# Browser opens automatically at random



## Raderick (Oct 2, 2005)

Posting this on the recommendation from this thread:

http://forums.techguy.org/windows-7/1063868-browser-opens-automatically-random.html

Hello there!

At random times in the last couple of days my browser (Firefox) would open randomly the default web sites. If the browser is closed or I'm doing something in another application, it would open a new browser window with the default web pages without me triggering the application to open. I also switched my default browser to IE, and then Chrome, and the same thing occurred with both browsers.

I've done a full virus search using Kaspersky , Spybot and AdAware but none of the three could find any malware or spyware. Any help would be much appreciated!

DDS results per request.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 6091 Mb
Graphics Card: Radeon (TM) HD 6490M, 1024 Mb
Hard Drives: C: Total - 697676 MB, Free - 518596 MB; D: Total - 17423 MB, Free - 1907 MB;
Motherboard: Hewlett-Packard, 1800
Antivirus: Kaspersky Internet Security, Updated and Enabled

-------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:48:21 PM, on 8/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Reviversoft\Driver Reviver\DriverReviver.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Dakota Green\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Users\Dakota Green\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Dakota Green\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O4 - Global Startup: TB-Tray.lnk = C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: M4-Service - Unknown owner - C:\Users\Dakota Green\AppData\Roaming\Mikogo 4\M4-Service.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: THINWORX Client Service - GeNUIT INC. - C:\Program Files (x86)\GeNUIT\THINWORX\Client\bin\TWCService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 17753 bytes
------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by Dakota Green at 16:49:22 on 2012-08-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3222 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Users\Dakota Green\AppData\Roaming\Mikogo 4\M4-Service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Users\Dakota Green\AppData\Roaming\Mikogo 4\M4-Capture.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\GeNUIT\THINWORX\Client\bin\TWCService.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Reviversoft\Driver Reviver\DriverReviver.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Dakota Green\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dakota Green\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\DAKOTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dakota Green\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\DAKOTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TB-Tray.lnk - C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BC52F7A0-C965-43CB-82EE-8D9A5B4BF1FE} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BC52F7A0-C965-43CB-82EE-8D9A5B4BF1FE}\254524 : DhcpNameServer = 192.168.200.76 68.105.28.16
TCP: Interfaces\{BC52F7A0-C965-43CB-82EE-8D9A5B4BF1FE}\34C6F657469302255616C6024596D656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BC52F7A0-C965-43CB-82EE-8D9A5B4BF1FE}\4416B6F64716D274275656E637D2960586F6E656 : DhcpNameServer = 192.168.2.1 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\GeNUIT\THINWORX\Client\bin\NPTWCP.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-3-17 30592]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-4-7 913792]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-25 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-8-24 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-14 13336]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-4-7 821592]
R2 M4-Service;M4-Service;C:\Users\Dakota Green\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-1-16 1007472]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-8 655944]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-4 1153368]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
R2 THINWORX Client Service;THINWORX Client Service;C:\Program Files (x86)\GeNUIT\THINWORX\Client\bin\TWCService.exe [2012-4-21 121856]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-14 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-8-22 11837440]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNv64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwNv64.sys --> C:\Windows\system32\DRIVERS\NETwNv64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-05 00:48:12	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2012-08-05 00:48:12	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-05 00:46:43	69000	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E7465F8-2253-418A-9547-1188DD8B8715}\offreg.dll
2012-08-05 00:44:12	--------	d-----w-	C:\Users\Dakota Green\temp
2012-08-05 00:17:16	3148800	----a-w-	C:\Windows\System32\win32k.sys
2012-08-05 00:16:56	9133488	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E7465F8-2253-418A-9547-1188DD8B8715}\mpengine.dll
2012-08-04 15:36:40	--------	d-----w-	C:\Users\Dakota Green\AppData\Roaming\Ad-Aware Antivirus
2012-08-03 05:44:05	9827016	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-16 22:33:05	--------	d-----w-	C:\Users\Dakota Green\AppData\Local\libimobiledevice
2012-07-11 06:57:12	2048	----a-w-	C:\Windows\SysWow64\msxml3r.dll
2012-07-11 06:57:12	2048	----a-w-	C:\Windows\System32\msxml3r.dll
2012-07-11 06:57:12	2004480	----a-w-	C:\Windows\System32\msxml6.dll
2012-07-11 06:57:12	1881600	----a-w-	C:\Windows\System32\msxml3.dll
2012-07-11 06:57:12	1390080	----a-w-	C:\Windows\SysWow64\msxml6.dll
2012-07-11 06:57:12	1236992	----a-w-	C:\Windows\SysWow64\msxml3.dll
2012-07-11 06:56:58	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
2012-07-11 06:56:58	95600	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 06:56:58	458704	----a-w-	C:\Windows\System32\drivers\cng.sys
2012-07-11 06:56:58	340992	----a-w-	C:\Windows\System32\schannel.dll
2012-07-11 06:56:58	307200	----a-w-	C:\Windows\System32\ncrypt.dll
2012-07-11 06:56:58	225280	----a-w-	C:\Windows\SysWow64\schannel.dll
2012-07-11 06:56:58	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2012-07-11 06:56:58	219136	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2012-07-11 06:56:58	151920	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
.
==================== Find3M ====================
.
2012-08-03 05:44:11	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 05:44:11	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44	24904	----a-w-	C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:02:54	1133568	----a-w-	C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06	805376	----a-w-	C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17	2311680	----a-w-	C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-06-02 12:04:50	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25	1800192	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-05-31 19:25:12	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-05-24 17:47:56	24448	----a-w-	C:\Windows\System32\RegistryDefragBootTime.exe
.
============= FINISH: 16:50:31.90 ===============

------------------------


----------



## Raderick (Oct 2, 2005)

Here is the Attach.txt file as well.


----------



## eddie5659 (Mar 19, 2001)

Hiya

Sorry for the lateness of a reply 

As its been a while, can you do the following for me, and we'll go from there 

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Please include the *MBAM log, SUPERAntiSpyware Scan Log and checkup.txt *in your next reply

eddie_


----------



## Raderick (Oct 2, 2005)

Thank you! Logs are attached.


----------



## eddie5659 (Mar 19, 2001)

*P2P Warning!*


*IMPORTANT* I notice there are signs of one or more *P2P (Person to Person) File Sharing Programs* on your computer.

* µTorrent*

Please note that as long as you are using any form of *Peer-to-Peer networking* and *downloading files* from non-documented sources, you can expect infestations of malware to occur 
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the *Guidelines for P2P Programs* where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Cyber Education Letter
File sharing infects 500,000 computers 
USAToday

I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via *Control Panel >> Add or Remove Programs*.

*If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.*

----------------------------
Now that's out of the way, lets get started 

Your Java is out of date, so lets do that next:

*Upgrade Java* : (32 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 9 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.
Accept License Agreement.[/b]".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u9-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u9-windows-i586.exe* and select "Run as an Administrator.")
Don't install any of the toolbars that are offered.

After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens. 

----------------------------
Uninstall these programs because they're not needed or are outdated or are dangerous to use.
If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later 

*
Advanced SystemCare 5
IObit Malware Fighter
Smart Defrag 2
*

---------

Then, can you run the following tool:

Please download *AdwCleaner* by Xplode onto your desktop.

Double click on *AdwCleaner.exe* to run the tool.
Click on *Search*.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[R1].txt* as well.

eddie


----------



## Raderick (Oct 2, 2005)

Here you go!

# AdwCleaner v2.007 - Logfile created 11/13/2012 at 20:33:26
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dakota Green - DAKOTAGREEN-HP
# Boot Mode : Normal
# Running from : C:\Users\Dakota Green\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\searchplugins\web-search.xml
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default 
File : C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\prefs.js

Found : user_pref("extensions.twitternotifier.configuration", "{\"config\":{\"short_url_length\":20,\"short_[...]
Found : user_pref("[email protected]", true);
Found : user_pref("vshare.install.date", "1301184000000");
Found : user_pref("vshare.install.finished", "1.0.0");
Found : user_pref("vshare.install.guid", "{0979458e-4b27-994f-95f0-81e7d8b838cc}");
Found : user_pref("vshare.install.isDisabled", true);
Found : user_pref("vshare.install.isHidden", true);
Found : user_pref("vshare.install.istoolbarhp", true);
Found : user_pref("vshare.install.istoolbarsearch", true);
Found : user_pref("vshare.install.laststatreq", "1327363200000");
Found : user_pref("vshare.install.newtab", false);

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dakota Green\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3355 octets] - [13/11/2012 20:33:26]

########## EOF - C:\AdwCleaner[R1].txt - [3415 octets] ##########


----------



## eddie5659 (Mar 19, 2001)

Thanks 


Close all open programs and internet browsers.
Double click on *adwcleaner.exe* to run the tool.
Click on *Delete*.
Confirm each time with *Ok*.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[S1].txt* as well.

------------------

Please download *aswMBR* ( 4.5MB ) to your desktop.

Double click the *aswMBR.exe* icon, and click *Run*.
When asked if you'd like to "download the latest Avast! virus definitions", click *Yes*.
Click the *Scan* button to start the scan.
On completion of the scan, click the *save log* button, save it to your *desktop*, then copy and paste it in your next reply.

eddie


----------



## Raderick (Oct 2, 2005)

# AdwCleaner v2.008 - Logfile created 11/21/2012 at 22:57:06
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dakota Green - DAKOTAGREEN-HP
# Boot Mode : Normal
# Running from : C:\Users\Dakota Green\Downloads\adwcleaner(2).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default 
File : C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\prefs.js

Deleted : user_pref("extensions.twitternotifier.configuration", "{\"config\":{\"max_media_per_upload\":1,\"pho[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dakota Green\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3478 octets] - [13/11/2012 20:33:26]
AdwCleaner[R2].txt - [3538 octets] - [13/11/2012 20:35:40]
AdwCleaner[S1].txt - [3608 octets] - [13/11/2012 20:36:04]
AdwCleaner[S2].txt - [1162 octets] - [21/11/2012 22:57:06]

########## EOF - C:\AdwCleaner[S2].txt - [1222 octets] ##########


----------



## Raderick (Oct 2, 2005)

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-15 19:57:52
-----------------------------
19:57:52.114 OS Version: Windows x64 6.1.7601 Service Pack 1
19:57:52.114 Number of processors: 8 586 0x2A07
19:57:52.114 ComputerName: DAKOTAGREEN-HP UserName: Dakota Green
19:57:57.655 Initialize success
19:58:51.952 AVAST engine defs: 12111501
19:58:54.582 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:58:54.582 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
19:58:54.602 Disk 0 MBR read successfully
19:58:54.602 Disk 0 MBR scan
19:58:54.612 Disk 0 Windows 7 default MBR code
19:58:54.632 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:58:54.672 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 697677 MB offset 409600
19:58:54.702 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17424 MB offset 1429252096
19:58:54.712 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
19:58:54.752 Disk 0 scanning C:\Windows\system32\drivers
19:59:11.474 Service scanning
19:59:46.007 Modules scanning
19:59:46.007 Disk 0 trace - called modules:
19:59:46.047 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 
19:59:46.057 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c39790]
19:59:46.057 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa8006b38b10]
19:59:46.057 5 hpdskflt.sys[fffff88002099189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80069dd050]
19:59:47.777 AVAST engine scan C:\Windows
19:59:50.328 AVAST engine scan C:\Windows\system32
20:02:58.272 AVAST engine scan C:\Windows\system32\drivers
20:03:11.354 AVAST engine scan C:\Users\Dakota Green
20:07:05.274 Disk 0 MBR has been saved successfully to "C:\Users\Dakota Green\Desktop\MBR.dat"
20:07:05.274 The log file has been saved successfully to "C:\Users\Dakota Green\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-15 19:57:52
-----------------------------
19:57:52.114 OS Version: Windows x64 6.1.7601 Service Pack 1
19:57:52.114 Number of processors: 8 586 0x2A07
19:57:52.114 ComputerName: DAKOTAGREEN-HP UserName: Dakota Green
19:57:57.655 Initialize success
19:58:51.952 AVAST engine defs: 12111501
19:58:54.582 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:58:54.582 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
19:58:54.602 Disk 0 MBR read successfully
19:58:54.602 Disk 0 MBR scan
19:58:54.612 Disk 0 Windows 7 default MBR code
19:58:54.632 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:58:54.672 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 697677 MB offset 409600
19:58:54.702 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17424 MB offset 1429252096
19:58:54.712 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
19:58:54.752 Disk 0 scanning C:\Windows\system32\drivers
19:59:11.474 Service scanning
19:59:46.007 Modules scanning
19:59:46.007 Disk 0 trace - called modules:
19:59:46.047 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 
19:59:46.057 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c39790]
19:59:46.057 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa8006b38b10]
19:59:46.057 5 hpdskflt.sys[fffff88002099189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80069dd050]
19:59:47.777 AVAST engine scan C:\Windows
19:59:50.328 AVAST engine scan C:\Windows\system32
20:02:58.272 AVAST engine scan C:\Windows\system32\drivers
20:03:11.354 AVAST engine scan C:\Users\Dakota Green
20:07:05.274 Disk 0 MBR has been saved successfully to "C:\Users\Dakota Green\Desktop\MBR.dat"
20:07:05.274 The log file has been saved successfully to "C:\Users\Dakota Green\Desktop\aswMBR.txt"
20:49:26.716 AVAST engine scan C:\ProgramData
20:56:17.193 Scan finished successfully
21:12:42.242 Disk 0 MBR has been saved successfully to "C:\Users\Dakota Green\Desktop\MBR.dat"
21:12:42.355 The log file has been saved successfully to "C:\Users\Dakota Green\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-21 23:04:36
-----------------------------
23:04:36.424 OS Version: Windows x64 6.1.7601 Service Pack 1
23:04:36.424 Number of processors: 8 586 0x2A07
23:04:36.424 ComputerName: DAKOTAGREEN-HP UserName: Dakota Green
23:05:14.087 Initialize success
23:07:51.447 AVAST engine defs: 12112101
23:08:04.888 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:08:04.888 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
23:08:04.904 Disk 0 MBR read successfully
23:08:04.904 Disk 0 MBR scan
23:08:04.904 Disk 0 Windows 7 default MBR code
23:08:04.920 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:08:04.920 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 697677 MB offset 409600
23:08:04.951 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17424 MB offset 1429252096
23:08:04.982 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
23:08:05.013 Disk 0 scanning C:\Windows\system32\drivers
23:08:15.138 Service scanning
23:08:56.556 Modules scanning
23:08:56.556 Disk 0 trace - called modules:
23:08:56.634 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 
23:08:56.634 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c38790]
23:08:56.634 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa8006b3eb10]
23:08:56.649 5 hpdskflt.sys[fffff880021f2189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800694c050]
23:08:59.738 AVAST engine scan C:\Windows
23:09:05.510 AVAST engine scan C:\Windows\system32
23:11:59.950 AVAST engine scan C:\Windows\system32\drivers
23:12:13.662 AVAST engine scan C:\Users\Dakota Green
23:49:40.301 AVAST engine scan C:\ProgramData
23:53:44.644 Scan finished successfully
10:09:43.987 Disk 0 MBR has been saved successfully to "C:\Users\Dakota Green\Desktop\MBR.dat"
10:09:44.002 The log file has been saved successfully to "C:\Users\Dakota Green\Desktop\aswMBR.txt"


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Download *CKScanner* from *here*

*Important :* Save it to your desktop. 

Doubleclick CKScanner.exe and click *Search For Files*. 
After a very short time, when the cursor hourglass disappears, click *Save List To File*. 
A message box will verify that the file is saved. 
Double-click the *CKFiles.txt* icon on your desktop and copy/paste the contents in your next reply.

---------------------

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## Raderick (Oct 2, 2005)

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.RCBBTQ
----- EOF -----


----------



## Raderick (Oct 2, 2005)

ComboFix 12-11-24.02 - Dakota Green 11/24/2012 11:59:42.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.2381 [GMT -8:00]
Running from: c:\users\Dakota Green\Downloads\username123.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\Cookies
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\data_0
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\data_1
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\data_2
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\data_3
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\f_00000f
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\f_000010
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\f_000011
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\f_000012
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\f_000015
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\f_000016
c:\users\Dakota Green\AppData\Local\Microsoft\Windows\Temporary Internet Files\index
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
.
.
2012-11-24 20:14 . 2012-11-24 20:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-24 10:54 . 2012-11-24 19:58	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDD658C8-DF35-440D-B244-692ECA0D5AE3}\offreg.dll
2012-11-24 10:51 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDD658C8-DF35-440D-B244-692ECA0D5AE3}\mpengine.dll
2012-11-14 04:27 . 2012-11-14 04:26	289768	----a-w-	c:\windows\system32\javaws.exe
2012-11-14 04:27 . 2012-11-14 04:26	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-14 04:27 . 2012-11-14 04:26	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-11 20:08 . 2012-11-11 20:09	--------	d-----w-	c:\users\Dakota Green\AppData\Local\Google
2012-11-11 20:08 . 2012-11-11 20:09	--------	d-----w-	c:\program files (x86)\Google
2012-11-11 20:08 . 2012-11-11 20:08	--------	d-----w-	c:\users\Dakota Green\AppData\Roaming\SUPERAntiSpyware.com
2012-11-11 20:08 . 2012-11-11 20:08	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-11-11 20:08 . 2012-11-11 20:08	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-11-05 04:30 . 2012-11-22 06:34	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 04:26 . 2011-08-25 04:38	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-14 04:26 . 2011-08-25 04:38	189416	----a-w-	c:\windows\system32\javaw.exe
2012-11-14 04:26 . 2011-08-25 04:38	188904	----a-w-	c:\windows\system32\java.exe
2012-11-03 15:49 . 2012-03-17 23:48	637272	----a-w-	c:\windows\system32\drivers\klif.sys
2012-10-10 06:11 . 2012-04-07 20:29	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 06:11 . 2012-03-18 02:25	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 06:11 . 2012-10-10 06:11	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-08 04:56 . 2012-03-18 06:35	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-30 03:54 . 2012-04-08 07:13	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Dakota Green\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Dakota Green\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Dakota Green\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Dakota Green\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Spotify"="c:\users\Dakota Green\AppData\Roaming\Spotify\Spotify.exe" [2012-11-08 7880664]
"GoToAssist Remote Support Expert"="c:\program files (x86)\Citrix\GoToAssist Remote Support Expert\461\g2ax_start.exe" [2012-10-27 610960]
"Mikogo"="c:\users\dakota green\appdata\roaming\mikogo 4\mikogo-host.exe" [2012-01-16 5310328]
"Spotify Web Helper"="c:\users\Dakota Green\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-08 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-11-03 206448]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-23 103536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"HPOSD"="c:\program files (x86)\hewlett-packard\hp on screen display\hposd.exe" [2011-01-27 318520]
"HP Quick Launch"="c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe" [2010-11-09 586296]
.
c:\users\Dakota Green\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dakota Green\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-12-18 2362720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TB-Tray.lnk - c:\program files (x86)\Thunderbird-Tray\TBTray.exe [2005-11-8 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ALSysIO;ALSysIO; [x]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe Start=service [x]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-18 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-17 283200]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2012-02-07 30592]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-07 203776]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 M4-Service;M4-Service;c:\users\Dakota Green\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-01-16 1007472]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 THINWORX Client Service;THINWORX Client Service;c:\program files (x86)\GeNUIT\THINWORX\Client\bin\TWCService.exe [2011-04-11 121856]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 NETwNv64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwNv64.sys [2011-10-31 8399360]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:11]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 20:08]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 20:08]
.
2012-11-14 c:\windows\Tasks\HPCeeScheduleForDakota Green.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Dakota Green\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Dakota Green\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Dakota Green\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Dakota Green\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-10-24 1424896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-28 13:17; {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}; c:\users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Advanced SystemCare 5 - c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
Notify-GoToAssist Express Customer - (no file)
Notify-igfxcui - (no file)
Notify-klogon - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6c,68,52,95,5a,46,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,24,8c,c9,13,91,79,44,a9,b9,f8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,24,8c,c9,13,91,79,44,a9,b9,f8,\
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*K*i*n*g*1J>\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*L*i*v*e*r*p*o*0q>j\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¼r6]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¼r6\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%|]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%|\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%%|]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T%%|\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç,ù]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ç,ù\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*05]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*05\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%15]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%15\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ƒ15]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ƒ15\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*·1Œ˜#*€ð*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*·1Œ˜#*€ð*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*á15]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*á15\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2%}]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2%}\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*	35]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*	35\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*[3bšš*€«]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*[3bšš*€«\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*²3b]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*²3b\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X4b]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X4b\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*~4b]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*~4b\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ä4b]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ä4b\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*16Ôs**€›*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*16Ôs**€›*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*u6Ô]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*u6Ô\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*"65]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*"65\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*×65]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*×65\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*:CP]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*:CP\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*œCP]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*œCP\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*KGÉ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*KGÉ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*×nX~]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*×nX~\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*p_~te*€‰]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*p_~te*€‰\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Uuë]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2970058110-2721677625-1934139844-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Uuë\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\users\Dakota Green\AppData\Roaming\Mikogo 4\M4-Capture.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\program files (x86)\Citrix\GoToAssist Remote Support Expert\461\g2ax_comm_expert.exe
c:\program files (x86)\Citrix\GoToAssist Remote Support Expert\461\g2ax_user_expert.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
c:\program files (x86)\Mozilla Firefox\plugin-container.exe
c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
.
**************************************************************************
.
Completion time: 2012-11-24 12:26:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-24 20:26
.
Pre-Run: 454,756,438,016 bytes free
Post-Run: 453,792,227,328 bytes free
.
- - End Of File - - 928FC4BC870FA899B7DBA735963924D6


----------



## Raderick (Oct 2, 2005)

I should note a few things after some observation:

- If I'm RDPing into a server or accessing another computer using some sort of screen sharing application (like GoToAssist), it opens the default browser on that computer as well as mine.
- It seems to just try to go to about:home no matter what browser I'm in. If I have Intenet Explorer up front, it will go to about:home on that window or tab.
- This seems to be more common if I have some sort of streaming media running (Youtube for example that uses Flash) or if I'm playing a game (Football Manager), sometimes two or three browsers will open at a time in such cases.


----------



## eddie5659 (Mar 19, 2001)

Thanks for the info, lets see if we can get a bigger picture running the below tool 

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Select 
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## Raderick (Oct 2, 2005)

OTL Extras logfile created on: 12/3/2012 8:18:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dakota Green\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 41.69% Memory free
11.90 Gb Paging File | 7.99 Gb Available in Paging File | 67.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681.33 Gb Total Space | 422.11 Gb Free Space | 61.95% Space Free | Partition Type: NTFS
Drive D: | 17.02 Gb Total Space | 1.86 Gb Free Space | 10.95% Space Free | Partition Type: NTFS
Drive I: | 14.91 Gb Total Space | 13.79 Gb Free Space | 92.52% Space Free | Partition Type: FAT32

Computer Name: DAKOTAGREEN-HP | User Name: Dakota Green | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0002045E-E5FE-4D31-8802-1A37042B5352}" = lport=139 | protocol=6 | dir=in | app=system | 
"{028DE6F2-F65D-4365-8B52-3B5A2219A7BD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1DEB2F43-BE95-455A-B67C-E295E443887B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{1EAA0C69-B780-4743-BC36-455C218CC350}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{28496981-4E7A-4F8B-8EA0-5A55D0EFB5D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2A9026D8-1F8E-415C-8E71-E7759BA19C6C}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{34F6B878-51FA-4834-8D77-8600A99DAB29}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{36487F60-2690-44D0-9CA9-D6CF1DE39014}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3817CEE7-93D7-4B16-A7C9-5139C64010F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4FFEAF15-2236-491A-934A-80815C14E431}" = lport=138 | protocol=17 | dir=in | app=system | 
"{50EC6090-677B-4744-90F1-1BFBD702ABF9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{5A5A310D-901D-4FC6-9CC9-C3D4E335DAB6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7C494097-59C7-45D1-B35D-1DF2E1EB6DBD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{83D5E3CD-F91A-482E-9257-B16C3C1F55D6}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | 
"{8CA29993-F7DA-4E38-B1AC-84534B4217FA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{95F9613B-DFE1-4189-BCA5-23CB90A9D3BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AF95790E-3D60-40CC-B03F-36C3BACF3646}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B98418D5-04B6-498C-B1D2-A7D0BB25F8B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF89FEE3-27C7-4BD6-8DDD-69A0A97C8058}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D45734EB-43BB-4F9E-90D5-57042A8BF71C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7206A4F-101E-4241-9CDB-3057D297CDD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5212861-9CE5-4CBD-9157-91EE556CEAE7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E530F6C7-BEB2-421F-BA3F-8549BF8A9F0F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EC921B0B-568F-41FA-9E47-7737A1BA79A3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{ECAB7563-48EE-4984-82C8-D17D171C176B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{ED27B5DE-0B7B-4695-A9CB-29B1F7FF72D4}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01978AA9-0C45-4923-95E4-ED387F6D508B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{050561FC-7094-43F1-B56C-4B15B06B78FC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{051A0BFD-5565-498D-B737-4D94AF2EC24F}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{087FE0E9-820F-4E7C-993D-5A28642C8C48}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{0A71DDF9-2B28-428D-B009-E27BEDE0913E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{0ACDF456-6336-4EF9-9EA3-A76CEAAC891D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{10A4D7AE-7587-4349-98B3-2CF0C0089673}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{190B89C0-179F-4E4E-8238-28E39318CFDC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{1980F944-495A-433E-8130-ACC78E56BB15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{215177AA-884D-490B-8874-A87999EC9962}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{24EF3ABD-E9A4-4844-A8ED-CCF0F921F1C1}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{2B046DE0-FFC3-4F64-97FA-317B59819558}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2010\fm.exe | 
"{2FBC971B-EFDA-458D-A0C4-84CEF054A7D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3026C69F-ACBB-42A6-B1C4-EADF62832069}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{303E5A92-7D48-4C44-BDD5-9ABF8934B399}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3117B208-9123-4DB5-BA75-D82514A629F7}" = protocol=58 | dir=out | [email protected],-28546 | 
"{36C5042F-BD6E-4585-BC61-349F02D38444}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{36DFE559-53D0-46D9-9F2A-9FEA4AC331FC}" = protocol=1 | dir=in | [email protected],-28543 | 
"{3742CD14-F42C-48C6-AAA4-ABA285421718}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{45F0E18B-0F14-48D8-8AE3-6AB3EEF3DAF9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{46CA15A4-FBA5-444B-B366-4739B48381E3}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{48028A8A-B3AA-47F2-BE17-97DCE0524DC8}" = protocol=1 | dir=out | [email protected],-28544 | 
"{49739190-6A93-42EA-BC7F-BCBC5D20A488}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{5444BC0F-3E8A-444E-9E85-54FC21D1AE15}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5D61211E-6DBA-47D9-B3AF-74A45FCB0DB8}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
"{646D57C2-66B9-4060-BE70-4A186C2073E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6486E827-F52C-4F05-850E-B2574A3D0C44}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{6585C917-2132-4DEF-B71B-64CA4E02CD3A}" = protocol=17 | dir=in | app=c:\users\dakota green\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6AD69E0C-C7FE-470F-83CA-34ABE62F9A92}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2010\fm.exe | 
"{720828F9-3A31-470E-B4C8-3FD33C51F1FA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7A2F6D6F-8DF8-48A2-B2A7-550473B90022}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F30E843-D53F-4F7D-B618-77CD78DC8EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{7F457BC8-5E4C-45BA-B0BB-E9C9BABD4644}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{83AA2203-BD3D-45EC-994E-D241FFE84FAB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{8480295E-4B73-4AB2-88EF-836CF43312BF}" = protocol=58 | dir=in | [email protected],-28545 | 
"{92318559-6448-4AA7-81C9-4CADAA7240CA}" = protocol=6 | dir=in | app=c:\users\dakota green\appdata\roaming\dropbox\bin\dropbox.exe | 
"{92DF27AB-958D-461C-9CB1-B5442567F962}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{A21962AA-C6B6-4B83-BA61-A9AB07128373}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{A5489E99-62E2-485B-971E-4EA1578B0570}" = protocol=6 | dir=out | app=system | 
"{A6A2FF4A-1297-4C8F-8276-51BC14C258B4}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2010\fm.exe | 
"{AE3F2600-1CB9-4BD0-9D62-BEE97BD1AE5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B844B779-B3E5-4F93-8466-3CDC98B3D575}" = protocol=17 | dir=in | app=c:\users\dakota green\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C0468D2E-F0CE-4DCC-B150-541E975D1418}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{C1437232-F75B-415F-AF7D-55961C31A6E9}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{C7F8C1A2-AFDB-4409-A1AC-241A0C79772F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C9B4F90A-751F-4394-9EBB-0AEA3D89C25D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CFD3F030-1440-4F70-9EAE-DC0596E7190A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6D19081-E410-431B-976D-A21C3DECDBC6}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2010\fm.exe | 
"{D94833F6-CA43-4176-A50C-90C24CF2EE4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DB3D3DEB-8A59-4CDD-B7B1-30795773F76A}" = protocol=17 | dir=in | app=c:\users\dakota green\appdata\roaming\spotify\spotify.exe | 
"{DF16B107-9921-4B65-8631-3EA51CEF3745}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{E5D25C72-DF83-427E-8998-3FB538421919}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08l\faxrx.exe | 
"{E9C8EEFE-1EC9-41CF-AF6F-4D05E9DA0B34}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{ECC9AC19-5800-47A0-AFA4-3FCC14B7F680}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1E1AF03-E6DC-4AEC-A1C2-4F60C784211F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{F45A0B18-2115-4CA2-A6AB-140CF7613F55}" = protocol=6 | dir=in | app=c:\users\dakota green\appdata\roaming\spotify\spotify.exe | 
"{F4822C2D-DD67-477C-BF2B-739FF8DC4645}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5996030-C087-40CA-8363-E23E3D8283F7}" = protocol=6 | dir=in | app=c:\users\dakota green\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F6D54FAE-607F-45FF-B02A-C56DA0F3F01F}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08l\faxrx.exe | 
"{F7FEF457-EE18-49B9-AE04-E1B1882E6135}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{FBBE4933-0863-4FC0-A998-93F7E05150AF}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0128D231-B23B-409C-A531-39D8D8774BA1}" = HP 3D DriveGuard
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.0.4014 x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{45DB21FA-B3F4-20D9-A21C-5CDEB23315AC}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{528E2373-AE49-4802-B4A8-326BBFDAD6A0}" = VmciSockets
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A11B072-9CE7-ABB9-2F65-EC971A7B839D}" = ATI Catalyst Install Manager
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HWiNFO64_is1" = HWiNFO64 Version 3.93
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03840E8D-A75E-4C49-ADFC-09A867C7F943}" = Readon TV Movie Radio Player 7.5.0.0
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-495CW
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CDD00EB-1DC3-C181-DB3C-F954B2BDAB6D}" = CCC Help Chinese Standard
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{108069CB-B8B1-4858-82A4-E4BD5A749EFB}" = CCC Help Greek
"{118F296E-18AC-AAC1-78F9-B0FF8279D009}" = Catalyst Control Center Graphics Previews Common
"{14F84065-1316-42C6-B619-1FE1880050E0}" = Xirrus Wi-Fi Inspector
"{166E80E3-7B0C-D22C-3EAE-A66860DF48E7}" = CCC Help Danish
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AF7AEAE-6D6E-402E-92D3-4508F0DC246A}" = THINWORX Client
"{1B121E56-4949-83AE-B8A7-9D01EBB7CB29}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2F5BCBDC-7C08-FBC2-31B0-1D83C3247CAD}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41C160D7-9255-A4EB-55FB-FC3D5FE6BED3}" = CCC Help Portuguese
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56709CD7-06E8-B205-56A6-110DC5090A9A}" = PX Profile Update
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A38BA9E-D1B3-E7C2-F3B9-623359AFEDAA}" = CCC Help Thai
"{602586CF-6ABD-1DBA-641A-959E5A999861}" = CCC Help Chinese Traditional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7132DF7E-C237-0D66-77A0-F1F378520605}" = CCC Help Japanese
"{751A4ABF-A3BC-AA70-3252-C285F10A265B}" = Catalyst Control Center Localization All
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{7A5B032B-CCF0-43BE-D0B9-28FFA0B0B034}" = CCC Help Norwegian
"{7F3203C1-25BD-E32E-F470-2332E1AD5EDF}" = Catalyst Control Center Profiles Mobile
"{807CE83D-F17E-5F76-035F-3525EAE8978F}" = CCC Help Hungarian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}" = HP Documentation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85E719A1-1E6B-B44A-62AC-824E5DDD0415}" = CCC Help Turkish
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{949D6B51-10E8-4CD4-A81E-064E38240415}" = Catalyst Control Center - Branding
"{9957DA6E-DE8D-0DED-2897-B1F4FBEF300E}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD5C619-D41C-2D47-C2A0-AB02D6C4A7D4}" = CCC Help German
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF405820-19DE-03BA-1B41-0797EA62F213}" = CCC Help Finnish
"{B3CAF031-3289-5C18-149A-C350C0B43D6D}" = Catalyst Control Center InstallProxy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E7C6D9-8824-147E-721F-004F52D6418E}" = CCC Help Russian
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB51D3AF-1115-1676-0D33-CE5BBCCD8B00}" = CCC Help Polish
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E62FA27C-3F19-FC14-424D-F1CEE432604F}" = CCC Help Czech
"{E7F752BB-8B7B-2906-9CD2-8B25CAD7B303}" = CCC Help Spanish
"{E815530E-14D8-E337-3D21-6A1AB5F9DDD9}" = Catalyst Control Center
"{EAFA49E7-56AC-67B2-17E9-75F466884000}" = CCC Help French
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F5307A59-A5A2-C48F-BDD3-6C88E83203A6}" = CCC Help Korean
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8070C51-4B1D-430C-8BCF-19696368366F}" = HP Software Framework
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFCCF57-5102-C54C-778C-C613EC82F647}" = CCC Help Swedish
"1ClickDownload" = FirstRowSportApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Belarc Advisor" = Belarc Advisor 8.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Pro" = DAEMON Tools Pro
"EasyBits Magic Desktop" = Magic Desktop
"Echofon" = Echofon (remove only)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Football Manager 2010" = Football Manager 2010
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"GoToAssist Express Customer" = GoToAssist Customer 1.6.0.461
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"LiveResponse" = Kayako Desktop
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"Mozilla Thunderbird 16.0.2 (x86 en-US)" = Mozilla Thunderbird 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Revo Uninstaller" = Revo Uninstaller 1.93
"TeamViewer 7" = TeamViewer 7
"Thunderbird-Tray" = Thunderbird-Tray
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.0
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToAssist Remote Support Expert" = GoToAssist Expert 1.6.0.461
"Mikogo 4" = Mikogo 4
"Spotify" = Spotify
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2012 2:29:00 AM | Computer Name = DakotaGreen-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 11/12/2012 2:29:00 AM | Computer Name = DakotaGreen-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 11/12/2012 2:29:00 AM | Computer Name = DakotaGreen-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 11/12/2012 2:29:01 AM | Computer Name = DakotaGreen-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 11/12/2012 2:29:01 AM | Computer Name = DakotaGreen-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 11/12/2012 2:29:01 AM | Computer Name = DakotaGreen-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 11/12/2012 2:29:01 AM | Computer Name = DakotaGreen-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 11/12/2012 2:29:01 AM | Computer Name = DakotaGreen-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 11/12/2012 2:29:01 AM | Computer Name = DakotaGreen-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 11/12/2012 2:29:01 AM | Computer Name = DakotaGreen-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 11/12/2012 2:29:01 AM | Computer Name = DakotaGreen-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

[ Hewlett-Packard Events ]
Error - 10/11/2012 12:21:02 AM | Computer Name = DakotaGreen-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/11/2012 12:21:46 AM | Computer Name = DakotaGreen-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/11/2012 12:21:46 AM | Computer Name = DakotaGreen-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/11/2012 12:22:20 AM | Computer Name = DakotaGreen-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/11/2012 12:22:36 AM | Computer Name = DakotaGreen-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/11/2012 12:23:39 AM | Computer Name = DakotaGreen-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/11/2012 12:24:31 AM | Computer Name = DakotaGreen-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/11/2012 12:25:06 AM | Computer Name = DakotaGreen-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/25/2012 12:46:16 PM | Computer Name = DakotaGreen-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() 
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis() Message: A device
attached to the system is not functioning StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() 
at HP.SupportAssistant.UI.MessengerCommunication.sendBeginAnalysis() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6091 Ram Utilization: 70 TargetSite: Boolean 
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

Error - 11/25/2012 12:46:22 PM | Computer Name = DakotaGreen-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467259HPSF.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() 
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis() Message: A device
attached to the system is not functioning StackTrace: at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() 
at HP.SupportAssistant.UI.MessengerCommunication.sendEndAnalysis() Source: System

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 6091 Ram Utilization: 70 TargetSite: Boolean 
StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)

[ HP Connection Manager Events ]
Error - 10/8/2012 12:58:12 AM | Computer Name = DakotaGreen-HP | Source = hpCMSrv | ID = 5
Description = 2012/10/07 21:58:12.576|000020E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 10/8/2012 12:59:12 AM | Computer Name = DakotaGreen-HP | Source = hpCMSrv | ID = 5
Description = 2012/10/07 21:59:12.574|000020E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 10/8/2012 1:00:12 AM | Computer Name = DakotaGreen-HP | Source = hpCMSrv | ID = 5
Description = 2012/10/07 22:00:12.572|000020E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 10/18/2012 12:04:38 AM | Computer Name = DakotaGreen-HP | Source = hpMobile | ID = 5
Description = 2012/10/17 21:04:24.979|00000124|Error |[HP.Mobile]Wwan::a{void()}|Call
was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error - 10/21/2012 2:56:01 AM | Computer Name = DakotaGreen-HP | Source = hpMobile | ID = 5
Description = 2012/10/20 23:55:56.596|00000124|Error |[HP.Mobile]Wwan::a{void()}|Call
was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error - 11/8/2012 12:10:13 AM | Computer Name = DakotaGreen-HP | Source = hpCMSrv | ID = 5
Description = 2012/11/07 20:10:13.427|000022CC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/8/2012 12:10:38 AM | Computer Name = DakotaGreen-HP | Source = hpCMSrv | ID = 5
Description = 2012/11/07 20:10:38.511|000022CC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2012 12:36:15 AM | Computer Name = DakotaGreen-HP | Source = hpCMSrv | ID = 5
Description = 2012/11/13 20:36:15.495|00001BE8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/14/2012 12:36:44 AM | Computer Name = DakotaGreen-HP | Source = hpCMSrv | ID = 5
Description = 2012/11/13 20:36:44.246|00001BE8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 11/19/2012 2:56:57 AM | Computer Name = DakotaGreen-HP | Source = hpMobile | ID = 5
Description = 2012/11/18 22:56:48.094|00002144|Error |[HP.Mobile]Wwan::a{void()}|Call
was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

[ System Events ]
Error - 5/5/2012 8:22:24 AM | Computer Name = DakotaGreen-HP | Source = Service Control Manager | ID = 7030
Description = The M4-Service service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/5/2012 8:22:37 AM | Computer Name = DakotaGreen-HP | Source = Service Control Manager | ID = 7030
Description = The M4-Service service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/8/2012 2:04:54 AM | Computer Name = DakotaGreen-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the hpqwmiex service.

Error - 5/12/2012 3:48:40 AM | Computer Name = DakotaGreen-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the hpqwmiex service.

Error - 5/12/2012 3:51:45 AM | Computer Name = DakotaGreen-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:48:54 AM on ?5/?12/?2012 was unexpected.

Error - 5/12/2012 3:52:31 AM | Computer Name = DakotaGreen-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 5/13/2012 2:12:37 PM | Computer Name = DakotaGreen-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:11:40 AM on ?5/?13/?2012 was unexpected.

Error - 5/14/2012 4:07:05 AM | Computer Name = DakotaGreen-HP | Source = DCOM | ID = 10010
Description =

Error - 5/20/2012 6:35:05 PM | Computer Name = DakotaGreen-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:06:24 PM on ?5/?20/?2012 was unexpected.

Error - 5/20/2012 6:35:13 PM | Computer Name = DakotaGreen-HP | Source = BugCheck | ID = 1001
Description =

< End of report >


----------



## Raderick (Oct 2, 2005)

OTL logfile created on: 12/3/2012 8:18:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dakota Green\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 41.69% Memory free
11.90 Gb Paging File | 7.99 Gb Available in Paging File | 67.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681.33 Gb Total Space | 422.11 Gb Free Space | 61.95% Space Free | Partition Type: NTFS
Drive D: | 17.02 Gb Total Space | 1.86 Gb Free Space | 10.95% Space Free | Partition Type: NTFS
Drive I: | 14.91 Gb Total Space | 13.79 Gb Free Space | 92.52% Space Free | Partition Type: FAT32

