroll.dll
14:11:20.0626 5988 C:\Windows\SysWOW64\CertEnroll.dll - ok
14:11:20.0642 5988 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
14:11:20.0642 5988 C:\Windows\System32\CertEnroll.dll - ok
14:11:20.0642 5988 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
14:11:20.0642 5988 C:\Program Files\Windows Defender\MpClient.dll - ok
14:11:20.0657 5988 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\SysWOW64\dssenh.dll
14:11:20.0657 5988 C:\Windows\SysWOW64\dssenh.dll - ok
14:11:20.0657 5988 [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\SysWOW64\esent.dll
14:11:20.0657 5988 C:\Windows\SysWOW64\esent.dll - ok
14:11:20.0673 5988 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
14:11:20.0673 5988 C:\Windows\System32\esent.dll - ok
14:11:20.0673 5988 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
14:11:20.0673 5988 C:\Windows\SysWOW64\devrtl.dll - ok
14:11:20.0689 5988 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
14:11:20.0689 5988 C:\Windows\System32\ie4uinit.exe - ok
14:11:20.0689 5988 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
14:11:20.0689 5988 C:\Windows\System32\iedkcs32.dll - ok
14:11:20.0689 5988 [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\SysWOW64\SndVolSSO.dll
14:11:20.0689 5988 C:\Windows\SysWOW64\SndVolSSO.dll - ok
14:11:20.0704 5988 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\SysWOW64\MMDevAPI.dll
14:11:20.0704 5988 C:\Windows\SysWOW64\MMDevAPI.dll - ok
14:11:20.0704 5988 [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\SysWOW64\timedate.cpl
14:11:20.0704 5988 C:\Windows\SysWOW64\timedate.cpl - ok
14:11:20.0720 5988 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
14:11:20.0720 5988 C:\Windows\System32\timedate.cpl - ok
14:11:20.0720 5988 [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\SysWOW64\actxprxy.dll
14:11:20.0720 5988 C:\Windows\SysWOW64\actxprxy.dll - ok
14:11:20.0735 5988 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
14:11:20.0735 5988 C:\Windows\System32\actxprxy.dll - ok
14:11:20.0735 5988 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
14:11:20.0735 5988 C:\Windows\System32\shdocvw.dll - ok
14:11:20.0751 5988 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
14:11:20.0751 5988 C:\Windows\System32\linkinfo.dll - ok
14:11:20.0751 5988 [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\SysWOW64\shacct.dll
14:11:20.0751 5988 C:\Windows\SysWOW64\shacct.dll - ok
14:11:20.0751 5988 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\SysWOW64\samlib.dll
14:11:20.0751 5988 C:\Windows\SysWOW64\samlib.dll - ok
14:11:20.0767 5988 [ 2B3BCA50A03EE5C292CA7605390D309F ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
14:11:20.0767 5988 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
14:11:20.0767 5988 [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\SysWOW64\msftedit.dll
14:11:20.0767 5988 C:\Windows\SysWOW64\msftedit.dll - ok
14:11:20.0767 5988 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
14:11:20.0767 5988 C:\Windows\System32\msftedit.dll - ok
14:11:20.0782 5988 [ 19BC13711AC403FEB830522E4831701B ] C:\Windows\SysWOW64\gameux.dll
14:11:20.0782 5988 C:\Windows\SysWOW64\gameux.dll - ok
14:11:20.0782 5988 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
14:11:20.0782 5988 C:\Windows\System32\gameux.dll - ok
14:11:20.0798 5988 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
14:11:20.0798 5988 C:\Windows\SysWOW64\msls31.dll - ok
14:11:20.0798 5988 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
14:11:20.0798 5988 C:\Windows\System32\msls31.dll - ok
14:11:20.0813 5988 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\SysWOW64\msiltcfg.dll
14:11:20.0813 5988 C:\Windows\SysWOW64\msiltcfg.dll - ok
14:11:20.0813 5988 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
14:11:20.0813 5988 C:\Windows\System32\msiltcfg.dll - ok
14:11:20.0829 5988 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
14:11:20.0829 5988 C:\Windows\System32\msi.dll - ok
14:11:20.0829 5988 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
14:11:20.0829 5988 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
14:11:20.0845 5988 [ CDD35C1CE1EBFE80C055691CDC8DF443 ] C:\Windows\SysWOW64\authui.dll
14:11:20.0845 5988 C:\Windows\SysWOW64\authui.dll - ok
14:11:20.0845 5988 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\SysWOW64\cryptui.dll
14:11:20.0845 5988 C:\Windows\SysWOW64\cryptui.dll - ok
14:11:20.0845 5988 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
14:11:20.0845 5988 C:\Windows\System32\DeviceCenter.dll - ok
14:11:20.0860 5988 [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\SysWOW64\networkexplorer.dll
14:11:20.0860 5988 C:\Windows\SysWOW64\networkexplorer.dll - ok
14:11:20.0860 5988 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
14:11:20.0860 5988 C:\Windows\System32\networkexplorer.dll - ok
14:11:20.0860 5988 [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\SysWOW64\thumbcache.dll
14:11:20.0860 5988 C:\Windows\SysWOW64\thumbcache.dll - ok
14:11:20.0860 5988 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
14:11:20.0860 5988 C:\Windows\System32\thumbcache.dll - ok
14:11:20.0876 5988 [ CF28CEEEFA8253E4704ADD61573B792F ] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
14:11:20.0876 5988 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe - ok
14:11:20.0876 5988 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\SysWOW64\wdmaud.drv
14:11:20.0876 5988 C:\Windows\SysWOW64\wdmaud.drv - ok
14:11:20.0876 5988 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\70302123.sys
14:11:20.0876 5988 C:\Windows\System32\drivers\70302123.sys - ok
14:11:20.0891 5988 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
14:11:20.0891 5988 C:\Windows\SysWOW64\ksuser.dll - ok
14:11:20.0891 5988 [ 5405413FFF79B8D9C747AA900F60F082 ] C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
14:11:20.0891 5988 C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll - ok
14:11:20.0891 5988 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
14:11:20.0891 5988 C:\Windows\SysWOW64\avrt.dll - ok
14:11:20.0907 5988 [ EDBD18F10D85381FF3F1C93A63459753 ] C:\Program Files (x86)\BillP Studios\WinPatrol\patrolpro.dll
14:11:20.0907 5988 C:\Program Files (x86)\BillP Studios\WinPatrol\patrolpro.dll - ok
14:11:20.0907 5988 [ 0DC6669BC2B552C0ECC905B6B761F508 ] C:\Program Files\Microsoft Security Client\msseces.exe
14:11:20.0907 5988 C:\Program Files\Microsoft Security Client\msseces.exe - ok
14:11:20.0923 5988 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\SysWOW64\AudioSes.dll
14:11:20.0923 5988 C:\Windows\SysWOW64\AudioSes.dll - ok
14:11:20.0923 5988 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\SysWOW64\dllhost.exe
14:11:20.0923 5988 C:\Windows\SysWOW64\dllhost.exe - ok
14:11:20.0938 5988 [ 390679F7A217A5E73D756276C40AE887 ] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
14:11:20.0938 5988 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe - ok
14:11:20.0938 5988 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
14:11:20.0938 5988 C:\Windows\SysWOW64\comdlg32.dll - ok
14:11:20.0954 5988 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\SysWOW64\msacm32.drv
14:11:20.0954 5988 C:\Windows\SysWOW64\msacm32.drv - ok
14:11:20.0954 5988 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
14:11:20.0954 5988 C:\Windows\SysWOW64\msacm32.dll - ok
14:11:20.0954 5988 [ 5C98AF9A183305DE16E928630F50F99B ] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe
14:11:20.0954 5988 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe - ok
14:11:20.0969 5988 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\SysWOW64\midimap.dll
14:11:20.0969 5988 C:\Windows\SysWOW64\midimap.dll - ok
14:11:20.0969 5988 [ FD9EFB039A3C738C3FD9986C8DD5B451 ] C:\Program Files (x86)\Common Files\wruninstall.exe
14:11:20.0969 5988 C:\Program Files (x86)\Common Files\wruninstall.exe - ok
14:11:20.0985 5988 [ BB50B21FEE2A6F3E5FC92B330ECCF050 ] C:\Windows\SysWOW64\hhctrl.ocx
14:11:20.0985 5988 C:\Windows\SysWOW64\hhctrl.ocx - ok
14:11:20.0985 5988 [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\SysWOW64\AudioEng.dll
14:11:20.0985 5988 C:\Windows\SysWOW64\AudioEng.dll - ok
14:11:21.0001 5988 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
14:11:21.0001 5988 C:\Windows\System32\AudioEng.dll - ok
14:11:21.0001 5988 [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\SysWOW64\AUDIOKSE.dll
14:11:21.0001 5988 C:\Windows\SysWOW64\AUDIOKSE.dll - ok
14:11:21.0016 5988 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\SysWOW64\msxml3.dll
14:11:21.0016 5988 C:\Windows\SysWOW64\msxml3.dll - ok
14:11:21.0016 5988 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
14:11:21.0016 5988 C:\Windows\System32\AUDIOKSE.dll - ok
14:11:21.0032 5988 [ DC5B5D3A1BF59A74ECA9C2EBB34574BE ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
14:11:21.0032 5988 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
14:11:21.0032 5988 [ 8E38CE628D4817D949DD31D77A7F21CD ] C:\Windows\SysWOW64\jsproxy.dll
14:11:21.0032 5988 C:\Windows\SysWOW64\jsproxy.dll - ok
14:11:21.0047 5988 [ BBC6D3B36B65582466E3E625832770C6 ] C:\Windows\System32\UDAAPO64.dll
14:11:21.0047 5988 C:\Windows\System32\UDAAPO64.dll - ok
14:11:21.0047 5988 [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\SysWOW64\stobject.dll
14:11:21.0047 5988 C:\Windows\SysWOW64\stobject.dll - ok
14:11:21.0063 5988 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
14:11:21.0063 5988 C:\Windows\System32\stobject.dll - ok
14:11:21.0063 5988 [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\SysWOW64\batmeter.dll
14:11:21.0063 5988 C:\Windows\SysWOW64\batmeter.dll - ok
14:11:21.0063 5988 [ C006FB1F3FB7944003F3BD4EF7D404F5 ] C:\Windows\System32\CTMLFX64.dll
14:11:21.0063 5988 C:\Windows\System32\CTMLFX64.dll - ok
14:11:21.0079 5988 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
14:11:21.0079 5988 C:\Windows\System32\batmeter.dll - ok
14:11:21.0079 5988 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
14:11:21.0079 5988 C:\Windows\SysWOW64\riched20.dll - ok
14:11:21.0079 5988 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\SysWOW64\es.dll
14:11:21.0079 5988 C:\Windows\SysWOW64\es.dll - ok
14:11:21.0079 5988 [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\SysWOW64\prnfldr.dll
14:11:21.0079 5988 C:\Windows\SysWOW64\prnfldr.dll - ok
14:11:21.0094 5988 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
14:11:21.0094 5988 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
14:11:21.0094 5988 [ B818EE2ABA25F4228AE5B0E3FE8A77AD ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
14:11:21.0094 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe - ok
14:11:21.0094 5988 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
14:11:21.0094 5988 C:\Windows\SysWOW64\duser.dll - ok
14:11:21.0110 5988 [ F24A3379567365B1CD4E9167ADF4B763 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\CTAudSeu.dll
14:11:21.0110 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\CTAudSeu.dll - ok
14:11:21.0110 5988 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
14:11:21.0110 5988 C:\Windows\System32\prnfldr.dll - ok
14:11:21.0110 5988 [ C637FC4638A96165256B28D38DE7B953 ] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
14:11:21.0110 5988 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - ok
14:11:21.0125 5988 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
14:11:21.0125 5988 C:\Windows\SysWOW64\dui70.dll - ok
14:11:21.0125 5988 [ 8476E1C89C9D9834102EF86B651C6F39 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
14:11:21.0125 5988 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - ok
14:11:21.0141 5988 [ CA2B63032D9CBBFD9DFB5FABD61C0E81 ] C:\Windows\SysWOW64\Ctxfihlp.exe
14:11:21.0141 5988 C:\Windows\SysWOW64\Ctxfihlp.exe - ok
14:11:21.0141 5988 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
14:11:21.0141 5988 C:\Windows\System32\DXP.dll - ok
14:11:21.0157 5988 [ E23F9D6D65B30E0C693D16067FD1ED24 ] C:\Windows\SysWOW64\atiadlxy.dll
14:11:21.0157 5988 C:\Windows\SysWOW64\atiadlxy.dll - ok
14:11:21.0157 5988 [ C26C6910BDBC9BDCA8ABD94409398E78 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\CTAudEp.dll
14:11:21.0157 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\CTAudEp.dll - ok
14:11:21.0172 5988 [ 82CC8F77E9EC61C6B4D48DD4D5CA78E7 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
14:11:21.0172 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
14:11:21.0172 5988 [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll
14:11:21.0172 5988 C:\Windows\SysWOW64\mfc42.dll - ok
14:11:21.0172 5988 [ ABAAC2BDA49E97F2682E777036E02DB0 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\CTIniFu.dll
14:11:21.0172 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\CTIniFu.dll - ok
14:11:21.0188 5988 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\SysWOW64\Syncreg.dll
14:11:21.0188 5988 C:\Windows\SysWOW64\Syncreg.dll - ok
14:11:21.0188 5988 [ 24CAEDCD73B5B0E22226283B7B2468C7 ] C:\Windows\SysWOW64\mfc42u.dll
14:11:21.0188 5988 C:\Windows\SysWOW64\mfc42u.dll - ok
14:11:21.0203 5988 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
14:11:21.0203 5988 C:\Windows\SysWOW64\odbc32.dll - ok
14:11:21.0203 5988 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
14:11:21.0203 5988 C:\Windows\System32\Syncreg.dll - ok
14:11:21.0219 5988 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
14:11:21.0219 5988 C:\Windows\SysWOW64\odbcint.dll - ok
14:11:21.0219 5988 [ 46A6BA9274D075A2C30025C4E96D875A ] C:\Windows\SysWOW64\msvcp60.dll
14:11:21.0219 5988 C:\Windows\SysWOW64\msvcp60.dll - ok
14:11:21.0219 5988 [ 99F7C16BA2198332F19F2703D3D695C3 ] C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
14:11:21.0219 5988 C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe - ok
14:11:21.0235 5988 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
14:11:21.0235 5988 C:\Windows\ehome\ehSSO.dll - ok
14:11:21.0235 5988 [ 8E6ECAE52FD4E8C9F83673D3308E8EA6 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.crl
14:11:21.0235 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.crl - ok
14:11:21.0250 5988 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\SysWOW64\AltTab.dll
14:11:21.0250 5988 C:\Windows\SysWOW64\AltTab.dll - ok
14:11:21.0250 5988 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
14:11:21.0250 5988 C:\Windows\System32\AltTab.dll - ok
14:11:21.0266 5988 [ 3329E733706B889DE2AF3E01732B0EFE ] C:\Program Files (x86)\Creative\ShareDLL\CADI\CtCadiEp.dll
14:11:21.0266 5988 C:\Program Files (x86)\Creative\ShareDLL\CADI\CtCadiEp.dll - ok
14:11:21.0266 5988 [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\SysWOW64\pnidui.dll
14:11:21.0266 5988 C:\Windows\SysWOW64\pnidui.dll - ok
14:11:21.0281 5988 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
14:11:21.0281 5988 C:\Windows\System32\pnidui.dll - ok
14:11:21.0281 5988 [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
14:11:21.0281 5988 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe - ok
14:11:21.0297 5988 [ E88AC9862EDC6E1A93B33BFF86E8CCBF ] C:\Windows\SysWOW64\CTxfispi.exe
14:11:21.0297 5988 C:\Windows\SysWOW64\CTxfispi.exe - ok
14:11:21.0297 5988 [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\SysWOW64\QUTIL.DLL
14:11:21.0297 5988 C:\Windows\SysWOW64\QUTIL.DLL - ok
14:11:21.0313 5988 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
14:11:21.0313 5988 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
14:11:21.0313 5988 [ 502C60D7746BEFFB46C3B0334D26A26D ] C:\Windows\SysWOW64\OpenCL.dll
14:11:21.0313 5988 C:\Windows\SysWOW64\OpenCL.dll - ok
14:11:21.0328 5988 [ 36B1D7460C544D98E813B656DDE5058E ] C:\Windows\SysWOW64\ctosuser.dll
14:11:21.0328 5988 C:\Windows\SysWOW64\ctosuser.dll - ok
14:11:21.0328 5988 [ A3800DDB103BA33BB960905A37F12C5B ] C:\Windows\SysWOW64\kdbsdk32.dll
14:11:21.0328 5988 C:\Windows\SysWOW64\kdbsdk32.dll - ok
14:11:21.0344 5988 [ 5CEDF292F4573A1F36CC7DE598ECCFC7 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
14:11:21.0344 5988 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
14:11:21.0344 5988 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
14:11:21.0344 5988 C:\Windows\System32\QUTIL.DLL - ok
14:11:21.0359 5988 [ 2532D1093817248B10CAAFA4DBD776AF ] C:\Windows\SysWOW64\ctdproxy.dll
14:11:21.0359 5988 C:\Windows\SysWOW64\ctdproxy.dll - ok
14:11:21.0359 5988 [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\SysWOW64\WPDShServiceObj.dll
14:11:21.0359 5988 C:\Windows\SysWOW64\WPDShServiceObj.dll - ok
14:11:21.0359 5988 [ 7A2AC960A2ADFE21087B6351617BCDA5 ] C:\Windows\SysWOW64\cttele32.dll
14:11:21.0359 5988 C:\Windows\SysWOW64\cttele32.dll - ok
14:11:21.0375 5988 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
14:11:21.0375 5988 C:\Windows\System32\WPDShServiceObj.dll - ok
14:11:21.0375 5988 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
14:11:21.0375 5988 C:\Windows\System32\wbem\wmiprov.dll - ok
14:11:21.0391 5988 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] C:\Windows\System32\drivers\acpi.sys
14:11:21.0391 5988 C:\Windows\System32\drivers\acpi.sys - ok
14:11:21.0391 5988 [ 45F681A6DE7CCD2E2CC3BAE71FC1CB51 ] C:\Windows\SysWOW64\CmdRtr.DLL
14:11:21.0391 5988 C:\Windows\SysWOW64\CmdRtr.DLL - ok
14:11:21.0406 5988 [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\SysWOW64\srchadmin.dll
14:11:21.0406 5988 C:\Windows\SysWOW64\srchadmin.dll - ok
14:11:21.0406 5988 [ 760E38053BF56E501D562B70AD796B88 ] C:\Windows\System32\drivers\ndis.sys
14:11:21.0406 5988 C:\Windows\System32\drivers\ndis.sys - ok
14:11:21.0422 5988 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
14:11:21.0422 5988 C:\Windows\System32\srchadmin.dll - ok
14:11:21.0422 5988 [ 73D23B59A7AFC631B47859320D6F94BC ] C:\Windows\SysWOW64\APOMngr.DLL
14:11:21.0422 5988 C:\Windows\SysWOW64\APOMngr.DLL - ok
14:11:21.0422 5988 [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\SysWOW64\bthprops.cpl
14:11:21.0422 5988 C:\Windows\SysWOW64\bthprops.cpl - ok
14:11:21.0437 5988 [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\SysWOW64\SearchIndexer.exe
14:11:21.0437 5988 C:\Windows\SysWOW64\SearchIndexer.exe - ok
14:11:21.0437 5988 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
14:11:21.0437 5988 C:\Windows\System32\bthprops.cpl - ok
14:11:21.0437 5988 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
14:11:21.0437 5988 C:\Windows\System32\SearchIndexer.exe - ok
14:11:21.0453 5988 [ 528E702E845918FCE1D851088440F3AD ] C:\Windows\SysWOW64\piaproxy.dll
14:11:21.0453 5988 C:\Windows\SysWOW64\piaproxy.dll - ok
14:11:21.0453 5988 [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\SysWOW64\tquery.dll
14:11:21.0453 5988 C:\Windows\SysWOW64\tquery.dll - ok
14:11:21.0469 5988 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
14:11:21.0469 5988 C:\Windows\System32\FXSST.dll - ok
14:11:21.0469 5988 [ 100C60AB554ED4D5FF061DA146236C6A ] C:\Program Files (x86)\Creative\ShareDLL\CADI\DBACS.dll
14:11:21.0469 5988 C:\Program Files (x86)\Creative\ShareDLL\CADI\DBACS.dll - ok
14:11:21.0484 5988 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
14:11:21.0484 5988 C:\Windows\System32\tquery.dll - ok
14:11:21.0484 5988 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\SysWOW64\FXSAPI.dll
14:11:21.0484 5988 C:\Windows\SysWOW64\FXSAPI.dll - ok
14:11:21.0484 5988 [ C3DB52AAA8F7FBE7BB48BBE1552FD9D4 ] C:\Windows\System32\drivers\en-US\ndis.sys.mui
14:11:21.0484 5988 C:\Windows\System32\drivers\en-US\ndis.sys.mui - ok
14:11:21.0500 5988 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
14:11:21.0500 5988 C:\Windows\System32\FXSAPI.dll - ok
14:11:21.0500 5988 [ 6F825DB2BE90AFB45821E13122C56F06 ] C:\Windows\SysWOW64\UDAAPO32.dll
14:11:21.0500 5988 C:\Windows\SysWOW64\UDAAPO32.dll - ok
14:11:21.0515 5988 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
14:11:21.0515 5988 C:\Windows\System32\wbem\cimwin32.dll - ok
14:11:21.0515 5988 [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\SysWOW64\mssrch.dll
14:11:21.0515 5988 C:\Windows\SysWOW64\mssrch.dll - ok
14:11:21.0531 5988 [ 3C7788D1AFCB596E8DF4660D02805C8A ] C:\Windows\SysWOW64\CTAPO32.dll
14:11:21.0531 5988 C:\Windows\SysWOW64\CTAPO32.dll - ok
14:11:21.0531 5988 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
14:11:21.0531 5988 C:\Windows\System32\ieframe.dll - ok
14:11:21.0531 5988 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
14:11:21.0531 5988 C:\Windows\System32\mssrch.dll - ok
14:11:21.0547 5988 [ D0481FB85BEEDD30A0884BE327880F80 ] C:\Windows\SysWOW64\framedynos.dll
14:11:21.0547 5988 C:\Windows\SysWOW64\framedynos.dll - ok
14:11:21.0547 5988 [ EBC9F12561485A348A21FBE4BC5038C4 ] C:\Windows\SysWOW64\amdocl.dll
14:11:21.0547 5988 C:\Windows\SysWOW64\amdocl.dll - ok
14:11:21.0562 5988 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
14:11:21.0562 5988 C:\Windows\System32\framedynos.dll - ok
14:11:21.0562 5988 [ 67BFDE0ECC695B16884F59D18302888A ] C:\Windows\SysWOW64\UDACFX32.dll
14:11:21.0562 5988 C:\Windows\SysWOW64\UDACFX32.dll - ok
14:11:21.0578 5988 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\SysWOW64\msidle.dll
14:11:21.0578 5988 C:\Windows\SysWOW64\msidle.dll - ok
14:11:21.0578 5988 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
14:11:21.0578 5988 C:\Windows\System32\msidle.dll - ok
14:11:21.0593 5988 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
14:11:21.0593 5988 C:\Windows\SysWOW64\dbghelp.dll - ok
14:11:21.0593 5988 [ 71C4F42DC8DB668E826DA79462EA741E ] C:\Windows\SysWOW64\KBDUS.DLL
14:11:21.0593 5988 C:\Windows\SysWOW64\KBDUS.DLL - ok
14:11:21.0609 5988 [ 8D5F963FD1A5FE2D95958F53747E0CD2 ] C:\Windows\SysWOW64\aticaldd.dll
14:11:21.0609 5988 C:\Windows\SysWOW64\aticaldd.dll - ok
14:11:21.0609 5988 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\SysWOW64\mssprxy.dll
14:11:21.0609 5988 C:\Windows\SysWOW64\mssprxy.dll - ok
14:11:21.0609 5988 [ 140D9F911182357626165EA0BEB98C4F ] C:\Windows\SysWOW64\ncsi.dll
14:11:21.0609 5988 C:\Windows\SysWOW64\ncsi.dll - ok
14:11:21.0625 5988 [ AD1EA59C74D873AC22FB839B8E3E97F7 ] C:\Program Files (x86)\Spybot - Search & Destroy\advcheck.dll
14:11:21.0625 5988 C:\Program Files (x86)\Spybot - Search & Destroy\advcheck.dll - ok
14:11:21.0625 5988 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
14:11:21.0625 5988 C:\Windows\System32\mssprxy.dll - ok
14:11:21.0640 5988 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
14:11:21.0640 5988 C:\Windows\System32\FXSSVC.exe - ok
14:11:21.0640 5988 [ F44322F536F27B424D644F34C9099F05 ] C:\Windows\SysWOW64\atigktxx.dll
14:11:21.0640 5988 C:\Windows\SysWOW64\atigktxx.dll - ok
14:11:21.0656 5988 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\SysWOW64\rasdlg.dll
14:11:21.0656 5988 C:\Windows\SysWOW64\rasdlg.dll - ok
14:11:21.0656 5988 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
14:11:21.0656 5988 C:\Windows\System32\rasdlg.dll - ok
14:11:21.0671 5988 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\SysWOW64\en-US\tquery.dll.mui
14:11:21.0671 5988 C:\Windows\SysWOW64\en-US\tquery.dll.mui - ok
14:11:21.0671 5988 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
14:11:21.0671 5988 C:\Windows\System32\en-US\tquery.dll.mui - ok
14:11:21.0687 5988 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
14:11:21.0687 5988 C:\Windows\SysWOW64\rasapi32.dll - ok
14:11:21.0687 5988 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
14:11:21.0687 5988 C:\Windows\SysWOW64\rasman.dll - ok
14:11:21.0703 5988 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
14:11:21.0703 5988 C:\Windows\SysWOW64\rtutils.dll - ok
14:11:21.0703 5988 [ 1FF7E4F548C7C372C804938F0D5B36AE ] C:\Windows\SysWOW64\netcfgx.dll
14:11:21.0703 5988 C:\Windows\SysWOW64\netcfgx.dll - ok
14:11:21.0718 5988 [ 04B88428A872390D235BE52D38A9D4EF ] C:\Windows\SysWOW64\dot3api.dll
14:11:21.0718 5988 C:\Windows\SysWOW64\dot3api.dll - ok
14:11:21.0718 5988 [ 357E38CAE32AA5BD847D8A4B2CCEC8EF ] C:\Program Files (x86)\Creative\ShareDLL\CADI\CtCadi.dll
14:11:21.0718 5988 C:\Program Files (x86)\Creative\ShareDLL\CADI\CtCadi.dll - ok
14:11:21.0718 5988 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
14:11:21.0718 5988 C:\Windows\System32\dot3api.dll - ok
14:11:21.0734 5988 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\SysWOW64\eappcfg.dll
14:11:21.0734 5988 C:\Windows\SysWOW64\eappcfg.dll - ok
14:11:21.0734 5988 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\SysWOW64\wlanhlp.dll
14:11:21.0734 5988 C:\Windows\SysWOW64\wlanhlp.dll - ok
14:11:21.0749 5988 [ D31B0E09BA644A8B7B797713FFAA80D5 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\CTThemeu.dll
14:11:21.0749 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\CTThemeu.dll - ok
14:11:21.0749 5988 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
14:11:21.0749 5988 C:\Windows\System32\wlanhlp.dll - ok
14:11:21.0765 5988 [ 7672B66E9BDA3FD7B3B54857B4C305AC ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\CtrlSrcu.dll
14:11:21.0765 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\CtrlSrcu.dll - ok
14:11:21.0765 5988 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
14:11:21.0765 5988 C:\Windows\SysWOW64\wlanapi.dll - ok
14:11:21.0781 5988 [ 50B4230036B7453D232DFFFA8B489F88 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl.sku
14:11:21.0781 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl.sku - ok
14:11:21.0781 5988 [ 3107F4666ACA044BC27B6794F605EF59 ] C:\Windows\SysWOW64\CTxfiSpk.dll
14:11:21.0781 5988 C:\Windows\SysWOW64\CTxfiSpk.dll - ok
14:11:21.0796 5988 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
14:11:21.0796 5988 C:\Windows\SysWOW64\wlanutil.dll - ok
14:11:21.0796 5988 [ 626FAE12AB3FCC7715B621B63FF6F3B6 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl2.sku
14:11:21.0796 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl2.sku - ok
14:11:21.0812 5988 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
14:11:21.0812 5988 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
14:11:21.0812 5988 [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\SysWOW64\onex.dll
14:11:21.0812 5988 C:\Windows\SysWOW64\onex.dll - ok
14:11:21.0812 5988 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
14:11:21.0812 5988 C:\Windows\System32\onex.dll - ok
14:11:21.0827 5988 [ 912F4220A2AF6E0F26A5F03DF42CA33D ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl3.sku
14:11:21.0827 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl3.sku - ok
14:11:21.0827 5988 [ F9D845272B6EBC7AEF5584DD5C12DEBF ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\RtxCtrl.sku
14:11:21.0827 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\RtxCtrl.sku - ok
14:11:21.0827 5988 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\SysWOW64\eappprxy.dll
14:11:21.0827 5988 C:\Windows\SysWOW64\eappprxy.dll - ok
14:11:21.0827 5988 [ ED9B55B4044DF1C6A30EE7EDE3148014 ] C:\Windows\SysWOW64\CTxfiBtn.dll
14:11:21.0827 5988 C:\Windows\SysWOW64\CTxfiBtn.dll - ok
14:11:21.0843 5988 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\SysWOW64\hnetcfg.dll
14:11:21.0843 5988 C:\Windows\SysWOW64\hnetcfg.dll - ok
14:11:21.0843 5988 [ 9E3A33ACC866F25348461513EC4519FA ] C:\Windows\SysWOW64\CtxfiRes.dll
14:11:21.0843 5988 C:\Windows\SysWOW64\CtxfiRes.dll - ok
14:11:21.0843 5988 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
14:11:21.0843 5988 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
14:11:21.0859 5988 [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\SysWOW64\WWanAPI.dll
14:11:21.0859 5988 C:\Windows\SysWOW64\WWanAPI.dll - ok
14:11:21.0859 5988 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
14:11:21.0859 5988 C:\Windows\System32\WWanAPI.dll - ok
14:11:21.0859 5988 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
14:11:21.0859 5988 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
14:11:21.0874 5988 [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\SysWOW64\wwapi.dll
14:11:21.0874 5988 C:\Windows\SysWOW64\wwapi.dll - ok
14:11:21.0874 5988 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
14:11:21.0874 5988 C:\Windows\System32\wwapi.dll - ok
14:11:21.0874 5988 [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\SysWOW64\QAGENT.DLL
14:11:21.0874 5988 C:\Windows\SysWOW64\QAGENT.DLL - ok
14:11:21.0890 5988 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
14:11:21.0890 5988 C:\Windows\System32\QAGENT.DLL - ok
14:11:21.0890 5988 [ 1957D49A9613FAAD1C73B508CCE02AA5 ] C:\Windows\SysWOW64\wmp.dll
14:11:21.0890 5988 C:\Windows\SysWOW64\wmp.dll - ok
14:11:21.0890 5988 [ 0FBC74AA20FE0AE6884279F893169C60 ] C:\Windows\SysWOW64\wmploc.DLL
14:11:21.0890 5988 C:\Windows\SysWOW64\wmploc.DLL - ok
14:11:21.0890 5988 [ C3B11FD0C7A6E88771376A34B359AA17 ] C:\Program Files (x86)\Creative\ShareDLL\CADI\CtRice.dll
14:11:21.0890 5988 C:\Program Files (x86)\Creative\ShareDLL\CADI\CtRice.dll - ok
14:11:21.0905 5988 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\SysWOW64\pcwum.dll
14:11:21.0905 5988 C:\Windows\SysWOW64\pcwum.dll - ok
14:11:21.0905 5988 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
14:11:21.0905 5988 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
14:11:21.0905 5988 [ 0C0336B4E6156BF9D8FE88D34214E894 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\AsioDev.dll
14:11:21.0905 5988 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\AsioDev.dll - ok
14:11:21.0921 5988 [ 64064EA7C325FB2994E6CE6DBAF3FEED ] C:\Windows\SysWOW64\ctasio.dll
14:11:21.0921 5988 C:\Windows\SysWOW64\ctasio.dll - ok
14:11:21.0921 5988 [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\SysWOW64\vssapi.dll
14:11:21.0921 5988 C:\Windows\SysWOW64\vssapi.dll - ok
14:11:21.0921 5988 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\SysWOW64\webcheck.dll
14:11:21.0921 5988 C:\Windows\SysWOW64\webcheck.dll - ok
14:11:21.0937 5988 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
14:11:21.0937 5988 C:\Windows\System32\webcheck.dll - ok
14:11:21.0937 5988 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\SysWOW64\vsstrace.dll
14:11:21.0937 5988 C:\Windows\SysWOW64\vsstrace.dll - ok
14:11:21.0937 5988 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll
14:11:21.0937 5988 C:\Windows\SysWOW64\mlang.dll - ok
14:11:21.0952 5988 [ 5CF15474FFDB5005E54958DF6EDD97AB ] C:\Windows\SysWOW64\wmdrmdev.dll
14:11:21.0952 5988 C:\Windows\SysWOW64\wmdrmdev.dll - ok
14:11:21.0952 5988 [ E1AC89F6C5252057E6062843E36A6701 ] C:\Windows\SysWOW64\SearchProtocolHost.exe
14:11:21.0952 5988 C:\Windows\SysWOW64\SearchProtocolHost.exe - ok
14:11:21.0952 5988 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
14:11:21.0952 5988 C:\Windows\System32\wmdrmdev.dll - ok
14:11:21.0968 5988 [ AF0043CDAAA4910AA556F115D2FC3095 ] C:\Program Files (x86)\Creative\Shared Files\CTDDLEnc.dll
14:11:21.0968 5988 C:\Program Files (x86)\Creative\Shared Files\CTDDLEnc.dll - ok
14:11:21.0968 5988 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
14:11:21.0968 5988 C:\Windows\System32\SearchProtocolHost.exe - ok
14:11:21.0968 5988 [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\SysWOW64\SyncCenter.dll
14:11:21.0968 5988 C:\Windows\SysWOW64\SyncCenter.dll - ok
14:11:21.0968 5988 [ 47D052D9EE1FD3BA2A55D13F61E3EF24 ] C:\Windows\SysWOW64\drmv2clt.dll
14:11:21.0968 5988 C:\Windows\SysWOW64\drmv2clt.dll - ok
14:11:21.0983 5988 [ 18B18D38BCE7F64CD8182D976067A9F5 ] C:\Program Files (x86)\Creative\Shared Files\CTDTSIEn.dll
14:11:21.0983 5988 C:\Program Files (x86)\Creative\Shared Files\CTDTSIEn.dll - ok
14:11:21.0983 5988 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
14:11:21.0983 5988 C:\Windows\System32\drmv2clt.dll - ok
14:11:21.0983 5988 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
14:11:21.0983 5988 C:\Windows\System32\SyncCenter.dll - ok
14:11:21.0999 5988 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
14:11:21.0999 5988 C:\Windows\System32\wmp.dll - ok
14:11:21.0999 5988 [ A5D237B8673025B052C0E6FDB6A883E8 ] C:\Windows\SysWOW64\msshooks.dll
14:11:21.0999 5988 C:\Windows\SysWOW64\msshooks.dll - ok
14:11:21.0999 5988 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\SysWOW64\mfplat.dll
14:11:21.0999 5988 C:\Windows\SysWOW64\mfplat.dll - ok
14:11:22.0015 5988 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
14:11:22.0015 5988 C:\Windows\System32\msshooks.dll - ok
14:11:22.0015 5988 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
14:11:22.0015 5988 C:\Windows\System32\mfplat.dll - ok
14:11:22.0015 5988 [ A6CD6B3F71E13E2E45B727FB8A47EA87 ] C:\Windows\SysWOW64\SearchFilterHost.exe
14:11:22.0015 5988 C:\Windows\SysWOW64\SearchFilterHost.exe - ok
14:11:22.0015 5988 [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\SysWOW64\imapi2.dll
14:11:22.0015 5988 C:\Windows\SysWOW64\imapi2.dll - ok
14:11:22.0030 5988 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
14:11:22.0030 5988 C:\Windows\System32\SearchFilterHost.exe - ok
14:11:22.0030 5988 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
14:11:22.0030 5988 C:\Windows\System32\imapi2.dll - ok
14:11:22.0030 5988 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
14:11:22.0030 5988 C:\Windows\SysWOW64\mscoree.dll - ok
14:11:22.0046 5988 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
14:11:22.0046 5988 C:\Windows\System32\wmploc.DLL - ok
14:11:22.0046 5988 [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\SysWOW64\hgcpl.dll
14:11:22.0046 5988 C:\Windows\SysWOW64\hgcpl.dll - ok
14:11:22.0046 5988 [ DB67C7C62038BDE813CB6486581A7611 ] C:\Windows\SysWOW64\mssph.dll
14:11:22.0046 5988 C:\Windows\SysWOW64\mssph.dll - ok
14:11:22.0061 5988 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
14:11:22.0061 5988 C:\Windows\System32\hgcpl.dll - ok
14:11:22.0061 5988 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
14:11:22.0061 5988 C:\Windows\System32\mssph.dll - ok
14:11:22.0061 5988 [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6 ] C:\Windows\SysWOW64\mapi32.dll
14:11:22.0061 5988 C:\Windows\SysWOW64\mapi32.dll - ok
14:11:22.0077 5988 [ EA2B00551F3E7B3D5F7FB730A55F8246 ] C:\Windows\SysWOW64\blackbox.dll
14:11:22.0077 5988 C:\Windows\SysWOW64\blackbox.dll - ok
14:11:22.0077 5988 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\SysWOW64\provsvc.dll
14:11:22.0077 5988 C:\Windows\SysWOW64\provsvc.dll - ok
14:11:22.0077 5988 [ 97A891E2BF7FDA830BCFC6269DA3F5E9 ] C:\Windows\System32\blackbox.dll
14:11:22.0077 5988 C:\Windows\System32\blackbox.dll - ok
14:11:22.0093 5988 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
14:11:22.0093 5988 C:\Windows\System32\mapi32.dll - ok
14:11:22.0093 5988 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\SysWOW64\authz.dll
14:11:22.0093 5988 C:\Windows\SysWOW64\authz.dll - ok
14:11:22.0108 5988 [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\SysWOW64\fundisc.dll
14:11:22.0108 5988 C:\Windows\SysWOW64\fundisc.dll - ok
14:11:22.0108 5988 [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\SysWOW64\fdProxy.dll
14:11:22.0108 5988 C:\Windows\SysWOW64\fdProxy.dll - ok
14:11:22.0124 5988 [ 08DF1B8C9C0754A7069E80A986373F52 ] C:\Windows\SysWOW64\P2P.dll
14:11:22.0124 5988 C:\Windows\SysWOW64\P2P.dll - ok
14:11:22.0124 5988 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll
14:11:22.0124 5988 C:\Windows\System32\ListSvc.dll - ok
14:11:22.0139 5988 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
14:11:22.0139 5988 C:\Windows\System32\P2P.dll - ok
14:11:22.0139 5988 [ 954EA9B34F155C844B11F4047A8F6F89 ] C:\Windows\SysWOW64\upnp.dll
14:11:22.0139 5988 C:\Windows\SysWOW64\upnp.dll - ok
14:11:22.0155 5988 [ 3F50200237961034FACE602373838980 ] C:\Windows\SysWOW64\FirewallAPI.dll
14:11:22.0155 5988 C:\Windows\SysWOW64\FirewallAPI.dll - ok
14:11:22.0155 5988 [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\SysWOW64\p2pcollab.dll
14:11:22.0155 5988 C:\Windows\SysWOW64\p2pcollab.dll - ok
14:11:22.0171 5988 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
14:11:22.0171 5988 C:\Windows\System32\upnp.dll - ok
14:11:22.0171 5988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
14:11:22.0171 5988 C:\Windows\System32\pnrpsvc.dll - ok
14:11:22.0186 5988 [ C1D0691BE5DDB0C230D8370BD96BBE8B ] C:\Program Files\Internet Explorer\ieproxy.dll
14:11:22.0186 5988 C:\Program Files\Internet Explorer\ieproxy.dll - ok
14:11:22.0186 5988 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
14:11:22.0186 5988 C:\Windows\System32\IdListen.dll - ok
14:11:22.0202 5988 [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\SysWOW64\ssdpapi.dll
14:11:22.0202 5988 C:\Windows\SysWOW64\ssdpapi.dll - ok
14:11:22.0202 5988 [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll
14:11:22.0202 5988 C:\Windows\System32\hgprint.dll - ok
14:11:22.0202 5988 [ 3F2B83695E5BF11930C16AF50E991F96 ] C:\Windows\SysWOW64\wmpps.dll
14:11:22.0202 5988 C:\Windows\SysWOW64\wmpps.dll - ok
14:11:22.0217 5988 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
14:11:22.0217 5988 C:\Windows\System32\wmpps.dll - ok
14:11:22.0217 5988 [ 7B97346CE563B74BBCC120FC83E5A6D9 ] C:\Windows\SysWOW64\wmpmde.dll
14:11:22.0217 5988 C:\Windows\SysWOW64\wmpmde.dll - ok
14:11:22.0233 5988 [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll
14:11:22.0233 5988 C:\Windows\System32\wmpmde.dll - ok
14:11:22.0233 5988 [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\SysWOW64\httpapi.dll
14:11:22.0233 5988 C:\Windows\SysWOW64\httpapi.dll - ok
14:11:22.0249 5988 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
14:11:22.0249 5988 C:\Windows\System32\p2psvc.dll - ok
14:11:22.0249 5988 [ 1372E8E8FD066002131E3D509275E697 ] C:\Windows\SysWOW64\P2PGraph.dll
14:11:22.0249 5988 C:\Windows\SysWOW64\P2PGraph.dll - ok
14:11:22.0249 5988 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
14:11:22.0249 5988 C:\Windows\System32\P2PGraph.dll - ok
14:11:22.0264 5988 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
14:11:22.0264 5988 C:\Windows\System32\WinSATAPI.dll - ok
14:11:22.0264 5988 [ CBBD4D79EEC3EF5A4ADAE9697944C6B9 ] C:\Windows\SysWOW64\MSMPEG2ENC.DLL
14:11:22.0264 5988 C:\Windows\SysWOW64\MSMPEG2ENC.DLL - ok
14:11:22.0264 5988 [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL
14:11:22.0264 5988 C:\Windows\System32\MSMPEG2ENC.DLL - ok
14:11:22.0264 5988 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\SysWOW64\devenum.dll
14:11:22.0264 5988 C:\Windows\SysWOW64\devenum.dll - ok
14:11:22.0280 5988 [ 7069AAB8536F29ED7323140973A2894B ] C:\Windows\SysWOW64\msdmo.dll
14:11:22.0280 5988 C:\Windows\SysWOW64\msdmo.dll - ok
14:11:22.0280 5988 [ 833FBB672460EFCE8011D262175FAD33 ] C:\Windows\SysWOW64\upnphost.dll
14:11:22.0280 5988 C:\Windows\SysWOW64\upnphost.dll - ok
14:11:22.0280 5988 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
14:11:22.0280 5988 C:\Windows\System32\upnphost.dll - ok
14:11:22.0295 5988 [ 230EA9ABBC3432CDE388F4891E76E867 ] C:\Windows\SysWOW64\udhisapi.dll
14:11:22.0295 5988 C:\Windows\SysWOW64\udhisapi.dll - ok
14:11:22.0295 5988 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
14:11:22.0295 5988 C:\Windows\System32\udhisapi.dll - ok
14:11:22.0295 5988 [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\SysWOW64\drprov.dll
14:11:22.0295 5988 C:\Windows\SysWOW64\drprov.dll - ok
14:11:22.0295 5988 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
14:11:22.0295 5988 C:\Windows\System32\drprov.dll - ok
14:11:22.0311 5988 [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\SysWOW64\ntlanman.dll
14:11:22.0311 5988 C:\Windows\SysWOW64\ntlanman.dll - ok
14:11:22.0311 5988 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
14:11:22.0311 5988 C:\Windows\System32\ntlanman.dll - ok
14:11:22.0311 5988 [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\SysWOW64\davclnt.dll
14:11:22.0311 5988 C:\Windows\SysWOW64\davclnt.dll - ok
14:11:22.0327 5988 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
14:11:22.0327 5988 C:\Windows\System32\davclnt.dll - ok
14:11:22.0327 5988 [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\SysWOW64\davhlpr.dll
14:11:22.0327 5988 C:\Windows\SysWOW64\davhlpr.dll - ok
14:11:22.0327 5988 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
14:11:22.0327 5988 C:\Windows\System32\davhlpr.dll - ok
14:11:22.0342 5988 [ AA3B91B70E79BCE70AD3B190789B9574 ] C:\Windows\SysWOW64\drttransport.dll
14:11:22.0342 5988 C:\Windows\SysWOW64\drttransport.dll - ok
14:11:22.0342 5988 [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll
14:11:22.0342 5988 C:\Windows\System32\drttransport.dll - ok
14:11:22.0358 5988 [ EE29FCC244C8033E2F748D863DCBF378 ] C:\Windows\SysWOW64\drt.dll
14:11:22.0358 5988 C:\Windows\SysWOW64\drt.dll - ok
14:11:22.0358 5988 [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll
14:11:22.0358 5988 C:\Windows\System32\drt.dll - ok
14:11:22.0373 5988 [ 72910F1DEB838E6E08A9017BFB7D4F0B ] C:\Windows\SysWOW64\browcli.dll
14:11:22.0373 5988 C:\Windows\SysWOW64\browcli.dll - ok
14:11:22.0373 5988 [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll
14:11:22.0373 5988 C:\Windows\System32\browcli.dll - ok
14:11:22.0373 5988 [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\SysWOW64\keyiso.dll
14:11:22.0373 5988 C:\Windows\SysWOW64\keyiso.dll - ok
14:11:22.0389 5988 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
14:11:22.0389 5988 C:\Windows\System32\keyiso.dll - ok
14:11:22.0389 5988 [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\SysWOW64\IDStore.dll
14:11:22.0389 5988 C:\Windows\SysWOW64\IDStore.dll - ok
14:11:22.0405 5988 [ D44A4D4D5CEF651EC5840ABF9AAC113E ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
14:11:22.0405 5988 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL - ok
14:11:22.0405 5988 [ 031528298BDE0FE7CBB2EAAF2C3761FD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
14:11:22.0405 5988 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll - ok
14:11:22.0405 5988 ============================================================
14:11:22.0405 5988 Scan finished
14:11:22.0405 5988 ============================================================
14:11:22.0420 5948 Detected object count: 10
14:11:22.0420 5948 Actual detected object count: 10
14:11:37.0053 5948 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:37.0053 5948 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:37.0053 5948 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:37.0053 5948 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:37.0053 5948 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:37.0053 5948 Creative Media Toolbox 6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:37.0053 5948 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:37.0053 5948 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:37.0053 5948 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:37.0053 5948 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:37.0069 5948 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:37.0069 5948 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:37.0069 5948 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:37.0069 5948 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:37.0069 5948 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:37.0069 5948 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:37.0069 5948 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:37.0069 5948 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:37.0069 5948 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:37.0069 5948 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:52.0076 0616 Deinitialize success