Computer Name: DAKOTAGREEN-HP | User Name: Dakota Green | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dakota Green\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Dakota Green\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\Dakota Green\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\461\g2ax_user_expert.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\461\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\461\g2ax_comm_expert.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\Dakota Green\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Dakota Green\AppData\Roaming\Mikogo 4\M4-Capture.exe ()
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Users\Dakota Green\AppData\Roaming\Mikogo 4\mikogo-host.exe ()
PRC - C:\Users\Dakota Green\AppData\Roaming\Mikogo 4\M4-Service.exe ()
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\GeNUIT\THINWORX\Client\bin\TWCService.exe (GeNUIT INC.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe (Felix 'SniperBeamer' Geyer)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\10dca0c97b8703d895d026e645b6a1bc\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\474914b7c8b9b5056943488991a57edc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Users\Dakota Green\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]\platform\echofonsign.dll ()
MOD - C:\Program Files (x86)\Trillian\libpng15.dll ()
MOD - C:\Program Files (x86)\Trillian\libungif.dll ()
MOD - C:\Program Files (x86)\Trillian\zlib1.dll ()
MOD - c:\Program Files (x86)\Trillian\languages\en\trillian.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:*64bit:* - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:*64bit:* - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:*64bit:* - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:*64bit:* - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:*64bit:* - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:*64bit:* - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:*64bit:* - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:*64bit:* - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (GoToAssist Remote Support Customer) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (M4-Service) -- C:\Users\Dakota Green\AppData\Roaming\Mikogo 4\M4-Service.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (THINWORX Client Service) -- C:\Program Files (x86)\GeNUIT\THINWORX\Client\bin\TWCService.exe (GeNUIT INC.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:*64bit:* - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:*64bit:* - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (HWiNFO32) -- C:\Program Files\HWiNFO64\HWiNFO64A.SYS (REALiX(tm))
DRV:*64bit:* - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:*64bit:* - (NETwNv64) -- C:\Windows\SysNative\drivers\NETwNv64.sys (Intel Corporation)
DRV:*64bit:* - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:*64bit:* - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:*64bit:* - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:*64bit:* - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:*64bit:* - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:*64bit:* - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:*64bit:* - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:*64bit:* - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:*64bit:* - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:*64bit:* - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:*64bit:* - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:*64bit:* - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:*64bit:* - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:*64bit:* - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:*64bit:* - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:*64bit:* - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:*64bit:* - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:*64bit:* - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:*64bit:* - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:*64bit:* - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:*64bit:* - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:*64bit:* - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:*64bit:* - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:*64bit:* - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:*64bit:* - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:*64bit:* - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:*64bit:* - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:*64bit:* - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:*64bit:* - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:*64bit:* - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:*64bit:* - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:*64bit:* - HKLM\..\SearchScopes\{8E98704D-018F-4FA0-A72A-1298C72E6C8B}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:*64bit:* - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:*64bit:* - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:*64bit:* - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{8E98704D-018F-4FA0-A72A-1298C72E6C8B}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{8E98704D-018F-4FA0-A72A-1298C72E6C8B}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.43
FF - prefs.js..extensions.enabledAddons: [email protected]:0.9d
FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.0
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.8
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5.1
FF - prefs.js..extensions.enabledAddons: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.9
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.5
FF - prefs.js..extensions.enabledAddons: [email protected]:4.1
FF - prefs.js..extensions.enabledAddons: [email protected]:0.2.0
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.4
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20110512M
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.15
FF - prefs.js..extensions.enabledItems: {2AE34F68-682B-492A-A1C0-BF9F98CFFE4E}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.90.0
FF - prefs.js..extensions.enabledItems: [email protected]otcom:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.9c
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@genuitinc.com/THINWORX,version=4.3: C:\Program Files (x86)\GeNUIT\THINWORX\Client\bin\NPTWCP.dll (GeNUIT Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/11/03 07:50:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/11/03 07:50:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/11/03 07:50:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 06:58:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/11/04 20:30:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/03/17 15:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Extensions
[2012/12/01 08:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions
[2012/10/07 21:18:35 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/07/03 02:08:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/07/03 02:08:32 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2012/07/03 02:08:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/07/03 02:08:34 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2012/07/03 02:08:34 | 000,000,000 | ---D | M] () -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2012/07/03 02:08:37 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/06/24 08:18:18 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]
[2012/04/23 21:29:17 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]
[2012/11/24 11:06:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]
[2012/08/03 22:31:30 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]
[2012/09/23 09:05:51 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]
[2012/07/03 02:08:29 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]
[2012/09/16 08:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions
[2012/07/03 02:08:05 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/07/03 02:08:04 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions\[email protected]
[2012/07/03 02:08:04 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions\[email protected]
[2012/07/03 02:08:05 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions\[email protected]
[2012/07/03 02:08:05 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions\[email protected]
[2012/07/23 19:27:03 | 000,014,838 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]
[2012/02/14 20:09:10 | 000,123,007 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]
[2012/11/29 23:27:14 | 000,010,449 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]
[2012/08/29 22:03:26 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/11/24 02:51:11 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/03/17 15:52:14 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/03/17 15:52:14 | 000,115,263 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi
[2012/12/01 08:04:55 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/11/21 22:52:50 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/09/28 12:17:55 | 000,304,450 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
[2012/06/11 11:37:01 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2012/06/26 20:01:03 | 000,185,362 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/06/30 18:37:13 | 000,743,305 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/03/17 15:52:14 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/03/17 15:52:14 | 000,115,263 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi
[2012/05/20 13:43:06 | 000,697,058 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/06/11 11:37:01 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\Dakota Green\AppData\Roaming\Mozilla\Firefox\Profiles\lsyk5a44.default - Copy\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2012/10/27 06:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 06:58:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/27 06:58:00 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/10/27 06:58:07 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/01 14:32:22 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2012/09/01 14:32:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/01 14:32:22 | 000,001,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2012/09/01 14:32:22 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/10/12 23:52:33 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/09/01 14:32:21 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/09/01 14:32:21 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: Website Logon = C:\Users\Dakota Green\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Dakota Green\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\Dakota Green\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Anti-Banner = C:\Users\Dakota Green\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/11/24 12:17:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:*64bit:* - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:*64bit:* - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:*64bit:* - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:*64bit:* - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Quick Launch] c:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] c:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoToAssist Remote Support Expert] C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\461\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [Mikogo] c:\users\dakota green\appdata\roaming\mikogo 4\mikogo-host.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\Dakota Green\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dakota Green\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Dakota Green\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dakota Green\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Dakota Green\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:*64bit:* - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:*64bit:* - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:*64bit:* - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:*64bit:* - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:*64bit:* - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:*64bit:* - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cloud9login.com ([]http in Local intranet)
O16:*64bit:* - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16:*64bit:* - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:*64bit:* - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC52F7A0-C965-43CB-82EE-8D9A5B4BF1FE}: DhcpNameServer = 192.168.2.1
O18:*64bit:* - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\belarc - No CLSID value found
O18:*64bit:* - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:*64bit:* - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O29:*64bit:* - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:*64bit:* - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:*64bit:* {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:*64bit:* {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:*64bit:* {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:*64bit:* {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:*64bit:* {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:*64bit:* {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:*64bit:* {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:*64bit:* {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:*64bit:* {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:*64bit:* {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:*64bit:* {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:*64bit:* {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:*64bit:* {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:*64bit:* {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:*64bit:* {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:*64bit:* {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:*64bit:* {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:*64bit:* {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:*64bit:* {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:*64bit:* {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:*64bit:* >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:*64bit:* >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:*64bit:* >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - StartUpReg: *Adobe ARM* - hkey= - key= - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *BCSSync* - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: *Easybits Recovery* - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
MsConfig:64bit - StartUpReg: *FlashPlayerUpdate* - hkey= - key= - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: *HP Quick Launch* - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: *HPOSD* - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: *iTunesHelper* - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *Mikogo* - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: *QuickTime Task* - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: *Skype* - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: *SpybotSD TeaTimer* - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig:64bit - StartUpReg: *StartCCC* - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: *SunJavaUpdateSched* - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: *vmware-tray* - hkey= - key= - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/01 08:33:00 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/12/01 08:33:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/01 08:33:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/01 08:32:59 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/12/01 08:32:59 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012/12/01 08:32:59 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/12/01 08:32:58 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/12/01 08:32:58 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/12/01 08:32:58 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/12/01 08:32:58 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/12/01 08:32:58 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/12/01 08:32:58 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/12/01 08:32:58 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/12/01 08:32:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/12/01 08:32:58 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/12/01 08:32:58 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/12/01 08:32:58 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/12/01 08:32:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/12/01 08:32:58 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/12/01 08:32:58 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/12/01 08:32:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/12/01 08:32:58 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/12/01 08:32:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/12/01 08:32:58 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/12/01 08:32:57 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/12/01 08:31:11 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/12/01 08:31:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/12/01 08:31:10 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/12/01 08:31:10 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/12/01 01:32:12 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/12/01 01:32:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/29 23:47:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/29 23:47:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/29 23:47:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/29 23:47:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/29 23:47:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/29 23:47:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/29 23:47:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/29 23:47:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/29 23:47:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/29 23:47:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/29 23:47:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/29 23:47:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/29 23:47:02 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/29 23:47:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/29 23:47:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/29 23:43:20 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/29 23:43:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/29 23:43:19 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/29 23:43:19 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/24 12:17:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/24 11:57:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/24 11:57:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/24 11:57:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/24 11:57:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/24 11:55:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/14 21:52:41 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/14 21:52:41 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/14 21:52:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/14 21:52:31 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/14 21:52:31 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/14 21:52:31 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/14 21:52:30 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/14 21:52:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/14 21:52:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/14 21:52:06 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/14 21:52:06 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/13 20:27:18 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/11/13 20:27:18 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/11/13 20:27:06 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/11/11 12:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/11 12:08:23 | 000,000,000 | ---D | C] -- C:\Users\Dakota Green\AppData\Local\Google
[2012/11/11 12:08:22 | 000,000,000 | ---D | C] -- C:\Users\Dakota Green\AppData\Roaming\SUPERAntiSpyware.com
[2012/11/11 12:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/11/11 12:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/11/11 12:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/11/11 12:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/11/04 20:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[24 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/03 20:15:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/03 04:35:51 | 000,002,260 | -H-- | M] () -- C:\Users\Dakota Green\Documents\Default.rdp
[2012/12/02 23:18:07 | 000,734,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/02 23:18:07 | 000,629,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/02 23:18:07 | 000,108,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/02 22:41:29 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/02 22:41:29 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/02 22:33:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/02 22:32:52 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/02 13:27:54 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDakota Green.job
[2012/12/01 08:06:44 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/01 08:01:58 | 004,974,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/01 08:01:37 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/01 08:01:37 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/29 21:21:16 | 000,009,284 | ---- | M] () -- C:\Users\Dakota Green\Documents\cc_20121129_212112.reg
[2012/11/29 21:19:32 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/24 12:17:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/22 10:09:44 | 000,000,512 | ---- | M] () -- C:\Users\Dakota Green\Desktop\MBR.dat
[2012/11/15 20:08:02 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/13 20:26:59 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/11/13 20:26:58 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/11/13 20:26:58 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/11/13 20:26:58 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/11/13 20:26:58 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/11/13 20:26:58 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/11/11 22:28:47 | 000,002,114 | ---- | M] () -- C:\Users\Dakota Green\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/11/11 12:09:50 | 000,002,237 | ---- | M] () -- C:\Users\Dakota Green\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/10 10:07:32 | 000,001,097 | ---- | M] () -- C:\Users\Dakota Green\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/11/10 10:07:32 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[24 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/01 01:32:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/29 23:43:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/29 21:21:15 | 000,009,284 | ---- | C] () -- C:\Users\Dakota Green\Documents\cc_20121129_212112.reg
[2012/11/24 11:57:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/24 11:57:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/24 11:57:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/24 11:57:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/24 11:57:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/11 12:09:50 | 000,002,338 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/11 12:09:50 | 000,002,237 | ---- | C] () -- C:\Users\Dakota Green\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/11 12:08:31 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/11 12:08:28 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/11 12:08:17 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/10 00:22:08 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/06/10 00:22:07 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/06/09 23:45:28 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/06/09 23:45:28 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/06/09 23:43:52 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/06/09 23:42:17 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/03/17 22:52:08 | 000,000,352 | ---- | C] () -- C:\Users\Dakota Green\AppData\Roaming\Network Meter_Settings.ini
[2012/03/17 22:26:20 | 000,747,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/17 15:50:23 | 000,017,408 | ---- | C] () -- C:\Users\Dakota Green\AppData\Local\WebpageIcons.db
[2012/02/14 19:45:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/14 19:36:19 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012/02/14 19:35:06 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 19:35:06 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 19:35:06 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 19:35:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/14 19:35:04 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/14 19:35:02 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/02/14 19:30:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/08/24 20:36:56 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/04 07:36:44 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\Ad-Aware Antivirus
[2012/09/28 21:26:03 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\Amazon
[2012/09/01 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\DAEMON Tools Pro
[2012/12/02 22:34:31 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\Dropbox
[2012/03/17 17:56:57 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\IDT
[2012/06/10 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\IObit
[2012/03/20 10:18:06 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\Kayako
[2012/05/05 04:22:41 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\Mikogo 4
[2012/04/01 15:25:43 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\naan studio, Inc
[2012/09/01 14:15:08 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\Sports Interactive
[2012/12/03 20:20:11 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\Spotify
[2012/03/17 15:20:29 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\Synaptics
[2012/03/18 11:50:56 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\TeamViewer
[2012/03/17 15:32:54 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\Thunderbird
[2012/03/17 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\Trillian
[2012/11/29 21:22:46 | 000,000,000 | ---D | M] -- C:\Users\Dakota Green\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/11/24 12:17:30 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/06/10 00:09:34 | 000,000,000 | ---D | M] -- C:\boot
[2012/12/01 08:00:47 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009/07/13 21:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/02/14 19:56:39 | 000,000,000 | ---D | M] -- C:\HP
[2012/02/14 19:33:54 | 000,000,000 | ---D | M] -- C:\Intel
[2012/03/17 19:33:43 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009/07/13 19:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/11/11 12:08:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/11/24 11:52:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012/11/24 12:14:16 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/11/24 12:26:18 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/03/17 23:19:41 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/03/25 12:32:45 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012/12/03 20:20:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/03/17 23:19:47 | 000,000,000 | ---D | M] -- C:\SYSTEM.SAV
[2012/03/17 23:18:33 | 000,000,000 | R--D | M] -- C:\Users
[2012/12/01 08:01:27 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2012/03/06 18:39:10 | 002,682,368 | ---- | M] () -- C:\Windows\Installer\100f789.msi
[2012/03/06 18:42:54 | 002,323,456 | ---- | M] () -- C:\Windows\Installer\100f795.msi
[2012/11/11 12:13:48 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\12eaac9d.msi
[2011/09/09 05:06:12 | 004,647,936 | ---- | M] () -- C:\Windows\Installer\16515d.msi
[2012/04/16 21:50:42 | 024,623,616 | ---- | M] () -- C:\Windows\Installer\17ce04.msi
[2010/03/18 13:41:24 | 001,901,056 | ---- | M] () -- C:\Windows\Installer\1ab292.msi
[2012/09/24 19:19:10 | 017,270,784 | R--- | M] () -- C:\Windows\Installer\1c32ddba.msp
[2012/09/24 19:17:26 | 001,868,288 | R--- | M] () -- C:\Windows\Installer\1c32ddc5.msp
[2012/09/20 10:18:36 | 043,984,896 | R--- | M] () -- C:\Windows\Installer\1c32dddf.msp
[2012/09/07 22:07:04 | 002,201,088 | R--- | M] () -- C:\Windows\Installer\1c32ddf7.msp
[2012/09/06 10:16:24 | 025,810,944 | R--- | M] () -- C:\Windows\Installer\1c32de10.msp
[2012/10/24 23:42:00 | 003,460,096 | R--- | M] () -- C:\Windows\Installer\1c32de27.msp
[2012/09/20 10:18:10 | 005,973,504 | R--- | M] () -- C:\Windows\Installer\1c32de3f.msp
[2012/07/19 02:45:14 | 043,188,224 | R--- | M] () -- C:\Windows\Installer\1c32de63.msp
[2012/09/10 09:35:36 | 015,580,672 | R--- | M] () -- C:\Windows\Installer\1c32de7a.msp
[2012/07/27 19:11:14 | 005,743,616 | R--- | M] () -- C:\Windows\Installer\1c32de92.msp
[2012/10/03 15:45:26 | 012,114,432 | R--- | M] () -- C:\Windows\Installer\1c32deab.msp
[2012/09/20 10:18:14 | 018,148,864 | R--- | M] () -- C:\Windows\Installer\1c32ded0.msp
[2011/11/21 23:42:40 | 033,189,888 | R--- | M] () -- C:\Windows\Installer\1d1ebe4.msp
[2011/05/18 22:06:22 | 038,672,896 | R--- | M] () -- C:\Windows\Installer\1d1ebfa.msp
[2011/04/13 10:48:16 | 035,326,464 | R--- | M] () -- C:\Windows\Installer\1d1ec03.msp
[2011/12/26 05:24:12 | 008,835,072 | R--- | M] () -- C:\Windows\Installer\1d1ec0c.msp
[2011/07/11 16:33:14 | 023,254,016 | R--- | M] () -- C:\Windows\Installer\1d1ec13.msp
[2011/10/26 15:36:14 | 002,829,312 | R--- | M] () -- C:\Windows\Installer\1d1ec1a.msp
[2011/04/06 19:12:06 | 194,340,864 | R--- | M] () -- C:\Windows\Installer\1d1ec38.msp
[2011/04/12 09:05:50 | 003,634,688 | ---- | M] () -- C:\Windows\Installer\1df840f6.msi
[2012/11/13 20:26:36 | 000,902,144 | ---- | M] () -- C:\Windows\Installer\1ef44d4d.msi
[2011/08/21 22:18:54 | 001,585,152 | R--- | M] () -- C:\Windows\Installer\1f59829.msp
[2011/08/21 22:19:26 | 000,133,120 | R--- | M] () -- C:\Windows\Installer\1f59830.msp
[2011/10/26 21:46:00 | 011,580,928 | R--- | M] () -- C:\Windows\Installer\1f59847.msp
[2011/04/16 07:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\1f59866.msi
[2012/02/29 22:55:44 | 003,462,656 | R--- | M] () -- C:\Windows\Installer\1f5987c.msp
[2011/10/26 21:49:42 | 010,427,392 | R--- | M] () -- C:\Windows\Installer\1f59884.msp
[2011/10/26 21:49:36 | 016,245,760 | R--- | M] () -- C:\Windows\Installer\1f5988c.msp
[2011/10/26 21:47:50 | 010,328,064 | R--- | M] () -- C:\Windows\Installer\1f59896.msp
[2011/10/26 21:46:54 | 001,833,472 | R--- | M] () -- C:\Windows\Installer\1f598ad.msp
[2011/10/26 21:51:34 | 016,885,760 | R--- | M] () -- C:\Windows\Installer\1f598cb.msp
[2011/10/26 21:51:46 | 000,592,896 | R--- | M] () -- C:\Windows\Installer\1f598db.msp
[2012/02/14 19:47:42 | 005,219,412 | ---- | M] () -- C:\Windows\Installer\1f5bf.msi
[2009/10/13 17:27:10 | 001,029,120 | ---- | M] () -- C:\Windows\Installer\1f5c5.msi
[2011/03/22 13:20:58 | 003,539,456 | ---- | M] () -- C:\Windows\Installer\1f5d0.msi
[2008/08/08 14:11:02 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\1f5d6.msi
[2011/05/17 08:34:13 | 008,639,488 | ---- | M] () -- C:\Windows\Installer\1f5dd.msi
[2009/07/12 12:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\1f5e4.msi
[2009/07/12 07:43:18 | 000,231,936 | ---- | M] () -- C:\Windows\Installer\1f5eb.msi
[2012/02/14 19:52:56 | 003,904,000 | ---- | M] () -- C:\Windows\Installer\1f5f9.msi
[2012/02/14 19:53:21 | 037,033,984 | ---- | M] () -- C:\Windows\Installer\1f600.msi
[2011/03/18 15:06:12 | 001,954,816 | ---- | M] () -- C:\Windows\Installer\1f606.msi
[2011/03/02 03:54:50 | 000,554,496 | ---- | M] () -- C:\Windows\Installer\1f60c.msi
[2011/02/16 05:58:40 | 025,266,176 | ---- | M] () -- C:\Windows\Installer\1f613.msi
[2012/03/21 04:57:52 | 001,591,808 | R--- | M] () -- C:\Windows\Installer\20bcba9a.msp
[2012/03/21 04:58:06 | 000,133,120 | R--- | M] () -- C:\Windows\Installer\20bcbaa1.msp
[2012/02/17 02:50:50 | 001,236,480 | R--- | M] () -- C:\Windows\Installer\20bcbab8.msp
[2012/04/01 15:27:20 | 003,463,168 | R--- | M] () -- C:\Windows\Installer\20bcbacf.msp
[2012/03/07 14:03:14 | 023,710,208 | R--- | M] () -- C:\Windows\Installer\20bcbaec.msp
[2012/03/07 14:01:28 | 001,907,712 | R--- | M] () -- C:\Windows\Installer\20bcbaf5.msp
[2012/02/09 06:27:42 | 000,206,848 | R--- | M] () -- C:\Windows\Installer\20bcbb0c.msp
[2012/01/22 09:20:42 | 001,707,520 | R--- | M] () -- C:\Windows\Installer\20bcbb16.msp
[2012/03/18 11:20:23 | 047,848,756 | ---- | M] () -- C:\Windows\Installer\27a334b.msi
[2011/08/23 16:01:10 | 003,480,576 | ---- | M] () -- C:\Windows\Installer\27a3355.msi
[2011/10/18 20:51:44 | 007,862,784 | ---- | M] () -- C:\Windows\Installer\2ad1d462.msi
[2010/04/20 01:48:32 | 000,168,960 | ---- | M] () -- C:\Windows\Installer\333d0.msi
[2011/05/19 10:38:30 | 000,509,952 | ---- | M] () -- C:\Windows\Installer\333d5.msi
[2011/05/19 10:43:14 | 006,758,912 | ---- | M] () -- C:\Windows\Installer\333db.msi
[2011/05/11 11:22:18 | 000,440,832 | ---- | M] () -- C:\Windows\Installer\333e5.msi
[2011/05/19 10:40:28 | 001,773,056 | ---- | M] () -- C:\Windows\Installer\333ea.msi
[2011/05/19 10:36:12 | 001,183,744 | ---- | M] () -- C:\Windows\Installer\333ef.msi
[2011/05/19 10:36:18 | 001,167,872 | ---- | M] () -- C:\Windows\Installer\333f4.msi
[2011/05/19 10:36:24 | 001,153,536 | ---- | M] () -- C:\Windows\Installer\333f9.msi
[2011/05/19 10:36:30 | 001,221,632 | ---- | M] () -- C:\Windows\Installer\333fe.msi
[2011/05/19 10:36:34 | 000,604,672 | ---- | M] () -- C:\Windows\Installer\33403.msi
[2011/05/19 10:36:40 | 001,170,432 | ---- | M] () -- C:\Windows\Installer\33408.msi
[2011/05/19 10:36:46 | 001,172,480 | ---- | M] () -- C:\Windows\Installer\3340d.msi
[2011/05/19 10:36:52 | 001,179,648 | ---- | M] () -- C:\Windows\Installer\33412.msi
[2011/05/19 10:36:56 | 001,188,352 | ---- | M] () -- C:\Windows\Installer\33417.msi
[2011/05/19 10:37:02 | 001,171,456 | ---- | M] () -- C:\Windows\Installer\3341c.msi
[2011/05/19 10:37:08 | 001,199,104 | ---- | M] () -- C:\Windows\Installer\33421.msi
[2011/05/19 10:37:14 | 001,183,744 | ---- | M] () -- C:\Windows\Installer\33426.msi
[2011/05/19 10:37:20 | 001,175,040 | ---- | M] () -- C:\Windows\Installer\3342b.msi
[2011/05/19 10:37:26 | 001,163,264 | ---- | M] () -- C:\Windows\Installer\33430.msi
[2011/05/19 10:37:30 | 001,177,088 | ---- | M] () -- C:\Windows\Installer\33435.msi
[2011/05/19 10:37:36 | 001,175,040 | ---- | M] () -- C:\Windows\Installer\3343a.msi
[2011/05/19 10:37:44 | 001,207,296 | ---- | M] () -- C:\Windows\Installer\3343f.msi
[2011/05/19 10:37:48 | 001,164,288 | ---- | M] () -- C:\Windows\Installer\33444.msi
[2011/05/19 10:37:56 | 001,195,520 | ---- | M] () -- C:\Windows\Installer\33449.msi
[2011/05/19 10:38:02 | 001,172,992 | ---- | M] () -- C:\Windows\Installer\3344e.msi
[2011/05/19 10:38:06 | 000,861,696 | ---- | M] () -- C:\Windows\Installer\33453.msi
[2011/05/19 10:38:12 | 001,164,288 | ---- | M] () -- C:\Windows\Installer\33458.msi
[2011/05/19 10:38:26 | 001,768,448 | ---- | M] () -- C:\Windows\Installer\3345d.msi
[2011/05/19 10:39:44 | 000,199,680 | ---- | M] () -- C:\Windows\Installer\33462.msi
[2011/05/19 10:38:42 | 000,274,432 | ---- | M] () -- C:\Windows\Installer\33467.msi
[2011/05/19 10:35:58 | 011,079,680 | ---- | M] () -- C:\Windows\Installer\3346d.msi
[2012/02/14 19:39:14 | 013,782,016 | ---- | M] () -- C:\Windows\Installer\33472.msi
[2010/12/15 10:02:12 | 000,794,112 | ---- | M] () -- C:\Windows\Installer\33477.msi
[2011/01/12 09:21:18 | 047,362,560 | ---- | M] () -- C:\Windows\Installer\33481.msi
[2012/02/14 19:42:55 | 000,004,608 | ---- | M] () -- C:\Windows\Installer\33487.msi
[2012/07/27 17:47:34 | 013,123,584 | R--- | M] () -- C:\Windows\Installer\44ff1f4c.msp
[2012/10/22 20:43:30 | 021,461,504 | ---- | M] () -- C:\Windows\Installer\4d2a57cb.msi
[2012/10/22 20:44:26 | 026,820,096 | ---- | M] () -- C:\Windows\Installer\4d2a57ff.msi
[2012/10/22 20:45:10 | 011,059,200 | ---- | M] () -- C:\Windows\Installer\4d2a584a.msi
[2012/10/22 20:45:31 | 052,218,368 | ---- | M] () -- C:\Windows\Installer\4d2a67de.msi
[2012/10/22 20:49:32 | 021,116,928 | ---- | M] () -- C:\Windows\Installer\4d2a67e4.msi
[2012/07/17 17:12:30 | 019,337,216 | ---- | M] () -- C:\Windows\Installer\57423eec.msi
[2012/03/15 13:26:06 | 004,212,736 | R--- | M] () -- C:\Windows\Installer\5db209.msp
[2012/04/22 21:46:00 | 001,187,328 | R--- | M] () -- C:\Windows\Installer\5db212.msp
[2012/06/07 21:18:17 | 020,343,808 | R--- | M] () -- C:\Windows\Installer\5e23f8d8.msp
[2012/03/15 12:11:26 | 001,989,632 | R--- | M] () -- C:\Windows\Installer\5e23f8ee.msp
[2012/03/15 12:11:30 | 066,812,928 | R--- | M] () -- C:\Windows\Installer\5e23f906.msp
[2012/03/15 12:12:04 | 004,968,960 | R--- | M] () -- C:\Windows\Installer\5e23f91e.msp
[2012/03/15 12:09:50 | 017,165,312 | R--- | M] () -- C:\Windows\Installer\5e23f93d.msp
[2011/12/15 13:54:16 | 039,732,736 | R--- | M] () -- C:\Windows\Installer\5e23f969.msp
[2012/01/19 13:20:42 | 011,997,696 | R--- | M] () -- C:\Windows\Installer\5e23f976.msp
[2012/04/23 09:32:14 | 003,460,096 | R--- | M] () -- C:\Windows\Installer\5e23f98c.msp
[2012/03/17 19:33:44 | 002,863,104 | ---- | M] () -- C:\Windows\Installer\648f6.msi
[2012/03/17 19:33:43 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\648fc.msi
[2012/03/17 19:33:55 | 001,800,704 | ---- | M] () -- C:\Windows\Installer\64902.msi
[2012/03/17 19:34:15 | 001,802,240 | ---- | M] () -- C:\Windows\Installer\64908.msi
[2012/03/17 19:34:18 | 001,804,800 | ---- | M] () -- C:\Windows\Installer\6490e.msi
[2012/03/17 19:34:24 | 002,115,584 | ---- | M] () -- C:\Windows\Installer\64914.msi
[2012/03/17 19:34:33 | 000,653,824 | ---- | M] () -- C:\Windows\Installer\6491a.msi
[2012/03/17 19:34:32 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\64920.msi
[2012/03/17 19:34:42 | 000,663,040 | ---- | M] () -- C:\Windows\Installer\64926.msi
[2012/03/17 19:34:40 | 000,667,648 | ---- | M] () -- C:\Windows\Installer\6492c.msi
[2012/03/17 19:34:34 | 000,656,896 | ---- | M] () -- C:\Windows\Installer\64932.msi
[2012/03/17 19:34:34 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\64938.msi
[2012/03/17 19:34:44 | 001,800,704 | ---- | M] () -- C:\Windows\Installer\6493e.msi
[2012/03/17 19:34:51 | 002,413,568 | ---- | M] () -- C:\Windows\Installer\64944.msi
[2012/03/17 19:34:52 | 001,813,504 | ---- | M] () -- C:\Windows\Installer\6494b.msi
[2012/03/17 19:34:52 | 000,650,240 | ---- | M] () -- C:\Windows\Installer\64951.msi
[2012/03/17 19:35:06 | 001,810,944 | ---- | M] () -- C:\Windows\Installer\64957.msi
[2012/03/17 19:35:07 | 001,819,648 | ---- | M] () -- C:\Windows\Installer\6495d.msi
[2012/03/17 19:35:08 | 003,025,408 | ---- | M] () -- C:\Windows\Installer\64964.msi
[2012/03/17 19:35:12 | 024,809,472 | ---- | M] () -- C:\Windows\Installer\6496e.msi
[2011/04/28 15:47:12 | 425,345,024 | R--- | M] () -- C:\Windows\Installer\64ae5.msp
[2011/04/28 15:46:24 | 014,467,072 | R--- | M] () -- C:\Windows\Installer\64af1.msp
[2011/04/28 15:47:22 | 011,155,456 | R--- | M] () -- C:\Windows\Installer\64b2f.msp
[2011/04/28 15:47:36 | 016,972,800 | R--- | M] () -- C:\Windows\Installer\64b44.msp
[2011/04/28 15:47:28 | 011,056,128 | R--- | M] () -- C:\Windows\Installer\64b57.msp
[2011/04/28 15:46:14 | 013,031,936 | R--- | M] () -- C:\Windows\Installer\64b78.msp
[2011/04/28 15:46:10 | 002,426,880 | R--- | M] () -- C:\Windows\Installer\64b80.msp
[2011/04/28 15:47:40 | 000,608,768 | R--- | M] () -- C:\Windows\Installer\64b87.msp
[2011/04/28 15:46:20 | 003,994,624 | R--- | M] () -- C:\Windows\Installer\64b9c.msp
[2011/05/10 23:01:54 | 001,997,312 | ---- | M] () -- C:\Windows\Installer\64bc6.msi
[2011/05/10 23:01:50 | 002,211,328 | ---- | M] () -- C:\Windows\Installer\64bcc.msi
[2011/05/10 23:01:55 | 012,719,104 | ---- | M] () -- C:\Windows\Installer\64bd2.msi
[2011/05/10 23:01:52 | 000,725,504 | ---- | M] () -- C:\Windows\Installer\64bd8.msi
[2011/05/10 23:01:53 | 003,670,016 | ---- | M] () -- C:\Windows\Installer\64bde.msi
[2011/05/10 23:01:53 | 000,606,208 | ---- | M] () -- C:\Windows\Installer\64be4.msi
[2011/05/10 23:01:54 | 000,915,456 | ---- | M] () -- C:\Windows\Installer\64bea.msi
[2011/05/10 23:01:49 | 000,607,744 | ---- | M] () -- C:\Windows\Installer\64bf0.msi
[2011/05/10 23:01:54 | 001,528,320 | ---- | M] () -- C:\Windows\Installer\64bf6.msi
[2011/05/10 23:01:53 | 000,532,992 | ---- | M] () -- C:\Windows\Installer\64bfc.msi
[2011/05/10 23:01:59 | 009,998,336 | ---- | M] () -- C:\Windows\Installer\64c02.msi
[2012/03/17 20:05:00 | 000,031,232 | ---- | M] () -- C:\Windows\Installer\64c08.msi
[2012/03/17 20:05:13 | 000,029,184 | ---- | M] () -- C:\Windows\Installer\64c0e.msi
[2011/05/10 23:01:52 | 001,911,808 | ---- | M] () -- C:\Windows\Installer\64c14.msi
[2011/05/10 23:01:52 | 000,620,032 | ---- | M] () -- C:\Windows\Installer\64c1a.msi
[2011/05/10 23:01:53 | 003,123,200 | ---- | M] () -- C:\Windows\Installer\64c20.msi
[2011/05/10 23:01:49 | 000,510,976 | ---- | M] () -- C:\Windows\Installer\64c26.msi
[2011/05/10 23:01:54 | 000,754,688 | ---- | M] () -- C:\Windows\Installer\64c2c.msi
[2011/05/10 23:01:59 | 001,388,032 | ---- | M] () -- C:\Windows\Installer\64c32.msi
[2012/03/17 20:11:24 | 000,024,064 | ---- | M] () -- C:\Windows\Installer\64c44.msi
[2012/03/17 20:12:32 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\64c4a.msi
[2012/03/17 20:12:41 | 000,023,040 | ---- | M] () -- C:\Windows\Installer\64c50.msi
[2012/08/29 21:39:12 | 003,463,680 | R--- | M] () -- C:\Windows\Installer\6ee6db6c.msp
[2011/01/10 12:20:16 | 003,665,408 | ---- | M] () -- C:\Windows\Installer\7284.msi
[2011/08/24 20:24:25 | 003,679,232 | ---- | M] () -- C:\Windows\Installer\7288.msi
[2011/08/24 20:24:24 | 025,982,976 | ---- | M] () -- C:\Windows\Installer\728e.msi
[2011/08/24 20:24:45 | 056,582,144 | ---- | M] () -- C:\Windows\Installer\7293.msi
[2011/03/01 05:10:46 | 005,799,936 | ---- | M] () -- C:\Windows\Installer\7298.msi
[2011/03/16 11:10:42 | 001,316,864 | ---- | M] () -- C:\Windows\Installer\729d.msi
[2011/08/24 20:30:45 | 005,249,024 | ---- | M] () -- C:\Windows\Installer\72a7.msi
[2010/03/31 22:41:58 | 000,041,984 | ---- | M] () -- C:\Windows\Installer\72b7.msi
[2011/08/24 20:32:16 | 020,240,896 | R--- | M] () -- C:\Windows\Installer\72bd.msp
[2011/08/24 20:32:12 | 008,810,496 | ---- | M] () -- C:\Windows\Installer\72c1.msi
[2011/08/24 20:32:13 | 004,227,072 | ---- | M] () -- C:\Windows\Installer\72c5.msi
[2011/08/24 20:32:13 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\72c9.msi
[2011/08/24 20:32:14 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\72cd.msi
[2011/08/24 20:32:14 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\72d1.msi
[2011/08/24 20:32:15 | 000,039,936 | R--- | M] () -- C:\Windows\Installer\72d6.msp
[2011/08/24 20:32:15 | 002,856,448 | ---- | M] () -- C:\Windows\Installer\72da.msi
[2011/08/24 20:32:16 | 000,053,248 | ---- | M] () -- C:\Windows\Installer\72de.msi
[2011/08/24 20:32:16 | 000,037,888 | ---- | M] () -- C:\Windows\Installer\72e2.msi
[2011/08/24 20:32:16 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\72e6.msi
[2011/08/24 20:32:18 | 004,427,776 | R--- | M] () -- C:\Windows\Installer\72f5.msp
[2011/08/24 20:32:18 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\72f9.msi
[2011/08/24 20:32:19 | 002,932,736 | R--- | M] () -- C:\Windows\Installer\730d.msp
[2011/08/24 20:32:19 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\7311.msi
[2011/08/24 20:32:20 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\7315.msi
[2011/08/24 20:32:20 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\7319.msi
[2011/08/24 20:32:20 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\731d.msi
[2011/08/24 20:32:20 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\7322.msp
[2011/08/24 20:32:20 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\7326.msi
[2011/08/24 20:32:21 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\7332.msp
[2011/08/24 20:32:21 | 002,310,656 | ---- | M] () -- C:\Windows\Installer\7336.msi
[2011/08/24 20:32:22 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\733a.msi
[2011/08/24 20:32:22 | 003,314,688 | R--- | M] () -- C:\Windows\Installer\7356.msp
[2011/08/24 20:32:23 | 021,302,784 | ---- | M] () -- C:\Windows\Installer\735b.msi
[2011/08/24 20:32:24 | 005,514,240 | R--- | M] () -- C:\Windows\Installer\736e.msp
[2011/08/24 20:32:24 | 003,664,384 | ---- | M] () -- C:\Windows\Installer\7373.msi
[2011/08/24 20:32:25 | 003,734,016 | ---- | M] () -- C:\Windows\Installer\7377.msi
[2011/08/24 20:32:25 | 013,850,624 | ---- | M] () -- C:\Windows\Installer\737b.msi
[2011/08/24 20:32:26 | 005,870,080 | R--- | M] () -- C:\Windows\Installer\7392.msp
[2011/08/24 20:32:27 | 008,313,856 | ---- | M] () -- C:\Windows\Installer\7396.msi
[2011/08/24 20:32:28 | 002,958,336 | R--- | M] () -- C:\Windows\Installer\73b0.msp
[2011/08/24 20:32:27 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\73b4.msi
[2011/08/24 20:32:29 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\73b8.msi
[2011/08/24 20:32:31 | 014,617,088 | R--- | M] () -- C:\Windows\Installer\73e4.msp
[2011/08/24 20:32:31 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\73e9.msi
[2011/08/24 20:32:32 | 003,733,504 | R--- | M] () -- C:\Windows\Installer\73f2.msp
[2011/08/24 20:32:33 | 000,775,168 | ---- | M] () -- C:\Windows\Installer\73f7.msi
[2011/08/24 20:32:33 | 000,205,312 | R--- | M] () -- C:\Windows\Installer\7400.msp
[2011/08/24 20:32:34 | 006,363,136 | ---- | M] () -- C:\Windows\Installer\7404.msi
[2011/08/24 20:32:35 | 000,113,664 | R--- | M] () -- C:\Windows\Installer\7441.msp
[2011/08/24 20:32:34 | 006,195,200 | ---- | M] () -- C:\Windows\Installer\7445.msi
[2011/08/24 20:32:35 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\7449.msi
[2011/08/24 20:32:36 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\744d.msi
[2011/08/24 20:32:36 | 000,624,640 | R--- | M] () -- C:\Windows\Installer\7456.msp
[2011/08/24 20:32:37 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\745a.msi
[2011/08/24 20:32:37 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\7464.msp
[2011/08/24 20:32:39 | 006,660,608 | ---- | M] () -- C:\Windows\Installer\7469.msi
[2011/08/24 20:32:40 | 005,124,608 | R--- | M] () -- C:\Windows\Installer\7473.msp
[2011/08/24 20:32:40 | 003,410,944 | ---- | M] () -- C:\Windows\Installer\7478.msi
[2011/08/24 20:32:41 | 000,636,928 | R--- | M] () -- C:\Windows\Installer\747e.msp
[2011/08/24 20:32:41 | 004,175,360 | ---- | M] () -- C:\Windows\Installer\7482.msi
[2011/08/24 20:32:42 | 000,510,976 | R--- | M] () -- C:\Windows\Installer\7487.msp
[2011/08/24 20:32:43 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\748c.msi
[2011/08/24 20:32:44 | 002,144,256 | R--- | M] () -- C:\Windows\Installer\7497.msp
[2011/08/24 20:32:44 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\749c.msi
[2011/08/24 20:32:44 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\74a1.msp
[2011/08/24 20:32:45 | 000,029,696 | ---- | M] () -- C:\Windows\Installer\74a6.msi
[2011/08/24 20:32:45 | 000,023,552 | R--- | M] () -- C:\Windows\Installer\74ab.msp
[2011/08/24 20:32:46 | 002,631,168 | ---- | M] () -- C:\Windows\Installer\74af.msi
[2011/08/24 20:32:47 | 000,074,240 | ---- | M] () -- C:\Windows\Installer\74b3.msi
[2011/08/24 20:36:05 | 000,412,832 | ---- | M] () -- C:\Windows\Installer\74bd.msi
[2008/08/08 13:46:10 | 000,242,176 | ---- | M] () -- C:\Windows\Installer\74c2.msi
[2011/08/24 20:36:34 | 000,628,224 | ---- | M] () -- C:\Windows\Installer\74c7.msi
[2011/08/24 20:37:36 | 000,768,512 | ---- | M] () -- C:\Windows\Installer\74d0.msi
[2011/01/27 11:39:08 | 001,042,944 | ---- | M] () -- C:\Windows\Installer\74d5.msi
[2011/08/24 20:38:20 | 000,681,984 | ---- | M] () -- C:\Windows\Installer\74da.msi
[2011/08/24 20:38:25 | 000,183,808 | ---- | M] () -- C:\Windows\Installer\74df.msi
[2011/08/24 20:38:29 | 000,683,008 | ---- | M] () -- C:\Windows\Installer\74e4.msi
[2011/10/16 13:38:36 | 100,966,912 | R--- | M] () -- C:\Windows\Installer\a0917e.msp
[2011/10/22 14:21:04 | 021,515,264 | R--- | M] () -- C:\Windows\Installer\a091a0.msp
[2012/03/17 22:25:18 | 001,289,728 | ---- | M] () -- C:\Windows\Installer\a091b1.msi
[2012/03/17 22:24:19 | 008,759,808 | ---- | M] () -- C:\Windows\Installer\a091b8.msi
[2012/03/17 22:28:12 | 015,982,592 | ---- | M] () -- C:\Windows\Installer\a091be.msi
[2011/10/26 21:46:12 | 000,794,112 | R--- | M] () -- C:\Windows\Installer\a091d4.msp
[2012/03/17 22:28:36 | 059,286,016 | ---- | M] () -- C:\Windows\Installer\a091db.msi
[2012/03/17 22:28:42 | 000,265,216 | ---- | M] () -- C:\Windows\Installer\a091e1.msi
[2012/03/17 22:28:49 | 013,060,608 | ---- | M] () -- C:\Windows\Installer\a091e7.msi
[2011/07/21 11:41:08 | 008,413,696 | R--- | M] () -- C:\Windows\Installer\a091fd.msp
[2012/03/17 22:29:26 | 011,520,000 | ---- | M] () -- C:\Windows\Installer\a09204.msi
[2012/03/17 22:30:31 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\a0920f.msp
[2011/10/26 22:23:36 | 000,925,696 | R--- | M] () -- C:\Windows\Installer\a09217.msp
[2011/10/26 22:23:32 | 008,821,760 | R--- | M] () -- C:\Windows\Installer\a0922e.msp
[2011/07/21 11:45:00 | 003,809,792 | R--- | M] () -- C:\Windows\Installer\a09245.msp
[2011/06/19 22:28:52 | 018,457,088 | R--- | M] () -- C:\Windows\Installer\a0925d.msp
[2012/03/17 22:37:26 | 027,679,232 | ---- | M] () -- C:\Windows\Installer\a0926a.msi
[2011/10/16 13:28:16 | 001,138,688 | R--- | M] () -- C:\Windows\Installer\a09280.msp
[2011/07/21 11:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\a09299.msp
[2011/07/21 11:36:40 | 066,808,320 | R--- | M] () -- C:\Windows\Installer\a092b1.msp
[2008/09/30 20:07:10 | 006,042,112 | ---- | M] () -- C:\Windows\Installer\a092b9.msi
[2009/07/20 23:29:14 | 006,057,984 | ---- | M] () -- C:\Windows\Installer\a092c0.msi
[2011/06/19 22:33:20 | 000,407,552 | R--- | M] () -- C:\Windows\Installer\a092d6.msp
[2011/04/19 03:21:02 | 000,235,520 | ---- | M] () -- C:\Windows\Installer\a092de.msi
[2011/04/19 03:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\a092e5.msi
[2012/01/05 05:21:26 | 004,964,864 | R--- | M] () -- C:\Windows\Installer\a092fb.msp
[2011/07/21 11:43:06 | 000,027,648 | R--- | M] () -- C:\Windows\Installer\a09311.msp
[2011/10/26 21:45:40 | 066,426,368 | R--- | M] () -- C:\Windows\Installer\a09329.msp
[2011/11/18 17:52:34 | 009,183,232 | R--- | M] () -- C:\Windows\Installer\a09342.msp
[2012/06/20 01:06:38 | 001,839,104 | R--- | M] () -- C:\Windows\Installer\b3bc41f5.msp
[2012/04/05 00:54:48 | 008,301,056 | R--- | M] () -- C:\Windows\Installer\b3bc420e.msp
[2012/04/05 00:56:02 | 002,820,096 | R--- | M] () -- C:\Windows\Installer\b3bc4225.msp
[2012/06/20 01:00:10 | 003,461,120 | R--- | M] () -- C:\Windows\Installer\b3bc423c.msp
[2012/06/20 00:29:46 | 005,262,848 | R--- | M] () -- C:\Windows\Installer\b3bc4256.msp
[2011/01/07 19:05:12 | 004,583,936 | R--- | M] () -- C:\Windows\Installer\d268a.msp
[2012/07/04 06:59:50 | 000,261,120 | R--- | M] () -- C:\Windows\Installer\db3f5e0.msp
[2012/07/04 06:58:24 | 006,163,456 | R--- | M] () -- C:\Windows\Installer\db3f5f8.msp
[2012/07/04 07:01:26 | 009,082,368 | R--- | M] () -- C:\Windows\Installer\db3f617.msp
[2012/07/04 07:09:58 | 001,284,096 | R--- | M] () -- C:\Windows\Installer\db3f62e.msp
[2012/07/04 07:12:56 | 004,772,352 | R--- | M] () -- C:\Windows\Installer\db3f646.msp
[2012/07/04 07:04:30 | 001,292,288 | R--- | M] () -- C:\Windows\Installer\db3f650.msp
[2012/07/19 01:45:30 | 003,464,704 | R--- | M] () -- C:\Windows\Installer\db3f667.msp
[2011/06/06 12:45:15 | 002,318,848 | ---- | M] () -- C:\Windows\Installer\f73b1.msi
[2012/04/04 03:17:36 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\f73b2.msp
[2012/02/14 19:39:14 | 013,782,016 | ---- | M] () -- C:\Windows\Installer\WBFDDK4.3.118.0.msi
[2012/06/17 13:57:03 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}.SchedServiceConfig.rmi
[2012/10/22 20:45:53 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}.SchedServiceConfig.rmi
[2012/03/18 17:18:58 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi
[2011/08/24 20:32:49 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}.SchedServiceConfig.rmi

< %windir%\system32\tasks\*.* >

< %windir%\system32\tasks\*.* /64 >
[2012/10/09 22:11:31 | 000,003,768 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater
[2012/11/29 21:19:36 | 000,002,786 | ---- | M] () -- C:\Windows\SysNative\tasks\CCleanerSkipUAC
[2012/11/29 21:24:56 | 000,003,666 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore
[2012/11/29 21:24:58 | 000,003,918 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA
[2012/12/02 11:18:21 | 000,003,228 | ---- | M] () -- C:\Windows\SysNative\tasks\HPCeeScheduleForDakota Green
[2012/02/14 19:49:51 | 000,003,148 | ---- | M] () -- C:\Windows\SysNative\tasks\MirageAgent
[2012/03/17 15:59:59 | 000,003,148 | ---- | M] () -- C:\Windows\SysNative\tasks\SidebarExecute
[2012/11/29 21:24:47 | 000,003,178 | ---- | M] () -- C:\Windows\SysNative\tasks\SmartDefrag_Startup
[2012/12/03 20:15:38 | 000,003,978 | ---- | M] () -- C:\Windows\SysNative\tasks\User_Feed_Synchronization-{78577427-1D4E-467D-872A-A7DF849CE7D2}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2011/08/24 20:07:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/08/24 20:07:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/08/24 20:07:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/08/24 20:07:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/08/24 20:07:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 19:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/08/24 20:07:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/08/24 20:07:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 19:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 17:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\erdnt\cache86\regedit.exe
[2009/07/13 17:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 17:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 17:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 17:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 19:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010/11/20 19:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 19:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 19:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010/11/20 19:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 19:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/13 21:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 21:08:49 | 000,017,150 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/07 12:30:03 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/04/29 06:46:30 | 000,000,360 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForDakota Green.job
[2012/11/11 12:08:28 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/11/11 12:08:31 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: DAKOTAGREEN-HP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media 
Volume 1 F DVD-ROM 0 B No Media 
Volume 2 G DVD-ROM 0 B No Media 
Volume 3 SYSTEM NTFS Partition 199 MB Healthy System 
Volume 4 C NTFS Partition 681 GB Healthy Boot 
Volume 5 D RECOVERY NTFS Partition 17 GB Healthy 
Volume 6 HP_TOOLS FAT32 Partition 102 MB Healthy 
Volume 7 I FAT32 Removable 14 GB Healthy

========== Files - Unicode (All) ==========

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Uninstall these programs because they're not needed or are outdated or are dangerous to use.
If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later 
Optimizers, boosters, cleaners, etc. are basically useless and a waste of money and can do more harm than good

Reading these links might also put you off such progs:

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

http://www.edbott.com/weblog/?p=643

*Java(TM) 6 Update 24 (64-bit)
Java(TM) 6 Update 24
Game Booster 3
IObit Malware Fighter
SmartDefrag
*

If any are not found, let me know, but carry on with the rest of this 

-----

Then, can you run the following tool:








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

eddie


----------



## Raderick (Oct 2, 2005)

So what I ended up doing is wiping out the computer and reinstalling the OS. Right as my computer booted up, it opened at least 15 different Internet Explorer windows at once, even without it being connected to the Internet, so something tells me that there is something written on the memory or somewhere else that is causing this issue.


----------



## eddie5659 (Mar 19, 2001)

Sounds like it may be a rootkit, so lets check that out.

Please download the latest version of TDSSKiller from *here* and save it to your *Desktop*.

Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters.*








Put a checkmark beside *loaded modules*.








A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on *Change parameters* in TDSSKiller.
Check all boxes then click OK.








Click the *Start Scan* button.








The scan should take no longer than 2 minutes.
If a *suspicious object* is detected, the default action will be *Skip*, click on *Continue*.








 If *malicious objects* are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure *Cure* (default) is selected, then click *Continue* > *Reboot now to finish the cleaning process.*








*Note*: If *Cure* is not available, please choose *Skip* instead, do not choose *Delete* unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

-----------

Also, can you run this one:

Please download *GMER* from one of the following locations and save it to your desktop:
Main Mirror
_This version will download a randomly named file (Recommended)_
Zipped Mirror
_This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop._

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the *randomly named* GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
_Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe._










GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. _(do not use the computer while the scan is in progress)_
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click *NO*.
Now click the *Scan* button. If you see a rootkit warning window, click OK.
When the scan is finished, click the *Save...* button to save the scan results to your Desktop. Save the file as *gmer.log*.
Click the *Copy* button and paste the results into your next reply.
Exit GMER and be sure to *re-enable* your anti-virus, Firewall and any other security programs you had disabled.
_-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, *uncheck* Devices on the right side before scanning_.