19:14:30.0866 0244 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:14:30.0897 0244 ============================================================
19:14:30.0897 0244 Current date / time: 2012/10/03 19:14:30.0897
19:14:30.0897 0244 SystemInfo:
19:14:30.0897 0244
19:14:30.0897 0244 OS Version: 6.1.7601 ServicePack: 1.0
19:14:30.0897 0244 Product type: Workstation
19:14:30.0897 0244 ComputerName: OWNER-PC
19:14:30.0897 0244 UserName: Owner
19:14:30.0897 0244 Windows directory: C:\Windows
19:14:30.0897 0244 System windows directory: C:\Windows
19:14:30.0897 0244 Running under WOW64
19:14:30.0897 0244 Processor architecture: Intel x64
19:14:30.0897 0244 Number of processors: 4
19:14:30.0897 0244 Page size: 0x1000
19:14:30.0897 0244 Boot type: Safe boot with network
19:14:30.0897 0244 ============================================================
19:14:37.0168 0244 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:14:37.0184 0244 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:14:37.0199 0244 ============================================================
19:14:37.0199 0244 \Device\Harddisk0\DR0:
19:14:37.0199 0244 MBR partitions:
19:14:37.0199 0244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:14:37.0199 0244 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:14:37.0199 0244 \Device\Harddisk1\DR1:
19:14:37.0199 0244 MBR partitions:
19:14:37.0199 0244 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:14:37.0199 0244 ============================================================
19:14:37.0230 0244 C: <-> \Device\Harddisk0\DR0\Partition2
19:14:37.0246 0244 D: <-> \Device\Harddisk1\DR1\Partition1
19:14:37.0262 0244 ============================================================
19:14:37.0262 0244 Initialize success
19:14:37.0262 0244 ============================================================
19:14:38.0525 1732 ============================================================
19:14:38.0525 1732 Scan started
19:14:38.0525 1732 Mode: Manual;
19:14:38.0525 1732 ============================================================
19:14:40.0740 1732 ================ Scan system memory ========================
19:14:40.0740 1732 System memory - ok
19:14:40.0740 1732 ================ Scan services =============================
19:14:40.0896 1732 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:14:40.0896 1732 1394ohci - ok
19:14:40.0928 1732 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:14:40.0943 1732 ACPI - ok
19:14:40.0974 1732 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:14:41.0832 1732 AcpiPmi - ok
19:14:41.0942 1732 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:14:41.0942 1732 AdobeARMservice - ok
19:14:41.0973 1732 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:14:41.0973 1732 adp94xx - ok
19:14:42.0020 1732 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:14:42.0020 1732 adpahci - ok
19:14:42.0035 1732 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:14:42.0035 1732 adpu320 - ok
19:14:42.0144 1732 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:14:42.0144 1732 AeLookupSvc - ok
19:14:42.0300 1732 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:14:42.0316 1732 AFD - ok
19:14:42.0488 1732 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:14:42.0488 1732 agp440 - ok
19:14:42.0597 1732 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:14:42.0612 1732 ALG - ok
19:14:42.0893 1732 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:14:42.0940 1732 aliide - ok
19:14:42.0971 1732 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:14:42.0971 1732 AMD External Events Utility - ok
19:14:43.0034 1732 AMD FUEL Service - ok
19:14:43.0049 1732 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:14:43.0049 1732 amdide - ok
19:14:43.0080 1732 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:14:43.0080 1732 amdiox64 - ok
19:14:43.0190 1732 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:14:43.0190 1732 AmdK8 - ok
19:14:43.0736 1732 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:14:43.0860 1732 amdkmdag - ok
19:14:43.0907 1732 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:14:43.0907 1732 amdkmdap - ok
19:14:43.0938 1732 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:14:43.0938 1732 AmdPPM - ok
19:14:43.0970 1732 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:14:43.0985 1732 amdsata - ok
19:14:44.0048 1732 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:14:44.0048 1732 amdsbs - ok
19:14:44.0063 1732 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:14:44.0063 1732 amdxata - ok
19:14:44.0094 1732 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:14:44.0126 1732 AODDriver4.01 - ok
19:14:44.0141 1732 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:14:44.0141 1732 AODDriver4.1 - ok
19:14:44.0188 1732 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:14:44.0188 1732 AppID - ok
19:14:44.0219 1732 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:14:44.0219 1732 AppIDSvc - ok
19:14:44.0266 1732 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:14:44.0266 1732 Appinfo - ok
19:14:44.0328 1732 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:14:44.0328 1732 Apple Mobile Device - ok
19:14:44.0375 1732 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:14:44.0375 1732 arc - ok
19:14:44.0391 1732 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:14:44.0391 1732 arcsas - ok
19:14:44.0469 1732 aspnet_state - ok
19:14:44.0484 1732 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:14:44.0484 1732 AsyncMac - ok
19:14:44.0500 1732 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:14:44.0500 1732 atapi - ok
19:14:44.0578 1732 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:14:44.0578 1732 AtiHDAudioService - ok
19:14:44.0781 1732 [ 322E5C178990F116F00E3D923F4E6B1C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:14:44.0843 1732 atikmdag - ok
19:14:44.0906 1732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:14:44.0906 1732 AudioEndpointBuilder - ok
19:14:44.0921 1732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:14:44.0921 1732 AudioSrv - ok
19:14:44.0968 1732 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:14:44.0968 1732 AxInstSV - ok
19:14:45.0015 1732 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:14:45.0015 1732 b06bdrv - ok
19:14:45.0030 1732 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:14:45.0030 1732 b57nd60a - ok
19:14:45.0077 1732 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:14:45.0077 1732 BDESVC - ok
19:14:45.0093 1732 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:14:45.0093 1732 Beep - ok
19:14:45.0124 1732 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:14:45.0140 1732 BFE - ok
19:14:45.0202 1732 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:14:45.0249 1732 BITS - ok
19:14:45.0280 1732 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:14:45.0280 1732 blbdrive - ok
19:14:45.0358 1732 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:14:45.0358 1732 Bonjour Service - ok
19:14:45.0405 1732 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:14:45.0405 1732 bowser - ok
19:14:45.0405 1732 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:14:45.0405 1732 BrFiltLo - ok
19:14:45.0420 1732 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:14:45.0420 1732 BrFiltUp - ok
19:14:45.0420 1732 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:14:45.0420 1732 BridgeMP - ok
19:14:45.0467 1732 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:14:45.0467 1732 Browser - ok
19:14:45.0467 1732 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:14:45.0483 1732 Brserid - ok
19:14:45.0483 1732 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:14:45.0483 1732 BrSerWdm - ok
19:14:45.0483 1732 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:14:45.0483 1732 BrUsbMdm - ok
19:14:45.0498 1732 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:14:45.0498 1732 BrUsbSer - ok
19:14:45.0514 1732 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:14:45.0530 1732 BTHMODEM - ok
19:14:45.0530 1732 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:14:45.0530 1732 bthserv - ok
19:14:45.0545 1732 catchme - ok
19:14:45.0561 1732 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:14:45.0561 1732 cdfs - ok
19:14:45.0608 1732 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:14:45.0608 1732 cdrom - ok
19:14:45.0639 1732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:14:45.0639 1732 CertPropSvc - ok
19:14:45.0654 1732 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:14:45.0654 1732 circlass - ok
19:14:45.0686 1732 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:14:45.0686 1732 CLFS - ok
19:14:45.0732 1732 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:14:45.0732 1732 clr_optimization_v2.0.50727_32 - ok
19:14:45.0779 1732 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:14:45.0779 1732 clr_optimization_v2.0.50727_64 - ok
19:14:45.0904 1732 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:14:45.0904 1732 clr_optimization_v4.0.30319_32 - ok
19:14:45.0982 1732 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:14:45.0982 1732 clr_optimization_v4.0.30319_64 - ok
19:14:45.0998 1732 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:14:45.0998 1732 CmBatt - ok
19:14:46.0029 1732 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:14:46.0029 1732 cmdide - ok
19:14:46.0107 1732 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:14:46.0107 1732 CNG - ok
19:14:46.0122 1732 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:14:46.0122 1732 Compbatt - ok
19:14:46.0154 1732 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:14:46.0154 1732 CompositeBus - ok
19:14:46.0154 1732 COMSysApp - ok
19:14:46.0169 1732 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:14:46.0169 1732 crcdisk - ok
19:14:46.0247 1732 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
19:14:46.0247 1732 Creative ALchemy AL6 Licensing Service - ok
19:14:46.0278 1732 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:14:46.0278 1732 Creative Audio Engine Licensing Service - ok
19:14:46.0310 1732 [ D03466C36EF0E5C7694FF38B45271D9D ] Creative Media Toolbox 6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
19:14:46.0310 1732 Creative Media Toolbox 6 Licensing Service - ok
19:14:46.0341 1732 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:14:46.0356 1732 CryptSvc - ok
19:14:46.0388 1732 [ EC6E627726458CEA756E23D50D0A9317 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
19:14:46.0403 1732 CT20XUT - ok
19:14:46.0419 1732 [ EC6E627726458CEA756E23D50D0A9317 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
19:14:46.0419 1732 CT20XUT.SYS - ok
19:14:46.0450 1732 [ 7E5632B884B1C4672EFE245DAFC0BEEA ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
19:14:46.0450 1732 ctac32k - ok
19:14:46.0481 1732 [ 4E7D47FE0204C84ACDE44A68038C4444 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
19:14:46.0497 1732 ctaud2k - ok
19:14:46.0528 1732 [ 05210B19E4155114931FA79BC6536CF7 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
19:14:46.0544 1732 CTEXFIFX - ok
19:14:46.0575 1732 [ 05210B19E4155114931FA79BC6536CF7 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
19:14:46.0575 1732 CTEXFIFX.SYS - ok
19:14:46.0590 1732 [ 7AAA9CCB0FE8990CD7362EEDB9B3E744 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
19:14:46.0590 1732 CTHWIUT - ok
19:14:46.0590 1732 [ 7AAA9CCB0FE8990CD7362EEDB9B3E744 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
19:14:46.0590 1732 CTHWIUT.SYS - ok
19:14:46.0622 1732 [ ABBC4148947BEFD2E8EADA93CBE4BCE5 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
19:14:46.0622 1732 ctprxy2k - ok
19:14:46.0637 1732 [ 9A1316B48404F6840CEC030A1F95DF96 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
19:14:46.0637 1732 ctsfm2k - ok
19:14:46.0684 1732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:14:46.0700 1732 DcomLaunch - ok
19:14:46.0762 1732 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:14:46.0778 1732 defragsvc - ok
19:14:46.0793 1732 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:14:46.0809 1732 DfsC - ok
19:14:46.0840 1732 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:14:46.0840 1732 Dhcp - ok
19:14:46.0871 1732 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:14:46.0871 1732 discache - ok
19:14:46.0902 1732 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:14:46.0902 1732 Disk - ok
19:14:46.0965 1732 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:14:46.0965 1732 Dnscache - ok
19:14:46.0996 1732 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:14:46.0996 1732 dot3svc - ok
19:14:47.0043 1732 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
19:14:47.0043 1732 Dot4 - ok
19:14:47.0074 1732 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
19:14:47.0074 1732 Dot4Print - ok
19:14:47.0090 1732 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
19:14:47.0090 1732 dot4usb - ok
19:14:47.0136 1732 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:14:47.0136 1732 DPS - ok
19:14:47.0152 1732 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:14:47.0152 1732 drmkaud - ok
19:14:47.0214 1732 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:14:47.0230 1732 DXGKrnl - ok
19:14:47.0261 1732 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:14:47.0261 1732 EapHost - ok
19:14:47.0339 1732 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:14:47.0402 1732 ebdrv - ok
19:14:47.0448 1732 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:14:47.0448 1732 EFS - ok
19:14:47.0480 1732 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:14:47.0495 1732 ehRecvr - ok
19:14:47.0511 1732 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:14:47.0511 1732 ehSched - ok
19:14:47.0542 1732 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:14:47.0558 1732 ElbyCDIO - ok
19:14:47.0604 1732 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:14:47.0636 1732 elxstor - ok
19:14:47.0651 1732 [ 8ECA8C2F31BBBB1AC3ACBCDFA9AB286F ] emupia C:\Windows\system32\drivers\emupia2k.sys
19:14:47.0651 1732 emupia - ok
19:14:47.0698 1732 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:14:47.0698 1732 ErrDev - ok
19:14:47.0729 1732 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:14:47.0729 1732 EventSystem - ok
19:14:47.0745 1732 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:14:47.0745 1732 exfat - ok
19:14:47.0776 1732 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:14:47.0776 1732 fastfat - ok
19:14:47.0823 1732 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:14:47.0838 1732 Fax - ok
19:14:47.0838 1732 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:14:47.0838 1732 fdc - ok
19:14:47.0854 1732 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:14:47.0854 1732 fdPHost - ok
19:14:47.0870 1732 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:14:47.0870 1732 FDResPub - ok
19:14:47.0901 1732 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:14:47.0901 1732 FileInfo - ok
19:14:47.0916 1732 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:14:47.0916 1732 Filetrace - ok
19:14:47.0932 1732 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:14:47.0932 1732 flpydisk - ok
19:14:48.0026 1732 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:14:48.0041 1732 FltMgr - ok
19:14:48.0228 1732 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:14:48.0275 1732 FontCache - ok
19:14:48.0338 1732 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:14:48.0338 1732 FontCache3.0.0.0 - ok
19:14:48.0369 1732 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:14:48.0369 1732 FsDepends - ok
19:14:48.0400 1732 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:14:48.0400 1732 Fs_Rec - ok
19:14:48.0462 1732 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:14:48.0478 1732 fvevol - ok
19:14:48.0509 1732 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:14:48.0509 1732 gagp30kx - ok
19:14:48.0556 1732 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:14:48.0556 1732 GEARAspiWDM - ok
19:14:48.0634 1732 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:14:48.0650 1732 gpsvc - ok
19:14:48.0915 1732 [ 7464C4D841C61E36A6177A6CB8F4AA2E ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
19:14:48.0930 1732 ha20x22k - ok
19:14:49.0149 1732 [ D93CEFE9932DE9F969BB5D18C38E9566 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
19:14:49.0164 1732 ha20x2k - ok
19:14:49.0196 1732 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:14:49.0196 1732 hcw85cir - ok
19:14:49.0258 1732 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:14:49.0274 1732 HdAudAddService - ok
19:14:49.0305 1732 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:14:49.0320 1732 HDAudBus - ok
19:14:49.0320 1732 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:14:49.0320 1732 HidBatt - ok
19:14:49.0352 1732 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:14:49.0352 1732 HidBth - ok
19:14:49.0367 1732 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:14:49.0367 1732 HidIr - ok
19:14:49.0398 1732 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:14:49.0398 1732 hidserv - ok
19:14:49.0476 1732 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:14:49.0476 1732 HidUsb - ok
19:14:49.0570 1732 [ 00C71C3FB915BA353740999ADF447927 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
19:14:49.0570 1732 HiPatchService - ok
19:14:49.0632 1732 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:14:49.0632 1732 hkmsvc - ok
19:14:49.0679 1732 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:14:49.0679 1732 HomeGroupListener - ok
19:14:49.0742 1732 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:14:49.0757 1732 HomeGroupProvider - ok
19:14:49.0913 1732 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:14:49.0929 1732 hpqcxs08 - ok
19:14:49.0991 1732 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:14:50.0022 1732 hpqddsvc - ok
19:14:50.0210 1732 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:14:50.0241 1732 HpSAMD - ok
19:14:50.0849 1732 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:14:50.0896 1732 HPSLPSVC - ok
19:14:51.0021 1732 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:14:51.0036 1732 HTTP - ok
19:14:51.0083 1732 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:14:51.0099 1732 hwpolicy - ok
19:14:51.0161 1732 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:14:51.0161 1732 i8042prt - ok
19:14:51.0286 1732 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:14:51.0286 1732 iaStorV - ok
19:14:51.0364 1732 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:14:51.0380 1732 idsvc - ok
19:14:51.0395 1732 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:14:51.0395 1732 iirsp - ok
19:14:51.0520 1732 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:14:51.0520 1732 IKEEXT - ok
19:14:51.0551 1732 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:14:51.0551 1732 intelide - ok
19:14:51.0614 1732 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:14:51.0629 1732 intelppm - ok
19:14:51.0707 1732 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:14:51.0738 1732 IPBusEnum - ok
19:14:51.0801 1732 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:14:51.0801 1732 IpFilterDriver - ok
19:14:51.0894 1732 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:14:51.0910 1732 iphlpsvc - ok
19:14:51.0941 1732 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:14:51.0941 1732 IPMIDRV - ok
19:14:51.0988 1732 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:14:51.0988 1732 IPNAT - ok
19:14:52.0097 1732 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:14:52.0113 1732 iPod Service - ok
19:14:52.0160 1732 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:14:52.0160 1732 IRENUM - ok
19:14:52.0206 1732 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:14:52.0206 1732 isapnp - ok
19:14:52.0378 1732 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:14:52.0394 1732 iScsiPrt - ok
19:14:52.0472 1732 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:14:52.0487 1732 kbdclass - ok
19:14:52.0581 1732 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:14:52.0612 1732 kbdhid - ok
19:14:52.0659 1732 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:14:52.0659 1732 KeyIso - ok
19:14:53.0127 1732 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:14:53.0127 1732 KSecDD - ok
19:14:53.0267 1732 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:14:53.0330 1732 KSecPkg - ok
19:14:53.0454 1732 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:14:53.0454 1732 ksthunk - ok
19:14:53.0579 1732 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:14:53.0626 1732 KtmRm - ok
19:14:53.0876 1732 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:14:53.0922 1732 LanmanServer - ok
19:14:53.0985 1732 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:14:53.0985 1732 LanmanWorkstation - ok
19:14:54.0078 1732 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:14:54.0078 1732 LightScribeService - ok
19:14:54.0141 1732 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:14:54.0156 1732 lltdio - ok
19:14:54.0234 1732 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:14:54.0250 1732 lltdsvc - ok
19:14:54.0266 1732 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:14:54.0266 1732 lmhosts - ok
19:14:54.0281 1732 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:14:54.0281 1732 LSI_FC - ok
19:14:54.0312 1732 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:14:54.0344 1732 LSI_SAS - ok
19:14:54.0359 1732 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:14:54.0359 1732 LSI_SAS2 - ok
19:14:54.0375 1732 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:14:54.0375 1732 LSI_SCSI - ok
19:14:54.0422 1732 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:14:54.0422 1732 luafv - ok
19:14:54.0453 1732 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:14:54.0453 1732 MBAMProtector - ok
19:14:54.0578 1732 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:14:54.0578 1732 MBAMScheduler - ok
19:14:54.0640 1732 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:14:54.0656 1732 MBAMService - ok
19:14:54.0687 1732 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:14:54.0687 1732 Mcx2Svc - ok
19:14:54.0718 1732 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:14:54.0718 1732 megasas - ok
19:14:54.0780 1732 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:14:54.0780 1732 MegaSR - ok
19:14:54.0827 1732 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:14:54.0827 1732 MMCSS - ok
19:14:54.0858 1732 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:14:54.0858 1732 Modem - ok
19:14:54.0890 1732 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:14:54.0890 1732 monitor - ok
19:14:54.0936 1732 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:14:54.0936 1732 mouclass - ok
19:14:54.0983 1732 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:14:54.0999 1732 mouhid - ok
19:14:55.0030 1732 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:14:55.0030 1732 mountmgr - ok
19:14:55.0202 1732 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:14:55.0202 1732 MozillaMaintenance - ok
19:14:55.0248 1732 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:14:55.0248 1732 mpio - ok
19:14:55.0264 1732 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:14:55.0264 1732 mpsdrv - ok
19:14:55.0420 1732 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:14:55.0436 1732 MpsSvc - ok
19:14:55.0482 1732 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:14:55.0498 1732 MRxDAV - ok
19:14:55.0560 1732 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:14:55.0560 1732 mrxsmb - ok
19:14:55.0638 1732 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:14:55.0654 1732 mrxsmb10 - ok
19:14:55.0701 1732 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:14:55.0701 1732 mrxsmb20 - ok
19:14:55.0732 1732 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:14:55.0732 1732 msahci - ok
19:14:55.0826 1732 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
19:14:55.0826 1732 MSCamSvc - ok
19:14:55.0841 1732 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:14:55.0857 1732 msdsm - ok
19:14:55.0888 1732 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:14:55.0888 1732 MSDTC - ok
19:14:55.0950 1732 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:14:55.0950 1732 Msfs - ok
19:14:55.0966 1732 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:14:55.0966 1732 mshidkmdf - ok
19:14:56.0028 1732 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
19:14:56.0075 1732 MSHUSBVideo - ok
19:14:56.0106 1732 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:14:56.0106 1732 msisadrv - ok
19:14:56.0200 1732 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:14:56.0200 1732 MSiSCSI - ok
19:14:56.0216 1732 msiserver - ok
19:14:56.0247 1732 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:14:56.0262 1732 MSKSSRV - ok
19:14:56.0278 1732 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:14:56.0278 1732 MSPCLOCK - ok
19:14:56.0309 1732 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:14:56.0309 1732 MSPQM - ok
19:14:56.0403 1732 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:14:56.0403 1732 MsRPC - ok
19:14:56.0434 1732 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:14:56.0434 1732 mssmbios - ok
19:14:56.0496 1732 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:14:56.0496 1732 MSTEE - ok
19:14:56.0528 1732 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:14:56.0528 1732 MTConfig - ok
19:14:56.0590 1732 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:14:56.0590 1732 Mup - ok
19:14:56.0699 1732 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:14:56.0699 1732 napagent - ok
19:14:56.0793 1732 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:14:56.0793 1732 NativeWifiP - ok
19:14:57.0042 1732 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
19:14:57.0074 1732 NAUpdate - ok
19:14:57.0167 1732 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:14:57.0183 1732 NDIS - ok
19:14:57.0230 1732 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:14:57.0230 1732 NdisCap - ok
19:14:57.0245 1732 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:14:57.0245 1732 NdisTapi - ok
19:14:57.0292 1732 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:14:57.0292 1732 Ndisuio - ok
19:14:57.0339 1732 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:14:57.0354 1732 NdisWan - ok
19:14:57.0386 1732 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:14:57.0386 1732 NDProxy - ok
19:14:57.0495 1732 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:14:57.0526 1732 Net Driver HPZ12 - ok
19:14:57.0573 1732 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:14:57.0573 1732 NetBIOS - ok
19:14:57.0682 1732 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:14:57.0682 1732 NetBT - ok
19:14:57.0698 1732 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:14:57.0698 1732 Netlogon - ok
19:14:57.0807 1732 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:14:57.0807 1732 Netman - ok
19:14:57.0854 1732 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:14:57.0854 1732 netprofm - ok
19:14:57.0900 1732 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:14:57.0900 1732 NetTcpPortSharing - ok
19:14:57.0947 1732 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:14:57.0947 1732 nfrd960 - ok
19:14:58.0010 1732 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:14:58.0056 1732 NlaSvc - ok
19:14:58.0103 1732 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:14:58.0150 1732 Npfs - ok
19:14:58.0228 1732 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:14:58.0228 1732 nsi - ok
19:14:58.0259 1732 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:14:58.0275 1732 nsiproxy - ok
19:14:58.0571 1732 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:14:58.0618 1732 Ntfs - ok
19:14:58.0618 1732 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:14:58.0618 1732 Null - ok
19:14:58.0665 1732 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
19:14:58.0665 1732 NVENETFD - ok
19:14:58.0696 1732 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:14:58.0712 1732 nvraid - ok
19:14:58.0758 1732 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
19:14:58.0868 1732 nvsmu - ok
19:14:58.0992 1732 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:14:58.0992 1732 nvstor - ok
19:14:59.0117 1732 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:14:59.0211 1732 nv_agp - ok
19:14:59.0304 1732 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:14:59.0304 1732 ohci1394 - ok
19:14:59.0382 1732 [ 44A8CF12BF79E62A65A5F9E3087964C9 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
19:14:59.0382 1732 ossrv - ok
19:14:59.0429 1732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:14:59.0445 1732 p2pimsvc - ok
19:14:59.0648 1732 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:14:59.0663 1732 p2psvc - ok
19:14:59.0694 1732 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:14:59.0710 1732 Parport - ok
19:14:59.0866 1732 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:14:59.0897 1732 partmgr - ok
19:14:59.0960 1732 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:14:59.0960 1732 PcaSvc - ok
19:15:00.0006 1732 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:15:00.0022 1732 pci - ok
19:15:00.0053 1732 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:15:00.0069 1732 pciide - ok
19:15:00.0131 1732 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:15:00.0147 1732 pcmcia - ok
19:15:00.0162 1732 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:15:00.0162 1732 pcw - ok
19:15:00.0256 1732 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:15:00.0287 1732 PEAUTH - ok
19:15:01.0520 1732 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:15:01.0520 1732 PerfHost - ok
19:15:01.0816 1732 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:15:01.0832 1732 pla - ok
19:15:01.0972 1732 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:15:01.0972 1732 PlugPlay - ok
19:15:02.0534 1732 [ AE6C778717DE2F6B0C0B5335036D3363 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
19:15:02.0565 1732 PMBDeviceInfoProvider - ok
19:15:02.0658 1732 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:15:02.0658 1732 Pml Driver HPZ12 - ok
19:15:02.0721 1732 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:15:02.0721 1732 PNRPAutoReg - ok
19:15:02.0783 1732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:15:02.0783 1732 PNRPsvc - ok
19:15:02.0892 1732 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:15:02.0908 1732 PolicyAgent - ok
19:15:02.0986 1732 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:15:02.0986 1732 Power - ok
19:15:03.0048 1732 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:15:03.0048 1732 PptpMiniport - ok
19:15:03.0126 1732 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:15:03.0142 1732 Processor - ok
19:15:03.0220 1732 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:15:03.0220 1732 ProfSvc - ok
19:15:03.0251 1732 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:15:03.0251 1732 ProtectedStorage - ok
19:15:03.0392 1732 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:15:03.0407 1732 Psched - ok
19:15:03.0704 1732 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:15:03.0704 1732 PxHlpa64 - ok
19:15:03.0844 1732 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:15:03.0860 1732 ql2300 - ok
19:15:03.0938 1732 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:15:03.0938 1732 ql40xx - ok
19:15:04.0000 1732 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:15:04.0000 1732 QWAVE - ok
19:15:04.0031 1732 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:15:04.0047 1732 QWAVEdrv - ok
19:15:04.0062 1732 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:15:04.0078 1732 RasAcd - ok
19:15:04.0172 1732 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:15:04.0203 1732 RasAgileVpn - ok
19:15:04.0234 1732 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:15:04.0234 1732 RasAuto - ok
19:15:04.0359 1732 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:15:04.0359 1732 Rasl2tp - ok
19:15:04.0468 1732 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:15:04.0530 1732 RasMan - ok
19:15:04.0811 1732 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:15:04.0827 1732 RasPppoe - ok
19:15:04.0983 1732 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:15:04.0983 1732 RasSstp - ok
19:15:05.0076 1732 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:15:05.0092 1732 rdbss - ok
19:15:05.0170 1732 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:15:05.0170 1732 rdpbus - ok
19:15:05.0201 1732 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:15:05.0201 1732 RDPCDD - ok
19:15:05.0326 1732 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:15:05.0326 1732 RDPENCDD - ok
19:15:05.0373 1732 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:15:05.0373 1732 RDPREFMP - ok
19:15:05.0482 1732 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:15:05.0482 1732 RDPWD - ok
19:15:05.0560 1732 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:15:05.0576 1732 rdyboost - ok
19:15:05.0638 1732 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:15:05.0654 1732 RemoteAccess - ok
19:15:05.0716 1732 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:15:05.0716 1732 RemoteRegistry - ok
19:15:05.0747 1732 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:15:05.0747 1732 RpcEptMapper - ok
19:15:05.0810 1732 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:15:05.0825 1732 RpcLocator - ok
19:15:05.0934 1732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:15:05.0950 1732 RpcSs - ok
19:15:06.0028 1732 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:15:06.0028 1732 rspndr - ok
19:15:06.0059 1732 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:15:06.0059 1732 SamSs - ok
19:15:06.0122 1732 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:15:06.0122 1732 sbp2port - ok
19:15:06.0387 1732 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:15:06.0402 1732 SBSDWSCService - ok
19:15:06.0480 1732 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:15:06.0496 1732 SCardSvr - ok
19:15:06.0543 1732 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:15:06.0543 1732 scfilter - ok
19:15:06.0777 1732 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:15:06.0792 1732 Schedule - ok
19:15:06.0870 1732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:15:06.0870 1732 SCPolicySvc - ok
19:15:06.0948 1732 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:15:06.0948 1732 SDRSVC - ok
19:15:07.0182 1732 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:15:07.0182 1732 SeaPort - ok
19:15:07.0276 1732 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:15:07.0276 1732 secdrv - ok
19:15:07.0338 1732 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:15:07.0338 1732 seclogon - ok
19:15:07.0385 1732 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:15:07.0416 1732 SENS - ok
19:15:07.0448 1732 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:15:07.0448 1732 SensrSvc - ok
19:15:07.0541 1732 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:15:07.0557 1732 Serenum - ok
19:15:07.0635 1732 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:15:07.0635 1732 Serial - ok
19:15:07.0713 1732 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:15:07.0713 1732 sermouse - ok
19:15:07.0791 1732 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:15:07.0791 1732 SessionEnv - ok
19:15:07.0853 1732 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:15:07.0853 1732 sffdisk - ok
19:15:07.0900 1732 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:15:07.0900 1732 sffp_mmc - ok
19:15:07.0931 1732 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:15:07.0931 1732 sffp_sd - ok
19:15:07.0994 1732 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:15:07.0994 1732 sfloppy - ok
19:15:08.0150 1732 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:15:08.0150 1732 SharedAccess - ok
19:15:08.0290 1732 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:15:08.0290 1732 ShellHWDetection - ok
19:15:08.0368 1732 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:15:08.0368 1732 SiSRaid2 - ok
19:15:08.0415 1732 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:15:08.0430 1732 SiSRaid4 - ok
19:15:08.0555 1732 [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:15:08.0555 1732 SkypeUpdate - ok
19:15:08.0727 1732 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:15:08.0727 1732 Smb - ok
19:15:08.0992 1732 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:15:09.0008 1732 SNMPTRAP - ok
19:15:09.0070 1732 [ 7455ED832A33FEF453407F5411C3342D ] speedfan C:\Windows\syswow64\speedfan.sys
19:15:09.0086 1732 speedfan - ok
19:15:09.0164 1732 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:15:09.0164 1732 spldr - ok
19:15:09.0273 1732 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:15:09.0288 1732 Spooler - ok
19:15:09.0788 1732 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:15:09.0834 1732 sppsvc - ok
19:15:09.0850 1732 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:15:09.0850 1732 sppuinotify - ok
19:15:09.0881 1732 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:15:09.0881 1732 srv - ok
19:15:09.0912 1732 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:15:09.0912 1732 srv2 - ok
19:15:09.0975 1732 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:15:09.0975 1732 srvnet - ok
19:15:10.0037 1732 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:15:10.0053 1732 SSDPSRV - ok
19:15:10.0068 1732 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:15:10.0068 1732 SstpSvc - ok
19:15:10.0131 1732 Steam Client Service - ok
19:15:10.0162 1732 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:15:10.0162 1732 stexstor - ok
19:15:10.0318 1732 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:15:10.0349 1732 stisvc - ok
19:15:10.0396 1732 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:15:10.0396 1732 swenum - ok
19:15:10.0599 1732 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:15:10.0646 1732 SwitchBoard - ok
19:15:10.0895 1732 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:15:10.0926 1732 swprv - ok
19:15:11.0270 1732 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:15:11.0301 1732 SysMain - ok
19:15:11.0332 1732 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:15:11.0348 1732 TabletInputService - ok
19:15:11.0379 1732 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:15:11.0379 1732 TapiSrv - ok
19:15:11.0394 1732 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:15:11.0394 1732 TBS - ok
19:15:11.0457 1732 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:15:11.0488 1732 Tcpip - ok
19:15:11.0519 1732 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:15:11.0535 1732 TCPIP6 - ok
19:15:11.0566 1732 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:15:11.0566 1732 tcpipreg - ok
19:15:11.0597 1732 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:15:11.0597 1732 TDPIPE - ok
19:15:11.0628 1732 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:15:11.0660 1732 TDTCP - ok
19:15:11.0722 1732 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:15:11.0722 1732 tdx - ok
19:15:11.0753 1732 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:15:11.0753 1732 TermDD - ok
19:15:11.0800 1732 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:15:11.0816 1732 TermService - ok
19:15:11.0847 1732 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:15:11.0847 1732 Themes - ok
19:15:11.0862 1732 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:15:11.0862 1732 THREADORDER - ok
19:15:11.0878 1732 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:15:11.0878 1732 TrkWks - ok
19:15:11.0972 1732 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:15:11.0987 1732 TrustedInstaller - ok
19:15:12.0018 1732 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:15:12.0018 1732 tssecsrv - ok
19:15:12.0050 1732 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:15:12.0050 1732 TsUsbFlt - ok
19:15:12.0128 1732 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:15:12.0128 1732 tunnel - ok
19:15:12.0174 1732 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:15:12.0174 1732 uagp35 - ok
19:15:12.0284 1732 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:15:12.0284 1732 udfs - ok
19:15:12.0424 1732 [ C8E34D4F6F84B09CA67E20682C2C0737 ] UgnkgFjm C:\Windows\system32\drivers\UgnkgFjm.sys
19:15:12.0424 1732 UgnkgFjm - ok
19:15:12.0455 1732 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:15:12.0455 1732 UI0Detect - ok
19:15:12.0471 1732 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:15:12.0486 1732 uliagpkx - ok
19:15:12.0642 1732 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:15:12.0674 1732 umbus - ok
19:15:12.0720 1732 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:15:12.0720 1732 UmPass - ok
19:15:12.0736 1732 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:15:12.0752 1732 upnphost - ok
19:15:12.0783 1732 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:15:12.0783 1732 USBAAPL64 - ok
19:15:12.0845 1732 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:15:12.0876 1732 usbaudio - ok
19:15:12.0908 1732 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:15:12.0908 1732 usbccgp - ok
19:15:12.0970 1732 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:15:12.0986 1732 usbcir - ok
19:15:13.0001 1732 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:15:13.0001 1732 usbehci - ok
19:15:13.0017 1732 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
19:15:13.0017 1732 UsbFltr - ok
19:15:13.0048 1732 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:15:13.0048 1732 usbhub - ok
19:15:13.0064 1732 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:15:13.0079 1732 usbohci - ok
19:15:13.0110 1732 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:15:13.0110 1732 usbprint - ok
19:15:13.0173 1732 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:15:13.0188 1732 usbscan - ok
19:15:13.0204 1732 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:15:13.0204 1732 USBSTOR - ok
19:15:13.0235 1732 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:15:13.0235 1732 usbuhci - ok
19:15:13.0282 1732 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:15:13.0282 1732 usbvideo - ok
19:15:13.0329 1732 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:15:13.0329 1732 UxSms - ok
19:15:13.0360 1732 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:15:13.0360 1732 VaultSvc - ok
19:15:13.0407 1732 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
19:15:13.0407 1732 VClone - ok
19:15:13.0454 1732 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:15:13.0454 1732 vdrvroot - ok
19:15:13.0516 1732 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:15:13.0532 1732 vds - ok
19:15:13.0547 1732 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:15:13.0547 1732 vga - ok
19:15:13.0563 1732 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:15:13.0563 1732 VgaSave - ok
19:15:13.0672 1732 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:15:13.0672 1732 vhdmp - ok
19:15:13.0734 1732 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:15:13.0734 1732 viaide - ok
19:15:13.0812 1732 [ DE96EF88C1EB0CE2FE68BEC3DF1BCAAA ] VMUVC C:\Windows\system32\Drivers\VMUVC.sys
19:15:13.0812 1732 VMUVC - ok
19:15:13.0844 1732 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:15:13.0859 1732 volmgr - ok
19:15:13.0937 1732 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:15:13.0937 1732 volmgrx - ok
19:15:13.0953 1732 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:15:13.0968 1732 volsnap - ok
19:15:13.0984 1732 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:15:13.0984 1732 vsmraid - ok
19:15:14.0234 1732 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:15:14.0249 1732 VSS - ok
19:15:14.0343 1732 [ 9D9FE9E24F03AD87324245F516BEDAE5 ] vvftUVC C:\Windows\system32\drivers\vvftUVC.sys
19:15:14.0358 1732 vvftUVC - ok
19:15:14.0390 1732 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:15:14.0390 1732 vwifibus - ok
19:15:14.0436 1732 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:15:14.0436 1732 W32Time - ok
19:15:14.0468 1732 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:15:14.0468 1732 WacomPen - ok
19:15:14.0546 1732 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:15:14.0546 1732 WANARP - ok
19:15:14.0592 1732 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:15:14.0592 1732 Wanarpv6 - ok
19:15:14.0982 1732 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:15:14.0998 1732 WatAdminSvc - ok
19:15:15.0154 1732 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:15:15.0170 1732 wbengine - ok
19:15:15.0372 1732 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:15:15.0404 1732 WbioSrvc - ok
19:15:15.0544 1732 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:15:15.0575 1732 wcncsvc - ok
19:15:15.0591 1732 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:15:15.0606 1732 WcsPlugInService - ok
19:15:15.0731 1732 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:15:15.0731 1732 Wd - ok
19:15:15.0950 1732 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:15:16.0090 1732 Wdf01000 - ok
19:15:16.0152 1732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:15:16.0168 1732 WdiServiceHost - ok
19:15:16.0168 1732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:15:16.0168 1732 WdiSystemHost - ok
19:15:16.0246 1732 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:15:16.0262 1732 WebClient - ok
19:15:16.0308 1732 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:15:16.0340 1732 Wecsvc - ok
19:15:16.0371 1732 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:15:16.0371 1732 wercplsupport - ok
19:15:16.0418 1732 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:15:16.0418 1732 WerSvc - ok
19:15:16.0433 1732 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:15:16.0433 1732 WfpLwf - ok
19:15:16.0449 1732 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:15:16.0449 1732 WIMMount - ok
19:15:16.0480 1732 WinDefend - ok
19:15:16.0480 1732 WinHttpAutoProxySvc - ok
19:15:16.0574 1732 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:15:16.0574 1732 Winmgmt - ok
19:15:16.0745 1732 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:15:16.0776 1732 WinRM - ok
19:15:16.0917 1732 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:15:16.0948 1732 WinUsb - ok
19:15:17.0010 1732 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:15:17.0026 1732 Wlansvc - ok
19:15:17.0260 1732 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:15:17.0291 1732 wlidsvc - ok
19:15:17.0338 1732 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:15:17.0338 1732 WmiAcpi - ok
19:15:17.0416 1732 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:15:17.0416 1732 wmiApSrv - ok
19:15:17.0494 1732 WMPNetworkSvc - ok
19:15:17.0525 1732 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:15:17.0541 1732 WPCSvc - ok
19:15:17.0572 1732 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:15:17.0572 1732 WPDBusEnum - ok
19:15:17.0634 1732 [ C8E34D4F6F84B09CA67E20682C2C0737 ] WRkrn C:\Windows\system32\drivers\WRkrn.sys
19:15:17.0650 1732 WRkrn - ok
19:15:17.0822 1732 [ C4740DCA626F0C40628E507F528C26AD ] WRSVC C:\Program Files\Webroot\WRSA.exe
19:15:17.0822 1732 WRSVC - ok
19:15:17.0853 1732 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:15:17.0853 1732 ws2ifsl - ok
19:15:17.0884 1732 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:15:17.0884 1732 wscsvc - ok
19:15:17.0900 1732 WSearch - ok
19:15:17.0962 1732 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:15:18.0009 1732 wuauserv - ok
19:15:18.0056 1732 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:15:18.0056 1732 WudfPf - ok
19:15:18.0071 1732 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:15:18.0071 1732 WUDFRd - ok
19:15:18.0102 1732 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:15:18.0134 1732 wudfsvc - ok
19:15:18.0165 1732 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:15:18.0165 1732 WwanSvc - ok
19:15:18.0243 1732 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:15:18.0243 1732 YahooAUService - ok
19:15:18.0258 1732 ================ Scan global ===============================
19:15:18.0274 1732 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:15:18.0305 1732 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:15:18.0305 1732 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:15:18.0336 1732 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:15:18.0368 1732 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:15:18.0368 1732 [Global] - ok
19:15:18.0368 1732 ================ Scan MBR ==================================
19:15:18.0383 1732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:15:18.0742 1732 \Device\Harddisk0\DR0 - ok
19:15:18.0742 1732 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
19:15:18.0742 1732 \Device\Harddisk1\DR1 - ok
19:15:18.0742 1732 ================ Scan VBR ==================================
19:15:18.0742 1732 [ 856ABD699DEBB6470562EDA111FCB94D ] \Device\Harddisk0\DR0\Partition1
19:15:18.0742 1732 \Device\Harddisk0\DR0\Partition1 - ok
19:15:18.0758 1732 [ 876E72354CB71C1EB4F7C12984F64A76 ] \Device\Harddisk0\DR0\Partition2
19:15:18.0758 1732 \Device\Harddisk0\DR0\Partition2 - ok
19:15:18.0758 1732 [ DC5BC5EC37190E4F7908108FF74FB668 ] \Device\Harddisk1\DR1\Partition1
19:15:18.0758 1732 \Device\Harddisk1\DR1\Partition1 - ok
19:15:18.0758 1732 ============================================================
19:15:18.0758 1732 Scan finished
19:15:18.0758 1732 ============================================================
19:15:18.0773 1552 Detected object count: 0
19:15:18.0773 1552 Actual detected object count: 0
19:15:24.0467 2172 Deinitialize success



13:27:32.0457 6024 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:27:32.0787 6024 ============================================================
13:27:32.0787 6024 Current date / time: 2012/12/24 13:27:32.0787
13:27:32.0787 6024 SystemInfo:
13:27:32.0787 6024
13:27:32.0787 6024 OS Version: 6.1.7601 ServicePack: 1.0
13:27:32.0787 6024 Product type: Workstation
13:27:32.0787 6024 ComputerName: OWNER-PC
13:27:32.0787 6024 UserName: Owner
13:27:32.0787 6024 Windows directory: C:\Windows
13:27:32.0787 6024 System windows directory: C:\Windows
13:27:32.0788 6024 Running under WOW64
13:27:32.0788 6024 Processor architecture: Intel x64
13:27:32.0788 6024 Number of processors: 4
13:27:32.0788 6024 Page size: 0x1000
13:27:32.0788 6024 Boot type: Normal boot
13:27:32.0788 6024 ============================================================
13:27:34.0240 6024 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:27:34.0259 6024 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:27:34.0282 6024 ============================================================
13:27:34.0282 6024 \Device\Harddisk0\DR0:
13:27:34.0282 6024 MBR partitions:
13:27:34.0283 6024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:27:34.0283 6024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
13:27:34.0283 6024 \Device\Harddisk1\DR1:
13:27:34.0283 6024 MBR partitions:
13:27:34.0283 6024 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
13:27:34.0283 6024 ============================================================
13:27:34.0301 6024 C: <-> \Device\Harddisk0\DR0\Partition2
13:27:34.0320 6024 D: <-> \Device\Harddisk1\DR1\Partition1
13:27:34.0321 6024 ============================================================
13:27:34.0321 6024 Initialize success
13:27:34.0321 6024 ============================================================
13:28:15.0958 5272 Deinitialize success