----------



## Raderick (Oct 2, 2005)

14:27:37.0686 2992 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:27:38.0341 2992 ============================================================
14:27:38.0341 2992 Current date / time: 2012/12/26 14:27:38.0341
14:27:38.0341 2992 SystemInfo:
14:27:38.0341 2992 
14:27:38.0341 2992 OS Version: 6.1.7601 ServicePack: 1.0
14:27:38.0341 2992 Product type: Workstation
14:27:38.0341 2992 ComputerName: ComputerHEIDT-PC
14:27:38.0341 2992 UserName: Computer Heidt
14:27:38.0341 2992 Windows directory: C:\Windows
14:27:38.0341 2992 System windows directory: C:\Windows
14:27:38.0341 2992 Running under WOW64
14:27:38.0341 2992 Processor architecture: Intel x64
14:27:38.0341 2992 Number of processors: 8
14:27:38.0341 2992 Page size: 0x1000
14:27:38.0341 2992 Boot type: Normal boot
14:27:38.0341 2992 ============================================================
14:27:40.0619 2992 BG loaded
14:27:42.0834 2992 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:27:42.0896 2992 ============================================================
14:27:42.0896 2992 \Device\Harddisk0\DR0:
14:27:42.0912 2992 MBR partitions:
14:27:42.0912 2992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:27:42.0912 2992 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
14:27:42.0912 2992 ============================================================
14:27:43.0115 2992 C: <-> \Device\Harddisk0\DR0\Partition2
14:27:43.0115 2992 ============================================================
14:27:43.0115 2992 Initialize success
14:27:43.0115 2992 ============================================================
14:30:37.0302 4428 ============================================================
14:30:37.0302 4428 Scan started
14:30:37.0302 4428 Mode: Manual; SigCheck; TDLFS; 
14:30:37.0302 4428 ============================================================
14:30:37.0708 4428 ================ Scan system memory ========================
14:30:37.0708 4428 System memory - ok
14:30:37.0723 4428 ================ Scan services =============================
14:30:37.0848 4428 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:30:37.0926 4428 !SASCORE - ok
14:30:38.0597 4428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:30:38.0706 4428 1394ohci - ok
14:30:38.0753 4428 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
14:30:38.0784 4428 Accelerometer - ok
14:30:38.0847 4428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:30:38.0878 4428 ACPI - ok
14:30:38.0909 4428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:30:38.0987 4428 AcpiPmi - ok
14:30:39.0049 4428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:30:39.0096 4428 adp94xx - ok
14:30:39.0127 4428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:30:39.0143 4428 adpahci - ok
14:30:39.0174 4428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:30:39.0190 4428 adpu320 - ok
14:30:39.0221 4428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:30:39.0408 4428 AeLookupSvc - ok
14:30:39.0455 4428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:30:39.0517 4428 AFD - ok
14:30:39.0564 4428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:30:39.0580 4428 agp440 - ok
14:30:39.0611 4428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:30:39.0673 4428 ALG - ok
14:30:39.0720 4428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:30:39.0736 4428 aliide - ok
14:30:39.0783 4428 [ C53D784D7303C463D004C0D5782917B4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:30:39.0876 4428 AMD External Events Utility - ok
14:30:39.0907 4428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:30:39.0923 4428 amdide - ok
14:30:39.0954 4428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:30:39.0985 4428 AmdK8 - ok
14:30:40.0204 4428 [ 06778049A44C316E8D016039B9D14667 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:30:40.0344 4428 amdkmdag - ok
14:30:40.0391 4428 [ 94B4028F0EEA1F166D78186A254676B5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:30:40.0438 4428 amdkmdap - ok
14:30:40.0469 4428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:30:40.0500 4428 AmdPPM - ok
14:30:40.0531 4428 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:30:40.0563 4428 amdsata - ok
14:30:40.0609 4428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:30:40.0641 4428 amdsbs - ok
14:30:40.0656 4428 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:30:40.0687 4428 amdxata - ok
14:30:40.0734 4428 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
14:30:40.0797 4428 AMPPAL - ok
14:30:40.0812 4428 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
14:30:40.0843 4428 AMPPALP - ok
14:30:40.0890 4428 [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
14:30:40.0921 4428 AMPPALR3 - ok
14:30:40.0999 4428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:30:41.0561 4428 AppID - ok
14:30:41.0592 4428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:30:41.0655 4428 AppIDSvc - ok
14:30:41.0686 4428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:30:41.0748 4428 Appinfo - ok
14:30:41.0779 4428 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:30:41.0826 4428 AppMgmt - ok
14:30:41.0842 4428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:30:41.0857 4428 arc - ok
14:30:41.0873 4428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:30:41.0889 4428 arcsas - ok
14:30:41.0889 4428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:30:41.0951 4428 AsyncMac - ok
14:30:41.0951 4428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:30:41.0967 4428 atapi - ok
14:30:42.0029 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:30:42.0107 4428 AudioEndpointBuilder - ok
14:30:42.0123 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:30:42.0169 4428 AudioSrv - ok
14:30:42.0201 4428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:30:42.0279 4428 AxInstSV - ok
14:30:42.0325 4428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:30:42.0388 4428 b06bdrv - ok
14:30:42.0419 4428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:30:42.0466 4428 b57nd60a - ok
14:30:42.0497 4428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:30:42.0559 4428 BDESVC - ok
14:30:42.0591 4428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:30:42.0700 4428 Beep - ok
14:30:42.0762 4428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:30:42.0871 4428 BFE - ok
14:30:42.0949 4428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:30:43.0059 4428 BITS - ok
14:30:43.0090 4428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:30:43.0121 4428 blbdrive - ok
14:30:43.0152 4428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:30:43.0215 4428 bowser - ok
14:30:43.0277 4428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:30:43.0324 4428 BrFiltLo - ok
14:30:43.0324 4428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:30:43.0355 4428 BrFiltUp - ok
14:30:43.0402 4428 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:30:43.0480 4428 BridgeMP - ok
14:30:43.0573 4428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:30:43.0651 4428 Browser - ok
14:30:43.0729 4428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:30:43.0870 4428 Brserid - ok
14:30:43.0917 4428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:30:43.0995 4428 BrSerWdm - ok
14:30:44.0026 4428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:30:44.0073 4428 BrUsbMdm - ok
14:30:44.0088 4428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:30:44.0119 4428 BrUsbSer - ok
14:30:44.0135 4428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:30:44.0197 4428 BTHMODEM - ok
14:30:44.0229 4428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:30:44.0307 4428 bthserv - ok
14:30:44.0322 4428 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
14:30:44.0338 4428 BTHSSecurityMgr - ok
14:30:44.0369 4428 catchme - ok
14:30:44.0400 4428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:30:44.0494 4428 cdfs - ok
14:30:44.0509 4428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:30:44.0541 4428 cdrom - ok
14:30:44.0572 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:30:44.0619 4428 CertPropSvc - ok
14:30:44.0634 4428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:30:44.0665 4428 circlass - ok
14:30:44.0681 4428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:30:44.0697 4428 CLFS - ok
14:30:44.0837 4428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:30:44.0853 4428 clr_optimization_v2.0.50727_32 - ok
14:30:45.0009 4428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:30:45.0024 4428 clr_optimization_v2.0.50727_64 - ok
14:30:45.0196 4428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:30:45.0227 4428 clr_optimization_v4.0.30319_32 - ok
14:30:45.0477 4428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:30:45.0523 4428 clr_optimization_v4.0.30319_64 - ok
14:30:45.0539 4428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:30:45.0570 4428 CmBatt - ok
14:30:45.0586 4428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:30:45.0617 4428 cmdide - ok
14:30:45.0664 4428 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
14:30:45.0711 4428 CNG - ok
14:30:45.0742 4428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:30:45.0773 4428 Compbatt - ok
14:30:45.0773 4428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:30:45.0804 4428 CompositeBus - ok
14:30:45.0820 4428 COMSysApp - ok
14:30:45.0835 4428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:30:45.0851 4428 crcdisk - ok
14:30:45.0898 4428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:30:45.0991 4428 CryptSvc - ok
14:30:46.0069 4428 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:30:46.0116 4428 CSC - ok
14:30:46.0163 4428 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:30:46.0241 4428 CscService - ok
14:30:46.0335 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:30:46.0444 4428 DcomLaunch - ok
14:30:46.0537 4428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:30:46.0615 4428 defragsvc - ok
14:30:46.0631 4428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:30:46.0678 4428 DfsC - ok
14:30:46.0709 4428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:30:46.0787 4428 Dhcp - ok
14:30:46.0818 4428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:30:46.0896 4428 discache - ok
14:30:46.0927 4428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:30:46.0943 4428 Disk - ok
14:30:46.0943 4428 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
14:30:46.0974 4428 dmvsc - ok
14:30:47.0005 4428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:30:47.0068 4428 Dnscache - ok
14:30:47.0099 4428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:30:47.0193 4428 dot3svc - ok
14:30:47.0208 4428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:30:47.0271 4428 DPS - ok
14:30:47.0302 4428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:30:47.0349 4428 drmkaud - ok
14:30:47.0395 4428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:30:47.0442 4428 DXGKrnl - ok
14:30:47.0473 4428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:30:47.0536 4428 EapHost - ok
14:30:47.0629 4428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:30:47.0770 4428 ebdrv - ok
14:30:47.0801 4428 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:30:47.0879 4428 EFS - ok
14:30:48.0004 4428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:30:48.0129 4428 ehRecvr - ok
14:30:48.0160 4428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:30:48.0238 4428 ehSched - ok
14:30:48.0269 4428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:30:48.0316 4428 elxstor - ok
14:30:48.0316 4428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:30:48.0347 4428 ErrDev - ok
14:30:48.0363 4428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:30:48.0441 4428 EventSystem - ok
14:30:48.0456 4428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:30:48.0503 4428 exfat - ok
14:30:48.0503 4428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:30:48.0565 4428 fastfat - ok
14:30:48.0612 4428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:30:48.0675 4428 Fax - ok
14:30:48.0690 4428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:30:48.0721 4428 fdc - ok
14:30:48.0753 4428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:30:48.0815 4428 fdPHost - ok
14:30:48.0815 4428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:30:48.0877 4428 FDResPub - ok
14:30:48.0909 4428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:30:48.0924 4428 FileInfo - ok
14:30:48.0924 4428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:30:48.0971 4428 Filetrace - ok
14:30:48.0987 4428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:30:48.0987 4428 flpydisk - ok
14:30:49.0002 4428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:30:49.0018 4428 FltMgr - ok
14:30:49.0065 4428 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:30:49.0143 4428 FontCache - ok
14:30:49.0158 4428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:30:49.0174 4428 FontCache3.0.0.0 - ok
14:30:49.0189 4428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:30:49.0205 4428 FsDepends - ok
14:30:49.0252 4428 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:30:49.0267 4428 Fs_Rec - ok
14:30:49.0314 4428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:30:49.0330 4428 fvevol - ok
14:30:49.0345 4428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:30:49.0361 4428 gagp30kx - ok
14:30:49.0470 4428 [ 6235DD072CAF90F1D81AC5D09C9ECE51 ] GoToAssist Remote Support Customer C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe
14:30:49.0517 4428 GoToAssist Remote Support Customer - ok
14:30:49.0579 4428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:30:49.0642 4428 gpsvc - ok
14:30:49.0673 4428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:30:49.0720 4428 hcw85cir - ok
14:30:49.0767 4428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:30:49.0798 4428 HdAudAddService - ok
14:30:49.0845 4428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:30:49.0876 4428 HDAudBus - ok
14:30:49.0891 4428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:30:49.0938 4428 HidBatt - ok
14:30:49.0954 4428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:30:50.0001 4428 HidBth - ok
14:30:50.0016 4428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:30:50.0047 4428 HidIr - ok
14:30:50.0079 4428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:30:50.0157 4428 hidserv - ok
14:30:50.0188 4428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:30:50.0203 4428 HidUsb - ok
14:30:50.0250 4428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:30:50.0313 4428 hkmsvc - ok
14:30:50.0344 4428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:30:50.0391 4428 HomeGroupListener - ok
14:30:50.0406 4428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:30:50.0453 4428 HomeGroupProvider - ok
14:30:50.0484 4428 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
14:30:50.0515 4428 hpdskflt - ok
14:30:50.0531 4428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:30:50.0562 4428 HpSAMD - ok
14:30:50.0578 4428 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
14:30:50.0609 4428 hpsrv - ok
14:30:50.0625 4428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:30:50.0718 4428 HTTP - ok
14:30:50.0749 4428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:30:50.0781 4428 hwpolicy - ok
14:30:50.0827 4428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:30:50.0859 4428 i8042prt - ok
14:30:50.0905 4428 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:30:50.0937 4428 iaStor - ok
14:30:51.0077 4428 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:30:51.0108 4428 IAStorDataMgrSvc - ok
14:30:51.0155 4428 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:30:51.0186 4428 iaStorV - ok
14:30:51.0249 4428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:30:51.0295 4428 idsvc - ok
14:30:51.0342 4428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:30:51.0358 4428 iirsp - ok
14:30:51.0405 4428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:30:51.0483 4428 IKEEXT - ok
14:30:51.0545 4428 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:30:51.0576 4428 IntcDAud - ok
14:30:51.0607 4428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:30:51.0623 4428 intelide - ok
14:30:51.0888 4428 [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
14:30:52.0044 4428 intelkmd - ok
14:30:52.0075 4428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:30:52.0075 4428 intelppm - ok
14:30:52.0107 4428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:30:52.0153 4428 IPBusEnum - ok
14:30:52.0169 4428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:30:52.0216 4428 IpFilterDriver - ok
14:30:52.0247 4428 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:30:52.0309 4428 iphlpsvc - ok
14:30:52.0341 4428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:30:52.0356 4428 IPMIDRV - ok
14:30:52.0372 4428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:30:52.0419 4428 IPNAT - ok
14:30:52.0465 4428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:30:52.0481 4428 IRENUM - ok
14:30:52.0497 4428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:30:52.0497 4428 isapnp - ok
14:30:52.0528 4428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:30:52.0543 4428 iScsiPrt - ok
14:30:52.0575 4428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:30:52.0590 4428 kbdclass - ok
14:30:52.0606 4428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:30:52.0637 4428 kbdhid - ok
14:30:52.0653 4428 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:30:52.0684 4428 KeyIso - ok
14:30:52.0731 4428 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:30:52.0746 4428 KSecDD - ok
14:30:52.0777 4428 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:30:52.0793 4428 KSecPkg - ok
14:30:52.0824 4428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:30:52.0902 4428 ksthunk - ok
14:30:52.0949 4428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:30:53.0027 4428 KtmRm - ok
14:30:53.0089 4428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:30:53.0167 4428 LanmanServer - ok
14:30:53.0199 4428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:30:53.0261 4428 LanmanWorkstation - ok
14:30:53.0292 4428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:30:53.0370 4428 lltdio - ok
14:30:53.0401 4428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:30:53.0495 4428 lltdsvc - ok
14:30:53.0495 4428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:30:53.0557 4428 lmhosts - ok
14:30:53.0635 4428 [ 519D66259DF1672AABCE9D2E0ACC5552 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:30:53.0667 4428 LMS - ok
14:30:53.0713 4428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:30:53.0729 4428 LSI_FC - ok
14:30:53.0745 4428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:30:53.0760 4428 LSI_SAS - ok
14:30:53.0776 4428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:30:53.0791 4428 LSI_SAS2 - ok
14:30:53.0807 4428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:30:53.0823 4428 LSI_SCSI - ok
14:30:53.0823 4428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:30:53.0901 4428 luafv - ok
14:30:53.0916 4428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:30:53.0932 4428 Mcx2Svc - ok
14:30:53.0932 4428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:30:53.0947 4428 megasas - ok
14:30:53.0979 4428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:30:53.0994 4428 MegaSR - ok
14:30:54.0025 4428 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:30:54.0041 4428 MEIx64 - ok
14:30:54.0057 4428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:30:54.0103 4428 MMCSS - ok
14:30:54.0119 4428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:30:54.0181 4428 Modem - ok
14:30:54.0213 4428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:30:54.0244 4428 monitor - ok
14:30:54.0259 4428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:30:54.0275 4428 mouclass - ok
14:30:54.0291 4428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
14:30:54.0322 4428 mouhid - ok
14:30:54.0337 4428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:30:54.0353 4428 mountmgr - ok
14:30:54.0415 4428 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:30:54.0431 4428 MozillaMaintenance - ok
14:30:54.0447 4428 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:30:54.0478 4428 MpFilter - ok
14:30:54.0509 4428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:30:54.0525 4428 mpio - ok
14:30:54.0540 4428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:30:54.0603 4428 mpsdrv - ok
14:30:54.0634 4428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:30:54.0696 4428 MpsSvc - ok
14:30:54.0712 4428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:30:54.0743 4428 MRxDAV - ok
14:30:54.0774 4428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:30:54.0837 4428 mrxsmb - ok
14:30:54.0852 4428 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:30:54.0883 4428 mrxsmb10 - ok
14:30:54.0915 4428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:30:54.0930 4428 mrxsmb20 - ok
14:30:54.0961 4428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:30:54.0977 4428 msahci - ok
14:30:54.0977 4428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:30:54.0993 4428 msdsm - ok
14:30:55.0008 4428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:30:55.0039 4428 MSDTC - ok
14:30:55.0055 4428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:30:55.0102 4428 Msfs - ok
14:30:55.0149 4428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:30:55.0242 4428 mshidkmdf - ok
14:30:55.0242 4428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:30:55.0258 4428 msisadrv - ok
14:30:55.0305 4428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:30:55.0367 4428 MSiSCSI - ok
14:30:55.0383 4428 msiserver - ok
14:30:55.0398 4428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:30:55.0445 4428 MSKSSRV - ok
14:30:55.0492 4428 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:30:55.0507 4428 MsMpSvc - ok
14:30:55.0523 4428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:30:55.0585 4428 MSPCLOCK - ok
14:30:55.0617 4428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:30:55.0663 4428 MSPQM - ok
14:30:55.0679 4428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:30:55.0710 4428 MsRPC - ok
14:30:55.0726 4428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:30:55.0741 4428 mssmbios - ok
14:30:55.0757 4428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:30:55.0804 4428 MSTEE - ok
14:30:55.0804 4428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:30:55.0819 4428 MTConfig - ok
14:30:55.0835 4428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:30:55.0835 4428 Mup - ok
14:30:55.0866 4428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:30:55.0913 4428 napagent - ok
14:30:55.0944 4428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:30:55.0975 4428 NativeWifiP - ok
14:30:56.0022 4428 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:30:56.0069 4428 NDIS - ok
14:30:56.0100 4428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:30:56.0131 4428 NdisCap - ok
14:30:56.0163 4428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:30:56.0194 4428 NdisTapi - ok
14:30:56.0209 4428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:30:56.0256 4428 Ndisuio - ok
14:30:56.0256 4428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:30:56.0303 4428 NdisWan - ok
14:30:56.0319 4428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:30:56.0350 4428 NDProxy - ok
14:30:56.0365 4428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:30:56.0443 4428 NetBIOS - ok
14:30:56.0459 4428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:30:56.0506 4428 NetBT - ok
14:30:56.0521 4428 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:30:56.0537 4428 Netlogon - ok
14:30:56.0584 4428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:30:56.0662 4428 Netman - ok
14:30:56.0677 4428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:30:56.0740 4428 netprofm - ok
14:30:56.0771 4428 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:30:56.0771 4428 NetTcpPortSharing - ok
14:30:56.0989 4428 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
14:30:57.0114 4428 NETwNs64 - ok
14:30:57.0145 4428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:30:57.0161 4428 nfrd960 - ok
14:30:57.0192 4428 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:30:57.0208 4428 NisDrv - ok
14:30:57.0223 4428 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:30:57.0239 4428 NisSrv - ok
14:30:57.0270 4428 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:30:57.0317 4428 NlaSvc - ok
14:30:57.0333 4428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:30:57.0395 4428 Npfs - ok
14:30:57.0411 4428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:30:57.0457 4428 nsi - ok
14:30:57.0473 4428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:30:57.0535 4428 nsiproxy - ok
14:30:57.0645 4428 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:30:57.0738 4428 Ntfs - ok
14:30:57.0754 4428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:30:57.0801 4428 Null - ok
14:30:57.0832 4428 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
14:30:57.0847 4428 nusb3hub - ok
14:30:57.0879 4428 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:30:57.0910 4428 nusb3xhc - ok
14:30:57.0941 4428 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:30:57.0972 4428 nvraid - ok
14:30:57.0988 4428 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:30:58.0003 4428 nvstor - ok
14:30:58.0019 4428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:30:58.0050 4428 nv_agp - ok
14:30:58.0050 4428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:30:58.0081 4428 ohci1394 - ok
14:30:58.0113 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:30:58.0159 4428 p2pimsvc - ok
14:30:58.0191 4428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:30:58.0222 4428 p2psvc - ok
14:30:58.0253 4428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:30:58.0269 4428 Parport - ok
14:30:58.0300 4428 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:30:58.0315 4428 partmgr - ok
14:30:58.0362 4428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:30:58.0409 4428 PcaSvc - ok
14:30:58.0425 4428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:30:58.0440 4428 pci - ok
14:30:58.0440 4428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:30:58.0456 4428 pciide - ok
14:30:58.0456 4428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:30:58.0471 4428 pcmcia - ok
14:30:58.0471 4428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:30:58.0487 4428 pcw - ok
14:30:58.0503 4428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:30:58.0565 4428 PEAUTH - ok
14:30:58.0612 4428 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:30:58.0643 4428 PeerDistSvc - ok
14:30:58.0877 4428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:30:58.0908 4428 PerfHost - ok
14:30:58.0971 4428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:30:59.0080 4428 pla - ok
14:30:59.0127 4428 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:30:59.0205 4428 PlugPlay - ok
14:30:59.0251 4428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:30:59.0283 4428 PNRPAutoReg - ok
14:30:59.0298 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:30:59.0329 4428 PNRPsvc - ok
14:30:59.0376 4428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:30:59.0454 4428 PolicyAgent - ok
14:30:59.0485 4428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:30:59.0548 4428 Power - ok
14:30:59.0595 4428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:30:59.0657 4428 PptpMiniport - ok
14:30:59.0673 4428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:30:59.0704 4428 Processor - ok
14:30:59.0719 4428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:30:59.0797 4428 ProfSvc - ok
14:30:59.0813 4428 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:30:59.0829 4428 ProtectedStorage - ok
14:30:59.0860 4428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:30:59.0922 4428 Psched - ok
14:31:00.0141 4428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:31:00.0234 4428 ql2300 - ok
14:31:00.0281 4428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:31:00.0312 4428 ql40xx - ok
14:31:00.0390 4428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:31:00.0437 4428 QWAVE - ok
14:31:00.0453 4428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:31:00.0484 4428 QWAVEdrv - ok
14:31:00.0515 4428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:31:00.0593 4428 RasAcd - ok
14:31:00.0609 4428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:31:00.0655 4428 RasAgileVpn - ok
14:31:00.0671 4428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:31:00.0718 4428 RasAuto - ok
14:31:00.0733 4428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:31:00.0780 4428 Rasl2tp - ok
14:31:00.0796 4428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:31:00.0874 4428 RasMan - ok
14:31:00.0905 4428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:31:01.0014 4428 RasPppoe - ok
14:31:01.0123 4428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:31:01.0201 4428 RasSstp - ok
14:31:01.0233 4428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:31:01.0311 4428 rdbss - ok
14:31:01.0342 4428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:31:01.0357 4428 rdpbus - ok
14:31:01.0357 4428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:31:01.0404 4428 RDPCDD - ok
14:31:01.0420 4428 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:31:01.0435 4428 RDPDR - ok
14:31:01.0451 4428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:31:01.0529 4428 RDPENCDD - ok
14:31:01.0529 4428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:31:01.0576 4428 RDPREFMP - ok
14:31:01.0623 4428 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:31:01.0716 4428 RdpVideoMiniport - ok
14:31:01.0763 4428 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:31:01.0810 4428 RDPWD - ok
14:31:01.0857 4428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:31:01.0872 4428 rdyboost - ok
14:31:01.0888 4428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:31:01.0966 4428 RemoteAccess - ok
14:31:02.0013 4428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:31:02.0059 4428 RemoteRegistry - ok
14:31:02.0091 4428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:31:02.0122 4428 RpcEptMapper - ok
14:31:02.0153 4428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:31:02.0153 4428 RpcLocator - ok
14:31:02.0184 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:31:02.0231 4428 RpcSs - ok
14:31:02.0262 4428 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
14:31:02.0278 4428 RSPCIESTOR - ok
14:31:02.0309 4428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:31:02.0387 4428 rspndr - ok
14:31:02.0403 4428 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:31:02.0434 4428 s3cap - ok
14:31:02.0481 4428 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:31:02.0512 4428 SamSs - ok
14:31:02.0574 4428 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:31:02.0699 4428 SASDIFSV - ok
14:31:02.0699 4428 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:31:02.0777 4428 SASKUTIL - ok
14:31:02.0808 4428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:31:02.0824 4428 sbp2port - ok
14:31:02.0855 4428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:31:02.0917 4428 SCardSvr - ok
14:31:02.0933 4428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:31:02.0964 4428 scfilter - ok
14:31:03.0011 4428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:31:03.0058 4428 Schedule - ok
14:31:03.0073 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:31:03.0120 4428 SCPolicySvc - ok
14:31:03.0136 4428 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:31:03.0167 4428 sdbus - ok
14:31:03.0183 4428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:31:03.0229 4428 SDRSVC - ok
14:31:03.0261 4428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:31:03.0339 4428 secdrv - ok
14:31:03.0370 4428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:31:03.0417 4428 seclogon - ok
14:31:03.0432 4428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:31:03.0479 4428 SENS - ok
14:31:03.0495 4428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:31:03.0588 4428 SensrSvc - ok
14:31:03.0604 4428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
14:31:03.0635 4428 Serenum - ok
14:31:03.0682 4428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
14:31:03.0729 4428 Serial - ok
14:31:03.0775 4428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:31:03.0791 4428 sermouse - ok
14:31:03.0853 4428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:31:03.0916 4428 SessionEnv - ok
14:31:03.0916 4428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:31:03.0947 4428 sffdisk - ok
14:31:03.0963 4428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:31:03.0978 4428 sffp_mmc - ok
14:31:03.0994 4428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:31:04.0025 4428 sffp_sd - ok
14:31:04.0025 4428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:31:04.0041 4428 sfloppy - ok
14:31:04.0072 4428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:31:04.0150 4428 SharedAccess - ok
14:31:04.0165 4428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:31:04.0228 4428 ShellHWDetection - ok
14:31:04.0259 4428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:31:04.0275 4428 SiSRaid2 - ok
14:31:04.0275 4428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:31:04.0290 4428 SiSRaid4 - ok
14:31:04.0290 4428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:31:04.0337 4428 Smb - ok
14:31:04.0368 4428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:31:04.0384 4428 SNMPTRAP - ok
14:31:04.0384 4428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:31:04.0399 4428 spldr - ok
14:31:04.0446 4428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:31:04.0493 4428 Spooler - ok
14:31:04.0602 4428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:31:04.0696 4428 sppsvc - ok
14:31:04.0711 4428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:31:04.0743 4428 sppuinotify - ok
14:31:04.0774 4428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:31:04.0852 4428 srv - ok
14:31:04.0883 4428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:31:04.0930 4428 srv2 - ok
14:31:05.0008 4428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:31:05.0023 4428 srvnet - ok
14:31:05.0070 4428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:31:05.0179 4428 SSDPSRV - ok
14:31:05.0195 4428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:31:05.0242 4428 SstpSvc - ok
14:31:05.0273 4428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:31:05.0289 4428 stexstor - ok
14:31:05.0320 4428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:31:05.0351 4428 stisvc - ok
14:31:05.0367 4428 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:31:05.0398 4428 storflt - ok
14:31:05.0413 4428 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
14:31:05.0445 4428 StorSvc - ok
14:31:05.0476 4428 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:31:05.0507 4428 storvsc - ok
14:31:05.0507 4428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:31:05.0523 4428 swenum - ok
14:31:05.0538 4428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:31:05.0616 4428 swprv - ok
14:31:05.0710 4428 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:31:05.0741 4428 SynTP - ok
14:31:05.0819 4428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:31:05.0897 4428 SysMain - ok
14:31:05.0913 4428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:31:05.0959 4428 TabletInputService - ok
14:31:05.0975 4428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:31:06.0037 4428 TapiSrv - ok
14:31:06.0053 4428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:31:06.0084 4428 TBS - ok
14:31:06.0209 4428 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:31:06.0318 4428 Tcpip - ok
14:31:06.0412 4428 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:31:06.0459 4428 TCPIP6 - ok
14:31:06.0490 4428 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:31:06.0505 4428 tcpipreg - ok
14:31:06.0521 4428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:31:06.0583 4428 TDPIPE - ok
14:31:06.0615 4428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:31:06.0646 4428 TDTCP - ok
14:31:06.0677 4428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:31:06.0724 4428 tdx - ok
14:31:06.0724 4428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:31:06.0755 4428 TermDD - ok
14:31:06.0786 4428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:31:06.0833 4428 TermService - ok
14:31:06.0864 4428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:31:06.0880 4428 Themes - ok
14:31:06.0895 4428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:31:06.0927 4428 THREADORDER - ok
14:31:06.0958 4428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:31:07.0020 4428 TrkWks - ok
14:31:07.0067 4428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:31:07.0145 4428 TrustedInstaller - ok
14:31:07.0145 4428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:31:07.0192 4428 tssecsrv - ok
14:31:07.0223 4428 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:31:07.0301 4428 TsUsbFlt - ok
14:31:07.0348 4428 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:31:07.0395 4428 TsUsbGD - ok
14:31:07.0426 4428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:31:07.0488 4428 tunnel - ok
14:31:07.0504 4428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:31:07.0519 4428 uagp35 - ok
14:31:07.0519 4428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:31:07.0613 4428 udfs - ok
14:31:07.0644 4428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:31:07.0660 4428 UI0Detect - ok
14:31:07.0675 4428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:31:07.0691 4428 uliagpkx - ok
14:31:07.0707 4428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:31:07.0753 4428 umbus - ok
14:31:07.0769 4428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:31:07.0800 4428 UmPass - ok
14:31:07.0816 4428 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:31:07.0847 4428 UmRdpService - ok
14:31:07.0972 4428 [ 1B71370AEC1115F80D9A4A209317C968 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:31:08.0034 4428 UNS - ok
14:31:08.0065 4428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:31:08.0128 4428 upnphost - ok
14:31:08.0143 4428 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:31:08.0206 4428 usbccgp - ok
14:31:08.0253 4428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:31:08.0268 4428 usbcir - ok
14:31:08.0299 4428 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:31:08.0346 4428 usbehci - ok
14:31:08.0377 4428 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:31:08.0455 4428 usbhub - ok
14:31:08.0487 4428 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:31:08.0533 4428 usbohci - ok
14:31:08.0549 4428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:31:08.0596 4428 usbprint - ok
14:31:08.0611 4428 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
14:31:08.0689 4428 USBSTOR - ok
14:31:08.0705 4428 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:31:08.0752 4428 usbuhci - ok
14:31:08.0799 4428 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:31:08.0830 4428 usbvideo - ok
14:31:08.0845 4428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:31:08.0923 4428 UxSms - ok
14:31:08.0955 4428 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:31:08.0955 4428 VaultSvc - ok
14:31:09.0017 4428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:31:09.0033 4428 vdrvroot - ok
14:31:09.0064 4428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:31:09.0126 4428 vds - ok
14:31:09.0142 4428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:31:09.0157 4428 vga - ok
14:31:09.0157 4428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:31:09.0204 4428 VgaSave - ok
14:31:09.0220 4428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:31:09.0235 4428 vhdmp - ok
14:31:09.0251 4428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:31:09.0267 4428 viaide - ok
14:31:09.0282 4428 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:31:09.0298 4428 vmbus - ok
14:31:09.0298 4428 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:31:09.0329 4428 VMBusHID - ok
14:31:09.0345 4428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:31:09.0360 4428 volmgr - ok
14:31:09.0376 4428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:31:09.0391 4428 volmgrx - ok
14:31:09.0407 4428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:31:09.0423 4428 volsnap - ok
14:31:09.0423 4428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:31:09.0438 4428 vsmraid - ok
14:31:09.0501 4428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:31:09.0625 4428 VSS - ok
14:31:09.0641 4428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:31:09.0657 4428 vwifibus - ok
14:31:09.0672 4428 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:31:09.0703 4428 vwififlt - ok
14:31:09.0735 4428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:31:09.0781 4428 W32Time - ok
14:31:09.0797 4428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:31:09.0828 4428 WacomPen - ok
14:31:09.0859 4428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:31:09.0906 4428 WANARP - ok
14:31:09.0906 4428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:31:09.0953 4428 Wanarpv6 - ok
14:31:10.0031 4428 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:31:10.0093 4428 WatAdminSvc - ok
14:31:10.0171 4428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:31:10.0234 4428 wbengine - ok
14:31:10.0249 4428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:31:10.0281 4428 WbioSrvc - ok
14:31:10.0312 4428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:31:10.0343 4428 wcncsvc - ok
14:31:10.0359 4428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:31:10.0390 4428 WcsPlugInService - ok
14:31:10.0405 4428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:31:10.0421 4428 Wd - ok
14:31:10.0468 4428 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:31:10.0499 4428 Wdf01000 - ok
14:31:10.0530 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:31:10.0624 4428 WdiServiceHost - ok
14:31:10.0624 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:31:10.0671 4428 WdiSystemHost - ok
14:31:10.0702 4428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:31:10.0749 4428 WebClient - ok
14:31:10.0764 4428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:31:10.0842 4428 Wecsvc - ok
14:31:10.0842 4428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:31:10.0889 4428 wercplsupport - ok
14:31:10.0905 4428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:31:10.0936 4428 WerSvc - ok
14:31:10.0967 4428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:31:11.0029 4428 WfpLwf - ok
14:31:11.0029 4428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:31:11.0045 4428 WIMMount - ok
14:31:11.0061 4428 WinDefend - ok
14:31:11.0061 4428 WinHttpAutoProxySvc - ok
14:31:11.0170 4428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:31:11.0263 4428 Winmgmt - ok
14:31:11.0310 4428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:31:11.0373 4428 WinRM - ok
14:31:11.0419 4428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:31:11.0451 4428 Wlansvc - ok
14:31:11.0497 4428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:31:11.0529 4428 WmiAcpi - ok
14:31:11.0560 4428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:31:11.0638 4428 wmiApSrv - ok
14:31:11.0653 4428 WMPNetworkSvc - ok
14:31:11.0685 4428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:31:11.0731 4428 WPCSvc - ok
14:31:11.0731 4428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:31:11.0778 4428 WPDBusEnum - ok
14:31:11.0809 4428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:31:11.0856 4428 ws2ifsl - ok
14:31:11.0887 4428 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:31:11.0919 4428 wscsvc - ok
14:31:11.0934 4428 WSearch - ok
14:31:12.0012 4428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:31:12.0075 4428 wuauserv - ok
14:31:12.0106 4428 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:31:12.0168 4428 WudfPf - ok
14:31:12.0215 4428 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:31:12.0246 4428 WUDFRd - ok
14:31:12.0262 4428 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:31:12.0309 4428 wudfsvc - ok
14:31:12.0340 4428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:31:12.0387 4428 WwanSvc - ok
14:31:12.0387 4428 ================ Scan global ===============================
14:31:12.0418 4428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:31:12.0465 4428 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:31:12.0465 4428 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:31:12.0511 4428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:31:12.0527 4428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:31:12.0527 4428 [Global] - ok
14:31:12.0527 4428 ================ Scan MBR ==================================
14:31:12.0543 4428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:31:13.0042 4428 \Device\Harddisk0\DR0 - ok
14:31:13.0042 4428 ================ Scan VBR ==================================
14:31:13.0057 4428 [ BDCF6BE36AB563B6A4D4DACC75BEDA7D ] \Device\Harddisk0\DR0\Partition1
14:31:13.0057 4428 \Device\Harddisk0\DR0\Partition1 - ok
14:31:13.0089 4428 [ 15769993C9FEE343E98DCF688CB69B31 ] \Device\Harddisk0\DR0\Partition2
14:31:13.0089 4428 \Device\Harddisk0\DR0\Partition2 - ok
14:31:13.0089 4428 ================ Scan active images ========================
14:31:13.0089 4428 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
14:31:13.0089 4428 C:\Windows\System32\drivers\crashdmp.sys - ok
14:31:13.0104 4428 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] C:\Windows\System32\drivers\iaStor.sys
14:31:13.0104 4428 C:\Windows\System32\drivers\iaStor.sys - ok
14:31:13.0104 4428 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
14:31:13.0104 4428 C:\Windows\System32\drivers\dumpfve.sys - ok
14:31:13.0120 4428 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
14:31:13.0120 4428 C:\Windows\System32\drivers\cdrom.sys - ok
14:31:13.0120 4428 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
14:31:13.0120 4428 C:\Windows\System32\drivers\beep.sys - ok
14:31:13.0135 4428 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
14:31:13.0135 4428 C:\Windows\System32\drivers\null.sys - ok
14:31:13.0135 4428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
14:31:13.0135 4428 C:\Windows\System32\drivers\vga.sys - ok
14:31:13.0151 4428 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
14:31:13.0151 4428 C:\Windows\System32\drivers\videoprt.sys - ok
14:31:13.0151 4428 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
14:31:13.0151 4428 C:\Windows\System32\drivers\watchdog.sys - ok
14:31:13.0151 4428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
14:31:13.0151 4428 C:\Windows\System32\drivers\RDPCDD.sys - ok
14:31:13.0167 4428 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
14:31:13.0167 4428 C:\Windows\System32\drivers\RDPENCDD.sys - ok
14:31:13.0167 4428 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
14:31:13.0167 4428 C:\Windows\System32\drivers\RDPREFMP.sys - ok
14:31:13.0167 4428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
14:31:13.0167 4428 C:\Windows\System32\drivers\msfs.sys - ok
14:31:13.0182 4428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
14:31:13.0182 4428 C:\Windows\System32\drivers\npfs.sys - ok
14:31:13.0182 4428 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
14:31:13.0182 4428 C:\Windows\System32\drivers\tdi.sys - ok
14:31:13.0182 4428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
14:31:13.0182 4428 C:\Windows\System32\drivers\tdx.sys - ok
14:31:13.0182 4428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
14:31:13.0182 4428 C:\Windows\System32\drivers\afd.sys - ok
14:31:13.0182 4428 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
14:31:13.0182 4428 C:\Windows\System32\drivers\netbt.sys - ok
14:31:13.0198 4428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
14:31:13.0198 4428 C:\Windows\System32\drivers\ws2ifsl.sys - ok
14:31:13.0198 4428 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
14:31:13.0198 4428 C:\Windows\System32\drivers\wfplwf.sys - ok
14:31:13.0198 4428 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
14:31:13.0198 4428 C:\Windows\System32\drivers\pacer.sys - ok
14:31:13.0198 4428 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
14:31:13.0198 4428 C:\Windows\System32\drivers\vwififlt.sys - ok
14:31:13.0198 4428 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
14:31:13.0198 4428 C:\Windows\System32\drivers\netbios.sys - ok
14:31:13.0213 4428 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
14:31:13.0213 4428 C:\Windows\System32\drivers\wanarp.sys - ok
14:31:13.0213 4428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
14:31:13.0213 4428 C:\Windows\System32\drivers\termdd.sys - ok
14:31:13.0213 4428 [ 58A38E75F3316A83C23DF6173D41F2B5 ] C:\Program Files\SUPERAntiSpyware\saskutil64.sys
14:31:13.0213 4428 C:\Program Files\SUPERAntiSpyware\saskutil64.sys - ok
14:31:13.0213 4428 [ 3289766038DB2CB14D07DC84392138D5 ] C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys
14:31:13.0213 4428 C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys - ok
14:31:13.0213 4428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
14:31:13.0213 4428 C:\Windows\System32\drivers\mssmbios.sys - ok
14:31:13.0229 4428 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
14:31:13.0229 4428 C:\Windows\System32\drivers\nsiproxy.sys - ok
14:31:13.0229 4428 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
14:31:13.0229 4428 C:\Windows\System32\drivers\rdbss.sys - ok
14:31:13.0229 4428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
14:31:13.0229 4428 C:\Windows\System32\drivers\discache.sys - ok
14:31:13.0229 4428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
14:31:13.0229 4428 C:\Windows\System32\drivers\blbdrive.sys - ok
14:31:13.0229 4428 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] C:\Windows\System32\drivers\csc.sys
14:31:13.0229 4428 C:\Windows\System32\drivers\csc.sys - ok
14:31:13.0245 4428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
14:31:13.0245 4428 C:\Windows\System32\drivers\dfsc.sys - ok
14:31:13.0245 4428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
14:31:13.0245 4428 C:\Windows\System32\drivers\tunnel.sys - ok
14:31:13.0245 4428 [ 94B4028F0EEA1F166D78186A254676B5 ] C:\Windows\System32\drivers\atikmpag.sys
14:31:13.0245 4428 C:\Windows\System32\drivers\atikmpag.sys - ok
14:31:13.0245 4428 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
14:31:13.0245 4428 C:\Windows\System32\ntdll.dll - ok
14:31:13.0245 4428 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
14:31:13.0245 4428 C:\Windows\System32\smss.exe - ok
14:31:13.0260 4428 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
14:31:13.0260 4428 C:\Windows\System32\autochk.exe - ok
14:31:13.0260 4428 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
14:31:13.0260 4428 C:\Windows\System32\oleaut32.dll - ok
14:31:13.0260 4428 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
14:31:13.0260 4428 C:\Windows\System32\shlwapi.dll - ok
14:31:13.0260 4428 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
14:31:13.0260 4428 C:\Windows\System32\shell32.dll - ok
14:31:13.0260 4428 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
14:31:13.0260 4428 C:\Windows\System32\wininet.dll - ok
14:31:13.0276 4428 [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll
14:31:13.0276 4428 C:\Windows\System32\kernel32.dll - ok
14:31:13.0276 4428 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
14:31:13.0276 4428 C:\Windows\System32\ws2_32.dll - ok
14:31:13.0276 4428 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
14:31:13.0276 4428 C:\Windows\System32\clbcatq.dll - ok
14:31:13.0276 4428 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
14:31:13.0276 4428 C:\Windows\System32\normaliz.dll - ok
14:31:13.0276 4428 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
14:31:13.0276 4428 C:\Windows\System32\psapi.dll - ok
14:31:13.0291 4428 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
14:31:13.0291 4428 C:\Windows\System32\advapi32.dll - ok
14:31:13.0291 4428 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
14:31:13.0291 4428 C:\Windows\System32\gdi32.dll - ok
14:31:13.0291 4428 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
14:31:13.0291 4428 C:\Windows\System32\nsi.dll - ok
14:31:13.0291 4428 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
14:31:13.0291 4428 C:\Windows\System32\Wldap32.dll - ok
14:31:13.0291 4428 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
14:31:13.0291 4428 C:\Windows\System32\difxapi.dll - ok
14:31:13.0307 4428 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
14:31:13.0307 4428 C:\Windows\System32\imagehlp.dll - ok
14:31:13.0307 4428 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
14:31:13.0307 4428 C:\Windows\System32\usp10.dll - ok
14:31:13.0307 4428 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
14:31:13.0307 4428 C:\Windows\System32\msctf.dll - ok
14:31:13.0307 4428 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
14:31:13.0307 4428 C:\Windows\System32\setupapi.dll - ok
14:31:13.0307 4428 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
14:31:13.0307 4428 C:\Windows\System32\user32.dll - ok
14:31:13.0323 4428 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
14:31:13.0323 4428 C:\Windows\System32\comdlg32.dll - ok
14:31:13.0323 4428 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
14:31:13.0323 4428 C:\Windows\System32\iertutil.dll - ok
14:31:13.0323 4428 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
14:31:13.0323 4428 C:\Windows\System32\msvcrt.dll - ok
14:31:13.0323 4428 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
14:31:13.0323 4428 C:\Windows\System32\ole32.dll - ok
14:31:13.0323 4428 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
14:31:13.0323 4428 C:\Windows\System32\urlmon.dll - ok
14:31:13.0338 4428 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
14:31:13.0338 4428 C:\Windows\System32\lpk.dll - ok
14:31:13.0338 4428 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
14:31:13.0338 4428 C:\Windows\System32\rpcrt4.dll - ok
14:31:13.0338 4428 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
14:31:13.0338 4428 C:\Windows\System32\sechost.dll - ok
14:31:13.0338 4428 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
14:31:13.0338 4428 C:\Windows\System32\imm32.dll - ok
14:31:13.0338 4428 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
14:31:13.0338 4428 C:\Windows\System32\comctl32.dll - ok
14:31:13.0354 4428 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
14:31:13.0354 4428 C:\Windows\System32\devobj.dll - ok
14:31:13.0354 4428 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
14:31:13.0354 4428 C:\Windows\System32\crypt32.dll - ok
14:31:13.0354 4428 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
14:31:13.0354 4428 C:\Windows\System32\cfgmgr32.dll - ok
14:31:13.0354 4428 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
14:31:13.0354 4428 C:\Windows\System32\wintrust.dll - ok
14:31:13.0354 4428 [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll
14:31:13.0354 4428 C:\Windows\System32\KernelBase.dll - ok
14:31:13.0369 4428 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
14:31:13.0369 4428 C:\Windows\System32\msasn1.dll - ok
14:31:13.0369 4428 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
14:31:13.0369 4428 C:\Windows\SysWOW64\normaliz.dll - ok
14:31:13.0369 4428 [ 06778049A44C316E8D016039B9D14667 ] C:\Windows\System32\drivers\atikmdag.sys
14:31:13.0369 4428 C:\Windows\System32\drivers\atikmdag.sys - ok
14:31:13.0369 4428 [ 33FAA40B288002C89529DBD14F3AB72C ] C:\Windows\System32\drivers\igdpmd64.sys
14:31:13.0369 4428 C:\Windows\System32\drivers\igdpmd64.sys - ok
14:31:13.0369 4428 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
14:31:13.0369 4428 C:\Windows\System32\drivers\dxgkrnl.sys - ok
14:31:13.0385 4428 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
14:31:13.0385 4428 C:\Windows\System32\drivers\dxgmms1.sys - ok
14:31:13.0385 4428 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] C:\Windows\System32\drivers\HECIx64.sys
14:31:13.0385 4428 C:\Windows\System32\drivers\HECIx64.sys - ok
14:31:13.0385 4428 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
14:31:13.0385 4428 C:\Windows\System32\drivers\usbport.sys - ok
14:31:13.0385 4428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
14:31:13.0385 4428 C:\Windows\System32\drivers\hdaudbus.sys - ok
14:31:13.0385 4428 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
14:31:13.0385 4428 C:\Windows\System32\drivers\usbehci.sys - ok
14:31:13.0401 4428 [ 50AD7F7040C22BB7CAA59A0880875A21 ] C:\Windows\System32\drivers\NETwNs64.sys
14:31:13.0401 4428 C:\Windows\System32\drivers\NETwNs64.sys - ok
14:31:13.0401 4428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
14:31:13.0401 4428 C:\Windows\System32\drivers\vwifibus.sys - ok
14:31:13.0401 4428 [ D5C3E1629A3F7F0857D27949252B94CE ] C:\Windows\System32\drivers\RtsPStor.sys
14:31:13.0401 4428 C:\Windows\System32\drivers\RtsPStor.sys - ok
14:31:13.0401 4428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
14:31:13.0401 4428 C:\Windows\System32\drivers\i8042prt.sys - ok
14:31:13.0401 4428 [ D40A13B2C0891E218F9523B376955DB6 ] C:\Windows\System32\drivers\nusb3xhc.sys
14:31:13.0401 4428 C:\Windows\System32\drivers\nusb3xhc.sys - ok
14:31:13.0416 4428 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
14:31:13.0416 4428 C:\Windows\System32\drivers\usbd.sys - ok
14:31:13.0416 4428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
14:31:13.0416 4428 C:\Windows\System32\drivers\kbdclass.sys - ok
14:31:13.0416 4428 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] C:\Windows\System32\drivers\SynTP.sys
14:31:13.0416 4428 C:\Windows\System32\drivers\SynTP.sys - ok
14:31:13.0416 4428 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
14:31:13.0416 4428 C:\Windows\System32\drivers\CmBatt.sys - ok
14:31:13.0416 4428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
14:31:13.0416 4428 C:\Windows\System32\drivers\mouclass.sys - ok
14:31:13.0432 4428 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] C:\Windows\System32\drivers\Accelerometer.sys
14:31:13.0432 4428 C:\Windows\System32\drivers\Accelerometer.sys - ok
14:31:13.0432 4428 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
14:31:13.0432 4428 C:\Windows\System32\drivers\wmiacpi.sys - ok
14:31:13.0432 4428 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
14:31:13.0432 4428 C:\Windows\System32\drivers\intelppm.sys - ok
14:31:13.0432 4428 [ 7D9E301AB3247765702D0B65E2E47E50 ] C:\Windows\System32\drivers\AmpPal.sys
14:31:13.0432 4428 C:\Windows\System32\drivers\AmpPal.sys - ok
14:31:13.0432 4428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
14:31:13.0432 4428 C:\Windows\System32\drivers\agilevpn.sys - ok
14:31:13.0447 4428 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
14:31:13.0447 4428 C:\Windows\System32\drivers\CompositeBus.sys - ok
14:31:13.0447 4428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
14:31:13.0447 4428 C:\Windows\System32\drivers\ndistapi.sys - ok
14:31:13.0447 4428 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
14:31:13.0447 4428 C:\Windows\System32\drivers\ndiswan.sys - ok
14:31:13.0447 4428 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
14:31:13.0447 4428 C:\Windows\System32\drivers\rasl2tp.sys - ok
14:31:13.0447 4428 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
14:31:13.0447 4428 C:\Windows\System32\drivers\ks.sys - ok
14:31:13.0463 4428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
14:31:13.0463 4428 C:\Windows\System32\drivers\raspppoe.sys - ok
14:31:13.0463 4428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
14:31:13.0463 4428 C:\Windows\System32\drivers\raspptp.sys - ok
14:31:13.0463 4428 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
14:31:13.0463 4428 C:\Windows\System32\drivers\rassstp.sys - ok
14:31:13.0463 4428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
14:31:13.0463 4428 C:\Windows\System32\drivers\rdpbus.sys - ok
14:31:13.0463 4428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
14:31:13.0463 4428 C:\Windows\System32\drivers\swenum.sys - ok
14:31:13.0479 4428 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
14:31:13.0479 4428 C:\Windows\System32\drivers\umbus.sys - ok
14:31:13.0479 4428 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
14:31:13.0479 4428 C:\Windows\System32\drivers\usbhub.sys - ok
14:31:13.0479 4428 [ 158AD24745BD85BA9BE3C51C38F48C32 ] C:\Windows\System32\drivers\nusb3hub.sys
14:31:13.0479 4428 C:\Windows\System32\drivers\nusb3hub.sys - ok
14:31:13.0479 4428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
14:31:13.0479 4428 C:\Windows\System32\drivers\ndproxy.sys - ok
14:31:13.0479 4428 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
14:31:13.0479 4428 C:\Windows\System32\drivers\drmk.sys - ok
14:31:13.0494 4428 [ 975761C778E33CD22498059B91E7373A ] C:\Windows\System32\drivers\HdAudio.sys
14:31:13.0494 4428 C:\Windows\System32\drivers\HdAudio.sys - ok
14:31:13.0494 4428 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
14:31:13.0494 4428 C:\Windows\System32\drivers\ksthunk.sys - ok
14:31:13.0494 4428 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
14:31:13.0494 4428 C:\Windows\System32\drivers\portcls.sys - ok
14:31:13.0494 4428 [ FC727061C0F47C8059E88E05D5C8E381 ] C:\Windows\System32\drivers\IntcDAud.sys
14:31:13.0494 4428 C:\Windows\System32\drivers\IntcDAud.sys - ok
14:31:13.0510 4428 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
14:31:13.0510 4428 C:\Windows\System32\drivers\dxapi.sys - ok
14:31:13.0510 4428 [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys
14:31:13.0510 4428 C:\Windows\System32\win32k.sys - ok
14:31:13.0510 4428 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
14:31:13.0510 4428 C:\Windows\System32\csrss.exe - ok
14:31:13.0510 4428 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
14:31:13.0510 4428 C:\Windows\System32\csrsrv.dll - ok
14:31:13.0510 4428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
14:31:13.0510 4428 C:\Windows\System32\basesrv.dll - ok
14:31:13.0525 4428 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll
14:31:13.0525 4428 C:\Windows\System32\winsrv.dll - ok
14:31:13.0525 4428 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
14:31:13.0525 4428 C:\Windows\System32\drivers\usbccgp.sys - ok
14:31:13.0525 4428 [ 454800C2BC7F3927CE030141EE4F4C50 ] C:\Windows\System32\drivers\usbvideo.sys
14:31:13.0525 4428 C:\Windows\System32\drivers\usbvideo.sys - ok
14:31:13.0525 4428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
14:31:13.0525 4428 C:\Windows\System32\drivers\monitor.sys - ok
14:31:13.0525 4428 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
14:31:13.0525 4428 C:\Windows\System32\tsddd.dll - ok
14:31:13.0541 4428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
14:31:13.0541 4428 C:\Windows\System32\sxssrv.dll - ok
14:31:13.0541 4428 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
14:31:13.0541 4428 C:\Windows\System32\wininit.exe - ok
14:31:13.0541 4428 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
14:31:13.0541 4428 C:\Windows\System32\cdd.dll - ok
14:31:13.0541 4428 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
14:31:13.0541 4428 C:\Windows\System32\profapi.dll - ok
14:31:13.0541 4428 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
14:31:13.0541 4428 C:\Windows\System32\KBDUS.DLL - ok
14:31:13.0557 4428 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
14:31:13.0557 4428 C:\Windows\System32\RpcRtRemote.dll - ok
14:31:13.0557 4428 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
14:31:13.0557 4428 C:\Windows\System32\sxs.dll - ok
14:31:13.0557 4428 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
14:31:13.0557 4428 C:\Windows\System32\WlS0WndH.dll - ok
14:31:13.0557 4428 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
14:31:13.0557 4428 C:\Windows\System32\cryptbase.dll - ok
14:31:13.0557 4428 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
14:31:13.0557 4428 C:\Windows\System32\apphelp.dll - ok
14:31:13.0572 4428 [ 685527DA09EBFB681E98C515978BDEE2 ] C:\Windows\System32\lsasrv.dll
14:31:13.0572 4428 C:\Windows\System32\lsasrv.dll - ok
14:31:13.0572 4428 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
14:31:13.0572 4428 C:\Windows\System32\lsass.exe - ok
14:31:13.0572 4428 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
14:31:13.0572 4428 C:\Windows\System32\lsm.exe - ok
14:31:13.0572 4428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
14:31:13.0572 4428 C:\Windows\System32\services.exe - ok
14:31:13.0572 4428 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
14:31:13.0572 4428 C:\Windows\System32\sspisrv.dll - ok
14:31:13.0572 4428 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
14:31:13.0588 4428 C:\Windows\System32\sspicli.dll - ok
14:31:13.0588 4428 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
14:31:13.0588 4428 C:\Windows\System32\scext.dll - ok
14:31:13.0588 4428 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
14:31:13.0588 4428 C:\Windows\System32\sysntfy.dll - ok
14:31:13.0588 4428 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
14:31:13.0588 4428 C:\Windows\System32\scesrv.dll - ok
14:31:13.0588 4428 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
14:31:13.0588 4428 C:\Windows\System32\secur32.dll - ok
14:31:13.0588 4428 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
14:31:13.0588 4428 C:\Windows\System32\wmsgapi.dll - ok
14:31:13.0603 4428 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
14:31:13.0603 4428 C:\Windows\System32\samsrv.dll - ok
14:31:13.0603 4428 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
14:31:13.0603 4428 C:\Windows\System32\srvcli.dll - ok
14:31:13.0603 4428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
14:31:13.0603 4428 C:\Windows\System32\aelupsvc.dll - ok
14:31:13.0603 4428 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
14:31:13.0603 4428 C:\Windows\System32\cryptdll.dll - ok
14:31:13.0603 4428 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
14:31:13.0603 4428 C:\Windows\System32\wevtapi.dll - ok
14:31:13.0619 4428 [ 3290D6946B5E30E70414990574883DDB ] C:\Windows\System32\alg.exe
14:31:13.0619 4428 C:\Windows\System32\alg.exe - ok
14:31:13.0619 4428 [ 0BC381A15355A3982216F7172F545DE1 ] C:\Windows\System32\appidsvc.dll