14:05:43.0519 4052 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:05:43.0909 4052 ============================================================
14:05:43.0909 4052 Current date / time: 2012/12/24 14:05:43.0909
14:05:43.0909 4052 SystemInfo:
14:05:43.0909 4052
14:05:43.0909 4052 OS Version: 6.1.7601 ServicePack: 1.0
14:05:43.0909 4052 Product type: Workstation
14:05:43.0909 4052 ComputerName: OWNER-PC
14:05:43.0925 4052 UserName: Owner
14:05:43.0925 4052 Windows directory: C:\Windows
14:05:43.0925 4052 System windows directory: C:\Windows
14:05:43.0925 4052 Running under WOW64
14:05:43.0925 4052 Processor architecture: Intel x64
14:05:43.0925 4052 Number of processors: 4
14:05:43.0925 4052 Page size: 0x1000
14:05:43.0925 4052 Boot type: Normal boot
14:05:43.0925 4052 ============================================================
14:05:45.0360 4052 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:05:45.0360 4052 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:05:45.0422 4052 ============================================================
14:05:45.0422 4052 \Device\Harddisk0\DR0:
14:05:45.0422 4052 MBR partitions:
14:05:45.0422 4052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:05:45.0422 4052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
14:05:45.0422 4052 \Device\Harddisk1\DR1:
14:05:45.0438 4052 MBR partitions:
14:05:45.0438 4052 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:05:45.0438 4052 ============================================================
14:05:45.0453 4052 C: <-> \Device\Harddisk0\DR0\Partition2
14:05:45.0469 4052 D: <-> \Device\Harddisk1\DR1\Partition1
14:05:45.0469 4052 ============================================================
14:05:45.0469 4052 Initialize success
14:05:45.0469 4052 ============================================================
14:05:59.0868 4824 Deinitialize success