14:31:13.0619 4428 C:\Windows\System32\appidsvc.dll - ok
14:31:13.0619 4428 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
14:31:13.0619 4428 C:\Windows\System32\authz.dll - ok
14:31:13.0619 4428 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
14:31:13.0619 4428 C:\Windows\System32\cngaudit.dll - ok
14:31:13.0619 4428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
14:31:13.0619 4428 C:\Windows\System32\appinfo.dll - ok
14:31:13.0635 4428 [ 9B3718651DDE8A75FC4E8D6542A250D8 ] C:\Windows\System32\ncrypt.dll
14:31:13.0635 4428 C:\Windows\System32\ncrypt.dll - ok
14:31:13.0635 4428 [ 4ABA3E75A76195A3E38ED2766C962899 ] C:\Windows\System32\appmgmts.dll
14:31:13.0635 4428 C:\Windows\System32\appmgmts.dll - ok
14:31:13.0635 4428 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
14:31:13.0635 4428 C:\Windows\System32\bcrypt.dll - ok
14:31:13.0635 4428 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
14:31:13.0635 4428 C:\Windows\System32\msprivs.dll - ok
14:31:13.0635 4428 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
14:31:13.0635 4428 C:\Windows\System32\netjoin.dll - ok
14:31:13.0650 4428 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
14:31:13.0650 4428 C:\Windows\System32\negoexts.dll - ok
14:31:13.0650 4428 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
14:31:13.0650 4428 C:\Windows\System32\kerberos.dll - ok
14:31:13.0650 4428 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
14:31:13.0650 4428 C:\Windows\System32\rascfg.dll - ok
14:31:13.0650 4428 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
14:31:13.0650 4428 C:\Windows\System32\winlogon.exe - ok
14:31:13.0650 4428 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
14:31:13.0650 4428 C:\Windows\System32\winsta.dll - ok
14:31:13.0666 4428 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
14:31:13.0666 4428 C:\Windows\System32\cryptsp.dll - ok
14:31:13.0666 4428 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
14:31:13.0666 4428 C:\Windows\System32\mswsock.dll - ok
14:31:13.0666 4428 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
14:31:13.0666 4428 C:\Windows\System32\msv1_0.dll - ok
14:31:13.0666 4428 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
14:31:13.0666 4428 C:\Windows\System32\wship6.dll - ok
14:31:13.0666 4428 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
14:31:13.0666 4428 C:\Windows\System32\netlogon.dll - ok
14:31:13.0681 4428 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
14:31:13.0681 4428 C:\Windows\System32\dnsapi.dll - ok
14:31:13.0681 4428 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
14:31:13.0681 4428 C:\Windows\System32\logoncli.dll - ok
14:31:13.0681 4428 [ B7D42CB36C08FA017E73FF2433CD7287 ] C:\Windows\System32\schannel.dll
14:31:13.0681 4428 C:\Windows\System32\schannel.dll - ok
14:31:13.0681 4428 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
14:31:13.0681 4428 C:\Windows\System32\wdigest.dll - ok
14:31:13.0681 4428 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
14:31:13.0681 4428 C:\Windows\System32\rsaenh.dll - ok
14:31:13.0697 4428 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
14:31:13.0697 4428 C:\Windows\System32\TSpkg.dll - ok
14:31:13.0697 4428 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
14:31:13.0697 4428 C:\Windows\System32\pku2u.dll - ok
14:31:13.0697 4428 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
14:31:13.0697 4428 C:\Windows\System32\bcryptprimitives.dll - ok
14:31:13.0697 4428 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
14:31:13.0697 4428 C:\Windows\System32\credssp.dll - ok
14:31:13.0697 4428 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
14:31:13.0697 4428 C:\Windows\System32\efslsaext.dll - ok
14:31:13.0713 4428 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
14:31:13.0713 4428 C:\Windows\System32\scecli.dll - ok
14:31:13.0713 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
14:31:13.0713 4428 C:\Windows\System32\audiosrv.dll - ok
14:31:13.0713 4428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] C:\Windows\System32\AxInstSv.dll
14:31:13.0713 4428 C:\Windows\System32\AxInstSv.dll - ok
14:31:13.0713 4428 [ FDE360167101B4E45A96F939F388AEB0 ] C:\Windows\System32\bdesvc.dll
14:31:13.0713 4428 C:\Windows\System32\bdesvc.dll - ok
14:31:13.0713 4428 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
14:31:13.0713 4428 C:\Windows\System32\BFE.DLL - ok
14:31:13.0728 4428 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
14:31:13.0728 4428 C:\Windows\System32\qmgr.dll - ok
14:31:13.0728 4428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
14:31:13.0728 4428 C:\Windows\System32\browser.dll - ok
14:31:13.0728 4428 [ 2D066FBE63F7026C43C662C094B98076 ] C:\Windows\System32\bridgeres.dll
14:31:13.0728 4428 C:\Windows\System32\bridgeres.dll - ok
14:31:13.0728 4428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] C:\Windows\System32\bthserv.dll
14:31:13.0728 4428 C:\Windows\System32\bthserv.dll - ok
14:31:13.0728 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] C:\Windows\System32\certprop.dll
14:31:13.0728 4428 C:\Windows\System32\certprop.dll - ok
14:31:13.0744 4428 [ FE1EC06F2253F691FE36217C592A0206 ] C:\Windows\System32\clfs.sys
14:31:13.0744 4428 C:\Windows\System32\clfs.sys - ok
14:31:13.0744 4428 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
14:31:13.0744 4428 C:\Windows\System32\comres.dll - ok
14:31:13.0744 4428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
14:31:13.0744 4428 C:\Windows\System32\cryptsvc.dll - ok
14:31:13.0744 4428 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] C:\Windows\System32\cscsvc.dll
14:31:13.0744 4428 C:\Windows\System32\cscsvc.dll - ok
14:31:13.0744 4428 [ 732E668096B1A37B7BFD4B9021E69A8E ] C:\Windows\System32\oleres.dll
14:31:13.0744 4428 C:\Windows\System32\oleres.dll - ok
14:31:13.0759 4428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] C:\Windows\System32\defragsvc.dll
14:31:13.0759 4428 C:\Windows\System32\defragsvc.dll - ok
14:31:13.0759 4428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
14:31:13.0759 4428 C:\Windows\System32\dhcpcore.dll - ok
14:31:13.0759 4428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] C:\Windows\System32\dot3svc.dll
14:31:13.0759 4428 C:\Windows\System32\dot3svc.dll - ok
14:31:13.0759 4428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
14:31:13.0759 4428 C:\Windows\System32\dps.dll - ok
14:31:13.0759 4428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
14:31:13.0759 4428 C:\Windows\System32\eapsvc.dll - ok
14:31:13.0775 4428 [ 0C043B0ABBB5E14E68906AB80365395B ] C:\Windows\System32\efssvc.dll
14:31:13.0775 4428 C:\Windows\System32\efssvc.dll - ok
14:31:13.0775 4428 [ C4002B6B41975F057D98C439030CEA07 ] C:\Windows\ehome\ehrecvr.exe
14:31:13.0775 4428 C:\Windows\ehome\ehrecvr.exe - ok
14:31:13.0775 4428 [ 4705E8EF9934482C5BB488CE28AFC681 ] C:\Windows\ehome\ehsched.exe
14:31:13.0775 4428 C:\Windows\ehome\ehsched.exe - ok
14:31:13.0775 4428 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
14:31:13.0775 4428 C:\Windows\System32\wevtsvc.dll - ok
14:31:13.0775 4428 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
14:31:13.0775 4428 C:\Windows\System32\FXSRESM.dll - ok
14:31:13.0791 4428 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
14:31:13.0791 4428 C:\Windows\System32\fdPHost.dll - ok
14:31:13.0791 4428 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
14:31:13.0791 4428 C:\Windows\System32\FDResPub.dll - ok
14:31:13.0791 4428 [ 655661BE46B5F5F3FD454E2C3095B930 ] C:\Windows\System32\drivers\fileinfo.sys
14:31:13.0791 4428 C:\Windows\System32\drivers\fileinfo.sys - ok
14:31:13.0791 4428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] C:\Windows\System32\drivers\filetrace.sys
14:31:13.0791 4428 C:\Windows\System32\drivers\filetrace.sys - ok
14:31:13.0791 4428 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
14:31:13.0791 4428 C:\Windows\System32\drivers\fltMgr.sys - ok
14:31:13.0806 4428 [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll
14:31:13.0806 4428 C:\Windows\System32\FntCache.dll - ok
14:31:13.0806 4428 [ 8A1846C0817513AD18BA48B4427771FC ] C:\Windows\System32\PresentationHost.exe
14:31:13.0806 4428 C:\Windows\System32\PresentationHost.exe - ok
14:31:13.0806 4428 [ D43703496149971890703B4B1B723EAC ] C:\Windows\System32\drivers\fsdepends.sys
14:31:13.0806 4428 C:\Windows\System32\drivers\fsdepends.sys - ok
14:31:13.0806 4428 [ 1F7B25B858FA27015169FE95E54108ED ] C:\Windows\System32\drivers\fvevol.sys
14:31:13.0806 4428 C:\Windows\System32\drivers\fvevol.sys - ok
14:31:13.0806 4428 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
14:31:13.0806 4428 C:\Windows\System32\gpapi.dll - ok
14:31:13.0822 4428 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
14:31:13.0822 4428 C:\Windows\System32\hidserv.dll - ok
14:31:13.0822 4428 [ 387E72E739E15E3D37907A86D9FF98E2 ] C:\Windows\System32\KMSVC.DLL
14:31:13.0822 4428 C:\Windows\System32\KMSVC.DLL - ok
14:31:13.0822 4428 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll
14:31:13.0822 4428 C:\Windows\System32\ListSvc.dll - ok
14:31:13.0822 4428 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
14:31:13.0822 4428 C:\Windows\System32\provsvc.dll - ok
14:31:13.0822 4428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
14:31:13.0822 4428 C:\Windows\System32\drivers\http.sys - ok
14:31:13.0837 4428 [ A5462BD6884960C9DC85ED49D34FF392 ] C:\Windows\System32\drivers\hwpolicy.sys
14:31:13.0837 4428 C:\Windows\System32\drivers\hwpolicy.sys - ok
14:31:13.0837 4428 [ B9E2DAF71E44626011D70B4889171504 ] C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
14:31:13.0837 4428 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
14:31:13.0837 4428 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
14:31:13.0837 4428 C:\Windows\System32\IKEEXT.DLL - ok
14:31:13.0837 4428 [ 098A91C54546A3B878DAD6A7E90A455B ] C:\Windows\System32\IPBusEnum.dll
14:31:13.0837 4428 C:\Windows\System32\IPBusEnum.dll - ok
14:31:13.0837 4428 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
14:31:13.0837 4428 C:\Windows\System32\iphlpsvc.dll - ok
14:31:13.0853 4428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] C:\Windows\System32\drivers\irenum.sys
14:31:13.0853 4428 C:\Windows\System32\drivers\irenum.sys - ok
14:31:13.0853 4428 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
14:31:13.0853 4428 C:\Windows\System32\keyiso.dll - ok
14:31:13.0853 4428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
14:31:13.0853 4428 C:\Windows\System32\srvsvc.dll - ok
14:31:13.0853 4428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
14:31:13.0853 4428 C:\Windows\System32\wkssvc.dll - ok
14:31:13.0853 4428 [ 7A757C41C3879CD34BDE15F0563C0CE2 ] C:\Windows\System32\lltdres.dll
14:31:13.0853 4428 C:\Windows\System32\lltdres.dll - ok
14:31:13.0869 4428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
14:31:13.0869 4428 C:\Windows\System32\drivers\luafv.sys - ok
14:31:13.0869 4428 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
14:31:13.0869 4428 C:\Windows\System32\lmhsvc.dll - ok
14:31:13.0869 4428 [ E5DE3FFD785B6730291AD98E491D58BA ] C:\Windows\ehome\ehres.dll
14:31:13.0869 4428 C:\Windows\ehome\ehres.dll - ok
14:31:13.0869 4428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] C:\Windows\System32\drivers\mountmgr.sys
14:31:13.0869 4428 C:\Windows\System32\drivers\mountmgr.sys - ok
14:31:13.0869 4428 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
14:31:13.0869 4428 C:\Windows\System32\mmcss.dll - ok
14:31:13.0884 4428 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
14:31:13.0884 4428 C:\Windows\System32\FirewallAPI.dll - ok
14:31:13.0884 4428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] C:\Windows\System32\WebClnt.dll
14:31:13.0884 4428 C:\Windows\System32\WebClnt.dll - ok
14:31:13.0884 4428 [ F9D215A46A8B9753F61767FA72A20326 ] C:\Windows\System32\drivers\mshidkmdf.sys
14:31:13.0884 4428 C:\Windows\System32\drivers\mshidkmdf.sys - ok
14:31:13.0884 4428 [ E11E3F3BBEFDC5C0C160BE13B65E25E4 ] C:\Windows\System32\iscsidsc.dll
14:31:13.0884 4428 C:\Windows\System32\iscsidsc.dll - ok
14:31:13.0884 4428 [ 8EE1C893C50D1C02D4675978BAC756BA ] C:\Windows\System32\msimsg.dll
14:31:13.0884 4428 C:\Windows\System32\msimsg.dll - ok
14:31:13.0900 4428 [ F9A18612FD3526FE473C1BDA678D61C8 ] C:\Windows\System32\drivers\mup.sys
14:31:13.0900 4428 C:\Windows\System32\drivers\mup.sys - ok
14:31:13.0900 4428 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
14:31:13.0900 4428 C:\Windows\System32\QAGENTRT.DLL - ok
14:31:13.0900 4428 [ 760E38053BF56E501D562B70AD796B88 ] C:\Windows\System32\drivers\ndis.sys
14:31:13.0900 4428 C:\Windows\System32\drivers\ndis.sys - ok
14:31:13.0900 4428 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
14:31:13.0900 4428 C:\Windows\System32\netman.dll - ok
14:31:13.0900 4428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
14:31:13.0900 4428 C:\Windows\System32\netprofm.dll - ok
14:31:13.0900 4428 [ 0E7045E24F78351E021D3C01566DBBA3 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
14:31:13.0900 4428 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
14:31:13.0915 4428 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
14:31:13.0915 4428 C:\Windows\System32\nlasvc.dll - ok
14:31:13.0915 4428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
14:31:13.0915 4428 C:\Windows\System32\nsisvc.dll - ok
14:31:13.0915 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
14:31:13.0915 4428 C:\Windows\System32\pnrpsvc.dll - ok
14:31:13.0915 4428 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
14:31:13.0915 4428 C:\Windows\System32\p2psvc.dll - ok
14:31:13.0915 4428 [ E9766131EEADE40A27DC27D2D68FBA9C ] C:\Windows\System32\drivers\partmgr.sys
14:31:13.0915 4428 C:\Windows\System32\drivers\partmgr.sys - ok
14:31:13.0931 4428 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
14:31:13.0931 4428 C:\Windows\System32\pcasvc.dll - ok
14:31:13.0931 4428 [ B9B0A4299DD2D76A4243F75FD54DC680 ] C:\Windows\System32\PeerDistSvc.dll
14:31:13.0931 4428 C:\Windows\System32\PeerDistSvc.dll - ok
14:31:13.0931 4428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] C:\Windows\System32\pla.dll
14:31:13.0931 4428 C:\Windows\System32\pla.dll - ok
14:31:13.0931 4428 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
14:31:13.0931 4428 C:\Windows\System32\umpnpmgr.dll - ok
14:31:13.0931 4428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] C:\Windows\System32\pnrpauto.dll
14:31:13.0931 4428 C:\Windows\System32\pnrpauto.dll - ok
14:31:13.0947 4428 [ 8DEC9C6DD13C4B3B62CD8D5A0FEF1650 ] C:\Windows\System32\polstore.dll
14:31:13.0947 4428 C:\Windows\System32\polstore.dll - ok
14:31:13.0947 4428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
14:31:13.0947 4428 C:\Windows\System32\umpo.dll - ok
14:31:13.0947 4428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
14:31:13.0947 4428 C:\Windows\System32\profsvc.dll - ok
14:31:13.0947 4428 [ AB95FBAE4F9A5A56B177CEC427B2B35E ] C:\Windows\System32\psbase.dll
14:31:13.0947 4428 C:\Windows\System32\psbase.dll - ok
14:31:13.0947 4428 [ 906191634E99AEA92C4816150BDA3732 ] C:\Windows\System32\qwave.dll
14:31:13.0947 4428 C:\Windows\System32\qwave.dll - ok
14:31:13.0962 4428 [ 76707BB36430888D9CE9D705398ADB6C ] C:\Windows\System32\drivers\qwavedrv.sys
14:31:13.0962 4428 C:\Windows\System32\drivers\qwavedrv.sys - ok
14:31:13.0962 4428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] C:\Windows\System32\rasauto.dll
14:31:13.0962 4428 C:\Windows\System32\rasauto.dll - ok
14:31:13.0962 4428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
14:31:13.0962 4428 C:\Windows\System32\rasmans.dll - ok
14:31:13.0962 4428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
14:31:13.0962 4428 C:\Windows\System32\sstpsvc.dll - ok
14:31:13.0962 4428 [ 254FB7A22D74E5511C73A3F6D802F192 ] C:\Windows\System32\mprdim.dll
14:31:13.0962 4428 C:\Windows\System32\mprdim.dll - ok
14:31:13.0978 4428 [ E4D94F24081440B5FC5AA556C7C62702 ] C:\Windows\System32\regsvc.dll
14:31:13.0978 4428 C:\Windows\System32\regsvc.dll - ok
14:31:13.0978 4428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] C:\Windows\System32\Locator.exe
14:31:13.0978 4428 C:\Windows\System32\Locator.exe - ok
14:31:13.0978 4428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
14:31:13.0978 4428 C:\Windows\System32\RpcEpMap.dll - ok
14:31:13.0978 4428 [ 9B7395789E3791A3B6D000FE6F8B131E ] C:\Windows\System32\SCardSvr.dll
14:31:13.0978 4428 C:\Windows\System32\SCardSvr.dll - ok
14:31:13.0978 4428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] C:\Windows\System32\drivers\scfilter.sys
14:31:13.0978 4428 C:\Windows\System32\drivers\scfilter.sys - ok
14:31:13.0993 4428 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
14:31:13.0993 4428 C:\Windows\System32\schedsvc.dll - ok
14:31:13.0993 4428 [ 6EA4234DC55346E0709560FE7C2C1972 ] C:\Windows\System32\sdrsvc.dll
14:31:13.0993 4428 C:\Windows\System32\sdrsvc.dll - ok
14:31:13.0993 4428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
14:31:13.0993 4428 C:\Windows\System32\seclogon.dll - ok
14:31:13.0993 4428 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
14:31:13.0993 4428 C:\Windows\System32\Sens.dll - ok
14:31:13.0993 4428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] C:\Windows\System32\sensrsvc.dll
14:31:13.0993 4428 C:\Windows\System32\sensrsvc.dll - ok
14:31:14.0009 4428 [ 0B6231BF38174A1628C4AC812CC75804 ] C:\Windows\System32\SessEnv.dll
14:31:14.0009 4428 C:\Windows\System32\SessEnv.dll - ok
14:31:14.0009 4428 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
14:31:14.0009 4428 C:\Windows\System32\ipnathlp.dll - ok
14:31:14.0009 4428 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
14:31:14.0009 4428 C:\Windows\System32\shsvcs.dll - ok
14:31:14.0009 4428 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
14:31:14.0009 4428 C:\Windows\System32\tcpipcfg.dll - ok
14:31:14.0009 4428 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
14:31:14.0009 4428 C:\Windows\System32\snmptrap.exe - ok
14:31:14.0025 4428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
14:31:14.0025 4428 C:\Windows\System32\spoolsv.exe - ok
14:31:14.0025 4428 [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe
14:31:14.0025 4428 C:\Windows\System32\sppsvc.exe - ok
14:31:14.0025 4428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] C:\Windows\System32\sppuinotify.dll
14:31:14.0025 4428 C:\Windows\System32\sppuinotify.dll - ok
14:31:14.0025 4428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
14:31:14.0025 4428 C:\Windows\System32\ssdpsrv.dll - ok
14:31:14.0025 4428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
14:31:14.0025 4428 C:\Windows\System32\wiaservc.dll - ok
14:31:14.0040 4428 [ C40841817EF57D491F22EB103DA587CC ] C:\Windows\System32\StorSvc.dll
14:31:14.0040 4428 C:\Windows\System32\StorSvc.dll - ok
14:31:14.0040 4428 [ D289D2E949609B696161039C3D86FFE9 ] C:\Windows\System32\vmstorfltres.dll
14:31:14.0040 4428 C:\Windows\System32\vmstorfltres.dll - ok
14:31:14.0040 4428 [ E08E46FDD841B7184194011CA1955A0B ] C:\Windows\System32\swprv.dll
14:31:14.0040 4428 C:\Windows\System32\swprv.dll - ok
14:31:14.0040 4428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
14:31:14.0040 4428 C:\Windows\System32\sysmain.dll - ok
14:31:14.0040 4428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] C:\Windows\System32\TabSvc.dll
14:31:14.0040 4428 C:\Windows\System32\TabSvc.dll - ok
14:31:14.0056 4428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
14:31:14.0056 4428 C:\Windows\System32\tapisrv.dll - ok
14:31:14.0056 4428 [ 1BE03AC720F4D302EA01D40F588162F6 ] C:\Windows\System32\tbssvc.dll
14:31:14.0056 4428 C:\Windows\System32\tbssvc.dll - ok
14:31:14.0056 4428 [ 2E648163254233755035B46DD7B89123 ] C:\Windows\System32\termsrv.dll
14:31:14.0056 4428 C:\Windows\System32\termsrv.dll - ok
14:31:14.0056 4428 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
14:31:14.0056 4428 C:\Windows\System32\themeservice.dll - ok
14:31:14.0056 4428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
14:31:14.0056 4428 C:\Windows\System32\trkwks.dll - ok
14:31:14.0071 4428 [ 773212B2AAA24C1E31F10246B15B276C ] C:\Windows\servicing\TrustedInstaller.exe
14:31:14.0071 4428 C:\Windows\servicing\TrustedInstaller.exe - ok
14:31:14.0071 4428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] C:\Windows\System32\drivers\tssecsrv.sys
14:31:14.0071 4428 C:\Windows\System32\drivers\tssecsrv.sys - ok
14:31:14.0071 4428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] C:\Windows\System32\UI0Detect.exe
14:31:14.0071 4428 C:\Windows\System32\UI0Detect.exe - ok
14:31:14.0071 4428 [ A293DCD756D04D8492A750D03B9A297C ] C:\Windows\System32\umrdp.dll
14:31:14.0071 4428 C:\Windows\System32\umrdp.dll - ok
14:31:14.0071 4428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
14:31:14.0071 4428 C:\Windows\System32\upnphost.dll - ok
14:31:14.0087 4428 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
14:31:14.0087 4428 C:\Windows\System32\dwm.exe - ok
14:31:14.0087 4428 [ 567BC1309E05FCFA680ADB6E02260736 ] C:\Windows\System32\vaultsvc.dll
14:31:14.0087 4428 C:\Windows\System32\vaultsvc.dll - ok
14:31:14.0087 4428 [ A255814907C89BE58B79EF2F189B843B ] C:\Windows\System32\drivers\volmgrx.sys
14:31:14.0087 4428 C:\Windows\System32\drivers\volmgrx.sys - ok
14:31:14.0087 4428 [ 8D6B481601D01A456E75C3210F1830BE ] C:\Windows\System32\vds.exe
14:31:14.0087 4428 C:\Windows\System32\vds.exe - ok
14:31:14.0087 4428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] C:\Windows\System32\VSSVC.exe
14:31:14.0087 4428 C:\Windows\System32\VSSVC.exe - ok
14:31:14.0103 4428 [ 1C9D80CC3849B3788048078C26486E1A ] C:\Windows\System32\w32time.dll
14:31:14.0103 4428 C:\Windows\System32\w32time.dll - ok
14:31:14.0103 4428 [ 05E9265E2228799B68DC0F58A94E1AB8 ] C:\Windows\System32\Wat\WatUX.exe
14:31:14.0103 4428 C:\Windows\System32\Wat\WatUX.exe - ok
14:31:14.0103 4428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] C:\Windows\System32\wbengine.exe
14:31:14.0103 4428 C:\Windows\System32\wbengine.exe - ok
14:31:14.0103 4428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] C:\Windows\System32\wbiosrvc.dll
14:31:14.0103 4428 C:\Windows\System32\wbiosrvc.dll - ok
14:31:14.0103 4428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] C:\Windows\System32\wcncsvc.dll
14:31:14.0103 4428 C:\Windows\System32\wcncsvc.dll - ok
14:31:14.0118 4428 [ 442783E2CB0DA19873B7A63833FF4CB4 ] C:\Windows\System32\drivers\Wdf01000.sys
14:31:14.0118 4428 C:\Windows\System32\drivers\Wdf01000.sys - ok
14:31:14.0118 4428 [ 20F7441334B18CEE52027661DF4A6129 ] C:\Windows\System32\WcsPlugInService.dll
14:31:14.0118 4428 C:\Windows\System32\WcsPlugInService.dll - ok
14:31:14.0118 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
14:31:14.0118 4428 C:\Windows\System32\wdi.dll - ok
14:31:14.0118 4428 [ C749025A679C5103E575E3B48E092C43 ] C:\Windows\System32\wecsvc.dll
14:31:14.0118 4428 C:\Windows\System32\wecsvc.dll - ok
14:31:14.0118 4428 [ 7E591867422DC788B9E5BD337A669A08 ] C:\Windows\System32\wercplsupport.dll
14:31:14.0118 4428 C:\Windows\System32\wercplsupport.dll - ok
14:31:14.0134 4428 [ 6D137963730144698CBD10F202E9F251 ] C:\Windows\System32\wersvc.dll
14:31:14.0134 4428 C:\Windows\System32\wersvc.dll - ok
14:31:14.0134 4428 [ 2DA738A0A6BEE483A5647A76695AF3B0 ] C:\Program Files\Windows Defender\MsMpRes.dll
14:31:14.0134 4428 C:\Program Files\Windows Defender\MsMpRes.dll - ok
14:31:14.0134 4428 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
14:31:14.0134 4428 C:\Windows\System32\winhttp.dll - ok
14:31:14.0134 4428 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
14:31:14.0134 4428 C:\Windows\System32\wbem\WMIsvc.dll - ok
14:31:14.0134 4428 [ BCB1310604AA415C4508708975B3931E ] C:\Windows\System32\WsmSvc.dll
14:31:14.0134 4428 C:\Windows\System32\WsmSvc.dll - ok
14:31:14.0149 4428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
14:31:14.0149 4428 C:\Windows\System32\wlansvc.dll - ok
14:31:14.0149 4428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] C:\Windows\System32\wbem\WmiApSrv.exe
14:31:14.0149 4428 C:\Windows\System32\wbem\WmiApSrv.exe - ok
14:31:14.0149 4428 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
14:31:14.0149 4428 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
14:31:14.0149 4428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] C:\Windows\System32\wpcsvc.dll
14:31:14.0149 4428 C:\Windows\System32\wpcsvc.dll - ok
14:31:14.0149 4428 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
14:31:14.0149 4428 C:\Windows\System32\wpdbusenum.dll - ok
14:31:14.0165 4428 [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
14:31:14.0165 4428 C:\Windows\System32\wscsvc.dll - ok
14:31:14.0165 4428 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
14:31:14.0165 4428 C:\Windows\System32\SearchIndexer.exe - ok
14:31:14.0165 4428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
14:31:14.0165 4428 C:\Windows\System32\wuaueng.dll - ok
14:31:14.0165 4428 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
14:31:14.0165 4428 C:\Windows\System32\drivers\WUDFPf.sys - ok
14:31:14.0165 4428 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
14:31:14.0165 4428 C:\Windows\System32\WUDFSvc.dll - ok
14:31:14.0181 4428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] C:\Windows\System32\wwansvc.dll
14:31:14.0181 4428 C:\Windows\System32\wwansvc.dll - ok
14:31:14.0181 4428 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
14:31:14.0181 4428 C:\Windows\System32\ubpm.dll - ok
14:31:14.0181 4428 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
14:31:14.0181 4428 C:\Windows\System32\svchost.exe - ok
14:31:14.0181 4428 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
14:31:14.0181 4428 C:\Windows\System32\SPInf.dll - ok
14:31:14.0181 4428 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
14:31:14.0181 4428 C:\Windows\System32\devrtl.dll - ok
14:31:14.0181 4428 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
14:31:14.0181 4428 C:\Windows\System32\userenv.dll - ok
14:31:14.0196 4428 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
14:31:14.0196 4428 C:\Windows\System32\pcwum.dll - ok
14:31:14.0196 4428 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
14:31:14.0196 4428 C:\Windows\System32\powrprof.dll - ok
14:31:14.0196 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
14:31:14.0196 4428 C:\Windows\System32\rpcss.dll - ok
14:31:14.0196 4428 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
14:31:14.0196 4428 C:\Windows\System32\wshqos.dll - ok
14:31:14.0196 4428 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
14:31:14.0196 4428 C:\Windows\System32\WSHTCPIP.DLL - ok
14:31:14.0212 4428 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
14:31:14.0212 4428 C:\Windows\System32\version.dll - ok
14:31:14.0212 4428 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:31:14.0212 4428 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
14:31:14.0212 4428 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
14:31:14.0212 4428 C:\Windows\System32\authui.dll - ok
14:31:14.0212 4428 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
14:31:14.0212 4428 C:\Windows\System32\LogonUI.exe - ok
14:31:14.0212 4428 [ BCF8F2758AA5C451F8E366C66A98BBFE ] C:\Program Files\Microsoft Security Client\MpSvc.dll
14:31:14.0212 4428 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
14:31:14.0227 4428 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
14:31:14.0227 4428 C:\Windows\System32\cryptui.dll - ok
14:31:14.0227 4428 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
14:31:14.0227 4428 C:\Windows\System32\wtsapi32.dll - ok
14:31:14.0227 4428 [ 2F67DEE6452EBC9F4A6C97A1CCC232FE ] C:\Program Files\Microsoft Security Client\MpClient.dll
14:31:14.0227 4428 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
14:31:14.0227 4428 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
14:31:14.0227 4428 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
14:31:14.0243 4428 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
14:31:14.0243 4428 C:\Windows\System32\ntmarta.dll - ok
14:31:14.0243 4428 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
14:31:14.0243 4428 C:\Windows\System32\samlib.dll - ok
14:31:14.0243 4428 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
14:31:14.0243 4428 C:\Windows\System32\shacct.dll - ok
14:31:14.0243 4428 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
14:31:14.0243 4428 C:\Windows\System32\propsys.dll - ok
14:31:14.0243 4428 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
14:31:14.0243 4428 C:\Windows\System32\uxtheme.dll - ok
14:31:14.0259 4428 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
14:31:14.0259 4428 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
14:31:14.0259 4428 [ C53D784D7303C463D004C0D5782917B4 ] C:\Windows\System32\atiesrxx.exe
14:31:14.0259 4428 C:\Windows\System32\atiesrxx.exe - ok
14:31:14.0259 4428 [ 5F10310A5A9273475AA04930DFE16742 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
14:31:14.0259 4428 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
14:31:14.0259 4428 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
14:31:14.0259 4428 C:\Windows\System32\adtschema.dll - ok
14:31:14.0259 4428 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
14:31:14.0259 4428 C:\Windows\System32\MMDevAPI.dll - ok
14:31:14.0274 4428 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
14:31:14.0274 4428 C:\Windows\System32\avrt.dll - ok
14:31:14.0274 4428 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
14:31:14.0274 4428 C:\Windows\System32\audiodg.exe - ok
14:31:14.0274 4428 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
14:31:14.0274 4428 C:\Windows\System32\dui70.dll - ok
14:31:14.0274 4428 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
14:31:14.0274 4428 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
14:31:14.0274 4428 [ 29910D50542B1AA0F162EF3339C61B6D ] C:\Windows\System32\PeerDist.dll
14:31:14.0274 4428 C:\Windows\System32\PeerDist.dll - ok
14:31:14.0290 4428 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
14:31:14.0290 4428 C:\Windows\System32\PSHED.DLL - ok
14:31:14.0290 4428 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
14:31:14.0290 4428 C:\Windows\System32\atl.dll - ok
14:31:14.0290 4428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
14:31:14.0290 4428 C:\Windows\System32\gpsvc.dll - ok
14:31:14.0290 4428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
14:31:14.0290 4428 C:\Windows\System32\es.dll - ok
14:31:14.0290 4428 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
14:31:14.0290 4428 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
14:31:14.0305 4428 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
14:31:14.0305 4428 C:\Windows\System32\taskschd.dll - ok
14:31:14.0305 4428 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
14:31:14.0305 4428 C:\Windows\System32\duser.dll - ok
14:31:14.0305 4428 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
14:31:14.0305 4428 C:\Windows\System32\SndVolSSO.dll - ok
14:31:14.0305 4428 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
14:31:14.0305 4428 C:\Windows\System32\nlaapi.dll - ok
14:31:14.0305 4428 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
14:31:14.0305 4428 C:\Windows\System32\dsrole.dll - ok
14:31:14.0321 4428 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
14:31:14.0321 4428 C:\Windows\System32\hid.dll - ok
14:31:14.0321 4428 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
14:31:14.0321 4428 C:\Windows\System32\slc.dll - ok
14:31:14.0321 4428 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
14:31:14.0321 4428 C:\Windows\System32\dwmapi.dll - ok
14:31:14.0321 4428 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
14:31:14.0321 4428 C:\Windows\System32\xmllite.dll - ok
14:31:14.0321 4428 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
14:31:14.0321 4428 C:\Windows\System32\WindowsCodecs.dll - ok
14:31:14.0337 4428 [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
14:31:14.0337 4428 C:\Windows\System32\mstask.dll - ok
14:31:14.0337 4428 [ BF62F3BC1BE0700804EC394BB77F02C4 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
14:31:14.0337 4428 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
14:31:14.0337 4428 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] C:\Windows\System32\hpservice.exe
14:31:14.0337 4428 C:\Windows\System32\hpservice.exe - ok
14:31:14.0337 4428 [ 19F9B524A525D202194247E96656CB88 ] C:\Windows\System32\mfc42u.dll
14:31:14.0337 4428 C:\Windows\System32\mfc42u.dll - ok
14:31:14.0337 4428 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
14:31:14.0337 4428 C:\Windows\System32\fltLib.dll - ok
14:31:14.0352 4428 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
14:31:14.0352 4428 C:\Windows\System32\VaultCredProvider.dll - ok
14:31:14.0352 4428 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
14:31:14.0352 4428 C:\Windows\System32\winbrand.dll - ok
14:31:14.0352 4428 [ FF7E814CBFEC3C27922C13BB94667416 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
14:31:14.0352 4428 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
14:31:14.0352 4428 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] C:\Windows\System32\drivers\MpFilter.sys
14:31:14.0352 4428 C:\Windows\System32\drivers\MpFilter.sys - ok
14:31:14.0352 4428 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
14:31:14.0352 4428 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
14:31:14.0368 4428 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
14:31:14.0368 4428 C:\Windows\System32\BioCredProv.dll - ok
14:31:14.0368 4428 [ 12FD09889C8A6141C8D10F7AE48BBAC8 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
14:31:14.0368 4428 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
14:31:14.0368 4428 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
14:31:14.0368 4428 C:\Windows\System32\winbio.dll - ok
14:31:14.0368 4428 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
14:31:14.0368 4428 C:\Windows\System32\credui.dll - ok
14:31:14.0368 4428 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
14:31:14.0368 4428 C:\Windows\System32\netapi32.dll - ok
14:31:14.0383 4428 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
14:31:14.0383 4428 C:\Windows\System32\vaultcli.dll - ok
14:31:14.0383 4428 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
14:31:14.0383 4428 C:\Windows\System32\netutils.dll - ok
14:31:14.0383 4428 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
14:31:14.0383 4428 C:\Windows\System32\wkscli.dll - ok
14:31:14.0383 4428 [ D527EF4364D2D00443470940B177EAD4 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{329A5EEC-9817-4436-B119-EEAA661631BA}\mpengine.dll
14:31:14.0383 4428 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{329A5EEC-9817-4436-B119-EEAA661631BA}\mpengine.dll - ok
14:31:14.0383 4428 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
14:31:14.0383 4428 C:\Windows\System32\samcli.dll - ok
14:31:14.0399 4428 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
14:31:14.0399 4428 C:\Windows\System32\certCredProvider.dll - ok
14:31:14.0399 4428 [ 7FF8E121AFA05BDAB23B9FEDCDAB7A33 ] C:\Windows\System32\odbc32.dll
14:31:14.0399 4428 C:\Windows\System32\odbc32.dll - ok
14:31:14.0399 4428 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
14:31:14.0399 4428 C:\Windows\System32\rasplap.dll - ok
14:31:14.0399 4428 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
14:31:14.0399 4428 C:\Windows\System32\rasapi32.dll - ok
14:31:14.0399 4428 [ E83C1989A52459D6D8E143AC9F23C93D ] C:\Windows\System32\accelerometerdll.DLL
14:31:14.0399 4428 C:\Windows\System32\accelerometerdll.DLL - ok
14:31:14.0415 4428 [ 3E466073C3B1033FF92ADE9031E3D4A2 ] C:\Windows\System32\odbcint.dll
14:31:14.0415 4428 C:\Windows\System32\odbcint.dll - ok
14:31:14.0415 4428 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
14:31:14.0415 4428 C:\Windows\System32\rasman.dll - ok
14:31:14.0415 4428 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
14:31:14.0415 4428 C:\Windows\System32\rtutils.dll - ok
14:31:14.0415 4428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
14:31:14.0415 4428 C:\Windows\System32\uxsms.dll - ok
14:31:14.0415 4428 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
14:31:14.0415 4428 C:\Windows\System32\WUDFPlatform.dll - ok
14:31:14.0430 4428 [ C544AF647337B9B274F2AFC068786C86 ] C:\Windows\System32\atieclxx.exe
14:31:14.0430 4428 C:\Windows\System32\atieclxx.exe - ok
14:31:14.0430 4428 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
14:31:14.0430 4428 C:\Windows\System32\UXInit.dll - ok
14:31:14.0430 4428 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
14:31:14.0430 4428 C:\Windows\System32\drivers\lltdio.sys - ok
14:31:14.0430 4428 [ 3D214B8D15B05DB873B8241626C9C23E ] C:\Windows\System32\atiadlxx.dll
14:31:14.0430 4428 C:\Windows\System32\atiadlxx.dll - ok
14:31:14.0430 4428 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
14:31:14.0430 4428 C:\Windows\System32\drivers\ndisuio.sys - ok
14:31:14.0446 4428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
14:31:14.0446 4428 C:\Windows\System32\drivers\nwifi.sys - ok
14:31:14.0446 4428 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
14:31:14.0446 4428 C:\Windows\System32\drivers\rspndr.sys - ok
14:31:14.0446 4428 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
14:31:14.0446 4428 C:\Windows\System32\IPHLPAPI.DLL - ok
14:31:14.0446 4428 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
14:31:14.0446 4428 C:\Windows\System32\nrpsrv.dll - ok
14:31:14.0446 4428 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
14:31:14.0446 4428 C:\Windows\System32\winnsi.dll - ok
14:31:14.0446 4428 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
14:31:14.0461 4428 C:\Windows\System32\dhcpcore6.dll - ok
14:31:14.0461 4428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
14:31:14.0461 4428 C:\Windows\System32\dnsrslvr.dll - ok
14:31:14.0461 4428 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
14:31:14.0461 4428 C:\Windows\System32\eapphost.dll - ok
14:31:14.0461 4428 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
14:31:14.0461 4428 C:\Windows\System32\FWPUCLNT.DLL - ok
14:31:14.0461 4428 [ 7373DE70D405FF08DC53336B83989138 ] C:\Windows\System32\rastls.dll
14:31:14.0461 4428 C:\Windows\System32\rastls.dll - ok
14:31:14.0477 4428 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
14:31:14.0477 4428 C:\Windows\System32\imageres.dll - ok
14:31:14.0477 4428 [ 9071DD242AAA24558370537BF1C289A8 ] C:\Windows\System32\atimuixx.dll
14:31:14.0477 4428 C:\Windows\System32\atimuixx.dll - ok
14:31:14.0477 4428 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
14:31:14.0477 4428 C:\Windows\System32\dnsext.dll - ok
14:31:14.0477 4428 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
14:31:14.0477 4428 C:\Windows\System32\dhcpcsvc6.dll - ok
14:31:14.0477 4428 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
14:31:14.0477 4428 C:\Windows\System32\dhcpcsvc.dll - ok
14:31:14.0493 4428 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
14:31:14.0493 4428 C:\Windows\System32\raschap.dll - ok
14:31:14.0493 4428 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
14:31:14.0493 4428 C:\Windows\System32\umb.dll - ok
14:31:14.0493 4428 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
14:31:14.0493 4428 C:\Windows\System32\wlanmsm.dll - ok
14:31:14.0493 4428 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
14:31:14.0493 4428 C:\Windows\System32\wlansec.dll - ok
14:31:14.0493 4428 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
14:31:14.0493 4428 C:\Windows\System32\onex.dll - ok
14:31:14.0493 4428 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
14:31:14.0508 4428 C:\Windows\System32\eappcfg.dll - ok
14:31:14.0508 4428 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
14:31:14.0508 4428 C:\Windows\System32\eappprxy.dll - ok
14:31:14.0508 4428 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
14:31:14.0508 4428 C:\Windows\System32\l2gpstore.dll - ok
14:31:14.0508 4428 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
14:31:14.0508 4428 C:\Windows\System32\WinSCard.dll - ok
14:31:14.0508 4428 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
14:31:14.0508 4428 C:\Windows\System32\wlanutil.dll - ok
14:31:14.0508 4428 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
14:31:14.0508 4428 C:\Windows\System32\wlgpclnt.dll - ok
14:31:14.0524 4428 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll
14:31:14.0524 4428 C:\Windows\System32\msxml6.dll - ok
14:31:14.0524 4428 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
14:31:14.0524 4428 C:\Windows\System32\ktmw32.dll - ok
14:31:14.0524 4428 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
14:31:14.0524 4428 C:\Windows\System32\fveapi.dll - ok
14:31:14.0524 4428 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
14:31:14.0524 4428 C:\Windows\System32\fvecerts.dll - ok
14:31:14.0524 4428 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
14:31:14.0524 4428 C:\Windows\System32\tbs.dll - ok
14:31:14.0539 4428 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
14:31:14.0539 4428 C:\Windows\System32\netcfgx.dll - ok
14:31:14.0539 4428 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
14:31:14.0539 4428 C:\Windows\System32\wiarpc.dll - ok
14:31:14.0539 4428 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
14:31:14.0539 4428 C:\Windows\System32\taskcomp.dll - ok
14:31:14.0539 4428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
14:31:14.0539 4428 C:\Windows\System32\drivers\bowser.sys - ok
14:31:14.0539 4428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
14:31:14.0539 4428 C:\Windows\System32\drivers\mpsdrv.sys - ok
14:31:14.0555 4428 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
14:31:14.0555 4428 C:\Windows\System32\drivers\mrxsmb.sys - ok
14:31:14.0555 4428 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
14:31:14.0555 4428 C:\Windows\System32\drivers\mrxsmb10.sys - ok
14:31:14.0555 4428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
14:31:14.0555 4428 C:\Windows\System32\MPSSVC.dll - ok
14:31:14.0555 4428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
14:31:14.0555 4428 C:\Windows\System32\drivers\mrxsmb20.sys - ok
14:31:14.0555 4428 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
14:31:14.0555 4428 C:\Windows\System32\wfapigp.dll - ok
14:31:14.0571 4428 [ 581D88B25C4D4121824FED2CA38E562F ] C:\Program Files\SUPERAntiSpyware\SASCore64.exe
14:31:14.0571 4428 C:\Program Files\SUPERAntiSpyware\SASCore64.exe - ok
14:31:14.0571 4428 [ 576134E43169810B560F0BB6FDEE13F5 ] C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
14:31:14.0571 4428 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe - ok
14:31:14.0571 4428 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
14:31:14.0571 4428 C:\Windows\System32\mscms.dll - ok
14:31:14.0571 4428 [ 6D2C1248A65CCFD78983709463184F43 ] C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll
14:31:14.0571 4428 C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll - ok
14:31:14.0586 4428 [ E9A0777DCA9148157E0EF9B71D7DE353 ] C:\Windows\System32\RdpGroupPolicyExtension.dll
14:31:14.0586 4428 C:\Windows\System32\RdpGroupPolicyExtension.dll - ok
14:31:14.0586 4428 [ 9E2AF97302B9F4BF97E952A865EB31AE ] C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
14:31:14.0586 4428 C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe - ok
14:31:14.0586 4428 [ 91A8E32B00BF7899EDAB6783287DDDA6 ] C:\Windows\System32\PeerDistSh.dll
14:31:14.0586 4428 C:\Windows\System32\PeerDistSh.dll - ok
14:31:14.0586 4428 [ 241AF87821FDA0F5792037B779F49BE0 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
14:31:14.0586 4428 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - ok
14:31:14.0586 4428 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
14:31:14.0586 4428 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
14:31:14.0602 4428 [ 79488508B1DB86A2E2B2C89DFC0CC34B ] C:\Program Files\Intel\BluetoothHS\KmmdlPlugins\BTSupplicantPlugin.dll
14:31:14.0602 4428 C:\Program Files\Intel\BluetoothHS\KmmdlPlugins\BTSupplicantPlugin.dll - ok
14:31:14.0602 4428 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
14:31:14.0602 4428 C:\Windows\System32\cryptnet.dll - ok
14:31:14.0602 4428 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
14:31:14.0602 4428 C:\Windows\System32\oleacc.dll - ok
14:31:14.0602 4428 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
14:31:14.0602 4428 C:\Windows\System32\vssapi.dll - ok
14:31:14.0602 4428 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] C:\Windows\System32\drivers\NisDrvWFP.sys
14:31:14.0602 4428 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
14:31:14.0617 4428 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
14:31:14.0617 4428 C:\Windows\System32\winspool.drv - ok
14:31:14.0617 4428 [ 0F0BF1380A72A6CF0BE0E9449C83526C ] C:\Program Files\Intel\BluetoothHS\KmmdlPlugins\PanAuthenticator.dll
14:31:14.0617 4428 C:\Program Files\Intel\BluetoothHS\KmmdlPlugins\PanAuthenticator.dll - ok
14:31:14.0617 4428 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
14:31:14.0617 4428 C:\Windows\System32\aepic.dll - ok
14:31:14.0617 4428 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
14:31:14.0617 4428 C:\Windows\System32\vsstrace.dll - ok
14:31:14.0617 4428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
14:31:14.0617 4428 C:\Windows\System32\drivers\PEAuth.sys - ok
14:31:14.0633 4428 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
14:31:14.0633 4428 C:\Windows\System32\sfc.dll - ok
14:31:14.0633 4428 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
14:31:14.0633 4428 C:\Windows\System32\sfc_os.dll - ok
14:31:14.0633 4428 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
14:31:14.0633 4428 C:\Windows\System32\drivers\secdrv.sys - ok
14:31:14.0633 4428 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
14:31:14.0633 4428 C:\Windows\System32\drivers\srvnet.sys - ok
14:31:14.0633 4428 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
14:31:14.0633 4428 C:\Windows\System32\ncsi.dll - ok
14:31:14.0649 4428 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
14:31:14.0649 4428 C:\Windows\System32\drivers\tcpipreg.sys - ok
14:31:14.0649 4428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
14:31:14.0649 4428 C:\Windows\System32\drivers\srv2.sys - ok
14:31:14.0649 4428 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
14:31:14.0649 4428 C:\Windows\System32\wbemcomn.dll - ok
14:31:14.0649 4428 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
14:31:14.0649 4428 C:\Windows\System32\httpapi.dll - ok
14:31:14.0649 4428 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
14:31:14.0649 4428 C:\Windows\System32\wbem\WinMgmtR.dll - ok
14:31:14.0664 4428 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
14:31:14.0664 4428 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
14:31:14.0664 4428 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
14:31:14.0664 4428 C:\Windows\System32\webio.dll - ok
14:31:14.0664 4428 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
14:31:14.0664 4428 C:\Windows\System32\wbem\fastprox.dll - ok
14:31:14.0664 4428 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
14:31:14.0664 4428 C:\Windows\System32\sqmapi.dll - ok
14:31:14.0664 4428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
14:31:14.0664 4428 C:\Windows\System32\drivers\srv.sys - ok
14:31:14.0680 4428 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
14:31:14.0680 4428 C:\Windows\System32\wdscore.dll - ok
14:31:14.0680 4428 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
14:31:14.0680 4428 C:\Windows\System32\hnetcfg.dll - ok
14:31:14.0680 4428 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
14:31:14.0680 4428 C:\Windows\System32\netmsg.dll - ok
14:31:14.0680 4428 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
14:31:14.0680 4428 C:\Windows\System32\ssdpapi.dll - ok
14:31:14.0680 4428 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
14:31:14.0680 4428 C:\Windows\System32\clusapi.dll - ok
14:31:14.0695 4428 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
14:31:14.0695 4428 C:\Windows\System32\sscore.dll - ok
14:31:14.0695 4428 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
14:31:14.0695 4428 C:\Windows\System32\ntdsapi.dll - ok
14:31:14.0695 4428 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
14:31:14.0695 4428 C:\Windows\System32\wbem\wbemprox.dll - ok
14:31:14.0695 4428 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
14:31:14.0695 4428 C:\Windows\System32\resutils.dll - ok
14:31:14.0695 4428 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
14:31:14.0695 4428 C:\Windows\System32\nci.dll - ok
14:31:14.0711 4428 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
14:31:14.0711 4428 C:\Windows\System32\rastapi.dll - ok
14:31:14.0711 4428 [ E34D070DF6F3574B3EF5336EA021A216 ] C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll
14:31:14.0711 4428 C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll - ok
14:31:14.0711 4428 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
14:31:14.0711 4428 C:\Windows\System32\tapi32.dll - ok
14:31:14.0711 4428 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
14:31:14.0711 4428 C:\Windows\System32\aeevts.dll - ok
14:31:14.0711 4428 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
14:31:14.0711 4428 C:\Windows\System32\wbem\wbemcore.dll - ok
14:31:14.0727 4428 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
14:31:14.0727 4428 C:\Windows\System32\unimdm.tsp - ok
14:31:14.0727 4428 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
14:31:14.0727 4428 C:\Windows\System32\uniplat.dll - ok
14:31:14.0727 4428 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
14:31:14.0727 4428 C:\Windows\System32\kmddsp.tsp - ok
14:31:14.0727 4428 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
14:31:14.0727 4428 C:\Windows\System32\wbem\esscli.dll - ok
14:31:14.0727 4428 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
14:31:14.0727 4428 C:\Windows\System32\ndptsp.tsp - ok
14:31:14.0742 4428 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
14:31:14.0742 4428 C:\Windows\System32\hidphone.tsp - ok
14:31:14.0742 4428 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
14:31:14.0742 4428 C:\Windows\System32\winmm.dll - ok
14:31:14.0742 4428 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
14:31:14.0742 4428 C:\Windows\System32\wbem\wbemsvc.dll - ok
14:31:14.0742 4428 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
14:31:14.0742 4428 C:\Windows\System32\wbem\wmiutils.dll - ok
14:31:14.0742 4428 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
14:31:14.0742 4428 C:\Windows\System32\wbem\repdrvfs.dll - ok
14:31:14.0758 4428 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
14:31:14.0758 4428 C:\Windows\System32\rasppp.dll - ok
14:31:14.0758 4428 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
14:31:14.0758 4428 C:\Windows\System32\ndiscapCfg.dll - ok
14:31:14.0758 4428 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
14:31:14.0758 4428 C:\Windows\System32\vpnike.dll - ok
14:31:14.0758 4428 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
14:31:14.0758 4428 C:\Windows\System32\mprapi.dll - ok
14:31:14.0758 4428 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
14:31:14.0758 4428 C:\Windows\System32\mprmsg.dll - ok
14:31:14.0773 4428 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
14:31:14.0773 4428 C:\Windows\System32\rasadhlp.dll - ok
14:31:14.0773 4428 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
14:31:14.0773 4428 C:\Windows\System32\netshell.dll - ok
14:31:14.0773 4428 [ 5B8580B819BE32EEC18CE1FEC52A4BCE ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
14:31:14.0773 4428 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
14:31:14.0773 4428 [ 3326166011C9BC13D6A8EFD856E9921C ] C:\Windows\System32\conhost.exe
14:31:14.0773 4428 C:\Windows\System32\conhost.exe - ok
14:31:14.0773 4428 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
14:31:14.0773 4428 C:\Windows\System32\wscapi.dll - ok
14:31:14.0789 4428 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
14:31:14.0789 4428 C:\Windows\System32\cabinet.dll - ok
14:31:14.0789 4428 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
14:31:14.0789 4428 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
14:31:14.0789 4428 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
14:31:14.0789 4428 C:\Windows\System32\p2pcollab.dll - ok
14:31:14.0789 4428 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
14:31:14.0789 4428 C:\Windows\System32\ncobjapi.dll - ok
14:31:14.0789 4428 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
14:31:14.0789 4428 C:\Windows\System32\fveui.dll - ok
14:31:14.0805 4428 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
14:31:14.0805 4428 C:\Windows\System32\wbem\wbemess.dll - ok
14:31:14.0805 4428 [ CA9E3BD4752FA2C084F5CD35FD8D0025 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
14:31:14.0805 4428 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
14:31:14.0805 4428 [ 79E80B10FE8F6662E0C9162A68C43444 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
14:31:14.0805 4428 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
14:31:14.0805 4428 [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
14:31:14.0805 4428 C:\Windows\System32\slwga.dll - ok
14:31:14.0805 4428 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
14:31:14.0805 4428 C:\Windows\System32\dllhost.exe - ok
14:31:14.0820 4428 [ 132045285DCC8654C14F1CFB4A8DCDA1 ] C:\Program Files\Microsoft Security Client\NisLog.dll
14:31:14.0820 4428 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
14:31:14.0820 4428 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
14:31:14.0820 4428 C:\Windows\System32\sppc.dll - ok
14:31:14.0820 4428 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
14:31:14.0820 4428 C:\Windows\System32\diagperf.dll - ok
14:31:14.0820 4428 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
14:31:14.0820 4428 C:\Windows\System32\perftrack.dll - ok
14:31:14.0820 4428 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
14:31:14.0820 4428 C:\Windows\System32\PortableDeviceApi.dll - ok
14:31:14.0836 4428 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
14:31:14.0836 4428 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
14:31:14.0836 4428 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
14:31:14.0836 4428 C:\Windows\System32\wer.dll - ok
14:31:14.0836 4428 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
14:31:14.0836 4428 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
14:31:14.0836 4428 [ 20C7F2ADAE249D6708941BC8CDD9735F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C524290-A469-4F5D-9373-8E4EF5CEE20A}\gapaengine.dll
14:31:14.0836 4428 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C524290-A469-4F5D-9373-8E4EF5CEE20A}\gapaengine.dll - ok
14:31:14.0851 4428 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
14:31:14.0851 4428 C:\Windows\System32\Apphlpdm.dll - ok
14:31:14.0851 4428 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
14:31:14.0851 4428 C:\Windows\System32\npmproxy.dll - ok
14:31:14.0851 4428 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
14:31:14.0851 4428 C:\Windows\System32\pnpts.dll - ok
14:31:14.0851 4428 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
14:31:14.0851 4428 C:\Windows\System32\radardt.dll - ok
14:31:14.0851 4428 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
14:31:14.0851 4428 C:\Windows\System32\wdiasqmmodule.dll - ok
14:31:14.0867 4428 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
14:31:14.0867 4428 C:\Windows\System32\IDStore.dll - ok
14:31:14.0867 4428 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
14:31:14.0867 4428 C:\Windows\System32\taskhost.exe - ok
14:31:14.0867 4428 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
14:31:14.0867 4428 C:\Windows\System32\localspl.dll - ok
14:31:14.0867 4428 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
14:31:14.0867 4428 C:\Windows\System32\mpr.dll - ok
14:31:14.0867 4428 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
14:31:14.0867 4428 C:\Windows\System32\PlaySndSrv.dll - ok
14:31:14.0883 4428 [ D729084195C952B7ED14AA6DA4B44DCA ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C524290-A469-4F5D-9373-8E4EF5CEE20A}\nisfull.vdm
14:31:14.0883 4428 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C524290-A469-4F5D-9373-8E4EF5CEE20A}\nisfull.vdm - ok
14:31:14.0883 4428 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
14:31:14.0883 4428 C:\Windows\System32\userinit.exe - ok
14:31:14.0883 4428 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
14:31:14.0883 4428 C:\Windows\System32\dwmredir.dll - ok
14:31:14.0883 4428 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
14:31:14.0883 4428 C:\Windows\System32\MsCtfMonitor.dll - ok
14:31:14.0883 4428 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
14:31:14.0883 4428 C:\Windows\System32\msutb.dll - ok
14:31:14.0898 4428 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
14:31:14.0898 4428 C:\Windows\System32\HotStartUserAgent.dll - ok
14:31:14.0898 4428 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
14:31:14.0898 4428 C:\Windows\System32\dwmcore.dll - ok
14:31:14.0898 4428 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
14:31:14.0898 4428 C:\Windows\explorer.exe - ok
14:31:14.0898 4428 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
14:31:14.0898 4428 C:\Windows\System32\spoolss.dll - ok
14:31:14.0898 4428 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
14:31:14.0898 4428 C:\Windows\System32\PrintIsolationProxy.dll - ok
14:31:14.0914 4428 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
14:31:14.0914 4428 C:\Windows\System32\FXSMON.dll - ok
14:31:14.0914 4428 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
14:31:14.0914 4428 C:\Windows\System32\tcpmon.dll - ok
14:31:14.0914 4428 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
14:31:14.0914 4428 C:\Program Files\Windows Defender\MpClient.dll - ok
14:31:14.0914 4428 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
14:31:14.0914 4428 C:\Windows\System32\snmpapi.dll - ok
14:31:14.0914 4428 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
14:31:14.0914 4428 C:\Windows\System32\wsnmp32.dll - ok
14:31:14.0929 4428 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
14:31:14.0929 4428 C:\Windows\System32\d3d10_1.dll - ok
14:31:14.0929 4428 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
14:31:14.0929 4428 C:\Windows\System32\usbmon.dll - ok
14:31:14.0929 4428 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
14:31:14.0929 4428 C:\Windows\System32\WSDMon.dll - ok
14:31:14.0929 4428 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
14:31:14.0929 4428 C:\Windows\System32\d3d10_1core.dll - ok
14:31:14.0929 4428 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
14:31:14.0929 4428 C:\Windows\System32\dxgi.dll - ok
14:31:14.0945 4428 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
14:31:14.0945 4428 C:\Windows\System32\WSDApi.dll - ok
14:31:14.0945 4428 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
14:31:14.0945 4428 C:\Windows\System32\webservices.dll - ok
14:31:14.0945 4428 [ 93E76ED0F310A1A1C2A9C1B8557F14BD ] C:\Windows\System32\aticfx64.dll
14:31:14.0945 4428 C:\Windows\System32\aticfx64.dll - ok
14:31:14.0945 4428 [ 1851C2C15397DD849E5F3ED9B4CE23DC ] C:\Windows\System32\atiuxp64.dll
14:31:14.0945 4428 C:\Windows\System32\atiuxp64.dll - ok
14:31:14.0945 4428 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
14:31:14.0945 4428 C:\Windows\System32\ExplorerFrame.dll - ok
14:31:14.0961 4428 [ 8A71476309AD2765391C8DDF4D2A5BEE ] C:\Windows\System32\igd10umd64.dll
14:31:14.0961 4428 C:\Windows\System32\igd10umd64.dll - ok
14:31:14.0961 4428 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
14:31:14.0961 4428 C:\Windows\System32\fundisc.dll - ok
14:31:14.0961 4428 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
14:31:14.0961 4428 C:\Windows\System32\fdPnp.dll - ok
14:31:14.0961 4428 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
14:31:14.0961 4428 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
14:31:14.0961 4428 [ 548CB980D7876E207CC9F8B60C1587A3 ] C:\Windows\System32\win32spl.dll
14:31:14.0961 4428 C:\Windows\System32\win32spl.dll - ok
14:31:14.0976 4428 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
14:31:14.0976 4428 C:\Windows\System32\inetpp.dll - ok
14:31:14.0976 4428 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
14:31:14.0976 4428 C:\Windows\System32\cscapi.dll - ok
14:31:14.0976 4428 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
14:31:14.0976 4428 C:\Windows\System32\EhStorShell.dll - ok
14:31:14.0976 4428 [ 32802C0F6FC7C8F561B9D91F52A46421 ] C:\Windows\System32\cscui.dll
14:31:14.0976 4428 C:\Windows\System32\cscui.dll - ok
14:31:14.0976 4428 [ 7EE5F17A21D9A9101207DF4BC37B085D ] C:\Windows\System32\cscdll.dll
14:31:14.0976 4428 C:\Windows\System32\cscdll.dll - ok
14:31:14.0976 4428 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
14:31:14.0976 4428 C:\Windows\System32\ntshrui.dll - ok
14:31:14.0992 4428 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
14:31:14.0992 4428 C:\Windows\System32\IconCodecService.dll - ok
14:31:14.0992 4428 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
14:31:14.0992 4428 C:\Windows\System32\runonce.exe - ok
14:31:14.0992 4428 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
14:31:14.0992 4428 C:\Windows\SysWOW64\ntdll.dll - ok
14:31:14.0992 4428 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
14:31:14.0992 4428 C:\Windows\SysWOW64\runonce.exe - ok
14:31:14.0992 4428 [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll
14:31:14.0992 4428 C:\Windows\System32\wow64.dll - ok
14:31:15.0007 4428 [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll
14:31:15.0007 4428 C:\Windows\System32\wow64win.dll - ok
14:31:15.0007 4428 [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll
14:31:15.0007 4428 C:\Windows\System32\wow64cpu.dll - ok
14:31:15.0007 4428 [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll
14:31:15.0007 4428 C:\Windows\SysWOW64\kernel32.dll - ok
14:31:15.0007 4428 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
14:31:15.0007 4428 C:\Windows\SysWOW64\advapi32.dll - ok
14:31:15.0007 4428 [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll
14:31:15.0007 4428 C:\Windows\SysWOW64\KernelBase.dll - ok
14:31:15.0023 4428 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
14:31:15.0023 4428 C:\Windows\SysWOW64\msvcrt.dll - ok
14:31:15.0023 4428 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
14:31:15.0023 4428 C:\Windows\SysWOW64\rpcrt4.dll - ok
14:31:15.0023 4428 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
14:31:15.0023 4428 C:\Windows\SysWOW64\sechost.dll - ok
14:31:15.0023 4428 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
14:31:15.0023 4428 C:\Windows\SysWOW64\cryptbase.dll - ok
14:31:15.0023 4428 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
14:31:15.0023 4428 C:\Windows\SysWOW64\gdi32.dll - ok
14:31:15.0039 4428 [ BFB26890612FB8AE8B0463EBEBE84B7E ] C:\Windows\SysWOW64\sspicli.dll
14:31:15.0039 4428 C:\Windows\SysWOW64\sspicli.dll - ok
14:31:15.0039 4428 [ 2A6A9A22FFA68DA8B2A337FB50236E1D ] C:\Windows\System32\atidxx64.dll
14:31:15.0039 4428 C:\Windows\System32\atidxx64.dll - ok
14:31:15.0039 4428 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
14:31:15.0039 4428 C:\Windows\SysWOW64\user32.dll - ok
14:31:15.0039 4428 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
14:31:15.0039 4428 C:\Windows\SysWOW64\lpk.dll - ok
14:31:15.0039 4428 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
14:31:15.0039 4428 C:\Windows\SysWOW64\usp10.dll - ok
14:31:15.0054 4428 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
14:31:15.0054 4428 C:\Windows\SysWOW64\shlwapi.dll - ok
14:31:15.0054 4428 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
14:31:15.0054 4428 C:\Windows\SysWOW64\ole32.dll - ok
14:31:15.0054 4428 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
14:31:15.0054 4428 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
14:31:15.0054 4428 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
14:31:15.0054 4428 C:\Windows\SysWOW64\shell32.dll - ok
14:31:15.0054 4428 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
14:31:15.0054 4428 C:\Windows\SysWOW64\imm32.dll - ok
14:31:15.0070 4428 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
14:31:15.0070 4428 C:\Windows\SysWOW64\msctf.dll - ok
14:31:15.0070 4428 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
14:31:15.0070 4428 C:\Windows\SysWOW64\uxtheme.dll - ok
14:31:15.0070 4428 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
14:31:15.0070 4428 C:\Windows\SysWOW64\oleaut32.dll - ok
14:31:15.0070 4428 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
14:31:15.0070 4428 C:\Windows\SysWOW64\setupapi.dll - ok
14:31:15.0070 4428 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
14:31:15.0070 4428 C:\Windows\SysWOW64\cfgmgr32.dll - ok
14:31:15.0085 4428 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
14:31:15.0085 4428 C:\Windows\SysWOW64\devobj.dll - ok
14:31:15.0085 4428 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
14:31:15.0085 4428 C:\Windows\SysWOW64\clbcatq.dll - ok
14:31:15.0085 4428 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
14:31:15.0085 4428 C:\Windows\SysWOW64\propsys.dll - ok
14:31:15.0085 4428 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
14:31:15.0085 4428 C:\Windows\SysWOW64\ntmarta.dll - ok
14:31:15.0085 4428 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
14:31:15.0085 4428 C:\Windows\SysWOW64\Wldap32.dll - ok
14:31:15.0101 4428 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
14:31:15.0101 4428 C:\Windows\SysWOW64\profapi.dll - ok
14:31:15.0101 4428 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
14:31:15.0101 4428 C:\Windows\SysWOW64\urlmon.dll - ok
14:31:15.0101 4428 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
14:31:15.0101 4428 C:\Windows\SysWOW64\iertutil.dll - ok
14:31:15.0101 4428 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
14:31:15.0101 4428 C:\Windows\SysWOW64\wininet.dll - ok
14:31:15.0101 4428 [ A113AFEED3159A1ED52D78CB0226006D ] C:\Windows\SysWOW64\secur32.dll
14:31:15.0101 4428 C:\Windows\SysWOW64\secur32.dll - ok
14:31:15.0117 4428 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
14:31:15.0117 4428 C:\Windows\SysWOW64\apphelp.dll - ok
14:31:15.0117 4428 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
14:31:15.0117 4428 C:\Windows\SysWOW64\cmd.exe - ok
14:31:15.0117 4428 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
14:31:15.0117 4428 C:\Windows\SysWOW64\winbrand.dll - ok
14:31:15.0117 4428 [ 5466DCAEF5A648E04D1B6