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-24 14:14:21
-----------------------------
14:14:21.046 OS Version: Windows x64 6.1.7601 Service Pack 1
14:14:21.046 Number of processors: 4 586 0x203
14:14:21.046 ComputerName: OWNER-PC UserName: Owner
14:14:22.684 Initialize success
14:15:36.645 AVAST engine defs: 12122402
14:16:10.388 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
14:16:10.403 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
14:16:10.403 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
14:16:10.403 Disk 1 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
14:16:10.419 Disk 0 MBR read successfully
14:16:10.435 Disk 0 MBR scan
14:16:10.435 Disk 0 Windows 7 default MBR code
14:16:10.450 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:16:10.497 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
14:16:10.606 Disk 0 scanning C:\Windows\system32\drivers
14:16:29.950 Service scanning
14:17:14.270 Modules scanning
14:17:14.270 Disk 0 trace - called modules:
14:17:14.285 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
14:17:14.301 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073d7060]
14:17:14.301 3 CLASSPNP.SYS[fffff88000db743f] -> nt!IofCallDriver -> [0xfffffa80066a8bb0]
14:17:14.301 5 ACPI.sys[fffff88000eeb7a1] -> nt!IofCallDriver -> \Device\0000006b[0xfffffa80066949c0]
14:17:18.794 AVAST engine scan C:\Windows
14:17:28.622 AVAST engine scan C:\Windows\system32
14:23:57.389 AVAST engine scan C:\Windows\system32\drivers
14:24:20.103 AVAST engine scan C:\Users\Owner
14:33:47.475 AVAST engine scan C:\ProgramData
14:37:02.897 Scan finished successfully
15:02:27.579 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
15:02:27.657 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 25 December 2012 - 05:43 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 xfreakazoidx

xfreakazoidx
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 25 December 2012 - 10:19 PM