----------



## Raderick (Oct 2, 2005)

GMER came up with zero results in the log file, though the bottom three options were the only ones available. Everything else was greyed out. 

Going to run this in safe mode now.


----------



## Raderick (Oct 2, 2005)

Ran GMER in safe mode, still nothing.


----------



## Raderick (Oct 2, 2005)

I went ahead and used Boot and Nuke to wipe the drive clean yet again. Reinstalled Windows 7 Pro, and the issue reappeared. Any ideas?


----------



## eddie5659 (Mar 19, 2001)

Hi

Sorry for the lateness, I hadn't forgotten you, just been away for christmas, and other days working 

Are you using a router to connect to the internet? If so, that may be the route of the infection.

Also, are there any other computers connected to the same router?

-------------

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.

*Next disconnect your system from the internet, and your router, then*


Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you dont know the router's default password, you can look it up  HERE 

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out  this site here  for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================


----------



## Raderick (Oct 2, 2005)

eddie5659 said:


> Hi
> 
> Sorry for the lateness, I hadn't forgotten you, just been away for christmas, and other days working
> 
> ...


Yes I do have a wireless router, but here is the kicker - since I wiped out the hard drive and reinstalled Windows 7, I've yet to connect the laptop to the wireless connection. . Immediately when the computer booted for the first time since, Internet Explorer opened right up without me triggering it. Also it did give me an error message saying Page Cannot Be Displayed, there is no Internet connection running to the computer.


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if we can find it. It may be on a hidden partition.


*Download* *ListParts64* to your Desktop.


Double click *ListParts64.exe* to launch the program.
Press the *Scan* button.
When finished scanning it will make a log *Result.txt* on your Desktop.
*Please post me the contents of the log.*


----------



## Raderick (Oct 2, 2005)

Here you go. By the way, I have an iMac along with Windows 7 installed via VMWare, and I am not experiencing the problem on either one.

ListParts by Farbar Version: 30-10-2012
Ran by New Computer (administrator) on 02-01-2013 at 12:24:00
Windows 7 (X64)
Running From: E:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 6091.86 MB
Available physical RAM: 5139.47 MB
Total Pagefile: 12181.92 MB
Available Pagefile: 11190.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:698.54 GB) (Free:680.83 GB) NTFS
2 Drive d: (GSP1RMCPRXVOL_EN_DVD) (CDROM) (Total:2.96 GB) (Free:0 GB) UDF
3 Drive e: (Lexar) (Removable) (Total:14.9 GB) (Free:13.46 GB) FAT32

Disk ### Status Size Free  Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B 
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 698 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 698 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1096 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Lexar FAT32 Removable 14 GB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {7b84347e-52c1-11e2-b951-8f049964bf86}
resumeobject {7b84347d-52c1-11e2-b951-8f049964bf86}
displayorder {7b84347e-52c1-11e2-b951-8f049964bf86}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {7b84347e-52c1-11e2-b951-8f049964bf86}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {7b84347f-52c1-11e2-b951-8f049964bf86}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {7b84347d-52c1-11e2-b951-8f049964bf86}
nx OptIn

Windows Boot Loader
-------------------
identifier {7b84347f-52c1-11e2-b951-8f049964bf86}
device ramdisk=[C:]\Recovery\7b84347f-52c1-11e2-b951-8f049964bf86\Winre.wim,{7b843480-52c1-11e2-b951-8f049964bf86}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit  {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\7b84347f-52c1-11e2-b951-8f049964bf86\Winre.wim,{7b843480-52c1-11e2-b951-8f049964bf86}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {7b84347d-52c1-11e2-b951-8f049964bf86}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {7b843480-52c1-11e2-b951-8f049964bf86}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\7b84347f-52c1-11e2-b951-8f049964bf86\boot.sdi

****** End Of Log ******


----------



## eddie5659 (Mar 19, 2001)

> Here you go. By the way, I have an iMac along with Windows 7 installed via VMWare, and I am not experiencing the problem on either one.


I'm assuming they're using the same router as this one.

I'm just getting a check with someone about the log, will be back as soon as I get a reply from them


----------



## Raderick (Oct 2, 2005)

eddie5659 said:


> I'm assuming they're using the same router as this one.
> 
> I'm just getting a check with someone about the log, will be back as soon as I get a reply from them


That's correct, everything is getting the connection from the same router.


----------



## eddie5659 (Mar 19, 2001)

Oki doki, can you run this tool next:

Please download *MBRCheck.exe* to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:



> Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type *N* and press *Enter*. A report will be produced on the desktop. Post that report in your next reply.


----------



## Raderick (Oct 2, 2005)

Here you go.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: 
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 141):
0x02600000 \SystemRoot\system32\ntoskrnl.exe
0x02BEA000 \SystemRoot\system32\hal.dll
0x00BA5000 \SystemRoot\system32\kdcom.dll
0x00C62000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB1000 \SystemRoot\system32\PSHED.dll
0x00CC5000 \SystemRoot\system32\CLFS.SYS
0x00D23000 \SystemRoot\system32\CI.dll
0x00E83000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F27000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F36000 \SystemRoot\system32\drivers\ACPI.sys
0x00F8D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F96000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FA0000 \SystemRoot\system32\drivers\pci.sys
0x00FD3000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FE0000 \SystemRoot\System32\drivers\partmgr.sys
0x00FF5000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E0C000 \SystemRoot\system32\drivers\volmgr.sys
0x00E21000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DE3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C00000 \SystemRoot\system32\drivers\atapi.sys
0x00C09000 \SystemRoot\system32\drivers\ataport.SYS
0x00C33000 \SystemRoot\system32\drivers\msahci.sys
0x00C3E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00C4E000 \SystemRoot\system32\drivers\amdxata.sys
0x010AF000 \SystemRoot\system32\drivers\fltmgr.sys
0x010FB000 \SystemRoot\system32\drivers\fileinfo.sys
0x01209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0110F000 \SystemRoot\System32\Drivers\msrpc.sys
0x013AC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0116D000 \SystemRoot\System32\Drivers\cng.sys
0x013C7000 \SystemRoot\System32\drivers\pcw.sys
0x013D8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0149E000 \SystemRoot\system32\drivers\ndis.sys
0x01591000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016C1000 \SystemRoot\System32\drivers\tcpip.sys
0x018C5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0190F000 \SystemRoot\system32\drivers\vmstorfl.sys
0x0191F000 \SystemRoot\system32\drivers\volsnap.sys
0x0196B000 \SystemRoot\System32\Drivers\spldr.sys
0x01973000 \SystemRoot\System32\drivers\rdyboost.sys
0x019AD000 \SystemRoot\System32\Drivers\mup.sys
0x019BF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0163A000 \SystemRoot\system32\drivers\disk.sys
0x01650000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x019C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019F2000 \SystemRoot\System32\Drivers\Null.SYS
0x016B8000 \SystemRoot\System32\Drivers\Beep.SYS
0x0142B000 \SystemRoot\System32\drivers\vga.sys
0x01439000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0145E000 \SystemRoot\System32\drivers\watchdog.sys
0x0146E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01477000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01480000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01489000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013E2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01000000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01022000 \SystemRoot\system32\drivers\afd.sys
0x02C75000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CBA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02CC3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02CE9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02CF8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D13000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02D27000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02D78000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02D84000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02D8F000 \SystemRoot\System32\drivers\discache.sys
0x03CE7000 \SystemRoot\system32\drivers\csc.sys
0x03D6A000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D88000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D99000 \SystemRoot\system32\DRIVERS\vgapnp.sys
0x03DA7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03C56000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C7A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x03C9A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03CB8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03CC7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03CD6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03CDB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03DB8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03DCE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03DDE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02D9E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03DF4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02DC2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02C00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02C1B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02C3C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02C56000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03CE4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03EA4000 \SystemRoot\system32\DRIVERS\ks.sys
0x03EE7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03EF9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03F53000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03F68000 \SystemRoot\system32\drivers\HdAudio.sys
0x03E00000 \SystemRoot\system32\drivers\portcls.sys
0x03E3D000 \SystemRoot\system32\drivers\drmk.sys
0x03E5F000 \SystemRoot\system32\drivers\ksthunk.sys
0x04AE7000 \SystemRoot\system32\DRIVERS\udfs.sys
0x04B3C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04B4A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04B56000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04B61000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04B74000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04B91000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04B93000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x04BC1000 \SystemRoot\System32\drivers\Dxapi.sys
0x00400000 \SystemRoot\System32\drivers\dxg.sys
0x04BCD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00740000 \SystemRoot\System32\TSDDD.dll
0x00850000 \SystemRoot\System32\framebuf.dll
0x04A00000 \SystemRoot\system32\drivers\spsys.sys
0x04A71000 \SystemRoot\system32\drivers\luafv.sys
0x04A94000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04AA9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02647000 \SystemRoot\system32\drivers\HTTP.sys
0x02710000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0272E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02746000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02773000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x027C0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02A74000 \SystemRoot\system32\drivers\peauth.sys
0x02B1A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02B25000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02B56000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02B68000 \SystemRoot\System32\DRIVERS\srv2.sys
0x038A5000 \SystemRoot\System32\DRIVERS\srv.sys
0x0393E000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0398E000 \SystemRoot\System32\Drivers\fastfat.SYS
0x039C4000 \SystemRoot\system32\drivers\WudfPf.sys
0x0385B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x03949000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77370000 \Windows\System32\ntdll.dll
0x48010000 \Windows\System32\smss.exe
0xFF690000 \Windows\System32\apisetschema.dll

Processes (total 40):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
364 csrss.exe
400 csrss.exe
408 C:\Windows\System32\wininit.exe
448 C:\Windows\System32\winlogon.exe
496 C:\Windows\System32\services.exe
520 C:\Windows\System32\lsass.exe
528 C:\Windows\System32\lsm.exe
620 C:\Windows\System32\svchost.exe
700 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\sppsvc.exe
916 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
716 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
588 C:\Windows\servicing\TrustedInstaller.exe
1208 C:\Windows\System32\spoolsv.exe
1256 C:\Windows\System32\svchost.exe
1924 C:\Windows\System32\SearchIndexer.exe
292 C:\Windows\System32\taskhost.exe
856 C:\Windows\System32\dwm.exe
784 C:\Windows\explorer.exe
1368 C:\Windows\System32\audiodg.exe
2820 C:\Windows\System32\svchost.exe
2880 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
956 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
2824 C:\Windows\System32\svchost.exe
1876 WmiPrvSE.exe
2460 C:\Windows\System32\SearchProtocolHost.exe
1380 C:\Windows\System32\SearchFilterHost.exe
2316 WUDFHost.exe
2620 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1072 <unknown>
2884 <unknown>
308 E:\MBRCheck.exe
964 C:\Windows\System32\conhost.exe
2336 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS547575A9E384, Rev: JE4OA50A

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!


----------



## eddie5659 (Mar 19, 2001)

Looks okay, but lets just triple-check.

Run *MBRCheck.exe* once again.

You will be presented with the following dialog:



> Found non-standard or infected MBR.
> Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Enter *Y *and press *Enter*.

The following dialog will be presented:


> Options:
> [1] Dump the MBR of a physical disk to file.
> [2] Restore the MBR of a physical disk with a standard boot code.
> [3] Exit.
> ...


Enter *1* and press *Enter*

The following dialog will be presented:



> Enter the physical disk number to fix (0-99, -1 to cancel):


Enter >>0<< and press *Enter*

The program will ask for the file name to dump to, type *dump.dat* and Press Enter. You should see a Dumped successfully message. Type *-1* and press Enter twice to exit the program. Save the *dump.dat* file to your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *dump.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## Raderick (Oct 2, 2005)

eddie5659 said:


> Looks okay, but lets just triple-check.
> 
> Run *MBRCheck.exe* once again.
> 
> ...


This prompt did not come up when I ran MBRCheck.exe again.


----------



## eddie5659 (Mar 19, 2001)

Then it looks like its a correct version of Windows in the MBR, so that rules that out 

Now, you did say that this all happens straight on the bootup. Can you do the following for me:

For x64 bit systems download *Farbar Recovery Scan Tool x64* and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter *System Recovery Options*.

*To enter System Recovery Options from the Advanced Boot Options:*

Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Select *English* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.

*To enter System Recovery Options by using Windows installation disc:*

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Select *English* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.

*On the System Recovery Options menu you will get the following options:*


*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*

Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst64* and press *Enter*
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

eddie


----------



## Raderick (Oct 2, 2005)

Here you go.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
Ran by SYSTEM at 09-01-2013 22:18:49
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [] [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) ===================

2 FPLService; "C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe" [260424 2011-12-11] (HP)
3 TrueService; "C:\Program Files\Common Files\AuthenTec\TrueService.exe" [269640 2011-12-09] (AuthenTec, Inc.)

==================== Drivers (Whitelisted) =====================

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-01-08 23:14 - 2013-01-08 23:14 - 00014076 ____A C:\Users\New Computer\Desktop\MBRCheck_01.08.13_23.14.56.txt
2013-01-08 23:14 - 2013-01-08 23:14 - 00014076 ____A C:\Users\New Computer\Desktop\MBRCheck_01.08.13_23.14.47.txt
2013-01-08 22:34 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-01-08 22:34 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-01-08 22:34 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-01-08 22:34 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-01-08 22:34 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-01-08 22:34 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-01-08 21:45 - 2013-01-08 21:45 - 00000000 ____D C:\Users\New Computer\AppData\Roaming\Synaptics
2013-01-08 21:45 - 2013-01-08 21:45 - 00000000 ____D C:\Users\New Computer\AppData\Roaming\Intel Corporation
2013-01-08 21:45 - 2013-01-08 21:45 - 00000000 ____D C:\Users\All Users\Synaptics
2013-01-08 21:45 - 2013-01-08 21:45 - 00000000 ____D C:\Users\All Users\Intel
2013-01-08 21:41 - 2013-01-08 21:41 - 00000000 ____D C:\Windows\System32\SRSLabs
2013-01-08 21:41 - 2012-01-04 00:37 - 06344704 ____A (IDT, Inc.) C:\Windows\System32\IDTNGUI.exe
2013-01-08 21:41 - 2012-01-04 00:37 - 05298688 ____A (IDT, Inc.) C:\Windows\System32\IDTNHP.dll
2013-01-08 21:41 - 2012-01-04 00:37 - 04444672 ____A (IDT, Inc.) C:\Windows\System32\stlang64.dll
2013-01-08 21:41 - 2012-01-04 00:37 - 01819136 ____A (IDT, Inc.) C:\Windows\System32\IDTNC64.cpl
2013-01-08 21:41 - 2012-01-04 00:37 - 01425408 ____A (IDT, Inc.) C:\Windows\sttray64.exe
2013-01-08 21:41 - 2012-01-04 00:37 - 01085440 ____A (IDT, Inc.) C:\Windows\System32\IDTNX.dll
2013-01-08 21:41 - 2012-01-04 00:37 - 00249344 ____A (IDT, Inc.) C:\Windows\System32\IDTNJ.exe
2013-01-08 21:41 - 2012-01-04 00:37 - 00223744 ____A (IDT, Inc.) C:\Windows\System32\HPToneCtrls64.dll
2013-01-08 21:41 - 2010-04-01 14:11 - 00162304 ____A (Andrea Electronics Corporation) C:\Windows\System32\AESTAC64.dll
2013-01-08 21:41 - 2009-10-10 00:45 - 00442368 ____A (Andrea Electronics Corporation) C:\Windows\System32\AESTEC64.dll
2013-01-08 21:41 - 2009-03-03 01:58 - 00068608 ____A (Andrea Electronics Corporation) C:\Windows\System32\AESTAR64.dll
2013-01-08 21:41 - 2009-03-03 01:47 - 00090624 ____A (Andrea Electronics Corporation) C:\Windows\System32\AESTCo64.dll
2013-01-08 21:40 - 2013-01-08 21:41 - 00000000 ____D C:\Program Files\IDT
2013-01-08 21:40 - 2012-01-04 00:37 - 01987072 ____A (IDT, Inc.) C:\Windows\System32\stapo64.dll
2013-01-08 21:40 - 2012-01-04 00:37 - 00654336 ____N (IDT, Inc.) C:\Windows\System32\stapi64.dll
2013-01-08 21:40 - 2012-01-04 00:37 - 00535552 ____A (IDT, Inc.) C:\Windows\System32\Drivers\stwrt64.sys
2013-01-08 21:40 - 2012-01-04 00:37 - 00448512 ____A (IDT, Inc.) C:\Windows\System32\stcplx64.dll
2013-01-08 21:40 - 2012-01-04 00:37 - 00251904 ____A (IDT, Inc.) C:\Windows\System32\staco64.dll
2013-01-08 21:34 - 2013-01-08 21:35 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-01-08 21:31 - 2011-11-29 22:38 - 00501248 ____A (Microsoft Corporation) C:\Windows\System32\WinSATAPI.dll
2013-01-08 21:31 - 2011-11-29 21:34 - 00335872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2013-01-08 21:31 - 2011-11-04 19:44 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-01-08 21:31 - 2011-11-04 19:44 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-01-08 21:31 - 2011-11-04 19:44 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-01-08 21:31 - 2011-11-04 19:43 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-01-08 21:31 - 2011-11-04 19:43 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-01-08 21:31 - 2011-11-04 19:43 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-01-08 21:31 - 2011-11-04 19:43 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-01-08 21:31 - 2011-09-17 17:59 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-01-08 21:31 - 2011-09-17 17:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-01-08 21:31 - 2011-08-22 21:21 - 00983920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-01-08 21:31 - 2011-08-22 21:21 - 00265072 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-01-08 21:31 - 2010-12-17 03:37 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2013-01-08 21:30 - 2011-06-09 21:32 - 00246784 ____A (Microsoft Corporation) C:\Windows\System32\input.dll
2013-01-08 21:30 - 2011-06-09 20:30 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2013-01-08 21:30 - 2011-06-09 14:57 - 00419744 ____A C:\Windows\SysWOW64\locale.nls
2013-01-08 21:30 - 2011-06-09 14:55 - 00419744 ____A C:\Windows\System32\locale.nls
2013-01-08 21:30 - 2011-04-07 23:46 - 05562240 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-01-08 21:30 - 2011-04-07 23:35 - 03967872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-01-08 21:30 - 2011-04-07 23:35 - 03912576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-01-08 21:30 - 2011-03-18 23:39 - 01924480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-01-08 21:30 - 2011-03-18 22:09 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2013-01-08 21:30 - 2011-02-24 22:25 - 00296320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-01-08 21:29 - 2013-01-08 21:34 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-01-08 21:29 - 2011-01-28 11:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\ifsutil.dll
2013-01-08 21:29 - 2011-01-27 21:46 - 00148992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2013-01-08 21:29 - 2011-01-13 22:23 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\umpo.dll
2013-01-08 21:29 - 2010-12-29 02:57 - 00951680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-01-08 21:25 - 2013-01-08 21:25 - 00000000 ____D C:\Users\New Computer\AppData\Local\AuthenTec
2013-01-08 21:24 - 2013-01-08 21:24 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2013-01-08 21:23 - 2013-01-08 21:24 - 00000000 ____D C:\Users\All Users\Downloaded Installations
2013-01-08 21:23 - 2013-01-08 21:23 - 00000000 ____D C:\Program Files\Common Files\AuthenTec
2013-01-08 21:21 - 2013-01-08 21:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf
2013-01-08 21:21 - 2013-01-08 21:21 - 00000000 ____D C:\Program Files\Validity Sensors
2013-01-08 21:20 - 2013-01-08 21:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-01-08 21:20 - 2013-01-08 21:20 - 00000000 ____D C:\Program Files\Synaptics
2013-01-08 21:19 - 2013-01-08 21:19 - 00001360 ____A C:\Windows\Synaptics.log
2013-01-08 21:18 - 2011-02-16 18:11 - 00428136 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2013-01-08 21:18 - 2011-02-16 18:11 - 00107552 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2013-01-08 21:18 - 2011-02-16 18:11 - 00074272 ____A C:\Windows\System32\RtNicProp64.dll
2013-01-08 21:16 - 2013-01-08 21:18 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-01-08 21:16 - 2013-01-08 21:16 - 00000000 ____D C:\Windows\SysWOW64\sda
2013-01-08 21:16 - 2011-05-30 16:03 - 00338536 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsPStor.sys
2013-01-08 21:16 - 2011-02-15 11:37 - 09888360 ____A (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2013-01-08 21:12 - 2013-01-08 21:12 - 00000000 ____D C:\Users\New Computer\AppData\Roaming\InstallShield
2013-01-08 21:12 - 2011-08-09 08:28 - 00008192 ____A C:\Windows\System32\Drivers\IntelMEFWVer.dll
2013-01-08 21:12 - 2011-05-20 09:53 - 00557848 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys
2013-01-08 21:09 - 2011-04-15 16:00 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-01-08 21:07 - 2013-01-08 21:07 - 00057560 ____A C:\Users\New Computer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-08 21:06 - 2013-01-08 21:06 - 00000000 ____D C:\Users\New Computer\AppData\Roaming\ATI
2013-01-08 21:06 - 2013-01-08 21:06 - 00000000 ____D C:\Users\New Computer\AppData\Local\ATI
2013-01-08 21:06 - 2013-01-08 21:06 - 00000000 ____D C:\Users\All Users\ATI
2013-01-08 21:05 - 2013-01-08 21:05 - 00000000 ____A C:\Windows\ativpsrm.bin
2013-01-08 20:59 - 2013-01-08 21:12 - 00000000 ____D C:\Program Files (x86)\Intel
2013-01-08 20:59 - 2013-01-08 20:59 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-01-08 20:58 - 2013-01-08 20:58 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-01-08 20:56 - 2011-03-17 13:51 - 00003929 ____A C:\Windows\SysWOW64\atipblup.dat
2013-01-08 20:56 - 2011-03-17 13:51 - 00003929 ____A C:\Windows\System32\atipblup.dat
2013-01-08 20:55 - 2013-01-08 20:56 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-01-08 20:54 - 2013-01-08 20:58 - 00000000 ____D C:\Program Files\ATI Technologies
2013-01-08 20:54 - 2013-01-08 20:54 - 00000000 ____D C:\Program Files\ATI
2013-01-08 20:42 - 2013-01-08 20:42 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2013-01-08 20:42 - 2013-01-08 20:42 - 00000000 ____D C:\Program Files\Intel
2013-01-08 20:41 - 2013-01-08 21:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-01-08 20:41 - 2013-01-08 21:20 - 00010598 ____A C:\Windows\DPINST.LOG
2013-01-08 20:40 - 2013-01-08 20:40 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2013-01-08 20:39 - 2013-01-08 21:40 - 00000000 ____D C:\SWSetup
2013-01-08 20:39 - 2013-01-08 20:39 - 00000000 ____D C:\Windows\HPQ
2013-01-08 20:39 - 2013-01-08 20:39 - 00000000 ____D C:\Intel
2013-01-08 20:35 - 2013-01-08 20:35 - 00010039 ____A C:\Users\New Computer\Desktop\MBRCheck_01.08.13_20.35.32.txt
2013-01-08 20:35 - 2013-01-08 20:35 - 00009926 ____A C:\Users\New Computer\Desktop\MBRCheck_01.08.13_20.35.09.txt
2013-01-08 20:35 - 2013-01-03 20:17 - 00080384 ____A C:\Users\New Computer\Desktop\MBRCheck.exe
2013-01-08 20:34 - 2013-01-08 20:34 - 00009926 ____A C:\Users\New Computer\Desktop\MBRCheck_01.08.13_20.34.27.txt
2013-01-03 20:20 - 2013-01-03 20:20 - 00009903 ____A C:\Users\New Computer\Desktop\MBRCheck_01.03.13_20.20.30.txt
2013-01-02 12:23 - 2013-01-02 12:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-12-30 13:25 - 2012-12-30 13:25 - 00000020 ___SH C:\Users\New Computer\ntuser.ini
2012-12-30 13:25 - 2012-12-30 13:25 - 00000000 __SHD C:\Recovery
2012-12-30 13:25 - 2012-12-30 13:25 - 00000000 ____D C:\Users\New Computer\AppData\Local\VirtualStore
2012-12-30 13:25 - 2012-12-30 13:25 - 00000000 ____D C:\users\New Computer
2012-12-30 12:46 - 2013-01-09 22:06 - 01902265 ____A C:\Windows\WindowsUpdate.log
2012-12-30 12:45 - 2012-12-30 12:45 - 00001355 ____A C:\Windows\TSSysprep.log
2012-12-30 12:43 - 2012-12-30 13:25 - 00000000 ____D C:\Windows\Panther

==================== One Month Modified Files and Folders =======

2013-01-09 22:06 - 2012-12-30 12:46 - 01902265 ____A C:\Windows\WindowsUpdate.log
2013-01-09 22:06 - 2009-07-13 20:45 - 00017056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-09 22:06 - 2009-07-13 20:45 - 00017056 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-08 23:14 - 2013-01-08 23:14 - 00014076 ____A C:\Users\New Computer\Desktop\MBRCheck_01.08.13_23.14.56.txt
2013-01-08 23:14 - 2013-01-08 23:14 - 00014076 ____A C:\Users\New Computer\Desktop\MBRCheck_01.08.13_23.14.47.txt
2013-01-08 22:36 - 2009-07-13 21:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-08 21:45 - 2013-01-08 21:45 - 00000000 ____D C:\Users\New Computer\AppData\Roaming\Synaptics
2013-01-08 21:45 - 2013-01-08 21:45 - 00000000 ____D C:\Users\New Computer\AppData\Roaming\Intel Corporation
2013-01-08 21:45 - 2013-01-08 21:45 - 00000000 ____D C:\Users\All Users\Synaptics
2013-01-08 21:45 - 2013-01-08 21:45 - 00000000 ____D C:\Users\All Users\Intel
2013-01-08 21:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-08 21:45 - 2009-07-13 20:51 - 00028005 ____A C:\Windows\setupact.log
2013-01-08 21:41 - 2013-01-08 21:41 - 00000000 ____D C:\Windows\System32\SRSLabs
2013-01-08 21:41 - 2013-01-08 21:40 - 00000000 ____D C:\Program Files\IDT
2013-01-08 21:40 - 2013-01-08 20:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-01-08 21:40 - 2013-01-08 20:39 - 00000000 ____D C:\SWSetup
2013-01-08 21:35 - 2013-01-08 21:34 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-01-08 21:34 - 2013-01-08 21:29 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-01-08 21:25 - 2013-01-08 21:25 - 00000000 ____D C:\Users\New Computer\AppData\Local\AuthenTec
2013-01-08 21:24 - 2013-01-08 21:24 - 00000000 ____D C:\Program Files (x86)\HP SimplePass
2013-01-08 21:24 - 2013-01-08 21:23 - 00000000 ____D C:\Users\All Users\Downloaded Installations
2013-01-08 21:23 - 2013-01-08 21:23 - 00000000 ____D C:\Program Files\Common Files\AuthenTec
2013-01-08 21:23 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioDatabase
2013-01-08 21:21 - 2013-01-08 21:21 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf
2013-01-08 21:21 - 2013-01-08 21:21 - 00000000 ____D C:\Program Files\Validity Sensors
2013-01-08 21:21 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2013-01-08 21:20 - 2013-01-08 21:20 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-01-08 21:20 - 2013-01-08 21:20 - 00000000 ____D C:\Program Files\Synaptics
2013-01-08 21:20 - 2013-01-08 20:41 - 00010598 ____A C:\Windows\DPINST.LOG
2013-01-08 21:19 - 2013-01-08 21:19 - 00001360 ____A C:\Windows\Synaptics.log
2013-01-08 21:18 - 2013-01-08 21:16 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-01-08 21:16 - 2013-01-08 21:16 - 00000000 ____D C:\Windows\SysWOW64\sda
2013-01-08 21:12 - 2013-01-08 21:12 - 00000000 ____D C:\Users\New Computer\AppData\Roaming\InstallShield
2013-01-08 21:12 - 2013-01-08 20:59 - 00000000 ____D C:\Program Files (x86)\Intel
2013-01-08 21:07 - 2013-01-08 21:07 - 00057560 ____A C:\Users\New Computer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-08 21:06 - 2013-01-08 21:06 - 00000000 ____D C:\Users\New Computer\AppData\Roaming\ATI
2013-01-08 21:06 - 2013-01-08 21:06 - 00000000 ____D C:\Users\New Computer\AppData\Local\ATI
2013-01-08 21:06 - 2013-01-08 21:06 - 00000000 ____D C:\Users\All Users\ATI
2013-01-08 21:05 - 2013-01-08 21:05 - 00000000 ____A C:\Windows\ativpsrm.bin
2013-01-08 20:59 - 2013-01-08 20:59 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-01-08 20:58 - 2013-01-08 20:58 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-01-08 20:58 - 2013-01-08 20:54 - 00000000 ____D C:\Program Files\ATI Technologies
2013-01-08 20:56 - 2013-01-08 20:55 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-01-08 20:54 - 2013-01-08 20:54 - 00000000 ____D C:\Program Files\ATI
2013-01-08 20:54 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-01-08 20:42 - 2013-01-08 20:42 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2013-01-08 20:42 - 2013-01-08 20:42 - 00000000 ____D C:\Program Files\Intel
2013-01-08 20:40 - 2013-01-08 20:40 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2013-01-08 20:40 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-01-08 20:39 - 2013-01-08 20:39 - 00000000 ____D C:\Windows\HPQ
2013-01-08 20:39 - 2013-01-08 20:39 - 00000000 ____D C:\Intel
2013-01-08 20:35 - 2013-01-08 20:35 - 00010039 ____A C:\Users\New Computer\Desktop\MBRCheck_01.08.13_20.35.32.txt
2013-01-08 20:35 - 2013-01-08 20:35 - 00009926 ____A C:\Users\New Computer\Desktop\MBRCheck_01.08.13_20.35.09.txt
2013-01-08 20:34 - 2013-01-08 20:34 - 00009926 ____A C:\Users\New Computer\Desktop\MBRCheck_01.08.13_20.34.27.txt
2013-01-03 20:20 - 2013-01-03 20:20 - 00009903 ____A C:\Users\New Computer\Desktop\MBRCheck_01.03.13_20.20.30.txt
2013-01-03 20:17 - 2013-01-08 20:35 - 00080384 ____A C:\Users\New Computer\Desktop\MBRCheck.exe
2013-01-02 12:23 - 2013-01-02 12:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-12-30 13:25 - 2012-12-30 13:25 - 00000020 ___SH C:\Users\New Computer\ntuser.ini
2012-12-30 13:25 - 2012-12-30 13:25 - 00000000 __SHD C:\Recovery
2012-12-30 13:25 - 2012-12-30 13:25 - 00000000 ____D C:\Users\New Computer\AppData\Local\VirtualStore
2012-12-30 13:25 - 2012-12-30 13:25 - 00000000 ____D C:\users\New Computer
2012-12-30 13:25 - 2012-12-30 12:43 - 00000000 ____D C:\Windows\Panther
2012-12-30 13:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Recovery
2012-12-30 13:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-30 12:48 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-30 12:46 - 2009-07-13 20:46 - 00002790 ____A C:\Windows\DtcInstall.log
2012-12-30 12:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-12-30 12:45 - 2012-12-30 12:45 - 00001355 ____A C:\Windows\TSSysprep.log
2012-12-30 12:44 - 2011-04-11 23:51 - 00000000 ____D C:\Windows\CSC
2012-12-30 12:42 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-12-30 12:42 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-08 20:40:26
Restore point made on: 2013-01-08 21:02:25
Restore point made on: 2013-01-08 21:08:15
Restore point made on: 2013-01-08 21:14:29
Restore point made on: 2013-01-08 21:16:17
Restore point made on: 2013-01-08 21:18:20
Restore point made on: 2013-01-08 21:20:50
Restore point made on: 2013-01-08 21:24:16
Restore point made on: 2013-01-08 21:27:27
Restore point made on: 2013-01-08 22:34:25

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6091.86 MB
Available physical RAM: 5382.21 MB
Total Pagefile: 6090.06 MB
Available Pagefile: 5367.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:696.53 GB) (Free:670.55 GB) NTFS
2 Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32
3 Drive f: (GSP1RMCPRXVOL_EN_DVD) (CDROM) (Total:2.96 GB) (Free:0 GB) UDF
4 Drive g: (Lexar) (Removable) (Total:14.9 GB) (Free:13.46 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 8 MB 
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 696 GB 101 MB
Partition 3 Primary 2048 MB 696 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 696 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_TOOLS FAT32 Partition 2048 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1096 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Lexar FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2012-12-30 12:43

==================== End Of Log =============================


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, weekends I try and be here, but spend time at work as its needed 

Looking at the log, nothing seems to point to malware.

As this is a clean install, can you re-run OTL so that I can see if anything jumps out.

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Select 
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%$Recycle.Bin\
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
ATAPI.SYS
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


------------------


----------



## eddie5659 (Mar 19, 2001)

Also, can you see if you can run a scan from both of these:

Please go to *here* to run an online scannner from ESET.

 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is *ticked*, and the option *Scan unwanted applications* is *checked*
Click on *Advanced Settings* and ensure these options are ticked:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Scan*
Wait for the scan to finish
If any threats were found, click the *'List of found threats' *, then click* Export to text file...*. 
Save it to your desktop, then please copy and paste that log as a reply to this topic.

-----------------

Please go *HERE* to run Panda's ActiveScan
Once you are on the Panda site click the *Scan your PC Now* button. 
A new window will open...click the *Scan Now* button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) 
If it wants to run an AddOn component allow it.
It should now start scanning.
When the scan completes, if anything malicious is detected, click the *See Report* button, then Save Report by clicking on *Export To icon* and save it to a convenient location. Post the contents of the ActiveScan report.


----------



## Raderick (Oct 2, 2005)

I'm running the OTL scan, but it is not responding about 5 minutes in, and then the application closes altogether. All the while Internet Explorer opens on its own a few times over.

I'll do the ESET and Panda scans and post the stats in a few.


----------



## Raderick (Oct 2, 2005)

No threats found when running the ESET scan.


----------



## Raderick (Oct 2, 2005)

;***********************************************************************************************************************************************************************************
ANALYSIS: 2013-01-15 22:09:50
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\new computer\appdata\roaming\microsoft\windows\cookies\low\[email protected][1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


----------



## eddie5659 (Mar 19, 2001)

Okay, leave OTL for the moment, and run these three instead. RSIT will create two logs, so if its over a few replies, that's fine 


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)

---

*Delete any copies of Combofix that you have.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

-------

Please download *GMER* from one of the following locations and save it to your desktop:


Main Mirror which will download a randomly named file
Zipped Mirror - Unzip the file to its own folder such as *C:\gmer *
Disconnect from the Internet and close all running programs
Temporarily disable any real-time active protection 
It is *very important* you do not use your computer while *GMER* is running

Double-click on the *randomly named* *GMER*







icon

*GMER* will open to the *Rootkit/Malware* tab and perform an automatic quick scan
If you receive a warning about rootkit activity and are asked to fully scan your system click *NO* 
Please *check* in the *Quick scan* box
Please *uncheck* the following:
*IAT/EAT*
*Show All* *<<< Important*










Click *Scan*
If you see a rootkit warning window click *OK* 
When the scan is finished, *Save* the results to your desktop as *gmer.log*
Click *Copy* then paste the results in your reply 
Exit *GMER* and be sure to *re-enable* your Antivirus, Firewall and any other security programs you had disabled
*Note*:

If you encounter any problems, try running *GMER* in Safe Mode
If *GMER* crashes or keeps resulting in a Blue Screen of Death, *uncheck* Devices on the right side before scanning

eddie


----------



## Raderick (Oct 2, 2005)

ComboFix 13-01-17.04 - New Computer 01/19/2013 13:03:01.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6092.3854 [GMT -8:00]
Running from: c:\users\New Computer\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 21:05 . 2013-01-19 21:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-19 21:01 . 2013-01-19 21:01	--------	d-----w-	c:\program files (x86)\GUM9A71.tmp
2013-01-16 04:56 . 2013-01-16 04:56	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBED6671-4B1E-4676-B186-2FA32BE0674D}\offreg.dll
2013-01-16 04:46 . 2009-06-30 18:37	33800	----a-w-	c:\windows\system32\drivers\pavboot64.sys
2013-01-16 04:46 . 2013-01-16 04:46	--------	d-----w-	c:\program files (x86)\Panda Security
2013-01-16 03:58 . 2013-01-16 03:58	--------	d-----w-	c:\program files (x86)\ESET
2013-01-16 03:45 . 2012-11-19 09:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBED6671-4B1E-4676-B186-2FA32BE0674D}\mpengine.dll
2013-01-15 06:58 . 2013-01-15 06:58	--------	d-----w-	c:\windows\SysWow64\Wat
2013-01-15 06:58 . 2013-01-15 06:58	--------	d-----w-	c:\windows\system32\Wat
2013-01-14 01:06 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-01-14 01:06 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-01-14 01:06 . 2012-07-26 04:47	2560	----a-w-	c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-14 01:06 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-01-14 00:58 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-01-14 00:58 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2013-01-14 00:58 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2013-01-14 00:58 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-01-14 00:58 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2013-01-10 06:18 . 2013-01-10 06:18	--------	d-----w-	C:\FRST
2013-01-09 07:00 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-01-09 06:58 . 2010-12-23 10:42	1118720	----a-w-	c:\windows\system32\sbe.dll
2013-01-09 06:57 . 2012-08-30 18:03	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-09 06:57 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-09 06:57 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-09 06:54 . 2012-06-02 05:45	340992	----a-w-	c:\windows\system32\schannel.dll
2013-01-09 06:53 . 2012-10-03 17:44	70656	----a-w-	c:\windows\system32\nlaapi.dll
2013-01-09 06:52 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2013-01-09 06:52 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2013-01-09 06:52 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 06:52 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-09 06:52 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2013-01-09 06:52 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-01-09 06:52 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2013-01-09 06:48 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2013-01-09 06:47 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 06:46 . 2012-06-06 06:05	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2013-01-09 06:38 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2013-01-09 06:38 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2013-01-09 06:38 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2013-01-09 06:34 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2013-01-09 06:34 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2013-01-09 06:34 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2013-01-09 06:34 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2013-01-09 06:34 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2013-01-09 06:34 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2013-01-09 06:34 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2013-01-09 06:34 . 2012-06-02 23:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2013-01-09 06:34 . 2012-06-02 23:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2013-01-09 06:33 . 2013-01-09 06:33	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-01-09 06:19 . 2013-01-09 06:19	--------	d-----w-	c:\program files (x86)\Common Files\Intel Corporation
2013-01-09 05:45 . 2013-01-09 05:45	--------	d-----w-	c:\programdata\Synaptics
2013-01-09 05:45 . 2013-01-09 05:45	--------	d-----w-	c:\programdata\Intel
2013-01-09 05:40 . 2012-01-04 08:37	535552	----a-w-	c:\windows\system32\drivers\stwrt64.sys
2013-01-09 05:40 . 2012-01-04 08:37	251904	----a-w-	c:\windows\system32\staco64.dll
2013-01-09 05:40 . 2012-01-04 08:37	654336	------w-	c:\windows\system32\stapi64.dll
2013-01-09 05:40 . 2012-01-04 08:37	448512	----a-w-	c:\windows\system32\stcplx64.dll
2013-01-09 05:40 . 2012-01-04 08:37	1987072	----a-w-	c:\windows\system32\stapo64.dll
2013-01-09 05:40 . 2013-01-09 05:41	--------	d-----w-	c:\program files\IDT
2013-01-09 05:34 . 2013-01-09 05:35	--------	d-----w-	c:\windows\Hewlett-Packard
2013-01-09 05:30 . 2011-06-10 05:32	246784	----a-w-	c:\windows\system32\input.dll
2013-01-09 05:30 . 2011-06-10 04:30	202240	----a-w-	c:\windows\SysWow64\input.dll
2013-01-09 05:30 . 2011-03-19 06:09	31744	----a-w-	c:\windows\system32\drivers\usbrpm.sys
2013-01-09 05:30 . 2011-02-25 06:25	296320	----a-w-	c:\windows\system32\drivers\volsnap.sys
2013-01-09 05:29 . 2011-01-28 19:03	180736	----a-w-	c:\windows\system32\ifsutil.dll
2013-01-09 05:29 . 2011-01-28 05:46	148992	----a-w-	c:\windows\SysWow64\ifsutil.dll
2013-01-09 05:29 . 2011-01-14 06:23	163840	----a-w-	c:\windows\system32\umpo.dll
2013-01-09 05:29 . 2013-01-09 05:34	--------	d-----w-	c:\program files (x86)\Hewlett-Packard
2013-01-09 05:24 . 2013-01-09 05:24	--------	d-----w-	c:\program files (x86)\HP SimplePass
2013-01-09 05:23 . 2013-01-09 05:23	--------	d-----w-	c:\program files\Common Files\AuthenTec
2013-01-09 05:23 . 2013-01-09 05:23	--------	d-----w-	c:\program files (x86)\Common Files\AuthenTec
2013-01-09 05:23 . 2013-01-09 05:24	--------	d-----w-	c:\programdata\Downloaded Installations
2013-01-09 05:21 . 2013-01-09 05:21	--------	d-----w-	c:\program files\Validity Sensors
2013-01-09 05:20 . 2013-01-09 05:20	--------	d-----w-	c:\program files\Synaptics
2013-01-09 05:18 . 2011-02-17 02:11	74272	----a-w-	c:\windows\system32\RtNicProp64.dll
2013-01-09 05:18 . 2011-02-17 02:11	428136	----a-w-	c:\windows\system32\drivers\Rt64win7.sys
2013-01-09 05:18 . 2011-02-17 02:11	107552	----a-w-	c:\windows\system32\RTNUninst64.dll
2013-01-09 05:16 . 2013-01-09 05:16	--------	d-----w-	c:\windows\SysWow64\sda
2013-01-09 05:16 . 2013-01-09 05:18	--------	d-----w-	c:\program files (x86)\Realtek
2013-01-09 05:16 . 2011-05-31 00:03	338536	----a-w-	c:\windows\system32\drivers\RtsPStor.sys
2013-01-09 05:16 . 2011-02-15 19:37	9888360	----a-w-	c:\windows\SysWow64\RtsPStorIcon.dll
2013-01-09 05:12 . 2011-05-20 17:53	557848	----a-w-	c:\windows\system32\drivers\iaStor.sys
2013-01-09 05:12 . 2011-08-09 16:28	8192	----a-w-	c:\windows\system32\drivers\IntelMEFWVer.dll
2013-01-09 05:11 . 2013-01-09 05:11	--------	d-----w-	c:\program files (x86)\Common Files\postureAgent
2013-01-09 05:09 . 2011-04-16 00:00	53248	----a-w-	c:\windows\SysWow64\CSVer.dll
2013-01-09 05:06 . 2013-01-09 05:06	--------	d-----w-	c:\programdata\ATI
2013-01-09 05:05 . 2013-01-09 05:05	0	----a-w-	c:\windows\ativpsrm.bin
2013-01-09 04:59 . 2013-01-09 05:12	--------	d-----w-	c:\program files (x86)\Intel
2013-01-09 04:59 . 2013-01-09 04:59	--------	d-----w-	c:\program files\Common Files\Intel
2013-01-09 04:59 . 2013-01-09 04:59	--------	d-----w-	c:\program files (x86)\Common Files\Intel
2013-01-09 04:58 . 2013-01-09 04:58	--------	d-----w-	c:\program files (x86)\AMD APP
2013-01-09 04:55 . 2013-01-09 04:56	--------	d-----w-	c:\program files (x86)\ATI Technologies
2013-01-09 04:54 . 2013-01-09 04:54	--------	d-----w-	c:\program files\ATI
2013-01-09 04:54 . 2013-01-09 04:58	--------	d-----w-	c:\program files\ATI Technologies
2013-01-09 04:42 . 2013-01-09 04:42	--------	d-----w-	c:\program files\Intel
2013-01-09 04:41 . 2013-01-09 05:40	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2013-01-09 04:40 . 2013-01-09 04:40	--------	d-----w-	c:\program files (x86)\Renesas Electronics
2013-01-09 04:40 . 2013-01-09 05:34	--------	d-sh--w-	c:\windows\Installer
2013-01-09 04:39 . 2013-01-09 04:39	--------	d-----w-	C:\Intel
2013-01-09 04:39 . 2013-01-09 04:39	--------	d-----w-	c:\windows\HPQ
2013-01-09 04:39 . 2013-01-09 05:40	--------	d-----w-	C:\SWSetup
2012-12-30 21:25 . 2012-12-30 21:25	--------	d-----w-	c:\users\New Computer
2012-12-30 21:25 . 2012-12-30 21:25	--------	d-----w-	C:\Recovery
2012-12-30 20:43 . 2012-12-30 21:25	--------	d-----w-	c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-30 04:45 . 2013-01-09 06:48	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AMPPALP;IntelÆ CentrinoÆ Wireless BluetoothÆ 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-15 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-01 204288]
S2 AMPPALR3;IntelÆ CentrinoÆ Wireless BluetoothÆ 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S3 AMPPAL;IntelÆ CentrinoÆ Wireless BluetoothÆ 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-11 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-11 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-19 13:07:09
ComboFix-quarantined-files.txt 2013-01-19 21:07
.
Pre-Run: 715,002,126,336 bytes free
Post-Run: 714,795,888,640 bytes free
.
- - End Of File - - 5D2F93759890B15F0180F6E17133B791


----------



## Raderick (Oct 2, 2005)

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-19 13:33:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698.64GB
Running: 1g941yvb.exe; Driver: C:\Users\NEWCOM~1\AppData\Local\Temp\kwlcqaoc.sys

---- User code sections - GMER 2.0 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[6416] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefe474ed0 9 bytes [68, 78, 03, 13, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6416] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc3c5c54 7 bytes [68, 08, 03, 13, 03, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[6416] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc3c5c64 9 bytes [68, 40, 03, 13, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6416] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefdb617a0 9 bytes [68, B0, 03, 13, 03, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 000000007731f548 7 bytes JMP 0000000100dd08b8
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 000000007732b0ac 7 bytes JMP 0000000100dd08f0
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\system32\kernel32.dll!CreateThread 00000000770a6580 9 bytes JMP 0000000100dd0810
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefe1d75f0 7 bytes [68, 28, 09, DD, 00, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefe411180 10 bytes [68, 08, 0A, DD, 00, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefe411320 7 bytes [68, 98, 09, DD, 00, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefe414450 6 bytes [68, 60, 09, DD, 00, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefe416720 10 bytes [68, D0, 09, DD, 00, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefe474ed0 9 bytes [68, 78, 03, DD, 00, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc3c5c54 7 bytes [68, 08, 03, DD, 00, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc3c5c64 9 bytes [68, 40, 03, DD, 00, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\system32\comdlg32.dll!PrintDlgW  000007fefdb61164 9 bytes [68, A8, 05, DD, 00, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefdb617a0 9 bytes [68, B0, 03, DD, 00, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7820] C:\Windows\system32\comdlg32.dll!PrintDlgA 000007fefdb90240 6 bytes [68, E0, 05, DD, 00, C3]

---- Threads - GMER 2.0 ----

Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:3064] 000007fef186cc10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:4056] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:3528] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:3736] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:3832] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:284] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:288] 000007fef183f718
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:3268] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:592] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:712] 000007fef172143c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:2204] 000007fef1d66050
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776:4352] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:364] 000007fef186cc10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:152] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:1288]  000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:1536] 000007fef183f718
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:1628] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:1568] 000007fef1d66050
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:1928] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:1824] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:2104] 000007fefbff2a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:2572] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:800] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:792] 000007fef172143c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:2396] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:1392] 000000006a7a6c88
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:7308] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:972] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:5732] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:6204] 000007fef172b564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360:664] 000007fef172b564
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3776] 000007fefde80000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [360]  000007fefde80000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2316] 000007feea9c0000

---- EOF - GMER 2.0 ----


----------



## eddie5659 (Mar 19, 2001)

Still at work (having to do a lot of overtime) 

Have you ran RSIT yet? If not, for OTL just try pressing on the *Quick Scan* button to see if that works. The box at the bottom will be blank this time.

eddie


----------



## Raderick (Oct 2, 2005)

OTL is still freezing up when I try to run it.