Hi about to post results. I came home about an hour ago and when I started up a program the computer froze again (well pretty much). I checked the SVCHost and again it was 201,000kb. Restarted, went to this site and ran that program. Here are the results:

OTL logfile created on: 12/25/2012 10:08:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.23 Gb Available Physical Memory | 77.94% Memory free
16.00 Gb Paging File | 14.15 Gb Available in Paging File | 88.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 701.17 Gb Free Space | 75.28% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 790.53 Gb Free Space | 84.87% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\WRSA.exe (Webroot)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Windows\SysWOW64\CtxfiRes.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()


========== Services (SafeList) ==========

SRV:64bit: - (WRSVC) -- C:\Program Files\Webroot\WRSA.exe (Webroot)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (WRkrn) -- C:\Windows\SysNative\drivers\WRkrn.sys (Webroot)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VMUVC) -- C:\Windows\SysNative\drivers\vmuvc.sys (Vimicro Corporation)
DRV:64bit: - (vvftUVC) -- C:\Windows\SysNative\drivers\vvftUVC.sys (Vimicro Corporation)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\..\SearchScopes\{381D77B1-416C-4FBA-86FD-7B7D894CDB9D}: "URL" = http://www.bing.com/search?q={searchTerms}&r=
IE - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.6.2
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: {F86839EA-0A06-11E2-8271-B8AC6F996F26}:2.0.14
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/10 21:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/16 14:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/16 14:02:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/10 21:24:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F86839EA-0A06-11E2-8271-B8AC6F996F26}: C:\Users\Owner\AppData\Local\{F86839EA-0A06-11E2-8271-B8AC6F996F26}\ [2012/09/29 02:26:25 | 000,000,000 | ---D | M]

[2012/02/10 19:47:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/12/10 20:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n8zhwix.default\extensions
[2012/05/23 11:18:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n8zhwix.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/12/10 20:05:27 | 000,000,000 | ---D | M] (Webroot) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n8zhwix.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
[2012/07/03 04:18:16 | 000,185,600 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n8zhwix.default\extensions\artur.dubovoy@gmail.com.xpi
[2012/06/28 19:02:15 | 000,185,362 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n8zhwix.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/03/02 05:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/29 02:26:25 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\OWNER\APPDATA\LOCAL\{F86839EA-0A06-11E2-8271-B8AC6F996F26}
[2012/08/03 14:39:34 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/18 14:44:37 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/08/03 14:39:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/03 14:39:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: MSN Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Owner\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Splendid = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: WebFilter Pro - The best filtering addon! = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejgfoklefkbjadjcgjmnhfbdfjolojnn\0.19.6.9_0\
CHR - Extension: Webroot = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.0.15_0\
CHR - Extension: NASA TV = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgkoehjanjkafifocenpkkkffadaffgb\4.9.3_0\

O1 HOSTS File: ([2012/12/23 16:37:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll ()
O3 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000..\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll ()
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 10.4.1)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1031760-89C4-4315-BADE-2D9053F7E07E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/25 22:06:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/12/24 14:09:33 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\70302123.sys
[2012/12/23 17:00:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/23 17:00:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/12/23 16:53:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/23 16:21:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/12/23 03:52:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/23 03:52:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/23 03:52:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/23 03:52:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/23 03:52:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/23 03:52:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/23 03:52:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/23 03:52:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/23 03:52:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/23 03:52:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/23 03:52:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/23 03:52:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/23 03:52:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/23 03:52:01 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/23 03:52:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/23 03:51:11 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/23 03:51:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/23 03:51:10 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/23 03:51:09 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/23 03:48:39 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/23 03:48:38 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/23 03:48:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/23 03:48:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/23 03:48:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/23 03:48:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/23 03:48:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/23 03:48:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/23 03:48:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/23 03:48:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/23 03:48:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/23 03:48:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/23 03:48:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/23 03:48:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/23 03:48:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/23 03:48:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/23 03:48:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/23 03:48:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/23 03:48:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/23 03:48:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/23 03:48:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/23 03:48:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/23 03:48:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/23 03:48:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/23 03:48:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/23 03:48:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/23 03:48:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/23 03:48:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/23 03:48:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/23 03:48:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/23 03:48:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/23 03:48:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/23 03:48:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/23 03:48:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/23 03:48:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/23 03:48:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/23 03:48:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/23 03:48:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/23 03:48:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/23 03:48:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/23 03:48:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/23 03:48:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/23 03:48:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/23 03:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/23 03:48:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/23 03:48:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/23 03:46:38 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/23 03:46:37 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/17 20:09:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\AOL
[2012/12/17 20:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2012/12/10 22:02:11 | 000,000,000 | ---D | C] -- C:\Identity
[2012/12/08 14:14:07 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/08 14:14:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/12/08 14:13:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/08 14:13:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/08 14:13:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/12/08 14:13:11 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/12/08 14:13:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/12/08 14:13:07 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/12/08 14:13:07 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/12/08 14:13:07 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/12/08 14:13:07 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/12/08 14:13:07 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/12/08 14:13:07 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/12/08 14:13:07 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/12/08 14:13:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/12/08 14:13:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/12/08 14:13:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/12/08 14:13:07 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/12/08 14:13:07 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/12/08 14:13:06 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/12/08 14:13:06 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/12/08 14:13:06 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/12/08 14:13:06 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/12/08 14:13:06 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/12/08 14:13:05 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/12/08 14:13:05 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/12/08 14:02:35 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/12/08 14:02:33 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/12/08 14:02:32 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/12/08 14:02:32 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/12/08 14:00:33 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/12/08 14:00:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/12/08 14:00:33 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/12/08 14:00:32 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/12/08 14:00:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/12/08 14:00:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/12/08 14:00:28 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/12/08 14:00:28 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/12/08 14:00:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/12/08 14:00:22 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/12/08 14:00:21 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/12/08 13:58:55 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/12/08 13:58:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/12/08 13:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/12/06 07:24:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SPORE
[2012/12/02 00:33:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\4A Games
[2012/12/02 00:10:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\4A Games
[2012/12/02 00:06:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/12/02 00:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/02 00:05:11 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012/12/02 00:05:11 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012/12/02 00:05:11 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012/12/02 00:05:11 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012/12/02 00:05:07 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012/12/02 00:05:07 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012/11/11 22:55:58 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[24 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/25 22:12:56 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/25 22:12:56 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/25 22:10:26 | 000,739,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/25 22:10:26 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/25 22:10:26 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/25 22:06:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/12/25 22:05:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/25 22:05:09 | 2146,869,247 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/24 14:12:07 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012/12/24 14:12:07 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012/12/24 14:12:07 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012/12/24 14:09:34 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\70302123.sys
[2012/12/24 00:25:24 | 000,007,600 | ---- | M] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/12/23 16:37:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/23 16:20:21 | 000,150,776 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2012/12/23 16:20:21 | 000,103,408 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2012/12/23 03:59:16 | 005,068,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/22 15:25:08 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p17].bmp
[2012/12/22 15:25:06 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p16].bmp
[2012/12/22 15:25:04 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p15].bmp
[2012/12/22 15:25:01 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p14].bmp
[2012/12/22 15:24:59 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p13].bmp
[2012/12/22 15:24:56 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p12].bmp
[2012/12/22 15:24:53 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p11].bmp
[2012/12/22 15:24:45 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p10].bmp
[2012/12/22 15:24:43 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p09].bmp
[2012/12/22 15:24:41 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p08].bmp
[2012/12/22 15:24:39 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p07].bmp
[2012/12/22 15:24:37 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p06].bmp
[2012/12/22 15:24:34 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p05].bmp
[2012/12/22 15:24:32 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p04].bmp
[2012/12/22 15:24:30 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p03].bmp
[2012/12/22 15:24:28 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p02].bmp
[2012/12/22 15:24:26 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0008]-[p01].bmp
[2012/12/22 15:24:05 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p336].bmp
[2012/12/22 15:24:03 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p335].bmp
[2012/12/22 15:24:01 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p334].bmp
[2012/12/22 15:23:59 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p333].bmp
[2012/12/22 15:23:57 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p332].bmp
[2012/12/22 15:23:55 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p331].bmp
[2012/12/22 15:23:53 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p330].bmp
[2012/12/22 15:23:50 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p329].bmp
[2012/12/22 15:23:48 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p328].bmp
[2012/12/22 15:23:46 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p327].bmp
[2012/12/22 15:23:44 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p326].bmp
[2012/12/22 15:23:42 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p325].bmp
[2012/12/22 15:23:40 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p324].bmp
[2012/12/22 15:23:37 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p323].bmp
[2012/12/22 15:23:35 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p322].bmp
[2012/12/22 15:23:33 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p321].bmp
[2012/12/22 15:23:30 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p320].bmp
[2012/12/22 15:23:28 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p319].bmp
[2012/12/22 15:23:26 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p318].bmp
[2012/12/22 15:23:24 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p317].bmp
[2012/12/22 15:23:21 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p316].bmp
[2012/12/22 15:23:19 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p315].bmp
[2012/12/22 15:23:17 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p314].bmp
[2012/12/22 15:23:14 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p313].bmp
[2012/12/22 15:23:12 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p312].bmp
[2012/12/22 15:23:10 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p311].bmp
[2012/12/22 15:23:08 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p310].bmp
[2012/12/22 15:23:05 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p309].bmp
[2012/12/22 15:23:03 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p308].bmp
[2012/12/22 15:23:01 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p307].bmp
[2012/12/22 15:22:59 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p306].bmp
[2012/12/22 15:22:54 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p305].bmp
[2012/12/22 15:22:51 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p304].bmp
[2012/12/22 15:22:49 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p303].bmp
[2012/12/22 15:22:44 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p302].bmp
[2012/12/22 15:22:42 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p301].bmp
[2012/12/22 15:22:37 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p300].bmp
[2012/12/22 15:22:34 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p299].bmp
[2012/12/22 15:22:32 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p298].bmp
[2012/12/22 15:22:30 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p297].bmp
[2012/12/22 15:22:28 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p296].bmp
[2012/12/22 15:22:26 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p295].bmp
[2012/12/22 15:22:24 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p294].bmp
[2012/12/22 15:22:22 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p293].bmp
[2012/12/22 15:22:19 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p292].bmp
[2012/12/22 15:22:17 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p291].bmp
[2012/12/22 15:22:15 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p290].bmp
[2012/12/22 15:22:13 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p289].bmp
[2012/12/22 15:22:11 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p288].bmp
[2012/12/22 15:22:09 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p287].bmp
[2012/12/22 15:22:06 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p286].bmp
[2012/12/22 15:22:04 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p285].bmp
[2012/12/22 15:22:02 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p284].bmp
[2012/12/22 15:22:00 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p283].bmp
[2012/12/22 15:21:57 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p282].bmp
[2012/12/22 15:21:55 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p281].bmp
[2012/12/22 15:21:53 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p280].bmp
[2012/12/22 15:21:50 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p279].bmp
[2012/12/22 15:21:46 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p278].bmp
[2012/12/22 15:21:38 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p277].bmp
[2012/12/22 15:21:32 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p276].bmp
[2012/12/22 15:21:30 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p275].bmp
[2012/12/22 15:21:28 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p274].bmp
[2012/12/22 15:21:26 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p273].bmp
[2012/12/22 15:21:24 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p272].bmp
[2012/12/22 15:21:22 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p271].bmp
[2012/12/22 15:21:19 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p270].bmp
[2012/12/22 15:21:17 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p269].bmp
[2012/12/22 15:20:57 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p268].bmp
[2012/12/22 15:20:55 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p267].bmp
[2012/12/22 15:20:53 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p266].bmp
[2012/12/22 15:20:51 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p265].bmp
[2012/12/22 15:20:48 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p264].bmp
[2012/12/22 15:20:46 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p263].bmp
[2012/12/22 15:20:44 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p262].bmp
[2012/12/22 15:20:37 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p261].bmp
[2012/12/22 15:20:35 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p260].bmp
[2012/12/22 15:20:33 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p259].bmp
[2012/12/22 15:20:31 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p258].bmp
[2012/12/22 15:20:29 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p257].bmp
[2012/12/22 15:20:27 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p256].bmp
[2012/12/22 15:20:25 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p255].bmp
[2012/12/22 15:20:22 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p254].bmp
[2012/12/22 15:20:20 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p253].bmp
[2012/12/22 15:20:15 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p252].bmp
[2012/12/22 15:20:13 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p251].bmp
[2012/12/22 15:20:11 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p250].bmp
[2012/12/22 15:20:09 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p249].bmp
[2012/12/22 15:20:05 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p248].bmp
[2012/12/22 15:20:03 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p247].bmp
[2012/12/22 15:20:01 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p246].bmp
[2012/12/22 15:19:58 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p245].bmp
[2012/12/22 15:19:56 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p244].bmp
[2012/12/22 15:19:46 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p243].bmp
[2012/12/22 15:19:44 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p242].bmp
[2012/12/22 15:19:42 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p241].bmp
[2012/12/22 15:19:40 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p240].bmp
[2012/12/22 15:19:36 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p239].bmp
[2012/12/22 15:19:34 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p238].bmp
[2012/12/22 15:19:32 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p237].bmp
[2012/12/22 15:19:30 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p236].bmp
[2012/12/22 15:19:28 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p235].bmp
[2012/12/22 15:19:26 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p234].bmp
[2012/12/22 15:19:24 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p233].bmp
[2012/12/22 15:19:22 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p232].bmp
[2012/12/22 15:19:19 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p231].bmp
[2012/12/22 15:19:17 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p230].bmp
[2012/12/22 15:19:15 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p229].bmp
[2012/12/22 15:19:13 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p228].bmp
[2012/12/22 15:19:11 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p227].bmp
[2012/12/22 15:19:09 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p226].bmp
[2012/12/22 15:18:59 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p225].bmp
[2012/12/22 15:18:57 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p224].bmp
[2012/12/22 15:18:55 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p223].bmp
[2012/12/22 15:18:52 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p222].bmp
[2012/12/22 15:18:50 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p221].bmp
[2012/12/22 15:18:48 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p220].bmp
[2012/12/22 15:18:45 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p219].bmp
[2012/12/22 15:18:43 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p218].bmp
[2012/12/22 15:18:40 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p217].bmp
[2012/12/22 15:18:38 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p216].bmp
[2012/12/22 15:18:36 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p215].bmp
[2012/12/22 15:18:34 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p214].bmp
[2012/12/22 15:18:32 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p213].bmp
[2012/12/22 15:18:30 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p212].bmp
[2012/12/22 15:18:27 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p211].bmp
[2012/12/22 15:18:25 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p210].bmp
[2012/12/22 15:18:23 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p209].bmp
[2012/12/22 15:18:21 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p208].bmp
[2012/12/22 15:18:19 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p207].bmp
[2012/12/22 15:18:17 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p206].bmp
[2012/12/22 15:18:14 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p205].bmp
[2012/12/22 15:18:12 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p204].bmp
[2012/12/22 15:18:10 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p203].bmp
[2012/12/22 15:18:08 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p202].bmp
[2012/12/22 15:18:05 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p201].bmp
[2012/12/22 15:18:03 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p200].bmp
[2012/12/22 15:18:00 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p199].bmp
[2012/12/22 15:17:58 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p198].bmp
[2012/12/22 15:17:56 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p197].bmp
[2012/12/22 15:17:53 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p196].bmp
[2012/12/22 15:17:51 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p195].bmp
[2012/12/22 15:17:49 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p194].bmp
[2012/12/22 15:17:47 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p193].bmp
[2012/12/22 15:17:45 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p192].bmp
[2012/12/22 15:17:43 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p191].bmp
[2012/12/22 15:17:40 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p190].bmp
[2012/12/22 15:17:38 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p189].bmp
[2012/12/22 15:17:36 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p188].bmp
[2012/12/22 15:17:34 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p187].bmp
[2012/12/22 15:17:32 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p186].bmp
[2012/12/22 15:17:29 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p185].bmp
[2012/12/22 15:17:27 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p184].bmp
[2012/12/22 15:17:25 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p183].bmp
[2012/12/22 15:17:23 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p182].bmp
[2012/12/22 15:17:21 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p181].bmp
[2012/12/22 15:17:19 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p180].bmp
[2012/12/22 15:17:17 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p179].bmp
[2012/12/22 15:17:14 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p178].bmp
[2012/12/22 15:17:12 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p177].bmp
[2012/12/22 15:17:10 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p176].bmp
[2012/12/22 15:17:08 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p175].bmp
[2012/12/22 15:17:06 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p174].bmp
[2012/12/22 15:17:04 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p173].bmp
[2012/12/22 15:17:01 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p172].bmp
[2012/12/22 15:16:59 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p171].bmp
[2012/12/22 15:16:57 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p170].bmp
[2012/12/22 15:16:55 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p169].bmp
[2012/12/22 15:16:53 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p168].bmp
[2012/12/22 15:16:51 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p167].bmp
[2012/12/22 15:16:49 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p166].bmp
[2012/12/22 15:16:47 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p165].bmp
[2012/12/22 15:16:44 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p164].bmp
[2012/12/22 15:16:42 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p163].bmp
[2012/12/22 15:16:40 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p162].bmp
[2012/12/22 15:16:38 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p161].bmp
[2012/12/22 15:16:36 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p160].bmp
[2012/12/22 15:16:34 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p159].bmp
[2012/12/22 15:16:32 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p158].bmp
[2012/12/22 15:16:29 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p157].bmp
[2012/12/22 15:16:27 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p156].bmp
[2012/12/22 15:16:25 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p155].bmp
[2012/12/22 15:16:23 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p154].bmp
[2012/12/22 15:16:21 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p153].bmp
[2012/12/22 15:16:19 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p152].bmp
[2012/12/22 15:16:17 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p151].bmp
[2012/12/22 15:16:14 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p150].bmp
[2012/12/22 15:16:12 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p149].bmp
[2012/12/22 15:16:10 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p148].bmp
[2012/12/22 15:16:08 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p147].bmp
[2012/12/22 15:16:06 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p146].bmp
[2012/12/22 15:16:04 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p145].bmp
[2012/12/22 15:16:02 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p144].bmp
[2012/12/22 15:16:00 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p143].bmp
[2012/12/22 15:15:58 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p142].bmp
[2012/12/22 15:15:55 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p141].bmp
[2012/12/22 15:15:53 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p140].bmp
[2012/12/22 15:15:51 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p139].bmp
[2012/12/22 15:15:49 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p138].bmp
[2012/12/22 15:15:47 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p137].bmp
[2012/12/22 15:15:45 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p136].bmp
[2012/12/22 15:15:43 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p135].bmp
[2012/12/22 15:15:41 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p134].bmp
[2012/12/22 15:15:39 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p133].bmp
[2012/12/22 15:15:37 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p132].bmp
[2012/12/22 15:15:35 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p131].bmp
[2012/12/22 15:15:33 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p130].bmp
[2012/12/22 15:15:31 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p129].bmp
[2012/12/22 15:15:29 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p128].bmp
[2012/12/22 15:15:27 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p127].bmp
[2012/12/22 15:15:25 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p126].bmp
[2012/12/22 15:15:23 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p125].bmp
[2012/12/22 15:15:21 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p124].bmp
[2012/12/22 15:15:19 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p123].bmp
[2012/12/22 15:15:17 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p122].bmp
[2012/12/22 15:15:15 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p121].bmp
[2012/12/22 15:15:13 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p120].bmp
[2012/12/22 15:15:11 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p119].bmp
[2012/12/22 15:15:09 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p118].bmp
[2012/12/22 15:15:07 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p117].bmp
[2012/12/22 15:15:05 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p116].bmp
[2012/12/22 15:15:03 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p115].bmp
[2012/12/22 15:15:00 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p114].bmp
[2012/12/22 15:14:58 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p113].bmp
[2012/12/22 15:14:56 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p112].bmp
[2012/12/22 15:14:54 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p111].bmp
[2012/12/22 15:14:52 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p110].bmp
[2012/12/22 15:14:50 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p109].bmp
[2012/12/22 15:14:48 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p108].bmp
[2012/12/22 15:14:46 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p107].bmp
[2012/12/22 15:14:44 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p106].bmp
[2012/12/22 15:14:42 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p105].bmp
[2012/12/22 15:14:40 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p104].bmp
[2012/12/22 15:14:38 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p103].bmp
[2012/12/22 15:14:36 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p102].bmp
[2012/12/22 15:14:34 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p101].bmp
[2012/12/22 15:14:31 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p100].bmp
[2012/12/22 15:14:29 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p99].bmp
[2012/12/22 15:14:27 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p98].bmp
[2012/12/22 15:14:25 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p97].bmp
[2012/12/22 15:14:23 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p96].bmp
[2012/12/22 15:14:21 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p95].bmp
[2012/12/22 15:14:19 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p94].bmp
[2012/12/22 15:14:17 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p93].bmp
[2012/12/22 15:14:15 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p92].bmp
[2012/12/22 15:14:13 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p91].bmp
[2012/12/22 15:14:11 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p90].bmp
[2012/12/22 15:14:09 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p89].bmp
[2012/12/22 15:14:07 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p88].bmp
[2012/12/22 15:14:04 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p87].bmp
[2012/12/22 15:14:02 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p86].bmp
[2012/12/22 15:14:00 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p85].bmp
[2012/12/22 15:13:58 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p84].bmp
[2012/12/22 15:13:56 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p83].bmp
[2012/12/22 15:13:54 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p82].bmp
[2012/12/22 15:13:52 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p81].bmp
[2012/12/22 15:13:50 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p80].bmp
[2012/12/22 15:13:48 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p79].bmp
[2012/12/22 15:13:46 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p78].bmp
[2012/12/22 15:13:44 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p77].bmp
[2012/12/22 15:13:42 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p76].bmp
[2012/12/22 15:13:39 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p75].bmp
[2012/12/22 15:13:37 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p74].bmp
[2012/12/22 15:13:35 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p73].bmp
[2012/12/22 15:13:33 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p72].bmp
[2012/12/22 15:13:31 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p71].bmp
[2012/12/22 15:13:29 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p70].bmp
[2012/12/22 15:13:27 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p69].bmp
[2012/12/22 15:13:25 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p68].bmp
[2012/12/22 15:13:23 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p67].bmp
[2012/12/22 15:13:21 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p66].bmp
[2012/12/22 15:13:19 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p65].bmp
[2012/12/22 15:13:16 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p64].bmp
[2012/12/22 15:13:14 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p63].bmp
[2012/12/22 15:13:12 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p62].bmp
[2012/12/22 15:13:10 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p61].bmp
[2012/12/22 15:13:08 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p60].bmp
[2012/12/22 15:13:06 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p59].bmp
[2012/12/22 15:13:04 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p58].bmp
[2012/12/22 15:13:02 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p57].bmp
[2012/12/22 15:13:00 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p56].bmp
[2012/12/22 15:12:58 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p55].bmp
[2012/12/22 15:12:55 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p54].bmp
[2012/12/22 15:12:53 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p53].bmp
[2012/12/22 15:12:51 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p52].bmp
[2012/12/22 15:12:49 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p51].bmp
[2012/12/22 15:12:47 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p50].bmp
[2012/12/22 15:12:45 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p49].bmp
[2012/12/22 15:12:42 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p48].bmp
[2012/12/22 15:12:40 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p47].bmp
[2012/12/22 15:12:38 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p46].bmp
[2012/12/22 15:12:36 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p45].bmp
[2012/12/22 15:12:34 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p44].bmp
[2012/12/22 15:12:32 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p43].bmp
[2012/12/22 15:12:30 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p42].bmp
[2012/12/22 15:12:27 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p41].bmp
[2012/12/22 15:12:25 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p40].bmp
[2012/12/22 15:12:19 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p39].bmp
[2012/12/22 15:12:17 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p38].bmp
[2012/12/22 15:12:15 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p37].bmp
[2012/12/22 15:12:13 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p36].bmp
[2012/12/22 15:12:11 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p35].bmp
[2012/12/22 15:12:09 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p34].bmp
[2012/12/22 15:12:06 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p33].bmp
[2012/12/22 15:12:04 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p32].bmp
[2012/12/22 15:12:02 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p31].bmp
[2012/12/22 15:12:00 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p30].bmp
[2012/12/22 15:11:58 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p29].bmp
[2012/12/22 15:11:55 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p28].bmp
[2012/12/22 15:11:53 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p27].bmp
[2012/12/22 15:11:49 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p26].bmp
[2012/12/22 15:11:47 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p25].bmp
[2012/12/22 15:11:45 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p24].bmp
[2012/12/22 15:11:43 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p23].bmp
[2012/12/22 15:11:41 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p22].bmp
[2012/12/22 15:11:38 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p21].bmp
[2012/12/22 15:11:36 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p20].bmp
[2012/12/22 15:11:34 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p19].bmp
[2012/12/22 15:11:32 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p18].bmp
[2012/12/22 15:11:30 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p17].bmp
[2012/12/22 15:11:28 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p16].bmp
[2012/12/22 15:11:26 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p15].bmp
[2012/12/22 15:11:24 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p14].bmp
[2012/12/22 15:11:22 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p13].bmp
[2012/12/22 15:11:20 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p12].bmp
[2012/12/22 15:11:17 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p11].bmp
[2012/12/22 15:11:15 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p10].bmp
[2012/12/22 15:11:13 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p09].bmp
[2012/12/22 15:11:11 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p08].bmp
[2012/12/22 15:11:09 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p07].bmp
[2012/12/22 15:11:07 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p06].bmp
[2012/12/22 15:11:05 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p05].bmp
[2012/12/22 15:11:02 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p04].bmp
[2012/12/22 15:11:00 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p03].bmp
[2012/12/22 15:10:57 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p02].bmp
[2012/12/22 15:10:55 | 002,447,334 | ---- | M] () -- C:\Users\Owner\AppData\Local\[j0007]-[p01].bmp
[2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/10 20:05:40 | 009,842,040 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2012/12/10 20:05:40 | 000,002,204 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
[2012/12/10 20:05:27 | 000,002,204 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
[2012/12/10 20:03:47 | 000,110,672 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2012/12/09 14:55:49 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/12/02 00:17:40 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/02 00:17:39 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[24 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/24 00:39:39 | 000,007,605 | ---- | C] () -- C:\Users\Owner\Desktop\List of Items (dhaz).rtf
[2012/12/24 00:39:39 | 000,007,325 | ---- | C] () -- C:\Users\Owner\Desktop\List of Items (matt).rtf
[2012/12/22 15:25:07 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p17].bmp
[2012/12/22 15:25:05 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p16].bmp
[2012/12/22 15:25:03 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p15].bmp
[2012/12/22 15:25:00 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p14].bmp
[2012/12/22 15:24:58 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p13].bmp
[2012/12/22 15:24:55 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p12].bmp
[2012/12/22 15:24:52 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p11].bmp
[2012/12/22 15:24:44 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p10].bmp
[2012/12/22 15:24:42 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p09].bmp
[2012/12/22 15:24:40 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p08].bmp
[2012/12/22 15:24:38 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p07].bmp
[2012/12/22 15:24:36 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p06].bmp
[2012/12/22 15:24:34 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p05].bmp
[2012/12/22 15:24:31 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p04].bmp
[2012/12/22 15:24:29 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p03].bmp
[2012/12/22 15:24:27 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p02].bmp
[2012/12/22 15:24:26 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0008]-[p01].bmp
[2012/12/22 15:24:04 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p336].bmp
[2012/12/22 15:24:02 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p335].bmp
[2012/12/22 15:24:00 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p334].bmp
[2012/12/22 15:23:58 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p333].bmp
[2012/12/22 15:23:56 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p332].bmp
[2012/12/22 15:23:54 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p331].bmp
[2012/12/22 15:23:52 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p330].bmp
[2012/12/22 15:23:49 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p329].bmp
[2012/12/22 15:23:47 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p328].bmp
[2012/12/22 15:23:45 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p327].bmp
[2012/12/22 15:23:43 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p326].bmp
[2012/12/22 15:23:41 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p325].bmp
[2012/12/22 15:23:39 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p324].bmp
[2012/12/22 15:23:36 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p323].bmp
[2012/12/22 15:23:34 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p322].bmp
[2012/12/22 15:23:32 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p321].bmp
[2012/12/22 15:23:29 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p320].bmp
[2012/12/22 15:23:27 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p319].bmp
[2012/12/22 15:23:25 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p318].bmp
[2012/12/22 15:23:23 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p317].bmp
[2012/12/22 15:23:21 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p316].bmp
[2012/12/22 15:23:18 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p315].bmp
[2012/12/22 15:23:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p314].bmp
[2012/12/22 15:23:13 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p313].bmp
[2012/12/22 15:23:11 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p312].bmp
[2012/12/22 15:23:09 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p311].bmp
[2012/12/22 15:23:07 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p310].bmp
[2012/12/22 15:23:04 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p309].bmp
[2012/12/22 15:23:02 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p308].bmp
[2012/12/22 15:23:00 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p307].bmp
[2012/12/22 15:22:58 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p306].bmp
[2012/12/22 15:22:53 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p305].bmp
[2012/12/22 15:22:51 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p304].bmp
[2012/12/22 15:22:45 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p303].bmp
[2012/12/22 15:22:43 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p302].bmp
[2012/12/22 15:22:38 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p301].bmp
[2012/12/22 15:22:36 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p300].bmp
[2012/12/22 15:22:34 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p299].bmp
[2012/12/22 15:22:32 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p298].bmp
[2012/12/22 15:22:29 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p297].bmp
[2012/12/22 15:22:27 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p296].bmp
[2012/12/22 15:22:25 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p295].bmp
[2012/12/22 15:22:23 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p294].bmp
[2012/12/22 15:22:21 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p293].bmp
[2012/12/22 15:22:18 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p292].bmp
[2012/12/22 15:22:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p291].bmp
[2012/12/22 15:22:14 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p290].bmp
[2012/12/22 15:22:12 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p289].bmp
[2012/12/22 15:22:10 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p288].bmp
[2012/12/22 15:22:08 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p287].bmp
[2012/12/22 15:22:05 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p286].bmp
[2012/12/22 15:22:03 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p285].bmp
[2012/12/22 15:22:01 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p284].bmp
[2012/12/22 15:21:59 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p283].bmp
[2012/12/22 15:21:56 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p282].bmp
[2012/12/22 15:21:54 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p281].bmp
[2012/12/22 15:21:52 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p280].bmp
[2012/12/22 15:21:47 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p279].bmp
[2012/12/22 15:21:45 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p278].bmp
[2012/12/22 15:21:37 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p277].bmp
[2012/12/22 15:21:31 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p276].bmp
[2012/12/22 15:21:29 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p275].bmp
[2012/12/22 15:21:27 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p274].bmp
[2012/12/22 15:21:25 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p273].bmp
[2012/12/22 15:21:23 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p272].bmp
[2012/12/22 15:21:21 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p271].bmp
[2012/12/22 15:21:19 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p270].bmp
[2012/12/22 15:21:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p269].bmp
[2012/12/22 15:20:56 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p268].bmp
[2012/12/22 15:20:54 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p267].bmp
[2012/12/22 15:20:52 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p266].bmp
[2012/12/22 15:20:49 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p265].bmp
[2012/12/22 15:20:47 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p264].bmp
[2012/12/22 15:20:45 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p263].bmp
[2012/12/22 15:20:43 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p262].bmp
[2012/12/22 15:20:36 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p261].bmp
[2012/12/22 15:20:34 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p260].bmp
[2012/12/22 15:20:32 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p259].bmp
[2012/12/22 15:20:30 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p258].bmp
[2012/12/22 15:20:28 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p257].bmp
[2012/12/22 15:20:26 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p256].bmp
[2012/12/22 15:20:24 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p255].bmp
[2012/12/22 15:20:21 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p254].bmp
[2012/12/22 15:20:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p253].bmp
[2012/12/22 15:20:14 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p252].bmp
[2012/12/22 15:20:12 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p251].bmp
[2012/12/22 15:20:10 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p250].bmp
[2012/12/22 15:20:08 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p249].bmp
[2012/12/22 15:20:04 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p248].bmp
[2012/12/22 15:20:02 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p247].bmp
[2012/12/22 15:20:00 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p246].bmp
[2012/12/22 15:19:58 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p245].bmp
[2012/12/22 15:19:47 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p244].bmp
[2012/12/22 15:19:45 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p243].bmp
[2012/12/22 15:19:43 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p242].bmp
[2012/12/22 15:19:41 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p241].bmp
[2012/12/22 15:19:38 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p240].bmp
[2012/12/22 15:19:36 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p239].bmp
[2012/12/22 15:19:34 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p238].bmp
[2012/12/22 15:19:32 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p237].bmp
[2012/12/22 15:19:29 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p236].bmp
[2012/12/22 15:19:27 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p235].bmp
[2012/12/22 15:19:25 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p234].bmp
[2012/12/22 15:19:23 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p233].bmp
[2012/12/22 15:19:21 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p232].bmp
[2012/12/22 15:19:19 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p231].bmp
[2012/12/22 15:19:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p230].bmp
[2012/12/22 15:19:14 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p229].bmp
[2012/12/22 15:19:12 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p228].bmp
[2012/12/22 15:19:10 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p227].bmp
[2012/12/22 15:19:05 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p226].bmp
[2012/12/22 15:18:58 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p225].bmp
[2012/12/22 15:18:56 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p224].bmp
[2012/12/22 15:18:54 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p223].bmp
[2012/12/22 15:18:52 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p222].bmp
[2012/12/22 15:18:49 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p221].bmp
[2012/12/22 15:18:46 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p220].bmp
[2012/12/22 15:18:44 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p219].bmp
[2012/12/22 15:18:42 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p218].bmp
[2012/12/22 15:18:40 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p217].bmp
[2012/12/22 15:18:37 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p216].bmp
[2012/12/22 15:18:35 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p215].bmp
[2012/12/22 15:18:33 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p214].bmp
[2012/12/22 15:18:31 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p213].bmp
[2012/12/22 15:18:29 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p212].bmp
[2012/12/22 15:18:27 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p211].bmp
[2012/12/22 15:18:24 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p210].bmp
[2012/12/22 15:18:22 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p209].bmp
[2012/12/22 15:18:20 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p208].bmp
[2012/12/22 15:18:18 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p207].bmp
[2012/12/22 15:18:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p206].bmp
[2012/12/22 15:18:14 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p205].bmp
[2012/12/22 15:18:12 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p204].bmp
[2012/12/22 15:18:09 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p203].bmp
[2012/12/22 15:18:06 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p202].bmp
[2012/12/22 15:18:04 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p201].bmp
[2012/12/22 15:18:02 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p200].bmp
[2012/12/22 15:18:00 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p199].bmp
[2012/12/22 15:17:57 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p198].bmp
[2012/12/22 15:17:55 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p197].bmp
[2012/12/22 15:17:53 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p196].bmp
[2012/12/22 15:17:50 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p195].bmp
[2012/12/22 15:17:48 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p194].bmp
[2012/12/22 15:17:46 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p193].bmp
[2012/12/22 15:17:44 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p192].bmp
[2012/12/22 15:17:42 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p191].bmp
[2012/12/22 15:17:39 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p190].bmp
[2012/12/22 15:17:37 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p189].bmp
[2012/12/22 15:17:35 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p188].bmp
[2012/12/22 15:17:33 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p187].bmp
[2012/12/22 15:17:31 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p186].bmp
[2012/12/22 15:17:28 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p185].bmp
[2012/12/22 15:17:26 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p184].bmp
[2012/12/22 15:17:24 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p183].bmp
[2012/12/22 15:17:22 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p182].bmp
[2012/12/22 15:17:20 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p181].bmp
[2012/12/22 15:17:18 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p180].bmp
[2012/12/22 15:17:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p179].bmp
[2012/12/22 15:17:13 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p178].bmp
[2012/12/22 15:17:11 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p177].bmp
[2012/12/22 15:17:09 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p176].bmp
[2012/12/22 15:17:07 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p175].bmp
[2012/12/22 15:17:05 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p174].bmp
[2012/12/22 15:17:03 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p173].bmp
[2012/12/22 15:17:01 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p172].bmp
[2012/12/22 15:16:59 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p171].bmp
[2012/12/22 15:16:56 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p170].bmp
[2012/12/22 15:16:54 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p169].bmp
[2012/12/22 15:16:52 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p168].bmp
[2012/12/22 15:16:50 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p167].bmp
[2012/12/22 15:16:48 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p166].bmp
[2012/12/22 15:16:46 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p165].bmp
[2012/12/22 15:16:44 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p164].bmp
[2012/12/22 15:16:41 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p163].bmp
[2012/12/22 15:16:39 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p162].bmp
[2012/12/22 15:16:37 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p161].bmp
[2012/12/22 15:16:35 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p160].bmp
[2012/12/22 15:16:33 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p159].bmp
[2012/12/22 15:16:31 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p158].bmp
[2012/12/22 15:16:29 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p157].bmp
[2012/12/22 15:16:26 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p156].bmp
[2012/12/22 15:16:24 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p155].bmp
[2012/12/22 15:16:22 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p154].bmp
[2012/12/22 15:16:20 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p153].bmp
[2012/12/22 15:16:18 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p152].bmp
[2012/12/22 15:16:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p151].bmp
[2012/12/22 15:16:13 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p150].bmp
[2012/12/22 15:16:11 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p149].bmp
[2012/12/22 15:16:09 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p148].bmp
[2012/12/22 15:16:07 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p147].bmp
[2012/12/22 15:16:05 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p146].bmp
[2012/12/22 15:16:03 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p145].bmp
[2012/12/22 15:16:01 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p144].bmp
[2012/12/22 15:15:59 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p143].bmp
[2012/12/22 15:15:57 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p142].bmp
[2012/12/22 15:15:55 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p141].bmp
[2012/12/22 15:15:52 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p140].bmp
[2012/12/22 15:15:50 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p139].bmp
[2012/12/22 15:15:48 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p138].bmp
[2012/12/22 15:15:46 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p137].bmp
[2012/12/22 15:15:44 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p136].bmp
[2012/12/22 15:15:42 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p135].bmp
[2012/12/22 15:15:40 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p134].bmp
[2012/12/22 15:15:38 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p133].bmp
[2012/12/22 15:15:36 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p132].bmp
[2012/12/22 15:15:34 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p131].bmp
[2012/12/22 15:15:32 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p130].bmp
[2012/12/22 15:15:30 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p129].bmp
[2012/12/22 15:15:28 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p128].bmp
[2012/12/22 15:15:26 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p127].bmp
[2012/12/22 15:15:24 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p126].bmp
[2012/12/22 15:15:22 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p125].bmp
[2012/12/22 15:15:20 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p124].bmp
[2012/12/22 15:15:18 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p123].bmp
[2012/12/22 15:15:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p122].bmp
[2012/12/22 15:15:14 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p121].bmp
[2012/12/22 15:15:12 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p120].bmp
[2012/12/22 15:15:10 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p119].bmp
[2012/12/22 15:15:08 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p118].bmp
[2012/12/22 15:15:06 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p117].bmp
[2012/12/22 15:15:04 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p116].bmp
[2012/12/22 15:15:02 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p115].bmp
[2012/12/22 15:15:00 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p114].bmp
[2012/12/22 15:14:57 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p113].bmp
[2012/12/22 15:14:55 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p112].bmp
[2012/12/22 15:14:53 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p111].bmp
[2012/12/22 15:14:51 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p110].bmp
[2012/12/22 15:14:49 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p109].bmp
[2012/12/22 15:14:47 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p108].bmp
[2012/12/22 15:14:45 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p107].bmp
[2012/12/22 15:14:43 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p106].bmp
[2012/12/22 15:14:41 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p105].bmp
[2012/12/22 15:14:39 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p104].bmp
[2012/12/22 15:14:37 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p103].bmp
[2012/12/22 15:14:35 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p102].bmp
[2012/12/22 15:14:33 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p101].bmp
[2012/12/22 15:14:31 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p100].bmp
[2012/12/22 15:14:29 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p99].bmp
[2012/12/22 15:14:26 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p98].bmp
[2012/12/22 15:14:24 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p97].bmp
[2012/12/22 15:14:22 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p96].bmp
[2012/12/22 15:14:20 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p95].bmp
[2012/12/22 15:14:18 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p94].bmp
[2012/12/22 15:14:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p93].bmp
[2012/12/22 15:14:14 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p92].bmp
[2012/12/22 15:14:12 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p91].bmp
[2012/12/22 15:14:10 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p90].bmp
[2012/12/22 15:14:08 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p89].bmp
[2012/12/22 15:14:06 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p88].bmp
[2012/12/22 15:14:04 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p87].bmp
[2012/12/22 15:14:02 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p86].bmp
[2012/12/22 15:13:59 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p85].bmp
[2012/12/22 15:13:57 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p84].bmp
[2012/12/22 15:13:55 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p83].bmp
[2012/12/22 15:13:53 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p82].bmp
[2012/12/22 15:13:51 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p81].bmp
[2012/12/22 15:13:49 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p80].bmp
[2012/12/22 15:13:47 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p79].bmp
[2012/12/22 15:13:45 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p78].bmp
[2012/12/22 15:13:43 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p77].bmp
[2012/12/22 15:13:41 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p76].bmp
[2012/12/22 15:13:39 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p75].bmp
[2012/12/22 15:13:37 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p74].bmp
[2012/12/22 15:13:34 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p73].bmp
[2012/12/22 15:13:32 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p72].bmp
[2012/12/22 15:13:30 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p71].bmp
[2012/12/22 15:13:28 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p70].bmp
[2012/12/22 15:13:26 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p69].bmp
[2012/12/22 15:13:24 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p68].bmp
[2012/12/22 15:13:22 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p67].bmp
[2012/12/22 15:13:20 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p66].bmp
[2012/12/22 15:13:18 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p65].bmp
[2012/12/22 15:13:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p64].bmp
[2012/12/22 15:13:13 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p63].bmp
[2012/12/22 15:13:11 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p62].bmp
[2012/12/22 15:13:09 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p61].bmp
[2012/12/22 15:13:07 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p60].bmp
[2012/12/22 15:13:05 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p59].bmp
[2012/12/22 15:13:03 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p58].bmp
[2012/12/22 15:13:01 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p57].bmp
[2012/12/22 15:12:59 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p56].bmp
[2012/12/22 15:12:57 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p55].bmp
[2012/12/22 15:12:55 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p54].bmp
[2012/12/22 15:12:52 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p53].bmp
[2012/12/22 15:12:50 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p52].bmp
[2012/12/22 15:12:48 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p51].bmp
[2012/12/22 15:12:46 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p50].bmp
[2012/12/22 15:12:44 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p49].bmp
[2012/12/22 15:12:42 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p48].bmp
[2012/12/22 15:12:40 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p47].bmp
[2012/12/22 15:12:37 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p46].bmp
[2012/12/22 15:12:35 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p45].bmp
[2012/12/22 15:12:33 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p44].bmp
[2012/12/22 15:12:31 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p43].bmp
[2012/12/22 15:12:29 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p42].bmp
[2012/12/22 15:12:26 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p41].bmp
[2012/12/22 15:12:24 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p40].bmp
[2012/12/22 15:12:18 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p39].bmp
[2012/12/22 15:12:16 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p38].bmp
[2012/12/22 15:12:14 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p37].bmp
[2012/12/22 15:12:12 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p36].bmp
[2012/12/22 15:12:10 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p35].bmp
[2012/12/22 15:12:07 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p34].bmp
[2012/12/22 15:12:05 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p33].bmp
[2012/12/22 15:12:03 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p32].bmp
[2012/12/22 15:12:01 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p31].bmp
[2012/12/22 15:11:59 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p30].bmp
[2012/12/22 15:11:57 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p29].bmp
[2012/12/22 15:11:55 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p28].bmp
[2012/12/22 15:11:53 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p27].bmp
[2012/12/22 15:11:48 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p26].bmp
[2012/12/22 15:11:46 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p25].bmp
[2012/12/22 15:11:44 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p24].bmp
[2012/12/22 15:11:42 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p23].bmp
[2012/12/22 15:11:40 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p22].bmp
[2012/12/22 15:11:38 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p21].bmp
[2012/12/22 15:11:36 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p20].bmp
[2012/12/22 15:11:34 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p19].bmp
[2012/12/22 15:11:32 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p18].bmp
[2012/12/22 15:11:30 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p17].bmp
[2012/12/22 15:11:28 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p16].bmp
[2012/12/22 15:11:25 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p15].bmp
[2012/12/22 15:11:23 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p14].bmp
[2012/12/22 15:11:21 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p13].bmp
[2012/12/22 15:11:19 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p12].bmp
[2012/12/22 15:11:17 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p11].bmp
[2012/12/22 15:11:15 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p10].bmp
[2012/12/22 15:11:13 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p09].bmp
[2012/12/22 15:11:10 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p08].bmp
[2012/12/22 15:11:08 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p07].bmp
[2012/12/22 15:11:06 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p06].bmp
[2012/12/22 15:11:04 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p05].bmp
[2012/12/22 15:11:01 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p04].bmp
[2012/12/22 15:10:59 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p03].bmp
[2012/12/22 15:10:57 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p02].bmp
[2012/12/22 15:10:54 | 002,447,334 | ---- | C] () -- C:\Users\Owner\AppData\Local\[j0007]-[p01].bmp
[2012/12/10 20:05:40 | 000,002,204 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
[2012/12/10 20:05:27 | 000,002,204 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
[2012/12/08 14:14:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/08 14:02:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/10/01 15:47:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/01 15:47:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/01 15:47:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/01 15:47:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/01 15:47:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/12 04:00:26 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2012/09/07 19:34:49 | 000,203,692 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/21 16:49:36 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/20 18:15:41 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/20 20:24:43 | 000,007,600 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
[2012/03/09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/08 06:57:57 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/05 04:14:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/20 18:13:48 | 000,000,028 | ---- | C] () -- C:\Users\Owner\AppData\Local\settings.ini
[2012/02/19 13:41:05 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/02/10 21:39:06 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/02/10 21:39:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/02/10 21:38:52 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2012/02/10 21:18:32 | 000,212,797 | ---- | C] () -- C:\Windows\hpoins52.dat
[2012/02/10 20:01:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/08 12:31:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/10 01:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/10 01:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 22:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 892 bytes -> C:\Program Files\Common Files\System:AqQ2SmxooXrgNZCyVE0nuOeaNC
@Alternate Data Stream - 1129 bytes -> C:\Program Files\Common Files\System:KhMaWeQ2B2u65JoYZJiaFRpfburo
@Alternate Data Stream - 1076 bytes -> C:\ProgramData\Microsoft:hCJ0kJhHYxdUBdMc0pQWyNEw
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 1002 bytes -> C:\ProgramData\Microsoft:unX08kykdmBWCnMjtnb