----------



## eddie5659 (Mar 19, 2001)

Sorry, didn't get an email notification, so only just saw this 

For OTL, is that just when pressing Quick Scan? If so, can you try RSIT instead?


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)


----------



## Raderick (Oct 2, 2005)

Logfile of random's system information tool 1.09 (written by random/random)
Run by New Computer at 2013-01-28 23:15:15
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 678 GB (95%) free of 713 GB
Total RAM: 6092 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:15:22 PM, on 1/28/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
C:\Users\New Computer\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\New Computer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL
O3 - Toolbar: HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6983 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]
HP SimplePass Browser Helper Object - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL [2011-12-11 1985352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C98EE38D-21E4-4A50-907D-2B56FEC7013E} - HP SimplePass Toolbar - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL [2011-12-11 1985352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-04-14 113288]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-01 343168]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-05-20 284440]
""= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-01-28 23:15:15 ----D---- C:\rsit
2013-01-28 23:15:15 ----D---- C:\Program Files (x86)\trend micro
2013-01-28 23:14:07 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-28 23:14:05 ----D---- C:\Windows\SysWOW64\Macromed
2013-01-28 23:14:05 ----D---- C:\Users\New Computer\AppData\Roaming\Macromedia
2013-01-28 23:14:05 ----D---- C:\Users\New Computer\AppData\Roaming\Adobe
2013-01-28 23:14:01 ----SHD---- C:\Config.Msi
2013-01-28 23:13:32 ----HD---- C:\Windows\AxInstSV
2013-01-28 23:13:24 ----D---- C:\2a2a2af185c956dff63378
2013-01-24 08:03:25 ----D---- C:\ProgramData\TrueSuite
2013-01-24 07:53:07 ----SHD---- C:\$RECYCLE.BIN
2013-01-24 07:48:55 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-01-24 07:39:15 ----D---- C:\Windows\Minidump
2013-01-19 13:07:10 ----D---- C:\Windows\temp
2013-01-19 13:07:09 ----A---- C:\ComboFix.txt
2013-01-19 13:02:25 ----A---- C:\Windows\zip.exe
2013-01-19 13:02:25 ----A---- C:\Windows\SWSC.exe
2013-01-19 13:02:25 ----A---- C:\Windows\SWREG.exe
2013-01-19 13:02:25 ----A---- C:\Windows\sed.exe
2013-01-19 13:02:25 ----A---- C:\Windows\PEV.exe
2013-01-19 13:02:25 ----A---- C:\Windows\NIRCMD.exe
2013-01-19 13:02:25 ----A---- C:\Windows\MBR.exe
2013-01-19 13:02:25 ----A---- C:\Windows\grep.exe
2013-01-19 13:02:21 ----D---- C:\Qoobox
2013-01-19 13:02:07 ----D---- C:\Windows\erdnt
2013-01-19 13:01:50 ----D---- C:\Program Files (x86)\Google
2013-01-19 13:01:48 ----D---- C:\Program Files (x86)\GUM9A71.tmp
2013-01-19 13:01:48 ----A---- C:\Program Files (x86)\GUT9A72.tmp
2013-01-15 20:46:55 ----D---- C:\Program Files (x86)\Panda Security
2013-01-15 19:58:45 ----D---- C:\Program Files (x86)\ESET
2013-01-14 22:58:54 ----D---- C:\Windows\SysWOW64\Wat
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\wininet.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\wextract.exe
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\webcheck.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\vbscript.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\urlmon.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\url.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\pngfilt.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\occache.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\msrating.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\msls31.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\mshtmler.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\mshtml.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\mshta.exe
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\jscript9.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\jscript.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\inseng.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\imgutil.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\iexpress.exe
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\ieui.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\iesetup.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\iertutil.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\iernonce.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\iepeers.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\ieframe.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\ieapfltr.dat
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\ieakui.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\ieaksie.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\ieakeng.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\IEAdvpack.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\ie4uinit.exe
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\icardie.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2013-01-14 21:25:42 ----A---- C:\Windows\SysWOW64\admparse.dll
2013-01-13 17:00:48 ----A---- C:\Windows\SysWOW64\fontsub.dll
2013-01-13 17:00:48 ----A---- C:\Windows\SysWOW64\atmlib.dll
2013-01-13 17:00:48 ----A---- C:\Windows\SysWOW64\atmfd.dll
2013-01-13 16:58:35 ----A---- C:\Windows\SysWOW64\wmi.dll
2013-01-13 16:58:35 ----A---- C:\Windows\SysWOW64\imagehlp.dll
2013-01-09 22:18:41 ----D---- C:\FRST
2013-01-08 22:59:43 ----A---- C:\Windows\SysWOW64\xmllite.dll
2013-01-08 22:59:42 ----A---- C:\Windows\SysWOW64\win32spl.dll
2013-01-08 22:59:41 ----A---- C:\Windows\SysWOW64\odbctrac.dll
2013-01-08 22:59:41 ----A---- C:\Windows\SysWOW64\odbcjt32.dll
2013-01-08 22:59:41 ----A---- C:\Windows\SysWOW64\odbccu32.dll
2013-01-08 22:59:41 ----A---- C:\Windows\SysWOW64\odbccr32.dll
2013-01-08 22:59:41 ----A---- C:\Windows\SysWOW64\odbccp32.dll
2013-01-08 22:59:39 ----A---- C:\Windows\SysWOW64\DWrite.dll
2013-01-08 22:59:08 ----A---- C:\Windows\SysWOW64\poqexec.exe
2013-01-08 22:59:03 ----A---- C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-01-08 22:59:03 ----A---- C:\Windows\SysWOW64\dhcpcore6.dll
2013-01-08 22:59:02 ----A---- C:\Windows\SysWOW64\explorer.exe
2013-01-08 22:59:02 ----A---- C:\Windows\explorer.exe
2013-01-08 22:59:00 ----A---- C:\Windows\SysWOW64\tzres.dll
2013-01-08 22:58:54 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2013-01-08 22:58:53 ----A---- C:\Windows\SysWOW64\sbe.dll
2013-01-08 22:58:49 ----A---- C:\Windows\SysWOW64\quartz.dll
2013-01-08 22:58:49 ----A---- C:\Windows\SysWOW64\qdvd.dll
2013-01-08 22:58:48 ----A---- C:\Windows\SysWOW64\ntshrui.dll
2013-01-08 22:58:26 ----A---- C:\Windows\SysWOW64\tquery.dll
2013-01-08 22:58:26 ----A---- C:\Windows\SysWOW64\SearchIndexer.exe
2013-01-08 22:58:26 ----A---- C:\Windows\SysWOW64\mssrch.dll
2013-01-08 22:58:25 ----A---- C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-01-08 22:58:25 ----A---- C:\Windows\SysWOW64\SearchFilterHost.exe
2013-01-08 22:58:25 ----A---- C:\Windows\SysWOW64\mssvp.dll
2013-01-08 22:58:25 ----A---- C:\Windows\SysWOW64\mssphtb.dll
2013-01-08 22:58:25 ----A---- C:\Windows\SysWOW64\mssph.dll
2013-01-08 22:58:25 ----A---- C:\Windows\SysWOW64\msscntrs.dll
2013-01-08 22:58:04 ----A---- C:\Windows\SysWOW64\webio.dll
2013-01-08 22:58:00 ----A---- C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-01-08 22:57:00 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2013-01-08 22:57:00 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2013-01-08 22:55:49 ----A---- C:\Windows\SysWOW64\XpsPrint.dll
2013-01-08 22:55:32 ----A---- C:\Windows\SysWOW64\mfc42u.dll
2013-01-08 22:55:32 ----A---- C:\Windows\SysWOW64\mfc42.dll
2013-01-08 22:55:22 ----A---- C:\Windows\SysWOW64\shell32.dll
2013-01-08 22:55:03 ----A---- C:\Windows\SysWOW64\d3d10level9.dll
2013-01-08 22:54:58 ----A---- C:\Windows\SysWOW64\sspicli.dll
2013-01-08 22:54:58 ----A---- C:\Windows\SysWOW64\secur32.dll
2013-01-08 22:54:58 ----A---- C:\Windows\SysWOW64\schannel.dll
2013-01-08 22:54:42 ----A---- C:\Windows\SysWOW64\msxml6.dll
2013-01-08 22:54:42 ----A---- C:\Windows\SysWOW64\msxml3r.dll
2013-01-08 22:54:42 ----A---- C:\Windows\SysWOW64\msxml3.dll
2013-01-08 22:53:59 ----A---- C:\Windows\SysWOW64\nlaapi.dll
2013-01-08 22:53:59 ----A---- C:\Windows\SysWOW64\netevent.dll
2013-01-08 22:53:59 ----A---- C:\Windows\SysWOW64\netcorehc.dll
2013-01-08 22:53:59 ----A---- C:\Windows\SysWOW64\ncsi.dll
2013-01-08 22:53:04 ----A---- C:\Windows\SysWOW64\dnscacheugc.exe
2013-01-08 22:53:04 ----A---- C:\Windows\SysWOW64\dnsapi.dll
2013-01-08 22:52:10 ----A---- C:\Windows\SysWOW64\dpnet.dll
2013-01-08 22:52:09 ----A---- C:\Windows\SysWOW64\wintrust.dll
2013-01-08 22:52:09 ----A---- C:\Windows\SysWOW64\ncrypt.dll
2013-01-08 22:49:54 ----A---- C:\Windows\SysWOW64\d3d10_1.dll
2013-01-08 22:49:53 ----A---- C:\Windows\SysWOW64\usp10.dll
2013-01-08 22:49:51 ----A---- C:\Windows\SysWOW64\Wpc.dll
2013-01-08 22:49:51 ----A---- C:\Windows\SysWOW64\gameux.dll
2013-01-08 22:49:41 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2013-01-08 22:48:57 ----A---- C:\Windows\SysWOW64\msi.dll
2013-01-08 22:48:57 ----A---- C:\Windows\SysWOW64\kerberos.dll
2013-01-08 22:48:54 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2013-01-08 22:48:54 ----A---- C:\Windows\SysWOW64\kernel32.dll
2013-01-08 22:48:53 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-08 22:48:52 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-08 22:48:52 ----A---- C:\Windows\SysWOW64\wow32.dll
2013-01-08 22:48:52 ----A---- C:\Windows\SysWOW64\user.exe
2013-01-08 22:48:52 ----A---- C:\Windows\SysWOW64\setup16.exe
2013-01-08 22:48:52 ----A---- C:\Windows\SysWOW64\instnm.exe
2013-01-08 22:48:22 ----A---- C:\Windows\SysWOW64\synceng.dll
2013-01-08 22:47:50 ----A---- C:\Windows\SysWOW64\drvinst.exe
2013-01-08 22:47:50 ----A---- C:\Windows\SysWOW64\devrtl.dll
2013-01-08 22:47:50 ----A---- C:\Windows\SysWOW64\devobj.dll
2013-01-08 22:47:50 ----A---- C:\Windows\SysWOW64\cfgmgr32.dll
2013-01-08 22:47:49 ----A---- C:\Windows\SysWOW64\prevhost.exe
2013-01-08 22:47:49 ----A---- C:\Windows\SysWOW64\netapi32.dll
2013-01-08 22:47:49 ----A---- C:\Windows\SysWOW64\browcli.dll
2013-01-08 22:47:48 ----A---- C:\Windows\SysWOW64\srclient.dll
2013-01-08 22:47:17 ----A---- C:\Windows\SysWOW64\msvcrt.dll
2013-01-08 22:47:17 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2013-01-08 22:47:10 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2013-01-08 22:47:10 ----A---- C:\Windows\SysWOW64\oleacc.dll
2013-01-08 22:47:07 ----A---- C:\Windows\SysWOW64\EncDec.dll
2013-01-08 22:46:59 ----A---- C:\Windows\SysWOW64\cdosys.dll
2013-01-08 22:46:57 ----A---- C:\Windows\SysWOW64\ntdll.dll
2013-01-08 22:46:56 ----A---- C:\Windows\splwow64.exe
2013-01-08 22:46:53 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
2013-01-08 22:46:53 ----A---- C:\Windows\SysWOW64\cryptnet.dll
2013-01-08 22:46:53 ----A---- C:\Windows\SysWOW64\crypt32.dll
2013-01-08 22:46:47 ----A---- C:\Windows\SysWOW64\packager.dll
2013-01-08 22:38:35 ----A---- C:\Windows\SysWOW64\rdpcore.dll
2013-01-08 22:19:32 ----D---- C:\Program Files (x86)\Common Files\Intel Corporation
2013-01-08 21:45:36 ----D---- C:\Users\New Computer\AppData\Roaming\Intel Corporation
2013-01-08 21:45:20 ----D---- C:\Users\New Computer\AppData\Roaming\Synaptics
2013-01-08 21:45:20 ----D---- C:\ProgramData\Synaptics
2013-01-08 21:45:20 ----D---- C:\ProgramData\Intel
2013-01-08 21:41:16 ----A---- C:\Windows\sttray64.exe
2013-01-08 21:34:17 ----D---- C:\Windows\Hewlett-Packard
2013-01-08 21:31:47 ----A---- C:\Windows\SysWOW64\WinSATAPI.dll
2013-01-08 21:30:52 ----A---- C:\Windows\SysWOW64\input.dll
2013-01-08 21:29:59 ----A---- C:\Windows\SysWOW64\ifsutil.dll
2013-01-08 21:29:35 ----D---- C:\Program Files (x86)\Hewlett-Packard
2013-01-08 21:27:32 ----D---- C:\ProgramData\Temp
2013-01-08 21:24:35 ----D---- C:\Program Files (x86)\HP SimplePass
2013-01-08 21:23:54 ----D---- C:\Program Files (x86)\Common Files\AuthenTec
2013-01-08 21:23:53 ----D---- C:\ProgramData\Downloaded Installations
2013-01-08 21:16:39 ----D---- C:\Windows\SysWOW64\sda
2013-01-08 21:16:12 ----D---- C:\Program Files (x86)\Realtek
2013-01-08 21:16:12 ----A---- C:\Windows\SysWOW64\RtsPStorIcon.dll
2013-01-08 21:12:20 ----D---- C:\Users\New Computer\AppData\Roaming\InstallShield
2013-01-08 21:12:02 ----A---- C:\Windows\SysWOW64\log.txt
2013-01-08 21:11:59 ----D---- C:\Program Files (x86)\Common Files\postureAgent
2013-01-08 21:09:03 ----A---- C:\Windows\SysWOW64\CSVer.dll
2013-01-08 21:06:57 ----D---- C:\Users\New Computer\AppData\Roaming\ATI
2013-01-08 21:06:57 ----D---- C:\ProgramData\ATI
2013-01-08 20:59:08 ----D---- C:\Program Files (x86)\Intel
2013-01-08 20:59:08 ----D---- C:\Program Files (x86)\Common Files\Intel
2013-01-08 20:58:51 ----D---- C:\Program Files (x86)\AMD APP
2013-01-08 20:56:56 ----A---- C:\Windows\SysWOW64\atipblup.dat
2013-01-08 20:55:01 ----D---- C:\Program Files (x86)\ATI Technologies
2013-01-08 20:41:03 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-01-08 20:40:56 ----D---- C:\Program Files (x86)\Renesas Electronics
2013-01-08 20:40:07 ----SHD---- C:\Windows\Installer
2013-01-08 20:39:51 ----D---- C:\Intel
2013-01-08 20:39:12 ----D---- C:\Windows\HPQ
2013-01-08 20:39:06 ----D---- C:\SWSetup
2012-12-30 13:25:38 ----D---- C:\Users\New Computer\AppData\Roaming\Identities
2012-12-30 13:25:13 ----SD---- C:\Users\New Computer\AppData\Roaming\Microsoft
2012-12-30 13:25:13 ----D---- C:\Users\New Computer\AppData\Roaming\Media Center Programs
2012-12-30 13:25:05 ----D---- C:\Recovery
2012-12-30 12:46:48 ----D---- C:\Windows\SoftwareDistribution
2012-12-30 12:44:21 ----D---- C:\Windows\Prefetch
2012-12-30 12:43:38 ----ASH---- C:\pagefile.sys
2012-12-30 12:43:37 ----SHD---- C:\System Volume Information
2012-12-30 12:43:37 ----ASH---- C:\hiberfil.sys
2012-12-30 12:43:06 ----D---- C:\Windows\Panther

======List of files/folders modified in the last 1 month======

2013-01-28 23:15:22 ----RSD---- C:\Windows\assembly
2013-01-28 23:15:15 ----RD---- C:\Program Files (x86)
2013-01-28 23:15:14 ----D---- C:\Windows\System32
2013-01-28 23:15:14 ----D---- C:\Windows\inf
2013-01-28 23:14:18 ----D---- C:\Windows\Tasks
2013-01-28 23:14:07 ----D---- C:\Windows\SysWOW64
2013-01-28 23:13:32 ----D---- C:\Windows
2013-01-26 22:51:57 ----D---- C:\Windows\winsxs
2013-01-24 08:08:46 ----D---- C:\Windows\Microsoft.NET
2013-01-24 08:03:25 ----D---- C:\ProgramData
2013-01-24 07:48:59 ----D---- C:\Windows\SysWOW64\en-US
2013-01-19 13:05:31 ----A---- C:\Windows\system.ini
2013-01-19 13:04:17 ----D---- C:\Windows\SysWOW64\drivers
2013-01-19 13:04:17 ----D---- C:\Windows\AppPatch
2013-01-19 13:04:16 ----D---- C:\Program Files (x86)\Common Files
2013-01-15 20:46:49 ----D---- C:\Windows\Downloaded Program Files
2013-01-14 22:59:23 ----D---- C:\Windows\SysWOW64\migration
2013-01-14 22:59:14 ----D---- C:\Windows\PolicyDefinitions
2013-01-14 22:58:58 ----D---- C:\Program Files (x86)\Internet Explorer
2013-01-14 22:58:44 ----D---- C:\Program Files (x86)\Common Files\System
2013-01-14 22:58:36 ----D---- C:\Windows\ehome
2013-01-14 22:58:29 ----RSD---- C:\Windows\Fonts
2013-01-14 21:26:12 ----D---- C:\Windows\Logs
2013-01-08 22:18:52 ----SD---- C:\ProgramData\Microsoft
2013-01-08 21:40:33 ----RD---- C:\Program Files
2012-12-30 13:25:28 ----D---- C:\Windows\rescache
2012-12-30 13:25:13 ----RD---- C:\Users
2012-12-30 13:24:50 ----D---- C:\Windows\debug
2012-12-30 12:44:16 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys []
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 pavboot;pavboot; C:\Windows\system32\drivers\pavboot64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys []
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys []
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys []
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys []
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys []
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys []
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 FPLService;TrueSuiteService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe []
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-08-09 325912]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-01-04 311808]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
R3 TrueService;TrueAPI Service component; C:\Program Files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-28 251400]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------


----------



## Raderick (Oct 2, 2005)

info.txt logfile of random's system information tool 1.09 2013-01-28 23:15:23

======Uninstall list======

Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe -maintain activex
Catalyst Control Center - Branding-->MsiExec.exe /I{08523528-BA2F-43BB-87E3-252C081872B9}
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ESU for Microsoft Windows 7 SP1-->MsiExec.exe /I{B18BEB15-A9DA-43D7-BAE1-C6C67484C2C0}
HP SimplePass-->MsiExec.exe /X{880B5A98-B242-4B53-BD6F-41EA17495EAD}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Display Audio Driver-->C:\Program Files (x86)\Intel\Intel(R) Display Audio Driver\Uninstall\setup.exe -uninstall
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Panda ActiveScan 2.0-->C:\Program Files (x86)\Panda Security\ActiveScan 2.0\as2uninst.exe
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\setup.exe" -runfromtemp -l0x0409 -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

======System event log======

Computer Name: NewComputer-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 739
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20130109050442.429672-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: NewComputer-PC
Event Code: 37
Message: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
Record Number: 633
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20130109043900.219760-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: NewComputer-PC
Event Code: 37
Message: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
Record Number: 531
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20130109043533.507761-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: NewComputer-PC
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 529
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20130109043407.504809-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: NewComputer-PC
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 451
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20130102202039.694809-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: NewComputer-PC
Event Code: 11722
Message: Product: Fresco Logic USB3.0 Host Controller -- Error 1722. Fresco Logic USB3 Host Controller is not found! Action FLxHCIm64_check.exe, location: C:\Windows\Installer\MSI1D.tmp, command: -check 
Record Number: 535
Source Name: MsiInstaller
Time Written: 20130109050419.000000-000
Event Type: Error
User: NewComputer-PC\New Computer

Computer Name: NewComputer-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 296
Source Name: Microsoft-Windows-WMI
Time Written: 20130109043928.000000-000
Event Type: Error
User: 

Computer Name: NewComputer-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

DETAIL - 
1 user registry handles leaked from \Registry\User\S-1-5-21-3630743652-2838465791-4216672289-1000:
Process 448 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3630743652-2838465791-4216672289-1000

Record Number: 280
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20130109043654.040303-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: NewComputer-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 

Record Number: 175
Source Name: Microsoft-Windows-Search
Time Written: 20121230212506.000000-000
Event Type: Warning
User: 

Computer Name: NewComputer-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 172
Source Name: Microsoft-Windows-WMI
Time Written: 20121230212502.000000-000
Event Type: Error
User: 

=====Security event log=====

Computer Name: 37L4247F27-25
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247F27-25$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name:	-
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121230204357.441247-000
Event Type: Audit Success
User: 

Computer Name: 37L4247F27-25
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247F27-25$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name:	Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121230204357.441247-000
Event Type: Audit Success
User: 

Computer Name: 37L4247F27-25
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements:	0
Policy ID:	0x31bc4
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121230204357.113646-000
Event Type: Audit Success
User: 

Computer Name: 37L4247F27-25
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name: 

Network Information:
Workstation Name:	-
Source Network Address:	-
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package:	-
Transited Services:	-
Package Name (NTLM only):	-
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121230204355.023243-000
Event Type: Audit Success
User: 

Computer Name: 37L4247F27-25
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121230204354.898442-000
Event Type: Audit Success
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\HP SimplePass\x64;C:\Program Files (x86)\HP SimplePass;;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\

-----------------EOF-----------------


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Okay, looking thru it, nothing really stands out except for one thing, so lets see what you have:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:dir
C:\Program Files (x86)
C:\Program Files (x86)\GUM9A71.tmp /s
C:\Program Files (x86)\GUT9A72.tmp /s
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

----

Also, can you do this for me:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> C:\Program Files (x86)\GUM9A71.tmp
> C:\Program Files (x86)\GUT9A72.tmp
> *


Let me know when they're uploaded 

eddie


----------



## Raderick (Oct 2, 2005)

SystemLook 30.07.11 by jpshortstuff
Log created at 22:32 on 30/01/2013 by New Computer
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\Program Files (x86) - Parameters: "(none)"

---Files---
desktop.ini	--ahs-- 174 bytes	[04:54 14/07/2009]	[04:54 14/07/2009]
GUT9A72.tmp	--a---- 4096000 bytes	[21:01 19/01/2013]	[21:02 19/01/2013]

---Folders---
AMD APP	d------	[04:58 09/01/2013]
ATI Technologies	d------	[04:55 09/01/2013]
Common Files	d------	[03:20 14/07/2009]
ESET	d------	[03:58 16/01/2013]
Google	d------	[21:01 19/01/2013]
GUM9A71.tmp	d------	[21:01 19/01/2013]
Hewlett-Packard	d------	[05:29 09/01/2013]
HP SimplePass	d------	[05:24 09/01/2013]
InstallShield Installation Information	d--h---	[04:41 09/01/2013]
Intel	d------	[04:59 09/01/2013]
Internet Explorer	d------	[03:20 14/07/2009]
Microsoft.NET	d------	[15:48 24/01/2013]
MSBuild	d------	[05:32 14/07/2009]
Panda Security	d------	[04:46 16/01/2013]
Realtek	d------	[05:16 09/01/2013]
Reference Assemblies	d------	[05:32 14/07/2009]
Renesas Electronics	d------	[04:40 09/01/2013]
trend micro	d------	[07:15 29/01/2013]
Uninstall Information	d--h---	[04:57 14/07/2009]
Windows Defender	d------	[05:32 14/07/2009]
Windows Mail	d------	[03:20 14/07/2009]
Windows Media Player	d------	[05:32 14/07/2009]
Windows NT	d------	[03:20 14/07/2009]
Windows Photo Viewer	d------	[05:32 14/07/2009]
Windows Portable Devices	d------	[05:32 14/07/2009]
Windows Sidebar	d------	[05:32 14/07/2009]

C:\Program Files (x86)\GUM9A71.tmp - Parameters: "/s"

---Files---
GoogleCrashHandler.exe	--a---- 212432 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
GoogleCrashHandler64.exe	--a---- 279504 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
GoogleUpdate.exe	--a---- 116648 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
GoogleUpdateBroker.exe	--a---- 59344 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
GoogleUpdateHelper.msi	--a---- 25600 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
GoogleUpdateOnDemand.exe	--a---- 59344 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
GoogleUpdateSetup.exe	--a---- 763232 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdate.dll	--a---- 834000 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_am.dll	--a---- 25040 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_ar.dll	--a---- 26576 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_bg.dll	--a---- 30160 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_bn.dll	--a---- 28624 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_ca.dll	--a---- 29648 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_cs.dll	--a---- 28624 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_da.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_de.dll	--a---- 31184 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_el.dll	--a---- 30672 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_en-GB.dll	--a---- 28112 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_en.dll	--a---- 27600 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_es-419.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_es.dll	--a---- 31184 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_et.dll	--a---- 28112 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_fa.dll	--a---- 27600 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_fi.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_fil.dll	--a---- 30160 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_fr.dll	--a---- 30672 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_gu.dll	--a---- 28624 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_hi.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_hr.dll	--a---- 29648 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_hu.dll	--a---- 29648 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_id.dll	--a---- 28112 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_is.dll	--a---- 28624 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_it.dll	--a---- 30672 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_iw.dll	--a---- 26064 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_ja.dll	--a---- 24528 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_kn.dll	--a---- 29648 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_ko.dll	--a---- 23504 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_lt.dll	--a---- 28112 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_lv.dll	--a---- 30160 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_ml.dll	--a---- 31696 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_mr.dll	--a---- 28624 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_ms.dll	--a---- 28112 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_nl.dll	--a---- 30160 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_no.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_pl.dll	--a---- 30160 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_pt-BR.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_pt-PT.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_ro.dll	--a---- 29648 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_ru.dll	--a---- 28624 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_sk.dll	--a---- 29648 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_sl.dll	--a---- 29648 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_sr.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_sv.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_sw.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_ta.dll	--a---- 30160 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_te.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_th.dll	--a---- 27600 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_tr.dll	--a---- 29136 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_uk.dll	--a---- 28624 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_ur.dll	--a---- 28624 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_vi.dll	--a---- 28112 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_zh-CN.dll	--a---- 21968 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
goopdateres_zh-TW.dll	--a---- 21968 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
npGoogleUpdate3.dll	--a---- 572880 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
psmachine.dll	--a---- 159696 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]
psuser.dll	--a---- 159696 bytes	[21:01 19/01/2013]	[21:01 19/01/2013]

No folders found.

C:\Program Files (x86)\GUT9A72.tmp - Unable to find folder.

-= EOF =-


----------



## Raderick (Oct 2, 2005)

http://thespykiller.co.uk/index.php?topic=10022.msg39584#msg39584


----------



## eddie5659 (Mar 19, 2001)

Hmmm, nothing in the upload. Can you do this for me, as it looks like it may be Google, but not really sure as its a tmp folder, and it shouldn't be running from one.

First, try again with sfp, but use this code. You can reply to the thread you posted at above 



> C:\Program Files (x86)\GUM9A71.tmp


---

Then, try this for me:

This is a different tool to OTL. Very similar name, but called OTS 

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*


----------



## Raderick (Oct 2, 2005)

```
OTS logfile created on: 2/4/2013 9:34:48 PM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\New Computer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 62.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 696.53 Gb Total Space | 661.21 Gb Free Space | 94.93% Space Free | Partition Type: NTFS
Drive D: | 2.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.56% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NEWCOMPUTER-PC
Current User Name: New Computer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\New Computer\Desktop\OTS.exe -> [2013/02/04 21:33:35 | 000,646,656 | ---- | M] (OldTimer Tools)
truesuiteservice.exe -> C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -> [2011/12/11 03:48:26 | 000,260,424 | ---- | M] (HP)
touchcontrol.exe -> C:\Program Files (x86)\HP SimplePass\TouchControl.exe -> [2011/12/11 03:48:08 | 000,875,336 | ---- | M] (AuthenTec Inc.)
biomonitor.exe -> C:\Program Files (x86)\HP SimplePass\BioMonitor.exe -> [2011/12/11 03:47:40 | 000,148,296 | ---- | M] (HP)
uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2011/08/09 08:46:08 | 002,656,536 | ---- | M] (Intel Corporation)
lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2011/08/09 08:46:06 | 000,325,912 | ---- | M] (Intel Corporation)
iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation)
iastoricon.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe -> [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation)
nusb3mon.exe -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe -> [2011/04/14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation)
mscorsvw.exe -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
 
[Modules - No Company Name]
system.web.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll -> [2013/01/30 22:49:59 | 011,833,344 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll -> [2013/01/30 22:49:54 | 003,347,968 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll -> [2013/01/30 22:49:54 | 000,771,584 | ---- | M] ()
iastorcommon.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll -> [2013/01/30 22:49:54 | 000,014,336 | ---- | M] ()
iastorutil.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll -> [2013/01/30 22:49:52 | 000,491,520 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll -> [2013/01/30 22:49:50 | 012,436,480 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll -> [2013/01/30 22:49:45 | 001,592,832 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll -> [2013/01/30 22:49:34 | 005,453,312 | ---- | M] ()
system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll -> [2013/01/30 22:49:32 | 000,971,264 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll -> [2013/01/30 22:49:31 | 007,989,760 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll -> [2013/01/30 22:49:25 | 011,493,376 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(STacSV)  [Auto | Running] -> C:\Program Files\IDT\WDM\stacsv64.exe -> [2012/01/04 00:37:16 | 000,311,808 | ---- | M] (IDT, Inc.)
64bit-(TrueService)  [On_Demand | Running] -> C:\Program Files\Common Files\AuthenTec\TrueService.exe -> [2011/12/09 06:41:00 | 000,269,640 | ---- | M] (AuthenTec, Inc.)
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2011/09/30 22:06:14 | 000,204,288 | ---- | M] (AMD)
64bit-(AMPPALR3)  [Auto | Running] -> C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -> [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation)
64bit-(BTHSSecurityMgr)  [Auto | Running] -> C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -> [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation)
64bit-(hpsrv)  [Auto | Running] -> C:\Windows\SysNative\hpservice.exe -> [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company)
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(AppMgmt)  [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
64bit-(AESTFilters)  [Auto | Running] -> C:\Program Files\IDT\WDM\AESTSr64.exe -> [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation)
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/01/28 23:14:12 | 000,251,400 | ---- | M] (Adobe Systems Incorporated)
(FPLService) TrueSuiteService [Auto | Running] -> C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -> [2011/12/11 03:48:26 | 000,260,424 | ---- | M] (HP)
(UNS) Intel(R) Management and Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2011/08/09 08:46:08 | 002,656,536 | ---- | M] (Intel Corporation)
(LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2011/08/09 08:46:06 | 000,325,912 | ---- | M] (Intel Corporation)
(IconMan_R) IconMan_R [Auto | Running] -> C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -> [2011/06/28 17:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.)
(IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Running] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(STHDA) IDT High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\stwrt64.sys -> [2012/01/04 00:37:16 | 000,535,552 | ---- | M] (IDT, Inc.)
64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2011/10/01 00:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.)
64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2011/09/30 21:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(intelkmd) intelkmd [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdpmd64.sys -> [2011/08/09 08:32:02 | 012,289,472 | ---- | M] (Intel Corporation)
64bit-(AMPPALP) Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\AmpPal.sys -> [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(AMPPAL) Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AmpPal.sys -> [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(NETwNs64) ___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NETwNs64.sys -> [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation)
64bit-(nusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3xhc.sys -> [2011/06/10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation)
64bit-(nusb3hub) Renesas Electronics USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3hub.sys -> [2011/06/10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2011/06/09 18:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated)
64bit-(RSPCIESTOR) Realtek PCIE CardReader Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\RtsPStor.sys -> [2011/05/30 16:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation)
64bit-(hpdskflt) HP Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\hpdskflt.sys -> [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company)
64bit-(Accelerometer) HP Mobile Data Protection Sensor [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Accelerometer.sys -> [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2011/02/16 18:11:08 | 000,428,136 | ---- | M] (Realtek                                            )
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(dmvsc) dmvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\dmvsc.sys -> [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation)
64bit-(sdbus) sdbus [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation)
64bit-(MEIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2010/10/20 07:34:26 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(IntcDAud) Intel(R) Display Audio [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcDAud.sys -> [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(pavboot) pavboot [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\pavboot64.sys -> [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wdcsam64.sys -> [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\] > -> -> 
HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/?ocid=iehp -> 
HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-US -> 
HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> DE 89 42 B9 61 03 CE 01  [binary data] -> 
HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2009/06/10 13:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} [HKLM] -> C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll [HP SimplePass Browser Helper Object] -> [2011/12/11 03:47:00 | 002,221,896 | ---- | M] (HP)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} [HKLM] -> C:\Program Files (x86)\HP SimplePass\IEBHO.dll [HP SimplePass Browser Helper Object] -> [2011/12/11 03:47:54 | 001,985,352 | ---- | M] (HP)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{C98EE38D-21E4-4A50-907D-2B56FEC7013E}" [HKLM] -> C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll [HP SimplePass Toolbar] -> [2011/12/11 03:47:00 | 002,221,896 | ---- | M] (HP)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{C98EE38D-21E4-4A50-907D-2B56FEC7013E}" [HKLM] -> C:\Program Files (x86)\HP SimplePass\IEBHO.dll [HP SimplePass Toolbar] -> [2011/12/11 03:47:54 | 001,985,352 | ---- | M] (HP)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2011/08/09 09:02:48 | 000,392,472 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2011/08/09 09:03:22 | 000,167,704 | ---- | M] (Intel Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2011/08/09 09:03:00 | 000,416,024 | ---- | M] (Intel Corporation)
"SysTrayApp" -> C:\Program Files\IDT\WDM\sttray64.exe [C:\Program Files\IDT\WDM\sttray64.exe] -> [2012/01/04 00:37:16 | 001,425,408 | ---- | M] (IDT, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"" ->  [] -> File not found
"IAStorIcon" -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] -> [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation)
"NUSB3MON" -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ["C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"] -> [2011/04/14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation)
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2011/10/01 01:03:32 | 000,343,168 | ---- | M] (Advanced Micro Devices, Inc.)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000] > -> HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000] > -> HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000] > -> HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\] > -> HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\] > -> HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{9191F686-7F0A-441D-8A98-2FE3AC1BD913} [HKLM] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab [ActiveScan 2.0 Installer Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{DE2B91CE-B331-4788-AA39-6506F8C394BA}\\DhcpNameServer -> 192.168.2.1   (Intel(R) WiFi Link 1000 BGN) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 17:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2011/08/09 07:52:44 | 000,390,144 | ---- | M] (Intel Corporation)
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 19:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
D:\autorun.inf [[AutoRun.Amd64] | open=setup.exe | icon=setup.exe,0 |  | [AutoRun] | open=sources\sperr32.exe x64 | icon=sources\sperr32.exe,0 | ] -> D:\autorun.inf [ UDF ] -> [2011/04/12 00:27:46 | 000,000,122 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< 64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
AppMgmt -> C:\Windows\SysNative\appmgmts.dll -> [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/15/2013 3:01:15 AM Computer Name = NewComputer-PC | Source = Application Error | ID = 1000 -> Description = Faulting application name: UNS.exe, version: 7.1.20.1119, time stamp: 0x4e40806e  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000  Exception code: 0xc0000005  Fault offset: 0x743a6cdc  Faulting process id: 0x11ac  Faulting application start time: 0x01cdf1f1bd95eded  Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe  Faulting module path: unknown  Report Id: 5a0bbc9f-5ee1-11e2-ad92-082e5f871590
Application [ Error ] 1/15/2013 3:03:50 AM Computer Name = NewComputer-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 1/15/2013 7:17:02 AM Computer Name = NewComputer-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 1/15/2013 10:15:27 AM Computer Name = NewComputer-PC | Source = Customer Experience Improvement Program | ID = 1008 -> Description = 
Application [ Error ] 1/19/2013 5:00:36 PM Computer Name = NewComputer-PC | Source = Application Hang | ID = 1002 -> Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.    Process ID: 15d0    Start Time: 01cdf3358df703d8    Termination Time: 0    Application Path: C:\Users\New Computer\Desktop\OTL.exe    Report Id: 42028213-627b-11e2-a61c-082e5f871590  
Application [ Error ] 1/24/2013 11:40:51 AM Computer Name = NewComputer-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 1/24/2013 11:53:23 AM Computer Name = NewComputer-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 1/27/2013 2:53:32 AM Computer Name = NewComputer-PC | Source = WinMgmt | ID = 10 -> Description = 
Application [ Error ] 2/5/2013 1:25:36 AM Computer Name = NewComputer-PC | Source = Customer Experience Improvement Program | ID = 1008 -> Description = 
Application [ Error ] 2/5/2013 1:27:16 AM Computer Name = NewComputer-PC | Source = WinMgmt | ID = 10 -> Description = 
System [ Error ] 1/16/2013 12:48:05 AM Computer Name = NewComputer-PC | Source = Application Popup | ID = 1060 -> Description = \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
System [ Error ] 1/16/2013 12:48:05 AM Computer Name = NewComputer-PC | Source = Service Control Manager | ID = 7000 -> Description = The RkPavproc1 service failed to start due to the following error:   %%1275
System [ Error ] 1/19/2013 5:03:06 PM Computer Name = NewComputer-PC | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 1/19/2013 5:04:14 PM Computer Name = NewComputer-PC | Source = Service Control Manager | ID = 7030 -> Description = The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
System [ Error ] 1/19/2013 5:05:30 PM Computer Name = NewComputer-PC | Source = Service Control Manager | ID = 7030 -> Description = The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
System [ Error ] 1/24/2013 11:39:15 AM Computer Name = NewComputer-PC | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 1:35:01 PM on ?1/?19/?2013 was unexpected.
System [ Error ] 1/24/2013 11:39:19 AM Computer Name = NewComputer-PC | Source = BugCheck | ID = 1001 -> Description = 
System [ Error ] 1/24/2013 11:44:38 AM Computer Name = NewComputer-PC | Source = DCOM | ID = 10010 -> Description = 
System [ Error ] 1/24/2013 11:57:07 AM Computer Name = NewComputer-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 -> Description = Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB982018).
System [ Error ] 1/27/2013 2:57:04 AM Computer Name = NewComputer-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 -> Description = Installation Failure: Windows failed to install the following update with error 0x80070003: Update for Windows 7 for x64-based Systems (KB982018).
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\New Computer\Desktop\OTS.exe -> [2013/02/04 21:33:32 | 000,646,656 | ---- | C] (OldTimer Tools)
 Config.Msi -> C:\Config.Msi -> [2013/01/30 22:31:46 | 000,000,000 | -HSD | C]
 trend micro -> C:\Program Files (x86)\trend micro -> [2013/01/28 23:15:15 | 000,000,000 | ---D | C]
 rsit -> C:\rsit -> [2013/01/28 23:15:15 | 000,000,000 | ---D | C]
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2013/01/28 23:14:07 | 000,697,864 | ---- | C] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2013/01/28 23:14:07 | 000,074,248 | ---- | C] (Adobe Systems Incorporated)
 Macromedia -> C:\Users\New Computer\AppData\Roaming\Macromedia -> [2013/01/28 23:14:05 | 000,000,000 | ---D | C]
 Macromed -> C:\Windows\SysWow64\Macromed -> [2013/01/28 23:14:05 | 000,000,000 | ---D | C]
 Adobe -> C:\Users\New Computer\AppData\Roaming\Adobe -> [2013/01/28 23:14:05 | 000,000,000 | ---D | C]
 Macromed -> C:\Windows\SysNative\Macromed -> [2013/01/28 23:13:57 | 000,000,000 | ---D | C]
 TrueSuite -> C:\ProgramData\TrueSuite -> [2013/01/24 08:03:25 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2013/01/24 07:53:07 | 000,000,000 | -HSD | C]
 Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2013/01/24 07:48:55 | 000,000,000 | ---D | C]
 Minidump -> C:\Windows\Minidump -> [2013/01/24 07:39:15 | 000,000,000 | ---D | C]
 temp -> C:\Windows\temp -> [2013/01/19 13:07:10 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2013/01/19 13:02:25 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2013/01/19 13:02:25 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2013/01/19 13:02:25 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2013/01/19 13:02:21 | 000,000,000 | ---D | C]
 erdnt -> C:\Windows\erdnt -> [2013/01/19 13:02:07 | 000,000,000 | ---D | C]
 Google -> C:\Program Files (x86)\Google -> [2013/01/19 13:01:50 | 000,000,000 | ---D | C]
 Google -> C:\Users\New Computer\AppData\Local\Google -> [2013/01/19 13:01:46 | 000,000,000 | ---D | C]
 ComboFix.exe -> C:\Users\New Computer\Desktop\ComboFix.exe -> [2013/01/19 13:01:41 | 005,023,971 | R--- | C] (Swearware)
 Apps -> C:\Users\New Computer\AppData\Local\Apps -> [2013/01/19 13:01:07 | 000,000,000 | ---D | C]
 Deployment -> C:\Users\New Computer\AppData\Local\Deployment -> [2013/01/19 13:01:04 | 000,000,000 | ---D | C]
 pavboot64.sys -> C:\Windows\SysNative\drivers\pavboot64.sys -> [2013/01/15 20:46:56 | 000,033,800 | ---- | C] (Panda Security, S.L.)
 Panda Security -> C:\Program Files (x86)\Panda Security -> [2013/01/15 20:46:55 | 000,000,000 | ---D | C]
 ESET -> C:\Program Files (x86)\ESET -> [2013/01/15 19:58:45 | 000,000,000 | ---D | C]
 esent.dll -> C:\Windows\SysNative\esent.dll -> [2013/01/15 19:45:56 | 002,565,632 | ---- | C] (Microsoft Corporation)
 esent.dll -> C:\Windows\SysWow64\esent.dll -> [2013/01/15 19:45:56 | 001,699,328 | ---- | C] (Microsoft Corporation)
 storport.sys -> C:\Windows\SysNative\drivers\storport.sys -> [2013/01/15 19:45:56 | 000,189,824 | ---- | C] (Microsoft Corporation)
 amdsata.sys -> C:\Windows\SysNative\drivers\amdsata.sys -> [2013/01/15 19:45:56 | 000,107,904 | ---- | C] (Advanced Micro Devices)
 fsutil.exe -> C:\Windows\SysNative\fsutil.exe -> [2013/01/15 19:45:56 | 000,096,768 | ---- | C] (Microsoft Corporation)
 fsutil.exe -> C:\Windows\SysWow64\fsutil.exe -> [2013/01/15 19:45:56 | 000,074,240 | ---- | C] (Microsoft Corporation)
 amdxata.sys -> C:\Windows\SysNative\drivers\amdxata.sys -> [2013/01/15 19:45:56 | 000,027,008 | ---- | C] (Advanced Micro Devices)
 Wat -> C:\Windows\SysWow64\Wat -> [2013/01/14 22:58:54 | 000,000,000 | ---D | C]
 Wat -> C:\Windows\SysNative\Wat -> [2013/01/14 22:58:54 | 000,000,000 | ---D | C]
 OTL.exe -> C:\Users\New Computer\Desktop\OTL.exe -> [2013/01/14 22:17:26 | 000,602,112 | ---- | C] (OldTimer Tools)
 ieapfltr.dat -> C:\Windows\SysWow64\ieapfltr.dat -> [2013/01/14 21:25:42 | 003,695,416 | ---- | C] (Microsoft Corporation)
 ieapfltr.dat -> C:\Windows\SysNative\ieapfltr.dat -> [2013/01/14 21:25:42 | 003,695,416 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2013/01/14 21:25:42 | 002,312,704 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2013/01/14 21:25:42 | 001,494,528 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2013/01/14 21:25:42 | 001,427,968 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2013/01/14 21:25:42 | 000,816,640 | ---- | C] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2013/01/14 21:25:42 | 000,729,088 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2013/01/14 21:25:42 | 000,717,824 | ---- | C] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2013/01/14 21:25:42 | 000,599,040 | ---- | C] (Microsoft Corporation)
 ieapfltr.dll -> C:\Windows\SysNative\ieapfltr.dll -> [2013/01/14 21:25:42 | 000,534,528 | ---- | C] (Microsoft Corporation)
 dxtmsft.dll -> C:\Windows\SysNative\dxtmsft.dll -> [2013/01/14 21:25:42 | 000,452,608 | ---- | C] (Microsoft Corporation)
 html.iec -> C:\Windows\SysNative\html.iec -> [2013/01/14 21:25:42 | 000,448,512 | ---- | C] (Microsoft Corporation)
 ieapfltr.dll -> C:\Windows\SysWow64\ieapfltr.dll -> [2013/01/14 21:25:42 | 000,434,176 | ---- | C] (Microsoft Corporation)
 html.iec -> C:\Windows\SysWow64\html.iec -> [2013/01/14 21:25:42 | 000,367,104 | ---- | C] (Microsoft Corporation)
 dxtrans.dll -> C:\Windows\SysNative\dxtrans.dll -> [2013/01/14 21:25:42 | 000,282,112 | ---- | C] (Microsoft Corporation)
 ieaksie.dll -> C:\Windows\SysNative\ieaksie.dll -> [2013/01/14 21:25:42 | 000,267,776 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2013/01/14 21:25:42 | 000,248,320 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2013/01/14 21:25:42 | 000,237,056 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2013/01/14 21:25:42 | 000,231,936 | ---- | C] (Microsoft Corporation)
 ieaksie.dll -> C:\Windows\SysWow64\ieaksie.dll -> [2013/01/14 21:25:42 | 000,227,840 | ---- | C] (Microsoft Corporation)
 msls31.dll -> C:\Windows\SysNative\msls31.dll -> [2013/01/14 21:25:42 | 000,222,208 | ---- | C] (Microsoft Corporation)
 msrating.dll -> C:\Windows\SysNative\msrating.dll -> [2013/01/14 21:25:42 | 000,197,120 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2013/01/14 21:25:42 | 000,176,640 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2013/01/14 21:25:42 | 000,173,056 | ---- | C] (Microsoft Corporation)
 iexpress.exe -> C:\Windows\SysNative\iexpress.exe -> [2013/01/14 21:25:42 | 000,165,888 | ---- | C] (Microsoft Corporation)
 ieakui.dll -> C:\Windows\SysWow64\ieakui.dll -> [2013/01/14 21:25:42 | 000,163,840 | ---- | C] (Microsoft Corporation)
 ieakui.dll -> C:\Windows\SysNative\ieakui.dll -> [2013/01/14 21:25:42 | 000,163,840 | ---- | C] (Microsoft Corporation)
 msrating.dll -> C:\Windows\SysWow64\msrating.dll -> [2013/01/14 21:25:42 | 000,162,304 | ---- | C] (Microsoft Corporation)
 wextract.exe -> C:\Windows\SysNative\wextract.exe -> [2013/01/14 21:25:42 | 000,160,256 | ---- | C] (Microsoft Corporation)
 ieakeng.dll -> C:\Windows\SysNative\ieakeng.dll -> [2013/01/14 21:25:42 | 000,160,256 | ---- | C] (Microsoft Corporation)
 wextract.exe -> C:\Windows\SysWow64\wextract.exe -> [2013/01/14 21:25:42 | 000,152,064 | ---- | C] (Microsoft Corporation)
 iexpress.exe -> C:\Windows\SysWow64\iexpress.exe -> [2013/01/14 21:25:42 | 000,150,528 | ---- | C] (Microsoft Corporation)
 occache.dll -> C:\Windows\SysNative\occache.dll -> [2013/01/14 21:25:42 | 000,149,504 | ---- | C] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2013/01/14 21:25:42 | 000,145,920 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2013/01/14 21:25:42 | 000,142,848 | ---- | C] (Microsoft Corporation)
 IEAdvpack.dll -> C:\Windows\SysNative\IEAdvpack.dll -> [2013/01/14 21:25:42 | 000,135,168 | ---- | C] (Microsoft Corporation)
 ieakeng.dll -> C:\Windows\SysWow64\ieakeng.dll -> [2013/01/14 21:25:42 | 000,130,560 | ---- | C] (Microsoft Corporation)
 occache.dll -> C:\Windows\SysWow64\occache.dll -> [2013/01/14 21:25:42 | 000,123,392 | ---- | C] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2013/01/14 21:25:42 | 000,118,784 | ---- | C] (Microsoft Corporation)
 admparse.dll -> C:\Windows\SysNative\admparse.dll -> [2013/01/14 21:25:42 | 000,114,176 | ---- | C] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2013/01/14 21:25:42 | 000,111,616 | ---- | C] (Microsoft Corporation)
 IEAdvpack.dll -> C:\Windows\SysWow64\IEAdvpack.dll -> [2013/01/14 21:25:42 | 000,110,592 | ---- | C] (Microsoft Corporation)
 inseng.dll -> C:\Windows\SysNative\inseng.dll -> [2013/01/14 21:25:42 | 000,103,936 | ---- | C] (Microsoft Corporation)
 admparse.dll -> C:\Windows\SysWow64\admparse.dll -> [2013/01/14 21:25:42 | 000,101,888 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2013/01/14 21:25:42 | 000,096,768 | ---- | C] (Microsoft Corporation)
 SetIEInstalledDate.exe -> C:\Windows\SysNative\SetIEInstalledDate.exe -> [2013/01/14 21:25:42 | 000,091,648 | ---- | C] (Microsoft Corporation)
 RegisterIEPKEYs.exe -> C:\Windows\SysNative\RegisterIEPKEYs.exe -> [2013/01/14 21:25:42 | 000,089,088 | ---- | C] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2013/01/14 21:25:42 | 000,089,088 | ---- | C] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2013/01/14 21:25:42 | 000,086,528 | ---- | C] (Microsoft Corporation)
 iesetup.dll -> C:\Windows\SysNative\iesetup.dll -> [2013/01/14 21:25:42 | 000,085,504 | ---- | C] (Microsoft Corporation)
 icardie.dll -> C:\Windows\SysNative\icardie.dll -> [2013/01/14 21:25:42 | 000,082,432 | ---- | C] (Microsoft Corporation)
 inseng.dll -> C:\Windows\SysWow64\inseng.dll -> [2013/01/14 21:25:42 | 000,078,848 | ---- | C] (Microsoft Corporation)
 tdc.ocx -> C:\Windows\SysNative\tdc.ocx -> [2013/01/14 21:25:42 | 000,076,800 | ---- | C] (Microsoft Corporation)
 SetIEInstalledDate.exe -> C:\Windows\SysWow64\SetIEInstalledDate.exe -> [2013/01/14 21:25:42 | 000,076,800 | ---- | C] (Microsoft Corporation)
 RegisterIEPKEYs.exe -> C:\Windows\SysWow64\RegisterIEPKEYs.exe -> [2013/01/14 21:25:42 | 000,074,752 | ---- | C] (Microsoft Corporation)
 iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2013/01/14 21:25:42 | 000,074,752 | ---- | C] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2013/01/14 21:25:42 | 000,074,240 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2013/01/14 21:25:42 | 000,073,216 | ---- | C] (Microsoft Corporation)
 icardie.dll -> C:\Windows\SysWow64\icardie.dll -> [2013/01/14 21:25:42 | 000,066,048 | ---- | C] (Microsoft Corporation)
 pngfilt.dll -> C:\Windows\SysNative\pngfilt.dll -> [2013/01/14 21:25:42 | 000,065,024 | ---- | C] (Microsoft Corporation)
 tdc.ocx -> C:\Windows\SysWow64\tdc.ocx -> [2013/01/14 21:25:42 | 000,063,488 | ---- | C] (Microsoft Corporation)
 pngfilt.dll -> C:\Windows\SysWow64\pngfilt.dll -> [2013/01/14 21:25:42 | 000,054,272 | ---- | C] (Microsoft Corporation)
 imgutil.dll -> C:\Windows\SysNative\imgutil.dll -> [2013/01/14 21:25:42 | 000,049,664 | ---- | C] (Microsoft Corporation)
 mshtmler.dll -> C:\Windows\SysWow64\mshtmler.dll -> [2013/01/14 21:25:42 | 000,048,640 | ---- | C] (Microsoft Corporation)
 mshtmler.dll -> C:\Windows\SysNative\mshtmler.dll -> [2013/01/14 21:25:42 | 000,048,640 | ---- | C] (Microsoft Corporation)
 iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2013/01/14 21:25:42 | 000,039,936 | ---- | C] (Microsoft Corporation)
 iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2013/01/14 21:25:42 | 000,031,744 | ---- | C] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysNative\licmgr10.dll -> [2013/01/14 21:25:42 | 000,030,720 | ---- | C] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysWow64\licmgr10.dll -> [2013/01/14 21:25:42 | 000,023,552 | ---- | C] (Microsoft Corporation)
 mshta.exe -> C:\Windows\SysNative\mshta.exe -> [2013/01/14 21:25:42 | 000,012,288 | ---- | C] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2013/01/14 21:25:42 | 000,010,752 | ---- | C] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2013/01/14 21:25:42 | 000,010,752 | ---- | C] (Microsoft Corporation)
 WdfLdr.sys -> C:\Windows\SysNative\drivers\WdfLdr.sys -> [2013/01/13 17:06:04 | 000,054,376 | ---- | C] (Microsoft Corporation)
 Wdfres.dll -> C:\Windows\SysNative\Wdfres.dll -> [2013/01/13 17:06:04 | 000,009,728 | ---- | C] (Microsoft Corporation)
 atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2013/01/13 17:00:48 | 000,367,616 | ---- | C] (Adobe Systems Incorporated)
 atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2013/01/13 17:00:48 | 000,295,424 | ---- | C] (Adobe Systems Incorporated)
 fontsub.dll -> C:\Windows\SysNative\fontsub.dll -> [2013/01/13 17:00:48 | 000,100,864 | ---- | C] (Microsoft Corporation)
 fontsub.dll -> C:\Windows\SysWow64\fontsub.dll -> [2013/01/13 17:00:48 | 000,070,656 | ---- | C] (Microsoft Corporation)
 atmlib.dll -> C:\Windows\SysNative\atmlib.dll -> [2013/01/13 17:00:48 | 000,046,080 | ---- | C] (Adobe Systems)
 atmlib.dll -> C:\Windows\SysWow64\atmlib.dll -> [2013/01/13 17:00:48 | 000,034,304 | ---- | C] (Adobe Systems)
 WUDFPlatform.dll -> C:\Windows\SysNative\WUDFPlatform.dll -> [2013/01/13 17:00:19 | 000,194,048 | ---- | C] (Microsoft Corporation)
 WUDFx.dll -> C:\Windows\SysNative\WUDFx.dll -> [2013/01/13 17:00:18 | 000,744,448 | ---- | C] (Microsoft Corporation)
 WUDFHost.exe -> C:\Windows\SysNative\WUDFHost.exe -> [2013/01/13 17:00:18 | 000,229,888 | ---- | C] (Microsoft Corporation)
 WUDFCoinstaller.dll -> C:\Windows\SysNative\WUDFCoinstaller.dll -> [2013/01/13 17:00:18 | 000,045,056 | ---- | C] (Microsoft Corporation)
 imagehlp.dll -> C:\Windows\SysNative\imagehlp.dll -> [2013/01/13 16:58:35 | 000,081,408 | ---- | C] (Microsoft Corporation)
 fs_rec.sys -> C:\Windows\SysNative\drivers\fs_rec.sys -> [2013/01/13 16:58:35 | 000,023,408 | ---- | C] (Microsoft Corporation)
 FRST -> C:\FRST -> [2013/01/09 22:18:41 | 000,000,000 | ---D | C]
 xmllite.dll -> C:\Windows\SysNative\xmllite.dll -> [2013/01/08 22:59:43 | 000,199,680 | ---- | C] (Microsoft Corporation)
 win32spl.dll -> C:\Windows\SysNative\win32spl.dll -> [2013/01/08 22:59:42 | 000,750,592 | ---- | C] (Microsoft Corporation)
 win32spl.dll -> C:\Windows\SysWow64\win32spl.dll -> [2013/01/08 22:59:42 | 000,492,032 | ---- | C] (Microsoft Corporation)
 odbcjt32.dll -> C:\Windows\SysWow64\odbcjt32.dll -> [2013/01/08 22:59:41 | 000,319,488 | ---- | C] (Microsoft Corporation)
 odbctrac.dll -> C:\Windows\SysNative\odbctrac.dll -> [2013/01/08 22:59:41 | 000,212,992 | ---- | C] (Microsoft Corporation)
 odbctrac.dll -> C:\Windows\SysWow64\odbctrac.dll -> [2013/01/08 22:59:41 | 000,163,840 | ---- | C] (Microsoft Corporation)
 odbccp32.dll -> C:\Windows\SysNative\odbccp32.dll -> [2013/01/08 22:59:41 | 000,163,840 | ---- | C] (Microsoft Corporation)
 odbccp32.dll -> C:\Windows\SysWow64\odbccp32.dll -> [2013/01/08 22:59:41 | 000,122,880 | ---- | C] (Microsoft Corporation)
 odbccu32.dll -> C:\Windows\SysNative\odbccu32.dll -> [2013/01/08 22:59:41 | 000,106,496 | ---- | C] (Microsoft Corporation)
 odbccr32.dll -> C:\Windows\SysNative\odbccr32.dll -> [2013/01/08 22:59:41 | 000,106,496 | ---- | C] (Microsoft Corporation)
 odbccu32.dll -> C:\Windows\SysWow64\odbccu32.dll -> [2013/01/08 22:59:41 | 000,086,016 | ---- | C] (Microsoft Corporation)
 odbccr32.dll -> C:\Windows\SysWow64\odbccr32.dll -> [2013/01/08 22:59:41 | 000,081,920 | ---- | C] (Microsoft Corporation)
 DWrite.dll -> C:\Windows\SysNative\DWrite.dll -> [2013/01/08 22:59:39 | 001,544,704 | ---- | C] (Microsoft Corporation)
 poqexec.exe -> C:\Windows\SysNative\poqexec.exe -> [2013/01/08 22:59:08 | 000,142,336 | ---- | C] (Microsoft Corporation)
 poqexec.exe -> C:\Windows\SysWow64\poqexec.exe -> [2013/01/08 22:59:08 | 000,123,904 | ---- | C] (Microsoft Corporation)
 dhcpcore6.dll -> C:\Windows\SysNative\dhcpcore6.dll -> [2013/01/08 22:59:03 | 000,226,816 | ---- | C] (Microsoft Corporation)
 dhcpcore6.dll -> C:\Windows\SysWow64\dhcpcore6.dll -> [2013/01/08 22:59:03 | 000,193,536 | ---- | C] (Microsoft Corporation)
 dhcpcsvc6.dll -> C:\Windows\SysNative\dhcpcsvc6.dll -> [2013/01/08 22:59:03 | 000,055,296 | ---- | C] (Microsoft Corporation)
 explorer.exe -> C:\Windows\explorer.exe -> [2013/01/08 22:59:02 | 002,871,808 | ---- | C] (Microsoft Corporation)
 explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2013/01/08 22:59:02 | 002,616,320 | ---- | C] (Microsoft Corporation)
 sbe.dll -> C:\Windows\SysNative\sbe.dll -> [2013/01/08 22:58:54 | 001,118,720 | ---- | C] (Microsoft Corporation)
 CPFilters.dll -> C:\Windows\SysNative\CPFilters.dll -> [2013/01/08 22:58:54 | 000,961,024 | ---- | C] (Microsoft Corporation)
 CPFilters.dll -> C:\Windows\SysWow64\CPFilters.dll -> [2013/01/08 22:58:54 | 000,642,048 | ---- | C] (Microsoft Corporation)
 mpg2splt.ax -> C:\Windows\SysNative\mpg2splt.ax -> [2013/01/08 22:58:54 | 000,259,072 | ---- | C] (Microsoft Corporation)
 sbe.dll -> C:\Windows\SysWow64\sbe.dll -> [2013/01/08 22:58:53 | 000,850,944 | ---- | C] (Microsoft Corporation)
 mpg2splt.ax -> C:\Windows\SysWow64\mpg2splt.ax -> [2013/01/08 22:58:53 | 000,199,680 | ---- | C] (Microsoft Corporation)
 quartz.dll -> C:\Windows\SysNative\quartz.dll -> [2013/01/08 22:58:49 | 001,572,864 | ---- | C] (Microsoft Corporation)
 quartz.dll -> C:\Windows\SysWow64\quartz.dll -> [2013/01/08 22:58:49 | 001,328,128 | ---- | C] (Microsoft Corporation)
 qdvd.dll -> C:\Windows\SysWow64\qdvd.dll -> [2013/01/08 22:58:49 | 000,514,560 | ---- | C] (Microsoft Corporation)
 qdvd.dll -> C:\Windows\SysNative\qdvd.dll -> [2013/01/08 22:58:49 | 000,366,592 | ---- | C] (Microsoft Corporation)
 ntshrui.dll -> C:\Windows\SysNative\ntshrui.dll -> [2013/01/08 22:58:48 | 000,509,952 | ---- | C] (Microsoft Corporation)
 tquery.dll -> C:\Windows\SysNative\tquery.dll -> [2013/01/08 22:58:26 | 002,315,776 | ---- | C] (Microsoft Corporation)
 mssrch.dll -> C:\Windows\SysNative\mssrch.dll -> [2013/01/08 22:58:26 | 002,223,616 | ---- | C] (Microsoft Corporation)
 tquery.dll -> C:\Windows\SysWow64\tquery.dll -> [2013/01/08 22:58:26 | 001,549,312 | ---- | C] (Microsoft Corporation)
 mssrch.dll -> C:\Windows\SysWow64\mssrch.dll -> [2013/01/08 22:58:26 | 001,401,344 | ---- | C] (Microsoft Corporation)
 SearchProtocolHost.exe -> C:\Windows\SysNative\SearchProtocolHost.exe -> [2013/01/08 22:58:26 | 000,249,856 | ---- | C] (Microsoft Corporation)
 mssvp.dll -> C:\Windows\SysNative\mssvp.dll -> [2013/01/08 22:58:25 | 000,778,752 | ---- | C] (Microsoft Corporation)
 mssvp.dll -> C:\Windows\SysWow64\mssvp.dll -> [2013/01/08 22:58:25 | 000,666,624 | ---- | C] (Microsoft Corporation)
 mssph.dll -> C:\Windows\SysNative\mssph.dll -> [2013/01/08 22:58:25 | 000,491,520 | ---- | C] (Microsoft Corporation)
 mssph.dll -> C:\Windows\SysWow64\mssph.dll -> [2013/01/08 22:58:25 | 000,337,408 | ---- | C] (Microsoft Corporation)
 mssphtb.dll -> C:\Windows\SysNative\mssphtb.dll -> [2013/01/08 22:58:25 | 000,288,256 | ---- | C] (Microsoft Corporation)
 SearchFilterHost.exe -> C:\Windows\SysNative\SearchFilterHost.exe -> [2013/01/08 22:58:25 | 000,113,664 | ---- | C] (Microsoft Corporation)
 msscntrs.dll -> C:\Windows\SysNative\msscntrs.dll -> [2013/01/08 22:58:25 | 000,075,264 | ---- | C] (Microsoft Corporation)
 msscntrs.dll -> C:\Windows\SysWow64\msscntrs.dll -> [2013/01/08 22:58:25 | 000,059,392 | ---- | C] (Microsoft Corporation)
 webio.dll -> C:\Windows\SysNative\webio.dll -> [2013/01/08 22:58:04 | 000,395,776 | ---- | C] (Microsoft Corporation)
 webio.dll -> C:\Windows\SysWow64\webio.dll -> [2013/01/08 22:58:04 | 000,314,880 | ---- | C] (Microsoft Corporation)
 csrsrv.dll -> C:\Windows\SysNative\csrsrv.dll -> [2013/01/08 22:58:01 | 000,043,520 | ---- | C] (Microsoft Corporation)
 timedate.cpl -> C:\Windows\SysNative\timedate.cpl -> [2013/01/08 22:58:00 | 000,515,584 | ---- | C] (Microsoft Corporation)
 timedate.cpl -> C:\Windows\SysWow64\timedate.cpl -> [2013/01/08 22:58:00 | 000,478,720 | ---- | C] (Microsoft Corporation)
 XpsGdiConverter.dll -> C:\Windows\SysNative\XpsGdiConverter.dll -> [2013/01/08 22:58:00 | 000,476,160 | ---- | C] (Microsoft Corporation)
 XpsGdiConverter.dll -> C:\Windows\SysWow64\XpsGdiConverter.dll -> [2013/01/08 22:58:00 | 000,288,256 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2013/01/08 22:57:01 | 005,559,664 | ---- | C] (Microsoft Corporation)
 ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2013/01/08 22:57:00 | 003,968,880 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2013/01/08 22:57:00 | 003,914,096 | ---- | C] (Microsoft Corporation)
 XpsPrint.dll -> C:\Windows\SysNative\XpsPrint.dll -> [2013/01/08 22:55:49 | 001,465,344 | ---- | C] (Microsoft Corporation)
 XpsPrint.dll -> C:\Windows\SysWow64\XpsPrint.dll -> [2013/01/08 22:55:49 | 000,870,912 | ---- | C] (Microsoft Corporation)
 mfc42u.dll -> C:\Windows\SysNative\mfc42u.dll -> [2013/01/08 22:55:33 | 001,359,872 | ---- | C] (Microsoft Corporation)
 mfc42.dll -> C:\Windows\SysNative\mfc42.dll -> [2013/01/08 22:55:32 | 001,395,712 | ---- | C] (Microsoft Corporation)
 mfc42u.dll -> C:\Windows\SysWow64\mfc42u.dll -> [2013/01/08 22:55:32 | 001,164,288 | ---- | C] (Microsoft Corporation)
 mfc42.dll -> C:\Windows\SysWow64\mfc42.dll -> [2013/01/08 22:55:32 | 001,137,664 | ---- | C] (Microsoft Corporation)
 RNDISMP.sys -> C:\Windows\SysNative\drivers\RNDISMP.sys -> [2013/01/08 22:55:13 | 000,041,472 | ---- | C] (Microsoft Corporation)
 d3d10level9.dll -> C:\Windows\SysNative\d3d10level9.dll -> [2013/01/08 22:55:03 | 000,574,464 | ---- | C] (Microsoft Corporation)
 rdpcorekmts.dll -> C:\Windows\SysNative\rdpcorekmts.dll -> [2013/01/08 22:55:00 | 000,149,504 | ---- | C] (Microsoft Corporation)
 rdpwsx.dll -> C:\Windows\SysNative\rdpwsx.dll -> [2013/01/08 22:55:00 | 000,077,312 | ---- | C] (Microsoft Corporation)
 rdrmemptylst.exe -> C:\Windows\SysNative\rdrmemptylst.exe -> [2013/01/08 22:55:00 | 000,009,216 | ---- | C] (Microsoft Corporation)
 lsasrv.dll -> C:\Windows\SysNative\lsasrv.dll -> [2013/01/08 22:54:58 | 001,447,936 | ---- | C] (Microsoft Corporation)
 sspicli.dll -> C:\Windows\SysNative\sspicli.dll -> [2013/01/08 22:54:58 | 000,136,192 | ---- | C] (Microsoft Corporation)
 sspisrv.dll -> C:\Windows\SysNative\sspisrv.dll -> [2013/01/08 22:54:58 | 000,029,184 | ---- | C] (Microsoft Corporation)
 secur32.dll -> C:\Windows\SysNative\secur32.dll -> [2013/01/08 22:54:58 | 000,028,160 | ---- | C] (Microsoft Corporation)
 msxml3r.dll -> C:\Windows\SysWow64\msxml3r.dll -> [2013/01/08 22:54:42 | 000,002,048 | ---- | C] (Microsoft Corporation)
 msxml3r.dll -> C:\Windows\SysNative\msxml3r.dll -> [2013/01/08 22:54:42 | 000,002,048 | ---- | C] (Microsoft Corporation)
 netio.sys -> C:\Windows\SysNative\drivers\netio.sys -> [2013/01/08 22:53:59 | 000,376,688 | ---- | C] (Microsoft Corporation)
 FWPKCLNT.SYS -> C:\Windows\SysNative\drivers\FWPKCLNT.SYS -> [2013/01/08 22:53:59 | 000,288,624 | ---- | C] (Microsoft Corporation)
 netcorehc.dll -> C:\Windows\SysNative\netcorehc.dll -> [2013/01/08 22:53:59 | 000,246,272 | ---- | C] (Microsoft Corporation)
 ncsi.dll -> C:\Windows\SysNative\ncsi.dll -> [2013/01/08 22:53:59 | 000,216,576 | ---- | C] (Microsoft Corporation)
 netcorehc.dll -> C:\Windows\SysWow64\netcorehc.dll -> [2013/01/08 22:53:59 | 000,175,104 | ---- | C] (Microsoft Corporation)
 ncsi.dll -> C:\Windows\SysWow64\ncsi.dll -> [2013/01/08 22:53:59 | 000,156,672 | ---- | C] (Microsoft Corporation)
 netevent.dll -> C:\Windows\SysWow64\netevent.dll -> [2013/01/08 22:53:59 | 000,018,944 | ---- | C] (Microsoft Corporation)
 netevent.dll -> C:\Windows\SysNative\netevent.dll -> [2013/01/08 22:53:59 | 000,018,944 | ---- | C] (Microsoft Corporation)
 dnsapi.dll -> C:\Windows\SysNative\dnsapi.dll -> [2013/01/08 22:53:04 | 000,357,888 | ---- | C] (Microsoft Corporation)
 dnscacheugc.exe -> C:\Windows\SysNative\dnscacheugc.exe -> [2013/01/08 22:53:04 | 000,030,208 | ---- | C] (Microsoft Corporation)
 dnscacheugc.exe -> C:\Windows\SysWow64\dnscacheugc.exe -> [2013/01/08 22:53:04 | 000,028,672 | ---- | C] (Microsoft Corporation)
 Diskdump.sys -> C:\Windows\SysNative\drivers\Diskdump.sys -> [2013/01/08 22:53:04 | 000,027,520 | ---- | C] (Microsoft Corporation)
 dpnet.dll -> C:\Windows\SysNative\dpnet.dll -> [2013/01/08 22:52:10 | 000,478,208 | ---- | C] (Microsoft Corporation)
 dpnet.dll -> C:\Windows\SysWow64\dpnet.dll -> [2013/01/08 22:52:10 | 000,376,832 | ---- | C] (Microsoft Corporation)
 ncrypt.dll -> C:\Windows\SysNative\ncrypt.dll -> [2013/01/08 22:52:09 | 000,307,200 | ---- | C] (Microsoft Corporation)
 wintrust.dll -> C:\Windows\SysNative\wintrust.dll -> [2013/01/08 22:52:09 | 000,220,160 | ---- | C] (Microsoft Corporation)
 OxpsConverter.exe -> C:\Windows\SysNative\OxpsConverter.exe -> [2013/01/08 22:52:08 | 000,245,760 | ---- | C] (Microsoft Corporation)
 d3d10_1.dll -> C:\Windows\SysNative\d3d10_1.dll -> [2013/01/08 22:49:54 | 000,197,120 | ---- | C] (Microsoft Corporation)
 usp10.dll -> C:\Windows\SysNative\usp10.dll -> [2013/01/08 22:49:53 | 000,800,768 | ---- | C] (Microsoft Corporation)
 gameux.dll -> C:\Windows\SysNative\gameux.dll -> [2013/01/08 22:49:51 | 002,746,368 | ---- | C] (Microsoft Corporation)
 gameux.dll -> C:\Windows\SysWow64\gameux.dll -> [2013/01/08 22:49:51 | 002,576,384 | ---- | C] (Microsoft Corporation)
 Wpc.dll -> C:\Windows\SysNative\Wpc.dll -> [2013/01/08 22:49:51 | 000,441,856 | ---- | C] (Microsoft Corporation)
 Wpc.dll -> C:\Windows\SysWow64\Wpc.dll -> [2013/01/08 22:49:51 | 000,308,736 | ---- | C] (Microsoft Corporation)
 cero.rs -> C:\Windows\SysWow64\cero.rs -> [2013/01/08 22:49:51 | 000,055,296 | ---- | C] (Microsoft)
 cero.rs -> C:\Windows\SysNative\cero.rs -> [2013/01/08 22:49:51 | 000,055,296 | ---- | C] (Microsoft)
 esrb.rs -> C:\Windows\SysWow64\esrb.rs -> [2013/01/08 22:49:51 | 000,051,712 | ---- | C] (Microsoft)
 esrb.rs -> C:\Windows\SysNative\esrb.rs -> [2013/01/08 22:49:51 | 000,051,712 | ---- | C] (Microsoft)
 fpb.rs -> C:\Windows\SysWow64\fpb.rs -> [2013/01/08 22:49:51 | 000,046,592 | ---- | C] (Microsoft)
 fpb.rs -> C:\Windows\SysNative\fpb.rs -> [2013/01/08 22:49:51 | 000,046,592 | ---- | C] (Microsoft)
 oflc-nz.rs -> C:\Windows\SysWow64\oflc-nz.rs -> [2013/01/08 22:49:51 | 000,045,568 | ---- | C] (Microsoft)
 oflc-nz.rs -> C:\Windows\SysNative\oflc-nz.rs -> [2013/01/08 22:49:51 | 000,045,568 | ---- | C] (Microsoft)
 pegibbfc.rs -> C:\Windows\SysWow64\pegibbfc.rs -> [2013/01/08 22:49:51 | 000,044,544 | ---- | C] (Microsoft)
 pegibbfc.rs -> C:\Windows\SysNative\pegibbfc.rs -> [2013/01/08 22:49:51 | 000,044,544 | ---- | C] (Microsoft)
 csrr.rs -> C:\Windows\SysWow64\csrr.rs -> [2013/01/08 22:49:51 | 000,043,520 | ---- | C] (Microsoft)
 csrr.rs -> C:\Windows\SysNative\csrr.rs -> [2013/01/08 22:49:51 | 000,043,520 | ---- | C] (Microsoft)
 cob-au.rs -> C:\Windows\SysWow64\cob-au.rs -> [2013/01/08 22:49:51 | 000,040,960 | ---- | C] (Microsoft)
 cob-au.rs -> C:\Windows\SysNative\cob-au.rs -> [2013/01/08 22:49:51 | 000,040,960 | ---- | C] (Microsoft)
 usk.rs -> C:\Windows\SysWow64\usk.rs -> [2013/01/08 22:49:51 | 000,030,720 | ---- | C] (Microsoft)
 usk.rs -> C:\Windows\SysNative\usk.rs -> [2013/01/08 22:49:51 | 000,030,720 | ---- | C] (Microsoft)
 oflc.rs -> C:\Windows\SysWow64\oflc.rs -> [2013/01/08 22:49:51 | 000,023,552 | ---- | C] (Microsoft)
 oflc.rs -> C:\Windows\SysNative\oflc.rs -> [2013/01/08 22:49:51 | 000,023,552 | ---- | C] (Microsoft)
 grb.rs -> C:\Windows\SysWow64\grb.rs -> [2013/01/08 22:49:51 | 000,021,504 | ---- | C] (Microsoft)
 grb.rs -> C:\Windows\SysNative\grb.rs -> [2013/01/08 22:49:51 | 000,021,504 | ---- | C] (Microsoft)
 pegi-pt.rs -> C:\Windows\SysWow64\pegi-pt.rs -> [2013/01/08 22:49:51 | 000,020,480 | ---- | C] (Microsoft)
 pegi-pt.rs -> C:\Windows\SysNative\pegi-pt.rs -> [2013/01/08 22:49:51 | 000,020,480 | ---- | C] (Microsoft)
 pegi-fi.rs -> C:\Windows\SysWow64\pegi-fi.rs -> [2013/01/08 22:49:51 | 000,020,480 | ---- | C] (Microsoft)
 pegi-fi.rs -> C:\Windows\SysNative\pegi-fi.rs -> [2013/01/08 22:49:51 | 000,020,480 | ---- | C] (Microsoft)
 pegi.rs -> C:\Windows\SysWow64\pegi.rs -> [2013/01/08 22:49:51 | 000,020,480 | ---- | C] (Microsoft)
 pegi.rs -> C:\Windows\SysNative\pegi.rs -> [2013/01/08 22:49:51 | 000,020,480 | ---- | C] (Microsoft)
 djctq.rs -> C:\Windows\SysWow64\djctq.rs -> [2013/01/08 22:49:51 | 000,015,360 | ---- | C] (Microsoft)
 djctq.rs -> C:\Windows\SysNative\djctq.rs -> [2013/01/08 22:49:51 | 000,015,360 | ---- | C] (Microsoft)
 psisdecd.dll -> C:\Windows\SysNative\psisdecd.dll -> [2013/01/08 22:49:41 | 000,613,888 | ---- | C] (Microsoft Corporation)
 psisdecd.dll -> C:\Windows\SysWow64\psisdecd.dll -> [2013/01/08 22:49:41 | 000,465,408 | ---- | C] (Microsoft Corporation)
 psisrndr.ax -> C:\Windows\SysNative\psisrndr.ax -> [2013/01/08 22:49:41 | 000,108,032 | ---- | C] (Microsoft Corporation)
 psisrndr.ax -> C:\Windows\SysWow64\psisrndr.ax -> [2013/01/08 22:49:41 | 000,075,776 | ---- | C] (Microsoft Corporation)
 msi.dll -> C:\Windows\SysNative\msi.dll -> [2013/01/08 22:48:57 | 003,216,384 | ---- | C] (Microsoft Corporation)
 kernel32.dll -> C:\Windows\SysNative\kernel32.dll -> [2013/01/08 22:48:54 | 001,161,216 | ---- | C] (Microsoft Corporation)
 KernelBase.dll -> C:\Windows\SysNative\KernelBase.dll -> [2013/01/08 22:48:54 | 000,424,448 | ---- | C] (Microsoft Corporation)
 wow64win.dll -> C:\Windows\SysNative\wow64win.dll -> [2013/01/08 22:48:54 | 000,362,496 | ---- | C] (Microsoft Corporation)
 conhost.exe -> C:\Windows\SysNative\conhost.exe -> [2013/01/08 22:48:54 | 000,338,432 | ---- | C] (Microsoft Corporation)
 winsrv.dll -> C:\Windows\SysNative\winsrv.dll -> [2013/01/08 22:48:54 | 000,215,040 | ---- | C] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysNative\ntvdm64.dll -> [2013/01/08 22:48:53 | 000,016,384 | ---- | C] (Microsoft Corporation)
 ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2013/01/08 22:48:53 | 000,014,336 | ---- | C] (Microsoft Corporation)
 wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2013/01/08 22:48:52 | 000,243,200 | ---- | C] (Microsoft Corporation)
 setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2013/01/08 22:48:52 | 000,025,600 | ---- | C] (Microsoft Corporation)
 wow64cpu.dll -> C:\Windows\SysNative\wow64cpu.dll -> [2013/01/08 22:48:52 | 000,013,312 | ---- | C] (Microsoft Corporation)
 instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2013/01/08 22:48:52 | 000,007,680 | ---- | C] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,006,144 | -H-- | C] (Microsoft Corporation)
 api-ms-win-security-base-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,006,144 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,005,120 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-file-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,005,120 | -H-- | C] (Microsoft Corporation)
 wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2013/01/08 22:48:52 | 000,005,120 | ---- | C] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-threadpool-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processthreads-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,608 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-sysinfo-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-synch-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localregistry-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-localization-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,004,096 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-processenvironment-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-namedpipe-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-misc-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-memory-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-libraryloader-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-heap-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,584 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-xstate-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-util-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-string-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-rtlsupport-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-profile-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-io-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-interlocked-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-handle-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-fibers-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-errorhandling-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-delayload-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-debug-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-datetime-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 api-ms-win-core-console-l1-1-0.dll -> C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll -> [2013/01/08 22:48:52 | 000,003,072 | -H-- | C] (Microsoft Corporation)
 user.exe -> C:\Windows\SysWow64\user.exe -> [2013/01/08 22:48:52 | 000,002,048 | ---- | C] (Microsoft Corporation)
 winload.exe -> C:\Windows\SysNative\winload.exe -> [2013/01/08 22:48:22 | 000,605,552 | ---- | C] (Microsoft Corporation)
 winresume.efi -> C:\Windows\SysNative\winresume.efi -> [2013/01/08 22:48:22 | 000,566,208 | ---- | C] (Microsoft Corporation)
 winresume.exe -> C:\Windows\SysNative\winresume.exe -> [2013/01/08 22:48:22 | 000,518,672 | ---- | C] (Microsoft Corporation)
 synceng.dll -> C:\Windows\SysNative\synceng.dll -> [2013/01/08 22:48:22 | 000,095,744 | ---- | C] (Microsoft Corporation)
 synceng.dll -> C:\Windows\SysWow64\synceng.dll -> [2013/01/08 22:48:22 | 000,078,336 | ---- | C] (Microsoft Corporation)
 kdusb.dll -> C:\Windows\SysNative\kdusb.dll -> [2013/01/08 22:48:22 | 000,020,352 | ---- | C] (Microsoft Corporation)
 kd1394.dll -> C:\Windows\SysNative\kd1394.dll -> [2013/01/08 22:48:22 | 000,019,328 | ---- | C] (Microsoft Corporation)
 winload.efi -> C:\Windows\SysNative\winload.efi -> [2013/01/08 22:48:21 | 000,642,944 | ---- | C] (Microsoft Corporation)
 kdcom.dll -> C:\Windows\SysNative\kdcom.dll -> [2013/01/08 22:48:21 | 000,017,792 | ---- | C] (Microsoft Corporation)
 taskhost.exe -> C:\Windows\SysNative\taskhost.exe -> [2013/01/08 22:48:06 | 000,068,608 | ---- | C] (Microsoft Corporation)
 drvinst.exe -> C:\Windows\SysWow64\drvinst.exe -> [2013/01/08 22:47:50 | 000,252,928 | ---- | C] (Microsoft Corporation)
 devrtl.dll -> C:\Windows\SysWow64\devrtl.dll -> [2013/01/08 22:47:50 | 000,044,544 | ---- | C] (Microsoft Corporation)
 netapi32.dll -> C:\Windows\SysNative\netapi32.dll -> [2013/01/08 22:47:49 | 000,073,216 | ---- | C] (Microsoft Corporation)
 browcli.dll -> C:\Windows\SysNative\browcli.dll -> [2013/01/08 22:47:49 | 000,059,392 | ---- | C] (Microsoft Corporation)
 browcli.dll -> C:\Windows\SysWow64\browcli.dll -> [2013/01/08 22:47:49 | 000,041,984 | ---- | C] (Microsoft Corporation)
 prevhost.exe -> C:\Windows\SysWow64\prevhost.exe -> [2013/01/08 22:47:49 | 000,031,232 | ---- | C] (Microsoft Corporation)
 prevhost.exe -> C:\Windows\SysNative\prevhost.exe -> [2013/01/08 22:47:49 | 000,031,232 | ---- | C] (Microsoft Corporation)
 srcore.dll -> C:\Windows\SysNative\srcore.dll -> [2013/01/08 22:47:48 | 000,503,808 | ---- | C] (Microsoft Corporation)
 FXSCOVER.exe -> C:\Windows\SysNative\FXSCOVER.exe -> [2013/01/08 22:47:18 | 000,267,776 | ---- | C] (Microsoft Corporation)
 msvcrt.dll -> C:\Windows\SysNative\msvcrt.dll -> [2013/01/08 22:47:17 | 000,634,880 | ---- | C] (Microsoft Corporation)
 localspl.dll -> C:\Windows\SysNative\localspl.dll -> [2013/01/08 22:47:11 | 000,956,928 | ---- | C] (Microsoft Corporation)
 oleaut32.dll -> C:\Windows\SysNative\oleaut32.dll -> [2013/01/08 22:47:10 | 000,861,696 | ---- | C] (Microsoft Corporation)
 oleacc.dll -> C:\Windows\SysNative\oleacc.dll -> [2013/01/08 22:47:10 | 000,331,776 | ---- | C] (Microsoft Corporation)
 EncDec.dll -> C:\Windows\SysNative\EncDec.dll -> [2013/01/08 22:47:08 | 000,723,456 | ---- | C] (Microsoft Corporation)
 EncDec.dll -> C:\Windows\SysWow64\EncDec.dll -> [2013/01/08 22:47:07 | 000,534,528 | ---- | C] (Microsoft Corporation)
 cdosys.dll -> C:\Windows\SysNative\cdosys.dll -> [2013/01/08 22:46:59 | 001,133,568 | ---- | C] (Microsoft Corporation)
 cdosys.dll -> C:\Windows\SysWow64\cdosys.dll -> [2013/01/08 22:46:59 | 000,805,376 | ---- | C] (Microsoft Corporation)
 ntdll.dll -> C:\Windows\SysNative\ntdll.dll -> [2013/01/08 22:46:57 | 001,731,920 | ---- | C] (Microsoft Corporation)
 splwow64.exe -> C:\Windows\splwow64.exe -> [2013/01/08 22:46:56 | 000,067,072 | ---- | C] (Microsoft Corporation)
 crypt32.dll -> C:\Windows\SysNative\crypt32.dll -> [2013/01/08 22:46:53 | 001,464,320 | ---- | C] (Microsoft Corporation)
 cryptnet.dll -> C:\Windows\SysNative\cryptnet.dll -> [2013/01/08 22:46:53 | 000,140,288 | ---- | C] (Microsoft Corporation)
 packager.dll -> C:\Windows\SysNative\packager.dll -> [2013/01/08 22:46:47 | 000,077,312 | ---- | C] (Microsoft Corporation)
 packager.dll -> C:\Windows\SysWow64\packager.dll -> [2013/01/08 22:46:47 | 000,067,072 | ---- | C] (Microsoft Corporation)
 rdpcore.dll -> C:\Windows\SysNative\rdpcore.dll -> [2013/01/08 22:38:35 | 001,031,680 | ---- | C] (Microsoft Corporation)
 rdpcore.dll -> C:\Windows\SysWow64\rdpcore.dll -> [2013/01/08 22:38:35 | 000,826,880 | ---- | C] (Microsoft Corporation)
 wucltux.dll -> C:\Windows\SysNative\wucltux.dll -> [2013/01/08 22:34:58 | 002,622,464 | ---- | C] (Microsoft Corporation)
 wuauclt.exe -> C:\Windows\SysNative\wuauclt.exe -> [2013/01/08 22:34:58 | 000,057,880 | ---- | C] (Microsoft Corporation)
 wups2.dll -> C:\Windows\SysNative\wups2.dll -> [2013/01/08 22:34:58 | 000,044,056 | ---- | C] (Microsoft Corporation)
 wuapi.dll -> C:\Windows\SysNative\wuapi.dll -> [2013/01/08 22:34:47 | 000,701,976 | ---- | C] (Microsoft Corporation)
 wudriver.dll -> C:\Windows\SysNative\wudriver.dll -> [2013/01/08 22:34:47 | 000,099,840 | ---- | C] (Microsoft Corporation)
 wups.dll -> C:\Windows\SysNative\wups.dll -> [2013/01/08 22:34:47 | 000,038,424 | ---- | C] (Microsoft Corporation)
 wuwebv.dll -> C:\Windows\SysNative\wuwebv.dll -> [2013/01/08 22:34:37 | 000,186,752 | ---- | C] (Microsoft Corporation)
 wuapp.exe -> C:\Windows\SysNative\wuapp.exe -> [2013/01/08 22:34:37 | 000,036,864 | ---- | C] (Microsoft Corporation)
 Intel Corporation -> C:\Program Files (x86)\Common Files\Intel Corporation -> [2013/01/08 22:19:32 | 000,000,000 | ---D | C]
 Intel Corporation -> C:\Users\New Computer\AppData\Roaming\Intel Corporation -> [2013/01/08 21:45:36 | 000,000,000 | ---D | C]
 Synaptics -> C:\Users\New Computer\AppData\Roaming\Synaptics -> [2013/01/08 21:45:20 | 000,000,000 | ---D | C]
 Synaptics -> C:\ProgramData\Synaptics -> [2013/01/08 21:45:20 | 000,000,000 | ---D | C]
 Intel -> C:\ProgramData\Intel -> [2013/01/08 21:45:20 | 000,000,000 | ---D | C]
 AESTEC64.dll -> C:\Windows\SysNative\AESTEC64.dll -> [2013/01/08 21:41:17 | 000,442,368 | ---- | C] (Andrea Electronics Corporation)
 HPToneCtrls64.dll -> C:\Windows\SysNative\HPToneCtrls64.dll -> [2013/01/08 21:41:17 | 000,223,744 | ---- | C] (IDT, Inc.)
 AESTAC64.dll -> C:\Windows\SysNative\AESTAC64.dll -> [2013/01/08 21:41:17 | 000,162,304 | ---- | C] (Andrea Electronics Corporation)
 AESTAR64.dll -> C:\Windows\SysNative\AESTAR64.dll -> [2013/01/08 21:41:17 | 000,068,608 | ---- | C] (Andrea Electronics Corporation)
 IDTNGUI.exe -> C:\Windows\SysNative\IDTNGUI.exe -> [2013/01/08 21:41:16 | 006,344,704 | ---- | C] (IDT, Inc.)
 IDTNHP.dll -> C:\Windows\SysNative\IDTNHP.dll -> [2013/01/08 21:41:16 | 005,298,688 | ---- | C] (IDT, Inc.)
 stlang64.dll -> C:\Windows\SysNative\stlang64.dll -> [2013/01/08 21:41:16 | 004,444,672 | ---- | C] (IDT, Inc.)
 IDTNC64.cpl -> C:\Windows\SysNative\IDTNC64.cpl -> [2013/01/08 21:41:16 | 001,819,136 | ---- | C] (IDT, Inc.)
 sttray64.exe -> C:\Windows\sttray64.exe -> [2013/01/08 21:41:16 | 001,425,408 | ---- | C] (IDT, Inc.)
 IDTNX.dll -> C:\Windows\SysNative\IDTNX.dll -> [2013/01/08 21:41:16 | 001,085,440 | ---- | C] (IDT, Inc.)
 IDTNJ.exe -> C:\Windows\SysNative\IDTNJ.exe -> [2013/01/08 21:41:16 | 000,249,344 | ---- | C] (IDT, Inc.)
 AESTCo64.dll -> C:\Windows\SysNative\AESTCo64.dll -> [2013/01/08 21:41:16 | 000,090,624 | ---- | C] (Andrea Electronics Corporation)
 SRSLabs -> C:\Windows\SysNative\SRSLabs -> [2013/01/08 21:41:15 | 000,000,000 | ---D | C]
 stwrt64.sys -> C:\Windows\SysNative\drivers\stwrt64.sys -> [2013/01/08 21:40:42 | 000,535,552 | ---- | C] (IDT, Inc.)
 staco64.dll -> C:\Windows\SysNative\staco64.dll -> [2013/01/08 21:40:42 | 000,251,904 | ---- | C] (IDT, Inc.)
 stapo64.dll -> C:\Windows\SysNative\stapo64.dll -> [2013/01/08 21:40:41 | 001,987,072 | ---- | C] (IDT, Inc.)
 stapi64.dll -> C:\Windows\SysNative\stapi64.dll -> [2013/01/08 21:40:41 | 000,654,336 | ---- | C] (IDT, Inc.)
 stcplx64.dll -> C:\Windows\SysNative\stcplx64.dll -> [2013/01/08 21:40:41 | 000,448,512 | ---- | C] (IDT, Inc.)
 IDT -> C:\Program Files\IDT -> [2013/01/08 21:40:33 | 000,000,000 | ---D | C]
 Hewlett-Packard -> C:\Windows\Hewlett-Packard -> [2013/01/08 21:34:17 | 000,000,000 | ---D | C]
 WinSATAPI.dll -> C:\Windows\SysNative\WinSATAPI.dll -> [2013/01/08 21:31:47 | 000,501,248 | ---- | C] (Microsoft Corporation)
 WinSATAPI.dll -> C:\Windows\SysWow64\WinSATAPI.dll -> [2013/01/08 21:31:47 | 000,335,872 | ---- | C] (Microsoft Corporation)
 usbport.sys -> C:\Windows\SysNative\drivers\usbport.sys -> [2013/01/08 21:31:37 | 000,325,120 | ---- | C] (Microsoft Corporation)
 usbd.sys -> C:\Windows\SysNative\drivers\usbd.sys -> [2013/01/08 21:31:37 | 000,007,936 | ---- | C] (Microsoft Corporation)
 wwanprotdim.dll -> C:\Windows\SysNative\wwanprotdim.dll -> [2013/01/08 21:31:27 | 000,048,640 | ---- | C] (Microsoft Corporation)
 dxgmms1.sys -> C:\Windows\SysNative\drivers\dxgmms1.sys -> [2013/01/08 21:31:18 | 000,265,072 | ---- | C] (Microsoft Corporation)
 input.dll -> C:\Windows\SysNative\input.dll -> [2013/01/08 21:30:52 | 000,246,784 | ---- | C] (Microsoft Corporation)
 input.dll -> C:\Windows\SysWow64\input.dll -> [2013/01/08 21:30:52 | 000,202,240 | ---- | C] (Microsoft Corporation)
 usbrpm.sys -> C:\Windows\SysNative\drivers\usbrpm.sys -> [2013/01/08 21:30:30 | 000,031,744 | ---- | C] (Microsoft Corporation)
 ifsutil.dll -> C:\Windows\SysNative\ifsutil.dll -> [2013/01/08 21:29:59 | 000,180,736 | ---- | C] (Microsoft Corporation)
 ifsutil.dll -> C:\Windows\SysWow64\ifsutil.dll -> [2013/01/08 21:29:59 | 000,148,992 | ---- | C] (Microsoft Corporation)
 Hewlett-Packard -> C:\Program Files (x86)\Hewlett-Packard -> [2013/01/08 21:29:35 | 000,000,000 | ---D | C]
 Temp -> C:\ProgramData\Temp -> [2013/01/08 21:27:32 | 000,000,000 | ---D | C]
 AuthenTec -> C:\Users\New Computer\AppData\Local\AuthenTec -> [2013/01/08 21:25:33 | 000,000,000 | ---D | C]
 HP -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP -> [2013/01/08 21:24:54 | 000,000,000 | ---D | C]
 HP SimplePass -> C:\Program Files (x86)\HP SimplePass -> [2013/01/08 21:24:35 | 000,000,000 | ---D | C]
 AuthenTec -> C:\Program Files\Common Files\AuthenTec -> [2013/01/08 21:23:54 | 000,000,000 | ---D | C]
 AuthenTec -> C:\Program Files (x86)\Common Files\AuthenTec -> [2013/01/08 21:23:54 | 000,000,000 | ---D | C]
 Downloaded Installations -> C:\ProgramData\Downloaded Installations -> [2013/01/08 21:23:53 | 000,000,000 | ---D | C]
 Validity Sensors -> C:\Program Files\Validity Sensors -> [2013/01/08 21:21:15 | 000,000,000 | ---D | C]
 Synaptics -> C:\Program Files\Synaptics -> [2013/01/08 21:20:17 | 000,000,000 | ---D | C]
 Rt64win7.sys -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2013/01/08 21:18:28 | 000,428,136 | ---- | C] (Realtek                                            )
 RTNUninst64.dll -> C:\Windows\SysNative\RTNUninst64.dll -> [2013/01/08 21:18:28 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation)
 sda -> C:\Windows\SysWow64\sda -> [2013/01/08 21:16:39 | 000,000,000 | ---D | C]
 RtsPStorIcon.dll -> C:\Windows\SysWow64\RtsPStorIcon.dll -> [2013/01/08 21:16:12 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.)
 RtsPStor.sys -> C:\Windows\SysNative\drivers\RtsPStor.sys -> [2013/01/08 21:16:12 | 000,338,536 | ---- | C] (Realtek Semiconductor Corp.)
 Realtek -> C:\Program Files (x86)\Realtek -> [2013/01/08 21:16:12 | 000,000,000 | ---D | C]
 iaStor.sys -> C:\Windows\SysNative\drivers\iaStor.sys -> [2013/01/08 21:12:23 | 000,557,848 | ---- | C] (Intel Corporation)
 InstallShield -> C:\Users\New Computer\AppData\Roaming\InstallShield -> [2013/01/08 21:12:20 | 000,000,000 | ---D | C]
 Intel -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel -> [2013/01/08 21:12:05 | 000,000,000 | R--D | C]
 postureAgent -> C:\Program Files (x86)\Common Files\postureAgent -> [2013/01/08 21:11:59 | 000,000,000 | ---D | C]
 CSVer.dll -> C:\Windows\SysWow64\CSVer.dll -> [2013/01/08 21:09:03 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User)
 ATI -> C:\Users\New Computer\AppData\Roaming\ATI -> [2013/01/08 21:06:57 | 000,000,000 | ---D | C]
 ATI -> C:\Users\New Computer\AppData\Local\ATI -> [2013/01/08 21:06:57 | 000,000,000 | ---D | C]
 ATI -> C:\ProgramData\ATI -> [2013/01/08 21:06:57 | 000,000,000 | ---D | C]
 Intel -> C:\Program Files\Common Files\Intel -> [2013/01/08 20:59:08 | 000,000,000 | ---D | C]
 Intel -> C:\Program Files (x86)\Intel -> [2013/01/08 20:59:08 | 000,000,000 | ---D | C]
 Intel -> C:\Program Files (x86)\Common Files\Intel -> [2013/01/08 20:59:08 | 000,000,000 | ---D | C]
 AMD APP -> C:\Program Files (x86)\AMD APP -> [2013/01/08 20:58:51 | 000,000,000 | ---D | C]
 ATI Technologies -> C:\Program Files (x86)\ATI Technologies -> [2013/01/08 20:55:01 | 000,000,000 | ---D | C]
 ATI -> C:\Program Files\ATI -> [2013/01/08 20:54:52 | 000,000,000 | ---D | C]
 ATI Technologies -> C:\Program Files\ATI Technologies -> [2013/01/08 20:54:19 | 000,000,000 | ---D | C]
 Intel -> C:\Program Files\Intel -> [2013/01/08 20:42:24 | 000,000,000 | ---D | C]
 InstallShield Installation Information -> C:\Program Files (x86)\InstallShield Installation Information -> [2013/01/08 20:41:03 | 000,000,000 | -H-D | C]
 Renesas Electronics -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics -> [2013/01/08 20:40:57 | 000,000,000 | ---D | C]
 Renesas Electronics -> C:\Program Files (x86)\Renesas Electronics -> [2013/01/08 20:40:56 | 000,000,000 | ---D | C]
 Installer -> C:\Windows\Installer -> [2013/01/08 20:40:07 | 000,000,000 | -HSD | C]
 Intel -> C:\Intel -> [2013/01/08 20:39:51 | 000,000,000 | ---D | C]
 HPQ -> C:\Windows\HPQ -> [2013/01/08 20:39:12 | 000,000,000 | ---D | C]
 SWSetup -> C:\SWSetup -> [2013/01/08 20:39:06 | 000,000,000 | ---D | C]
 2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Users\New Computer\Desktop\OTS.exe -> [2013/02/04 21:33:35 | 000,646,656 | ---- | M] (OldTimer Tools)
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2013/02/04 21:31:17 | 000,726,316 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2013/02/04 21:31:17 | 000,624,178 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2013/02/04 21:31:17 | 000,106,522 | ---- | M] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/02/04 21:30:07 | 000,000,830 | ---- | M] ()
 requested-files[2013-02-04_21_29].cab -> C:\Users\New Computer\Desktop\requested-files[2013-02-04_21_29].cab -> [2013/02/04 21:29:24 | 000,000,363 | ---- | M] ()
 sfp.zip -> C:\Users\New Computer\Desktop\sfp.zip -> [2013/02/04 21:29:07 | 000,264,875 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2013/02/04 21:27:10 | 000,017,056 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2013/02/04 21:27:10 | 000,017,056 | -H-- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2013/02/04 21:26:47 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2013/02/04 21:26:39 | 495,865,855 | -HS- | M] ()
 requested-files[2013-01-30_22_38].cab -> C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_38].cab -> [2013/01/30 22:38:18 | 000,000,374 | ---- | M] ()
 sfp.exe -> C:\Users\New Computer\Desktop\sfp.exe -> [2013/01/30 22:38:03 | 000,518,656 | ---- | M] (Safer Networking Limited)
 requested-files[2013-01-30_22_33].cab -> C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_33].cab -> [2013/01/30 22:33:25 | 000,000,373 | ---- | M] ()
 RSIT.exe -> C:\Users\New Computer\Desktop\RSIT.exe -> [2013/01/28 23:14:52 | 000,781,383 | ---- | M] ()
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2013/01/28 23:14:07 | 000,697,864 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2013/01/28 23:14:07 | 000,074,248 | ---- | M] (Adobe Systems Incorporated)
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2013/01/24 07:39:10 | 967,923,780 | ---- | M] ()
 1g941yvb.exe -> C:\Users\New Computer\Desktop\1g941yvb.exe -> [2013/01/19 13:14:35 | 000,365,568 | ---- | M] ()
 k0b9hfhu.exe -> C:\Users\New Computer\Desktop\k0b9hfhu.exe -> [2013/01/19 12:59:48 | 000,365,568 | ---- | M] ()
 ComboFix.exe -> C:\Users\New Computer\Desktop\ComboFix.exe -> [2013/01/19 12:57:10 | 005,023,971 | R--- | M] (Swearware)
 Launch Internet Explorer Browser.lnk -> C:\Users\New Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2013/01/14 23:03:59 | 000,001,441 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2013/01/14 23:02:37 | 000,275,712 | ---- | M] ()
 ieapfltr.dat -> C:\Windows\SysWow64\ieapfltr.dat -> [2013/01/14 21:25:42 | 003,695,416 | ---- | M] (Microsoft Corporation)
 ieapfltr.dat -> C:\Windows\SysNative\ieapfltr.dat -> [2013/01/14 21:25:42 | 003,695,416 | ---- | M] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2013/01/14 21:25:42 | 002,312,704 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2013/01/14 21:25:42 | 001,494,528 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2013/01/14 21:25:42 | 001,427,968 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2013/01/14 21:25:42 | 000,816,640 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2013/01/14 21:25:42 | 000,729,088 | ---- | M] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2013/01/14 21:25:42 | 000,717,824 | ---- | M] (Microsoft Corporation)
 vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2013/01/14 21:25:42 | 000,599,040 | ---- | M] (Microsoft Corporation)
 ieapfltr.dll -> C:\Windows\SysNative\ieapfltr.dll -> [2013/01/14 21:25:42 | 000,534,528 | ---- | M] (Microsoft Corporation)
 dxtmsft.dll -> C:\Windows\SysNative\dxtmsft.dll -> [2013/01/14 21:25:42 | 000,452,608 | ---- | M] (Microsoft Corporation)
 html.iec -> C:\Windows\SysNative\html.iec -> [2013/01/14 21:25:42 | 000,448,512 | ---- | M] (Microsoft Corporation)
 ieapfltr.dll -> C:\Windows\SysWow64\ieapfltr.dll -> [2013/01/14 21:25:42 | 000,434,176 | ---- | M] (Microsoft Corporation)
 html.iec -> C:\Windows\SysWow64\html.iec -> [2013/01/14 21:25:42 | 000,367,104 | ---- | M] (Microsoft Corporation)
 dxtrans.dll -> C:\Windows\SysNative\dxtrans.dll -> [2013/01/14 21:25:42 | 000,282,112 | ---- | M] (Microsoft Corporation)
 ieaksie.dll -> C:\Windows\SysNative\ieaksie.dll -> [2013/01/14 21:25:42 | 000,267,776 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2013/01/14 21:25:42 | 000,248,320 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2013/01/14 21:25:42 | 000,237,056 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2013/01/14 21:25:42 | 000,231,936 | ---- | M] (Microsoft Corporation)
 ieaksie.dll -> C:\Windows\SysWow64\ieaksie.dll -> [2013/01/14 21:25:42 | 000,227,840 | ---- | M] (Microsoft Corporation)
 msls31.dll -> C:\Windows\SysNative\msls31.dll -> [2013/01/14 21:25:42 | 000,222,208 | ---- | M] (Microsoft Corporation)
 msrating.dll -> C:\Windows\SysNative\msrating.dll -> [2013/01/14 21:25:42 | 000,197,120 | ---- | M] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2013/01/14 21:25:42 | 000,176,640 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2013/01/14 21:25:42 | 000,173,056 | ---- | M] (Microsoft Corporation)
 iexpress.exe -> C:\Windows\SysNative\iexpress.exe -> [2013/01/14 21:25:42 | 000,165,888 | ---- | M] (Microsoft Corporation)
 ieakui.dll -> C:\Windows\SysWow64\ieakui.dll -> [2013/01/14 21:25:42 | 000,163,840 | ---- | M] (Microsoft Corporation)
 ieakui.dll -> C:\Windows\SysNative\ieakui.dll -> [2013/01/14 21:25:42 | 000,163,840 | ---- | M] (Microsoft Corporation)
 msrating.dll -> C:\Windows\SysWow64\msrating.dll -> [2013/01/14 21:25:42 | 000,162,304 | ---- | M] (Microsoft Corporation)
 wextract.exe -> C:\Windows\SysNative\wextract.exe -> [2013/01/14 21:25:42 | 000,160,256 | ---- | M] (Microsoft Corporation)
 ieakeng.dll -> C:\Windows\SysNative\ieakeng.dll -> [2013/01/14 21:25:42 | 000,160,256 | ---- | M] (Microsoft Corporation)
 wextract.exe -> C:\Windows\SysWow64\wextract.exe -> [2013/01/14 21:25:42 | 000,152,064 | ---- | M] (Microsoft Corporation)
 iexpress.exe -> C:\Windows\SysWow64\iexpress.exe -> [2013/01/14 21:25:42 | 000,150,528 | ---- | M] (Microsoft Corporation)
 occache.dll -> C:\Windows\SysNative\occache.dll -> [2013/01/14 21:25:42 | 000,149,504 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2013/01/14 21:25:42 | 000,145,920 | ---- | M] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2013/01/14 21:25:42 | 000,142,848 | ---- | M] (Microsoft Corporation)
 IEAdvpack.dll -> C:\Windows\SysNative\IEAdvpack.dll -> [2013/01/14 21:25:42 | 000,135,168 | ---- | M] (Microsoft Corporation)
 ieakeng.dll -> C:\Windows\SysWow64\ieakeng.dll -> [2013/01/14 21:25:42 | 000,130,560 | ---- | M] (Microsoft Corporation)
 occache.dll -> C:\Windows\SysWow64\occache.dll -> [2013/01/14 21:25:42 | 000,123,392 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2013/01/14 21:25:42 | 000,118,784 | ---- | M] (Microsoft Corporation)
 admparse.dll -> C:\Windows\SysNative\admparse.dll -> [2013/01/14 21:25:42 | 000,114,176 | ---- | M] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2013/01/14 21:25:42 | 000,111,616 | ---- | M] (Microsoft Corporation)
 IEAdvpack.dll -> C:\Windows\SysWow64\IEAdvpack.dll -> [2013/01/14 21:25:42 | 000,110,592 | ---- | M] (Microsoft Corporation)
 inseng.dll -> C:\Windows\SysNative\inseng.dll -> [2013/01/14 21:25:42 | 000,103,936 | ---- | M] (Microsoft Corporation)
 admparse.dll -> C:\Windows\SysWow64\admparse.dll -> [2013/01/14 21:25:42 | 000,101,888 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2013/01/14 21:25:42 | 000,096,768 | ---- | M] (Microsoft Corporation)
 SetIEInstalledDate.exe -> C:\Windows\SysNative\SetIEInstalledDate.exe -> [2013/01/14 21:25:42 | 000,091,648 | ---- | M] (Microsoft Corporation)
 RegisterIEPKEYs.exe -> C:\Windows\SysNative\RegisterIEPKEYs.exe -> [2013/01/14 21:25:42 | 000,089,088 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2013/01/14 21:25:42 | 000,089,088 | ---- | M] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2013/01/14 21:25:42 | 000,086,528 | ---- | M] (Microsoft Corporation)
 iesetup.dll -> C:\Windows\SysNative\iesetup.dll -> [2013/01/14 21:25:42 | 000,085,504 | ---- | M] (Microsoft Corporation)
 icardie.dll -> C:\Windows\SysNative\icardie.dll -> [2013/01/14 21:25:42 | 000,082,432 | ---- | M] (Microsoft Corporation)
 inseng.dll -> C:\Windows\SysWow64\inseng.dll -> [2013/01/14 21:25:42 | 000,078,848 | ---- | M] (Microsoft Corporation)
 tdc.ocx -> C:\Windows\SysNative\tdc.ocx -> [2013/01/14 21:25:42 | 000,076,800 | ---- | M] (Microsoft Corporation)
 SetIEInstalledDate.exe -> C:\Windows\SysWow64\SetIEInstalledDate.exe -> [2013/01/14 21:25:42 | 000,076,800 | ---- | M] (Microsoft Corporation)
 RegisterIEPKEYs.exe -> C:\Windows\SysWow64\RegisterIEPKEYs.exe -> [2013/01/14 21:25:42 | 000,074,752 | ---- | M] (Microsoft Corporation)
 iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2013/01/14 21:25:42 | 000,074,752 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2013/01/14 21:25:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2013/01/14 21:25:42 | 000,073,216 | ---- | M] (Microsoft Corporation)
 ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2013/01/14 21:25:42 | 000,072,822 | ---- | M] ()
 ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2013/01/14 21:25:42 | 000,072,822 | ---- | M] ()
 icardie.dll -> C:\Windows\SysWow64\icardie.dll -> [2013/01/14 21:25:42 | 000,066,048 | ---- | M] (Microsoft Corporation)
 pngfilt.dll -> C:\Windows\SysNative\pngfilt.dll -> [2013/01/14 21:25:42 | 000,065,024 | ---- | M] (Microsoft Corporation)
 tdc.ocx -> C:\Windows\SysWow64\tdc.ocx -> [2013/01/14 21:25:42 | 000,063,488 | ---- | M] (Microsoft Corporation)
 pngfilt.dll -> C:\Windows\SysWow64\pngfilt.dll -> [2013/01/14 21:25:42 | 000,054,272 | ---- | M] (Microsoft Corporation)
 imgutil.dll -> C:\Windows\SysNative\imgutil.dll -> [2013/01/14 21:25:42 | 000,049,664 | ---- | M] (Microsoft Corporation)
 mshtmler.dll -> C:\Windows\SysWow64\mshtmler.dll -> [2013/01/14 21:25:42 | 000,048,640 | ---- | M] (Microsoft Corporation)
 mshtmler.dll -> C:\Windows\SysNative\mshtmler.dll -> [2013/01/14 21:25:42 | 000,048,640 | ---- | M] (Microsoft Corporation)
 iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2013/01/14 21:25:42 | 000,039,936 | ---- | M] (Microsoft Corporation)
 iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2013/01/14 21:25:42 | 000,031,744 | ---- | M] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysNative\licmgr10.dll -> [2013/01/14 21:25:42 | 000,030,720 | ---- | M] (Microsoft Corporation)
 licmgr10.dll -> C:\Windows\SysWow64\licmgr10.dll -> [2013/01/14 21:25:42 | 000,023,552 | ---- | M] (Microsoft Corporation)
 mshta.exe -> C:\Windows\SysNative\mshta.exe -> [2013/01/14 21:25:42 | 000,012,288 | ---- | M] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2013/01/14 21:25:42 | 000,010,752 | ---- | M] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2013/01/14 21:25:42 | 000,010,752 | ---- | M] (Microsoft Corporation)
 OTL.exe -> C:\Users\New Computer\Desktop\OTL.exe -> [2013/01/14 21:25:06 | 000,602,112 | ---- | M] (OldTimer Tools)
 Msft_User_wbf_vfs_0018_01_09_00.Wdf -> C:\Windows\SysNative\drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf -> [2013/01/08 21:21:26 | 000,000,000 | -H-- | M] ()
 Msft_Kernel_SynTP_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf -> [2013/01/08 21:20:24 | 000,000,000 | -H-- | M] ()
 ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2013/01/08 21:05:32 | 000,000,000 | ---- | M] ()
 Msft_Kernel_AMPPAL_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf -> [2013/01/08 20:42:28 | 000,000,000 | -H-- | M] ()
 2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> 
 
[Files - No Company Name]
 requested-files[2013-02-04_21_29].cab -> C:\Users\New Computer\Desktop\requested-files[2013-02-04_21_29].cab -> [2013/02/04 21:29:24 | 000,000,363 | ---- | C] ()
 requested-files[2013-01-30_22_38].cab -> C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_38].cab -> [2013/01/30 22:38:18 | 000,000,374 | ---- | C] ()
 requested-files[2013-01-30_22_33].cab -> C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_33].cab -> [2013/01/30 22:33:25 | 000,000,373 | ---- | C] ()
 sfp.zip -> C:\Users\New Computer\Desktop\sfp.zip -> [2013/01/30 22:33:06 | 000,264,875 | ---- | C] ()
 RSIT.exe -> C:\Users\New Computer\Desktop\RSIT.exe -> [2013/01/28 23:14:52 | 000,781,383 | ---- | C] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/01/28 23:14:18 | 000,000,830 | ---- | C] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2013/01/24 07:39:10 | 967,923,780 | ---- | C] ()
 1g941yvb.exe -> C:\Users\New Computer\Desktop\1g941yvb.exe -> [2013/01/19 13:14:35 | 000,365,568 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2013/01/19 13:02:25 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2013/01/19 13:02:25 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2013/01/19 13:02:25 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2013/01/19 13:02:25 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2013/01/19 13:02:25 | 000,068,096 | ---- | C] ()
 k0b9hfhu.exe -> C:\Users\New Computer\Desktop\k0b9hfhu.exe -> [2013/01/19 13:01:40 | 000,365,568 | ---- | C] ()
 ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2013/01/14 21:25:42 | 000,072,822 | ---- | C] ()
 ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2013/01/14 21:25:42 | 000,072,822 | ---- | C] ()
 MsftWdf_Kernel_01011_Inbox_Critical.Wdf -> C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf -> [2013/01/13 17:06:05 | 000,000,003 | ---- | C] ()
 MsftWdf_User_01_11_00_Inbox_Critical.Wdf -> C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf -> [2013/01/13 17:00:18 | 000,000,003 | ---- | C] ()
 Msft_User_wbf_vfs_0018_01_09_00.Wdf -> C:\Windows\SysNative\drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf -> [2013/01/08 21:21:26 | 000,000,000 | -H-- | C] ()
 Msft_Kernel_SynTP_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf -> [2013/01/08 21:20:24 | 000,000,000 | -H-- | C] ()
 RtNicProp64.dll -> C:\Windows\SysNative\RtNicProp64.dll -> [2013/01/08 21:18:28 | 000,074,272 | ---- | C] ()
 IntelMEFWVer.dll -> C:\Windows\SysNative\drivers\IntelMEFWVer.dll -> [2013/01/08 21:12:04 | 000,008,192 | ---- | C] ()
 ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2013/01/08 21:05:32 | 000,000,000 | ---- | C] ()
 atipblup.dat -> C:\Windows\SysWow64\atipblup.dat -> [2013/01/08 20:56:56 | 000,003,929 | ---- | C] ()
 atipblup.dat -> C:\Windows\SysNative\atipblup.dat -> [2013/01/08 20:56:56 | 000,003,929 | ---- | C] ()
 Msft_Kernel_AMPPAL_01009.Wdf -> C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf -> [2013/01/08 20:42:28 | 000,000,000 | -H-- | C] ()
 MBRCheck.exe -> C:\Users\New Computer\Desktop\MBRCheck.exe -> [2013/01/08 20:35:29 | 000,080,384 | ---- | C] ()
 OVDecode.dll -> C:\Windows\SysWow64\OVDecode.dll -> [2011/09/30 22:42:20 | 000,053,760 | ---- | C] ()
 igcompkrng600.bin -> C:\Windows\SysWow64\igcompkrng600.bin -> [2011/08/09 08:30:04 | 000,145,804 | ---- | C] ()
 igkrng600.bin -> C:\Windows\SysWow64\igkrng600.bin -> [2011/08/09 08:30:02 | 000,963,116 | ---- | C] ()
 igfcg600m.bin -> C:\Windows\SysWow64\igfcg600m.bin -> [2011/08/09 08:30:02 | 000,216,000 | ---- | C] ()
 igdde32.dll -> C:\Windows\SysWow64\igdde32.dll -> [2011/08/09 08:23:26 | 000,056,832 | ---- | C] ()
 ig4icd32.dll -> C:\Windows\SysWow64\ig4icd32.dll -> [2011/08/09 07:58:38 | 013,903,872 | ---- | C] ()
 SynTPEnhPS.dll -> C:\Windows\SysWow64\SynTPEnhPS.dll -> [2011/06/09 18:17:36 | 000,066,856 | ---- | C] ()
 atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2011/03/17 13:51:46 | 000,003,929 | ---- | C] ()
< End of report >
```