< End of report >

#11 xfreakazoidx

xfreakazoidx
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 26 December 2012 - 03:17 AM

Just to update. I got a Blue Screen Of Death while online.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 26 December 2012 - 02:39 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000..\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
    O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
    O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
    O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
    O29 - HKLM SecurityProviders - (digest.dll) - File not found
    O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
    @Alternate Data Stream - 892 bytes -> C:\Program Files\Common Files\System:AqQ2SmxooXrgNZCyVE0nuOeaNC
    @Alternate Data Stream - 1129 bytes -> C:\Program Files\Common Files\System:KhMaWeQ2B2u65JoYZJiaFRpfburo
    @Alternate Data Stream - 1076 bytes -> C:\ProgramData\Microsoft:hCJ0kJhHYxdUBdMc0pQWyNEw
    @Alternate Data Stream - 1002 bytes -> C:\ProgramData\Microsoft:unX08kykdmBWCnMjtnb    
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1429066226-164066939-2473231099-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 xfreakazoidx

xfreakazoidx
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 26 December 2012 - 03:20 PM

I ran it, it rebooted but when entering windows it didn't produce anything on notepad. However I can now see the hidden files on my desktop and in the rest of the folders. I did thought find a OTL folder on my C drive with a notepad file. Hopefully this is what you needed. Also yesterday I ran memory and harddrive tests just to see if there was a hardware failure but north passed the test. In addition I moved files over to a USB drive just in case I can't fix the computer. While doing so the CVSHost got up to 450mb. So apparently the CVHost might have nothing to do with it. THanks for your continued help!

---EDIT---
Since I posted this an hour ago, the computer hasn't frozen or slowed down yet. I'll post again if it does, well and I'll read to in case you have more steps. Only problem is in my Task Bar the volume icon says "The Audio Service is not running". However I can hear things fine still with my speakers.

---edit----
I also found someone who said it could be the Windows Update. Sometimes it messes up and you have to fix it or it uses memory for some reason. I followed the instructions here also and it seems to have helped to since my Update program was constantly on. Again I'll let you know if it continues to mess up.
http://www.winvistatips.com/issue-bits-continually-downloading-internet-sbs-2008-a-t813332.html



========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1429066226-164066939-2473231099-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Works Update Detection deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:msapsspc.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digest.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:msnsspc.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:msapsspc.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digest.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:msnsspc.dll deleted successfully.
ADS C:\Program Files\Common Files\System:AqQ2SmxooXrgNZCyVE0nuOeaNC deleted successfully.
ADS C:\Program Files\Common Files\System:KhMaWeQ2B2u65JoYZJiaFRpfburo deleted successfully.
ADS C:\ProgramData\Microsoft:hCJ0kJhHYxdUBdMc0pQWyNEw deleted successfully.
ADS C:\ProgramData\Microsoft:unX08kykdmBWCnMjtnb deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1429066226-164066939-2473231099-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-1429066226-164066939-2473231099-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mcx1-OWNER-PC

User: Owner
->Java cache emptied: 30726 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-OWNER-PC
->Flash cache emptied: 41620 bytes

User: Owner
->Flash cache emptied: 57076 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12262012_151252

Edited by xfreakazoidx, 26 December 2012 - 04:48 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:04 AM

Posted 26 December 2012 - 04:48 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 xfreakazoidx

xfreakazoidx
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 26 December 2012 - 06:11 PM

The log is below. So far no problems. Not even a slow down. Assuming everything is fine do you think more ram might possibly help overall with the SVChost memory build up? I only have 8gigs on this computer. Thanks either way and thanks again for the help! :)


ComboFix 12-12-25.02 - Owner 12/26/2012 17:24:23.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6722 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 )))))))))))))))))))))))))))))))
.
.
2012-12-26 22:35 . 2012-12-26 22:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-26 22:35 . 2012-12-26 22:35 -------- d-----w- c:\users\Mcx1-OWNER-PC\AppData\Local\temp
2012-12-26 22:35 . 2012-12-26 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-26 20:25 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A47F6DC-E102-47E0-93D8-9D0EBCA9724F}\mpengine.dll
2012-12-26 20:12 . 2012-12-26 20:12 -------- d-----w- C:\_OTL
2012-12-26 09:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-26 09:20 . 2012-12-26 09:20 -------- d-----w- c:\program files (x86)\Western Digital Corporation
2012-12-26 09:08 . 2012-12-26 09:08 -------- d-----w- c:\program files (x86)\CleanMyPC
2012-12-26 05:58 . 2012-12-26 05:58 -------- d-----w- c:\users\Owner\AppData\Roaming\Hewlett-Packard
2012-12-26 05:38 . 2012-12-26 09:40 -------- d-----w- C:\hp
2012-12-26 05:35 . 2012-12-26 05:36 -------- d-----w- c:\users\Owner\AppData\Roaming\HP Support Assistant
2012-12-26 05:33 . 2012-12-26 05:33 -------- d-----w- c:\users\Owner\AppData\Local\Hewlett-Packard
2012-12-26 05:28 . 2012-12-26 09:40 -------- d-----w- c:\programdata\Hewlett-Packard
2012-12-26 05:27 . 2012-12-26 05:29 -------- d-----w- c:\users\Owner\AppData\Roaming\hpqLog
2012-12-26 05:25 . 2012-12-26 05:25 -------- d-----w- C:\System.sav
2012-12-26 05:25 . 2012-12-26 05:25 -------- d-----w- c:\users\Owner\AppData\Roaming\WinBatch
2012-12-26 03:56 . 2012-12-26 09:40 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-12-26 03:38 . 2012-12-26 09:40 -------- d-----w- c:\program files\HWiNFO64
2012-12-18 01:09 . 2012-12-18 01:13 -------- d-----w- c:\users\Owner\AppData\Local\AOL
2012-12-11 03:02 . 2012-12-11 03:02 -------- d-----w- C:\Identity
2012-12-08 19:14 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-08 19:14 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-08 19:14 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-08 19:14 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-08 19:06 . 2012-10-08 11:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-12-08 19:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-08 19:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-08 19:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-08 19:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-08 19:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-08 19:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-08 19:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-08 18:58 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-12-08 18:58 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-12-08 18:54 . 2012-12-08 18:54 -------- d-----w- c:\program files (x86)\MSECache
2012-12-06 12:24 . 2012-12-26 09:38 -------- d-----w- c:\users\Owner\AppData\Roaming\SPORE
2012-12-02 05:10 . 2012-12-02 05:10 -------- d-----w- c:\users\Owner\AppData\Local\4A Games
2012-12-02 05:06 . 2012-12-02 05:06 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-12-02 05:05 . 2012-12-02 05:05 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-02 05:05 . 2008-10-15 11:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-12-02 05:05 . 2008-10-15 11:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-12-02 05:05 . 2008-10-15 11:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-12-02 05:05 . 2008-10-15 11:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-12-02 05:05 . 2008-10-15 11:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-12-02 05:05 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-11-28 19:21 . 2012-11-28 19:21 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1EB84AC-6971-46F1-A62B-FCAA1395BAC0}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 01:05 . 2012-11-12 03:55 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
2012-12-11 01:03 . 2012-02-11 04:12 150776 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-12-11 01:03 . 2012-02-11 04:12 110672 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-12-11 01:03 . 2012-02-11 04:12 103408 ----a-w- c:\windows\system32\WRusr.dll
2012-12-08 19:03 . 2012-02-09 22:52 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-12-02 05:17 . 2012-07-16 10:11 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-02 05:17 . 2012-02-16 12:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-13 13:57 . 2012-03-05 09:11 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-11-13 13:57 . 2012-03-05 09:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-19 23:18 . 2012-10-14 04:46 652160 ----a-w- c:\windows\couponprinter_x64.ocx
2012-10-19 23:18 . 2012-10-14 04:45 440704 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-16 08:38 . 2012-12-08 18:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-08 18:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-08 18:59 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-14 11:26 . 2012-10-14 11:26 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-10-11 21:10 . 2012-02-11 02:39 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-11 21:10 . 2012-02-11 02:39 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-11 21:10 . 2012-02-11 02:39 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-11 21:10 . 2012-02-11 02:39 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-04 03:39 . 2012-10-06 07:37 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-29 23:54 . 2012-09-29 08:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-12-11 729608]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [2012-11-11 9842040]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [2012-11-11 9842040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll,
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-12-11 729608]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-02-11 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-11 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-02-11 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-03-11 198400]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 303616]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-09 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-12-11 110672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1429066226-164066939-2473231099-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 00:48]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1429066226-164066939-2473231099-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 00:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-09-20 363752]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n8zhwix.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-11 22:56; {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8n8zhwix.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
FF - ExtSQL: !HIDDEN! 2012-02-10 21:24; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=bc2f1c3c000000000000002618a402cc&q=
FF - user.js: extensions.BabylonToolbar.id - bc2f1c3c000000000000002618a402cc
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15641
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.820:01
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1429066226-164066939-2473231099-1000\Software\SecuROM\License information*]
"datasecu"=hex:99,f0,72,65,6c,21,d8,8b,b9,72,0c,e6,40,db,25,98,7d,8f,40,84,34,
21,27,89,1f,f6,66,02,35,b2,d7,b3,fc,a5,6a,bf,c7,2b,54,f6,c0,e8,7f,21,9b,9a,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:28,a2,20,4a,ed,1c,3f,cb,c5,82,d6,6a,79,59,75,00,01,71,a8,32,0c,
31,eb,25,ba,d2,ab,a7,18,47,61,d0,fa,f1,5e,c7,86,b9,91,74,79,0f,72,e7,40,46,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:28,a2,20,4a,ed,1c,3f,cb,c5,82,d6,6a,79,59,75,00,01,71,a8,32,0c,
31,eb,25,ba,d2,ab,a7,18,47,61,d0,fa,f1,5e,c7,86,b9,91,74,79,0f,72,e7,40,46,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-26 17:58:28
ComboFix-quarantined-files.txt 2012-12-26 22:58
ComboFix2.txt 2012-12-23 22:00
ComboFix3.txt 2012-10-01 21:06
.
Pre-Run: 756,729,913,344 bytes free
Post-Run: 756,561,821,696 bytes free
.
- - End Of File - - 1072B87500C2A8387119523199F18F3C




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users