----------



## Raderick (Oct 2, 2005)

Also here you go.

http://thespykiller.co.uk/index.php?topic=10022.new#new


----------



## eddie5659 (Mar 19, 2001)

Nothing uploaded again 

Thanks for trying anyway 

We'll remove it in the below fix:

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\] > -> 
YN -> HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/?ocid=iehp
YN -> HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-US
YN -> HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> DE 89 42 B9 61 03 CE 01  [binary data]
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
[Files/Folders - Created Within 30 Days]
NY ->  2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here

eddie


----------



## Raderick (Oct 2, 2005)

[Registry - Safe List]
Registry value HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3630743652-2838465791-4216672289-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
[Files/Folders - Created Within 30 Days]
C:\Program Files (x86)\GUM9A71.tmp\GoogleCrashHandler.exe deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\GoogleCrashHandler64.exe deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\GoogleUpdate.exe deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\GoogleUpdateBroker.exe deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\GoogleUpdateHelper.msi deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\GoogleUpdateOnDemand.exe deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\GoogleUpdateSetup.exe deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdate.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_am.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_ar.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_bg.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_bn.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_ca.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_cs.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_da.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_de.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_el.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_en-GB.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_en.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_es-419.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_es.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_et.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_fa.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_fi.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_fil.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_fr.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_gu.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_hi.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_hr.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_hu.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_id.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_is.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_it.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_iw.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_ja.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_kn.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_ko.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_lt.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_lv.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_ml.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_mr.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_ms.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_nl.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_no.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_pl.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_pt-BR.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_pt-PT.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_ro.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_ru.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_sk.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_sl.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_sr.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_sv.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_sw.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_ta.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_te.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_th.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_tr.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_uk.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_ur.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_vi.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_zh-CN.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\goopdateres_zh-TW.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\npGoogleUpdate3.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\psmachine.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp\psuser.dll deleted successfully.
C:\Program Files (x86)\GUM9A71.tmp folder deleted successfully.
C:\Program Files (x86)\GUT9A72.tmp deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02062013_113524


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Okay, hows the computer now? Is it still having the same problems?

eddie


----------



## Raderick (Oct 2, 2005)

Issue is still persisting.


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, had to format my computer 

Hmmm, and this is a fresh install, and still not connected to the router?

Did you use any flash drives when it started happening?

Can you re-run OTS, but this time, on the right, tick the following boxes:

*
App Paths
SafeBoot Minimal
SafeBoot Network
*

And in the Custom Scans in the bottom right, copy/paste this:

*
/md5start
svchost.exe
/md5stop
*

When its running, it may say its not responding. Leave it for a few mins, and it should carry on as normal. Don't touch it as it will freeze fully then.

Copy/paste the log here as before 

eddie


----------



## Raderick (Oct 2, 2005)

Yeah, the issue was occurring right as I rebooted the computer for the first time when I reinstalled the OS. Not connected to any router at all.


```
OTS logfile created on: 2/14/2013 10:27:09 AM - Run 2
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\New Computer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 79.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 696.53 Gb Total Space | 661.22 Gb Free Space | 94.93% Space Free | Partition Type: NTFS
Drive D: | 2.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.56% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NEWCOMPUTER-PC
Current User Name: New Computer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\New Computer\Desktop\OTS.exe -> [2013/02/04 21:33:35 | 000,646,656 | ---- | M] (OldTimer Tools)
truesuiteservice.exe -> C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -> [2011/12/11 03:48:26 | 000,260,424 | ---- | M] (HP)
touchcontrol.exe -> C:\Program Files (x86)\HP SimplePass\TouchControl.exe -> [2011/12/11 03:48:08 | 000,875,336 | ---- | M] (AuthenTec Inc.)
biomonitor.exe -> C:\Program Files (x86)\HP SimplePass\BioMonitor.exe -> [2011/12/11 03:47:40 | 000,148,296 | ---- | M] (HP)
uns.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2011/08/09 08:46:08 | 002,656,536 | ---- | M] (Intel Corporation)
lms.exe -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2011/08/09 08:46:06 | 000,325,912 | ---- | M] (Intel Corporation)
iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation)
iastoricon.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe -> [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation)
nusb3mon.exe -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe -> [2011/04/14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation)
mscorsvw.exe -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
 
[Modules - No Company Name]
system.web.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll -> [2013/01/30 22:49:59 | 011,833,344 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll -> [2013/01/30 22:49:54 | 003,347,968 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll -> [2013/01/30 22:49:54 | 000,771,584 | ---- | M] ()
iastorcommon.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll -> [2013/01/30 22:49:54 | 000,014,336 | ---- | M] ()
iastorutil.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll -> [2013/01/30 22:49:52 | 000,491,520 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll -> [2013/01/30 22:49:50 | 012,436,480 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll -> [2013/01/30 22:49:45 | 001,592,832 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll -> [2013/01/30 22:49:34 | 005,453,312 | ---- | M] ()
system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll -> [2013/01/30 22:49:32 | 000,971,264 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll -> [2013/01/30 22:49:31 | 007,989,760 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll -> [2013/01/30 22:49:25 | 011,493,376 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(STacSV)  [Auto | Running] -> C:\Program Files\IDT\WDM\stacsv64.exe -> [2012/01/04 00:37:16 | 000,311,808 | ---- | M] (IDT, Inc.)
64bit-(TrueService)  [On_Demand | Running] -> C:\Program Files\Common Files\AuthenTec\TrueService.exe -> [2011/12/09 06:41:00 | 000,269,640 | ---- | M] (AuthenTec, Inc.)
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2011/09/30 22:06:14 | 000,204,288 | ---- | M] (AMD)
64bit-(AMPPALR3)  [Auto | Running] -> C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -> [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation)
64bit-(BTHSSecurityMgr)  [Auto | Running] -> C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -> [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation)
64bit-(hpsrv)  [Auto | Running] -> C:\Windows\SysNative\hpservice.exe -> [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company)
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(AppMgmt)  [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
64bit-(AESTFilters)  [Auto | Running] -> C:\Program Files\IDT\WDM\AESTSr64.exe -> [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation)
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/01/28 23:14:12 | 000,251,400 | ---- | M] (Adobe Systems Incorporated)
(FPLService) TrueSuiteService [Auto | Running] -> C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -> [2011/12/11 03:48:26 | 000,260,424 | ---- | M] (HP)
(UNS) Intel(R) Management and Security Application User Notification Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -> [2011/08/09 08:46:08 | 002,656,536 | ---- | M] (Intel Corporation)
(LMS) Intel(R) Management and Security Application Local Management Service [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -> [2011/08/09 08:46:06 | 000,325,912 | ---- | M] (Intel Corporation)
(IconMan_R) IconMan_R [Auto | Running] -> C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -> [2011/06/28 17:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.)
(IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Running] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(STHDA) IDT High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\stwrt64.sys -> [2012/01/04 00:37:16 | 000,535,552 | ---- | M] (IDT, Inc.)
64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2011/10/01 00:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.)
64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2011/09/30 21:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(intelkmd) intelkmd [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdpmd64.sys -> [2011/08/09 08:32:02 | 012,289,472 | ---- | M] (Intel Corporation)
64bit-(AMPPALP) Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\AmpPal.sys -> [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(AMPPAL) Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AmpPal.sys -> [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider)
64bit-(NETwNs64) ___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NETwNs64.sys -> [2011/08/03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation)
64bit-(nusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3xhc.sys -> [2011/06/10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation)
64bit-(nusb3hub) Renesas Electronics USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nusb3hub.sys -> [2011/06/10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2011/06/09 18:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated)
64bit-(RSPCIESTOR) Realtek PCIE CardReader Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\RtsPStor.sys -> [2011/05/30 16:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation)
64bit-(hpdskflt) HP Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\hpdskflt.sys -> [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company)
64bit-(Accelerometer) HP Mobile Data Protection Sensor [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Accelerometer.sys -> [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2011/02/16 18:11:08 | 000,428,136 | ---- | M] (Realtek                                            )
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(dmvsc) dmvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\dmvsc.sys -> [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation)
64bit-(sdbus) sdbus [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\sdbus.sys -> [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation)
64bit-(MEIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2010/10/20 07:34:26 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(IntcDAud) Intel(R) Display Audio [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\IntcDAud.sys -> [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(pavboot) pavboot [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\pavboot64.sys -> [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wdcsam64.sys -> [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2009/06/10 13:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} [HKLM] -> C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll [HP SimplePass Browser Helper Object] -> [2011/12/11 03:47:00 | 002,221,896 | ---- | M] (HP)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} [HKLM] -> C:\Program Files (x86)\HP SimplePass\IEBHO.dll [HP SimplePass Browser Helper Object] -> [2011/12/11 03:47:54 | 001,985,352 | ---- | M] (HP)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{C98EE38D-21E4-4A50-907D-2B56FEC7013E}" [HKLM] -> C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll [HP SimplePass Toolbar] -> [2011/12/11 03:47:00 | 002,221,896 | ---- | M] (HP)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{C98EE38D-21E4-4A50-907D-2B56FEC7013E}" [HKLM] -> C:\Program Files (x86)\HP SimplePass\IEBHO.dll [HP SimplePass Toolbar] -> [2011/12/11 03:47:54 | 001,985,352 | ---- | M] (HP)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2011/08/09 09:02:48 | 000,392,472 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2011/08/09 09:03:22 | 000,167,704 | ---- | M] (Intel Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2011/08/09 09:03:00 | 000,416,024 | ---- | M] (Intel Corporation)
"SysTrayApp" -> C:\Program Files\IDT\WDM\sttray64.exe [C:\Program Files\IDT\WDM\sttray64.exe] -> [2012/01/04 00:37:16 | 001,425,408 | ---- | M] (IDT, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"" ->  [] -> File not found
"IAStorIcon" -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] -> [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation)
"NUSB3MON" -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ["C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"] -> [2011/04/14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation)
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2011/10/01 01:03:32 | 000,343,168 | ---- | M] (Advanced Micro Devices, Inc.)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{9191F686-7F0A-441D-8A98-2FE3AC1BD913} [HKLM] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab [ActiveScan 2.0 Installer Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{DE2B91CE-B331-4788-AA39-6506F8C394BA}\\DhcpNameServer -> 192.168.2.1   (Intel(R) WiFi Link 1000 BGN) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 17:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2011/08/09 07:52:44 | 000,390,144 | ---- | M] (Intel Corporation)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/20 19:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
D:\autorun.inf [[AutoRun.Amd64] | open=setup.exe | icon=setup.exe,0 |  | [AutoRun] | open=sources\sperr32.exe x64 | icon=sources\sperr32.exe,0 | ] -> D:\autorun.inf [ UDF ] -> [2011/04/12 00:27:46 | 000,000,122 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< 64bit-App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> 
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] -> [2013/01/25 18:35:08 | 001,248,208 | ---- | M] (Google Inc.)
cmmgr32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
combofix.exe -> C:\Users\New Computer\Desktop\ComboFix.exe [C:\Users\New Computer\Desktop\ComboFix.exe] -> [2013/01/19 12:57:10 | 005,023,971 | R--- | M] (Swearware)
dvdmaker.exe -> C:\Program Files\DVD Maker\DVDMaker.exe [%ProgramFiles%\DVD Maker\dvdmaker.exe] -> [2009/07/13 17:39:08 | 002,258,432 | ---- | M] (Microsoft Corporation)
IEDIAGCMD.EXE -> C:\Program Files (x86)\Internet Explorer\iediagcmd.exe [C:\Program Files (x86)\Internet Explorer\IEDIAGCMD.EXE] -> [2013/01/14 21:25:42 | 000,307,200 | ---- | M] ()
install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
Journal.exe -> C:\Program Files\Windows Journal\Journal.exe [%ProgramFiles%\Windows Journal\Journal.exe] -> [2010/11/20 19:25:06 | 002,164,224 | ---- | M] (Microsoft Corporation)
migwiz.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
mplayer2.exe -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe [%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe] -> [2010/11/20 19:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation)
pbrush.exe -> C:\Windows\SysNative\mspaint.exe [%SystemRoot%\System32\mspaint.exe] -> [2009/07/13 17:39:24 | 006,676,480 | ---- | M] (Microsoft Corporation)
PowerShell.exe -> C:\Windows\SysNative\WindowsPowerShell\v1.0\powershell.exe [%SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe] -> [2009/07/13 17:39:20 | 000,473,600 | ---- | M] (Microsoft Corporation)
setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
SnippingTool.exe -> C:\Windows\SysNative\SnippingTool.exe [%SystemRoot%\system32\SnippingTool.exe] -> [2009/07/13 17:39:41 | 000,431,104 | ---- | M] (Microsoft Corporation)
table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
wab.exe -> C:\Program Files\Windows Mail\wab.exe [%ProgramFiles%\Windows Mail\wab.exe] -> [2010/11/20 19:24:32 | 000,516,096 | ---- | M] (Microsoft Corporation)
wabmig.exe -> C:\Program Files\Windows Mail\wabmig.exe [%ProgramFiles%\Windows Mail\wabmig.exe] -> [2009/07/13 17:39:50 | 000,067,584 | ---- | M] (Microsoft Corporation)
wmplayer.exe -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe [%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe] -> [2010/11/20 19:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation)
WORDPAD.EXE -> C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2010/11/20 19:24:34 | 004,583,424 | ---- | M] (Microsoft Corporation)
WRITE.EXE -> C:\Program Files\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2010/11/20 19:24:34 | 004,583,424 | ---- | M] (Microsoft Corporation)
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> 
chrome.exe -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] -> [2013/01/25 18:35:08 | 001,248,208 | ---- | M] (Google Inc.)
cmmgr32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
combofix.exe -> C:\Users\New Computer\Desktop\ComboFix.exe [C:\Users\New Computer\Desktop\ComboFix.exe] -> [2013/01/19 12:57:10 | 005,023,971 | R--- | M] (Swearware)
dvdmaker.exe ->  [%ProgramFiles%\DVD Maker\dvdmaker.exe] -> File not found
IEDIAGCMD.EXE -> C:\Program Files (x86)\Internet Explorer\iediagcmd.exe [C:\Program Files (x86)\Internet Explorer\IEDIAGCMD.EXE] -> [2013/01/14 21:25:42 | 000,307,200 | ---- | M] ()
install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
Journal.exe ->  [%ProgramFiles%\Windows Journal\Journal.exe] -> File not found
migwiz.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
mplayer2.exe -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe [%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe] -> [2010/11/20 19:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation)
pbrush.exe -> C:\Windows\SysWOW64\mspaint.exe [%SystemRoot%\System32\mspaint.exe] -> [2009/07/13 17:14:26 | 006,376,960 | ---- | M] (Microsoft Corporation)
PowerShell.exe -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [%SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe] -> [2009/07/13 17:14:24 | 000,452,608 | ---- | M] (Microsoft Corporation)
setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
sidebar.exe -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe ["%ProgramFiles%\Windows Sidebar\sidebar.exe"] -> [2010/11/20 19:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation)
SnippingTool.exe ->  [%SystemRoot%\system32\SnippingTool.exe] -> File not found
table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
TabTip.exe ->  [%CommonProgramFiles%\microsoft shared\ink\TabTip.exe] -> File not found
wab.exe -> C:\Program Files (x86)\Windows Mail\wab.exe [%ProgramFiles%\Windows Mail\wab.exe] -> [2010/11/20 19:23:56 | 000,516,096 | ---- | M] (Microsoft Corporation)
wabmig.exe -> C:\Program Files (x86)\Windows Mail\wabmig.exe [%ProgramFiles%\Windows Mail\wabmig.exe] -> [2009/07/13 17:14:44 | 000,065,536 | ---- | M] (Microsoft Corporation)
wmplayer.exe -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe [%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe] -> [2010/11/20 19:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation)
WORDPAD.EXE -> C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2010/11/20 19:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation)
WRITE.EXE -> C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"] -> [2010/11/20 19:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation)
< 64bit-SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AppMgmt -> C:\Windows\SysNative\appmgmts.dll -> [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
NTDS -> 32bit -> File not found
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
sacsvr -> Service
SCSI Class -> Driver Group
System Bus Extender -> Driver Group
TrustedInstaller -> 32bit -> File not found
vmms -> Service
WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AppInfo -> 64bit -> File not found
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
DcomLaunch -> 64bit -> File not found
EFS -> 64bit -> File not found
EventLog -> 64bit -> File not found
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
KeyIso -> 64bit -> File not found
Netlogon -> 64bit -> File not found
NTDS -> 64bit -> File not found
PCI Configuration -> Driver Group
PlugPlay -> 64bit -> File not found
PNP Filter -> Driver Group
Power -> 64bit -> File not found
Primary disk -> Driver Group
ProfSvc -> 64bit -> File not found
RpcEptMapper -> 64bit -> File not found
RpcSs -> 64bit -> File not found
sacsvr -> Service
SCSI Class -> Driver Group
sermouse.sys -> 64bit -> File not found
SWPRV -> 64bit -> File not found
System Bus Extender -> Driver Group
TabletInputService -> 64bit -> File not found
TBS -> 64bit -> File not found
VDS -> 64bit -> File not found
vga.sys -> 64bit -> File not found
vgasave.sys -> 64bit -> File not found
vmms -> Service
volmgr.sys -> 64bit -> File not found
volmgrx.sys -> 64bit -> File not found
WinDefend -> 64bit -> File not found
WinMgmt -> 64bit -> File not found
WudfPf -> 64bit -> File not found
WudfRd -> 64bit -> File not found
WudfSvc -> 64bit -> File not found
< 64bit-SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{50DD5230-BA8A-11D1-BF5D-0000F805F530} -> Smart card readers
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AppMgmt -> C:\Windows\SysNative\appmgmts.dll -> [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
Messenger -> Service
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
NTDS -> 32bit -> File not found
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
rdsessmgr -> Service
sacsvr -> Service
SCSI Class -> Driver Group
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
TrustedInstaller -> 32bit -> File not found
vmms -> Service
WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
WudfUsbccidDriver -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> 
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{50DD5230-BA8A-11D1-BF5D-0000F805F530} -> Smart card readers
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices
AFD -> 64bit -> File not found
AppInfo -> 64bit -> File not found
Base -> Driver Group
BFE -> 64bit -> File not found
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
bowser -> 64bit -> File not found
Browser -> 64bit -> File not found
DcomLaunch -> 64bit -> File not found
dfsc -> 64bit -> File not found
DnsCache -> 64bit -> File not found
Dot3Svc -> 64bit -> File not found
Eaphost -> 64bit -> File not found
EFS -> 64bit -> File not found
EventLog -> 64bit -> File not found
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> Service
IKEEXT -> 64bit -> File not found
ipnat.sys -> 64bit -> File not found
KeyIso -> 64bit -> File not found
LanmanServer -> 64bit -> File not found
LanmanWorkstation -> 64bit -> File not found
LmHosts -> 64bit -> File not found
Messenger -> Service
MPSDrv -> 64bit -> File not found
MPSSvc -> 64bit -> File not found
mrxsmb -> 64bit -> File not found
mrxsmb10 -> 64bit -> File not found
mrxsmb20 -> 64bit -> File not found
NativeWifiP -> 64bit -> File not found
NDIS -> 64bit -> File not found
NDIS Wrapper -> Driver Group
ndiscap -> 64bit -> File not found
Ndisuio -> 64bit -> File not found
NetBIOS -> 64bit -> File not found
NetBIOSGroup -> Driver Group
NetBT -> 64bit -> File not found
NetDDEGroup -> Driver Group
Netlogon -> 64bit -> File not found
NetMan -> 64bit -> File not found
Network -> Driver Group
NetworkProvider -> Driver Group
NlaSvc -> 64bit -> File not found
Nsi -> 64bit -> File not found
nsiproxy.sys -> 64bit -> File not found
NTDS -> 64bit -> File not found
PCI Configuration -> Driver Group
PlugPlay -> 64bit -> File not found
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
PolicyAgent -> 64bit -> File not found
Power -> 64bit -> File not found
Primary disk -> Driver Group
ProfSvc -> 64bit -> File not found
rdbss -> 64bit -> File not found
rdpencdd.sys -> 64bit -> File not found
rdsessmgr -> Service
RpcEptMapper -> 64bit -> File not found
RpcSs -> 64bit -> File not found
sacsvr -> Service
SCardSvr -> 64bit -> File not found
SCSI Class -> Driver Group
sermouse.sys -> 64bit -> File not found
SharedAccess -> 64bit -> File not found
Streams Drivers -> Driver Group
SWPRV -> 64bit -> File not found
System Bus Extender -> Driver Group
TabletInputService -> 64bit -> File not found
TBS -> 64bit -> File not found
Tcpip -> 64bit -> File not found
TDI -> Driver Group
VaultSvc -> 64bit -> File not found
VDS -> 64bit -> File not found
vga.sys -> 64bit -> File not found
vgasave.sys -> 64bit -> File not found
vmms -> Service
volmgr.sys -> 64bit -> File not found
volmgrx.sys -> 64bit -> File not found
WinDefend -> 64bit -> File not found
WinMgmt -> 64bit -> File not found
Wlansvc -> 64bit -> File not found
WudfPf -> 64bit -> File not found
WudfRd -> 64bit -> File not found
WudfSvc -> 64bit -> File not found
WudfUsbccidDriver -> Driver
 
[Files/Folders - Created Within 30 Days]
 _OTS -> C:\_OTS -> [2013/02/06 11:35:24 | 000,000,000 | ---D | C]
 AuthLog -> C:\AuthLog -> [2013/02/05 20:51:24 | 000,000,000 | ---D | C]
 Google Chrome -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome -> [2013/02/05 20:51:10 | 000,000,000 | ---D | C]
 ChromeSetup.exe -> C:\Users\New Computer\Desktop\ChromeSetup.exe -> [2013/02/05 20:47:30 | 000,763,440 | ---- | C] (Google Inc.)
 OTS.exe -> C:\Users\New Computer\Desktop\OTS.exe -> [2013/02/04 21:33:32 | 000,646,656 | ---- | C] (OldTimer Tools)
 trend micro -> C:\Program Files (x86)\trend micro -> [2013/01/28 23:15:15 | 000,000,000 | ---D | C]
 rsit -> C:\rsit -> [2013/01/28 23:15:15 | 000,000,000 | ---D | C]
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2013/01/28 23:14:07 | 000,697,864 | ---- | C] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2013/01/28 23:14:07 | 000,074,248 | ---- | C] (Adobe Systems Incorporated)
 Macromedia -> C:\Users\New Computer\AppData\Roaming\Macromedia -> [2013/01/28 23:14:05 | 000,000,000 | ---D | C]
 Macromed -> C:\Windows\SysWow64\Macromed -> [2013/01/28 23:14:05 | 000,000,000 | ---D | C]
 Adobe -> C:\Users\New Computer\AppData\Roaming\Adobe -> [2013/01/28 23:14:05 | 000,000,000 | ---D | C]
 Macromed -> C:\Windows\SysNative\Macromed -> [2013/01/28 23:13:57 | 000,000,000 | ---D | C]
 TrueSuite -> C:\ProgramData\TrueSuite -> [2013/01/24 08:03:25 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2013/01/24 07:53:07 | 000,000,000 | -HSD | C]
 Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2013/01/24 07:48:55 | 000,000,000 | ---D | C]
 Minidump -> C:\Windows\Minidump -> [2013/01/24 07:39:15 | 000,000,000 | ---D | C]
 temp -> C:\Windows\temp -> [2013/01/19 13:07:10 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2013/01/19 13:02:25 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2013/01/19 13:02:25 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2013/01/19 13:02:25 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2013/01/19 13:02:21 | 000,000,000 | ---D | C]
 erdnt -> C:\Windows\erdnt -> [2013/01/19 13:02:07 | 000,000,000 | ---D | C]
 Google -> C:\Program Files (x86)\Google -> [2013/01/19 13:01:50 | 000,000,000 | ---D | C]
 Google -> C:\Users\New Computer\AppData\Local\Google -> [2013/01/19 13:01:46 | 000,000,000 | ---D | C]
 ComboFix.exe -> C:\Users\New Computer\Desktop\ComboFix.exe -> [2013/01/19 13:01:41 | 005,023,971 | R--- | C] (Swearware)
 Apps -> C:\Users\New Computer\AppData\Local\Apps -> [2013/01/19 13:01:07 | 000,000,000 | ---D | C]
 Deployment -> C:\Users\New Computer\AppData\Local\Deployment -> [2013/01/19 13:01:04 | 000,000,000 | ---D | C]
 pavboot64.sys -> C:\Windows\SysNative\drivers\pavboot64.sys -> [2013/01/15 20:46:56 | 000,033,800 | ---- | C] (Panda Security, S.L.)
 Panda Security -> C:\Program Files (x86)\Panda Security -> [2013/01/15 20:46:55 | 000,000,000 | ---D | C]
 ESET -> C:\Program Files (x86)\ESET -> [2013/01/15 19:58:45 | 000,000,000 | ---D | C]
 esent.dll -> C:\Windows\SysNative\esent.dll -> [2013/01/15 19:45:56 | 002,565,632 | ---- | C] (Microsoft Corporation)
 esent.dll -> C:\Windows\SysWow64\esent.dll -> [2013/01/15 19:45:56 | 001,699,328 | ---- | C] (Microsoft Corporation)
 storport.sys -> C:\Windows\SysNative\drivers\storport.sys -> [2013/01/15 19:45:56 | 000,189,824 | ---- | C] (Microsoft Corporation)
 amdsata.sys -> C:\Windows\SysNative\drivers\amdsata.sys -> [2013/01/15 19:45:56 | 000,107,904 | ---- | C] (Advanced Micro Devices)
 fsutil.exe -> C:\Windows\SysNative\fsutil.exe -> [2013/01/15 19:45:56 | 000,096,768 | ---- | C] (Microsoft Corporation)
 fsutil.exe -> C:\Windows\SysWow64\fsutil.exe -> [2013/01/15 19:45:56 | 000,074,240 | ---- | C] (Microsoft Corporation)
 amdxata.sys -> C:\Windows\SysNative\drivers\amdxata.sys -> [2013/01/15 19:45:56 | 000,027,008 | ---- | C] (Advanced Micro Devices)
 
[Files/Folders - Modified Within 30 Days]
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/02/14 10:30:00 | 000,000,830 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2013/02/14 10:26:40 | 000,017,056 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2013/02/14 10:26:40 | 000,017,056 | -H-- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2013/02/14 10:24:39 | 000,000,910 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2013/02/14 10:24:19 | 000,000,906 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2013/02/14 10:24:15 | 000,067,584 | --S- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2013/02/06 14:01:49 | 000,726,316 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2013/02/06 14:01:49 | 000,624,178 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2013/02/06 14:01:49 | 000,106,522 | ---- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2013/02/06 13:54:16 | 495,865,855 | -HS- | M] ()
 Google Chrome.lnk -> C:\Users\New Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2013/02/06 08:52:48 | 000,002,283 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2013/02/05 20:51:10 | 000,002,259 | ---- | M] ()
 ChromeSetup.exe -> C:\Users\New Computer\Desktop\ChromeSetup.exe -> [2013/02/05 20:47:31 | 000,763,440 | ---- | M] (Google Inc.)
 OTS.exe -> C:\Users\New Computer\Desktop\OTS.exe -> [2013/02/04 21:33:35 | 000,646,656 | ---- | M] (OldTimer Tools)
 requested-files[2013-02-04_21_29].cab -> C:\Users\New Computer\Desktop\requested-files[2013-02-04_21_29].cab -> [2013/02/04 21:29:24 | 000,000,363 | ---- | M] ()
 sfp.zip -> C:\Users\New Computer\Desktop\sfp.zip -> [2013/02/04 21:29:07 | 000,264,875 | ---- | M] ()
 requested-files[2013-01-30_22_38].cab -> C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_38].cab -> [2013/01/30 22:38:18 | 000,000,374 | ---- | M] ()
 sfp.exe -> C:\Users\New Computer\Desktop\sfp.exe -> [2013/01/30 22:38:03 | 000,518,656 | ---- | M] (Safer Networking Limited)
 requested-files[2013-01-30_22_33].cab -> C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_33].cab -> [2013/01/30 22:33:25 | 000,000,373 | ---- | M] ()
 RSIT.exe -> C:\Users\New Computer\Desktop\RSIT.exe -> [2013/01/28 23:14:52 | 000,781,383 | ---- | M] ()
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2013/01/28 23:14:07 | 000,697,864 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2013/01/28 23:14:07 | 000,074,248 | ---- | M] (Adobe Systems Incorporated)
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2013/01/24 07:39:10 | 967,923,780 | ---- | M] ()
 1g941yvb.exe -> C:\Users\New Computer\Desktop\1g941yvb.exe -> [2013/01/19 13:14:35 | 000,365,568 | ---- | M] ()
 k0b9hfhu.exe -> C:\Users\New Computer\Desktop\k0b9hfhu.exe -> [2013/01/19 12:59:48 | 000,365,568 | ---- | M] ()
 ComboFix.exe -> C:\Users\New Computer\Desktop\ComboFix.exe -> [2013/01/19 12:57:10 | 005,023,971 | R--- | M] (Swearware)
 
[Files - No Company Name]
 Google Chrome.lnk -> C:\Users\New Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> [2013/02/05 20:51:10 | 000,002,283 | ---- | C] ()
 Google Chrome.lnk -> C:\Users\Public\Desktop\Google Chrome.lnk -> [2013/02/05 20:51:10 | 000,002,259 | ---- | C] ()
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2013/02/05 20:47:40 | 000,000,910 | ---- | C] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2013/02/05 20:47:40 | 000,000,906 | ---- | C] ()
 requested-files[2013-02-04_21_29].cab -> C:\Users\New Computer\Desktop\requested-files[2013-02-04_21_29].cab -> [2013/02/04 21:29:24 | 000,000,363 | ---- | C] ()
 requested-files[2013-01-30_22_38].cab -> C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_38].cab -> [2013/01/30 22:38:18 | 000,000,374 | ---- | C] ()
 requested-files[2013-01-30_22_33].cab -> C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_33].cab -> [2013/01/30 22:33:25 | 000,000,373 | ---- | C] ()
 sfp.zip -> C:\Users\New Computer\Desktop\sfp.zip -> [2013/01/30 22:33:06 | 000,264,875 | ---- | C] ()
 RSIT.exe -> C:\Users\New Computer\Desktop\RSIT.exe -> [2013/01/28 23:14:52 | 000,781,383 | ---- | C] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2013/01/28 23:14:18 | 000,000,830 | ---- | C] ()
 MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2013/01/24 07:39:10 | 967,923,780 | ---- | C] ()
 1g941yvb.exe -> C:\Users\New Computer\Desktop\1g941yvb.exe -> [2013/01/19 13:14:35 | 000,365,568 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2013/01/19 13:02:25 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2013/01/19 13:02:25 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2013/01/19 13:02:25 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2013/01/19 13:02:25 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2013/01/19 13:02:25 | 000,068,096 | ---- | C] ()
 k0b9hfhu.exe -> C:\Users\New Computer\Desktop\k0b9hfhu.exe -> [2013/01/19 13:01:40 | 000,365,568 | ---- | C] ()
 ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2013/01/08 21:05:32 | 000,000,000 | ---- | C] ()
 atipblup.dat -> C:\Windows\SysWow64\atipblup.dat -> [2013/01/08 20:56:56 | 000,003,929 | ---- | C] ()
 OVDecode.dll -> C:\Windows\SysWow64\OVDecode.dll -> [2011/09/30 22:42:20 | 000,053,760 | ---- | C] ()
 igcompkrng600.bin -> C:\Windows\SysWow64\igcompkrng600.bin -> [2011/08/09 08:30:04 | 000,145,804 | ---- | C] ()
 igkrng600.bin -> C:\Windows\SysWow64\igkrng600.bin -> [2011/08/09 08:30:02 | 000,963,116 | ---- | C] ()
 igfcg600m.bin -> C:\Windows\SysWow64\igfcg600m.bin -> [2011/08/09 08:30:02 | 000,216,000 | ---- | C] ()
 igdde32.dll -> C:\Windows\SysWow64\igdde32.dll -> [2011/08/09 08:23:26 | 000,056,832 | ---- | C] ()
 ig4icd32.dll -> C:\Windows\SysWow64\ig4icd32.dll -> [2011/08/09 07:58:38 | 013,903,872 | ---- | C] ()
 SynTPEnhPS.dll -> C:\Windows\SysWow64\SynTPEnhPS.dll -> [2011/06/09 18:17:36 | 000,066,856 | ---- | C] ()
 atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2011/03/17 13:51:46 | 000,003,929 | ---- | C] ()
[Custom Scans]
< MD5 Scans Start>
< %systemdrive%\SVCHOST.EXE  /md5 /s >
 svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\erdnt\cache86\svchost.exe -> [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\SysWOW64\svchost.exe -> [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe -> [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=C78655BC80301D76ED4FEF1C1EA40A7D -> C:\Windows\erdnt\cache64\svchost.exe -> [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=C78655BC80301D76ED4FEF1C1EA40A7D -> C:\Windows\SysNative\svchost.exe -> [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation)
 svchost.exe : MD5=C78655BC80301D76ED4FEF1C1EA40A7D -> C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe -> [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< End of report >
```


----------



## eddie5659 (Mar 19, 2001)

Okay, lets see if this helps. Also, are the windows opening Chrome, Firefox or Internet Explorer? Also, is this the same router other pc's are connected to, and are they all okay?

Plus, do you know what drive F is? It has only 2gig of space, hardly any used. If you do, that's fine 

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Registry - Safe List]
< HOSTS File > ([2009/06/10 13:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts
YN -> Reset Hosts -> 
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
< Drives with AutoRun files > -> 
YY -> D:\autorun.inf  -> D:\autorun.inf [ UDF ]
[Registry - Additional Scans - Safe List]
< 64bit-App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
YN -> cmmgr32.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> install.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> migwiz.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> setup.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> table30.exe -> Reg Error: Value error. [Reg Error: Value error.]
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
YN -> cmmgr32.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> install.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> migwiz.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> setup.exe -> Reg Error: Value error. [Reg Error: Value error.]
YN -> table30.exe -> Reg Error: Value error. [Reg Error: Value error.]
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here

eddie


----------



## Raderick (Oct 2, 2005)

Issue would occur regardless of which browser is the default browser. Also would occur regardless of which router or wireless connection it is connected to. The problem also arises if the laptop is not connected to any sort of connection, wired or wireless.

[Registry - Safe List]
HOSTS file reset successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
[Registry - Additional Scans - Safe List]
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\install.exe\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\migwiz.exe\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\setup.exe\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\table30.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\install.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\migwiz.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\setup.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\table30.exe\ not found.
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02172013_000905

Files\Folders moved on Reboot...
File move failed. D:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

> At random times in the last couple of days my browser (Firefox) would open randomly the default web sites. If the browser is closed or I'm doing something in another application, it would open a new browser window with the default web pages without me triggering the application to open.


Just read this in your Windows 7 thread, as I'm trying to get the answer to this. Is it still the default websites appearing, and not random websites?



> No Windows 7 disc came with my computer, think the Win 7 recovery data is built in the computer itself.


When you said in the malware thread you did a full format, do you just mean you went back to the recovery date, as in a factory install?

The reason I ask, is looking here at the TDSSKiller scan, I can see SuperAntispyware still installed:

http://forums.techguy.org/8565075-post20.html



> 14:31:02.0574 4428 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
> 14:31:02.0699 4428 SASDIFSV - ok
> 14:31:02.0699 4428 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS


Are you using any flash drives with the pc?

Can you try running these programs again, to see if anything is lurking:








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download *AdwCleaner* by Xplode onto your desktop.

Double click on *AdwCleaner.exe* to run the tool.
Click on *Search*.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[R1].txt* as well.

---

Then, can you see if you can run OTL again, but use the code as below in the Custom Scan box. If it says its not responding, just let it run, and it should carry on. Just don't move the mouse whilst its running:


```
/md5start
lsass.exe
winsrv.dll
user32.dll
ATAPI.SYS
explorer.exe
iexplore.exe
winlogon.exe
Services.exe
/md5stop
```
Before pressing *Run Scan*, put the *Extra Registry* to *Use SafeList*.

If it still has problems, run OTS like before, but with just the code above, in the Custom Scan box and post the log.


----------



## Raderick (Oct 2, 2005)

eddie5659 said:


> Just read this in your Windows 7 thread, as I'm trying to get the answer to this. Is it still the default websites appearing, and not random websites?
> 
> When you said in the malware thread you did a full format, do you just mean you went back to the recovery date, as in a factory install?
> 
> ...


It is still the default web site, not random web sites.

What I ended up doing is, while the issue was occurring, I hunted down a Windows 7 Professional DVD, did a complete reformat of all hard drives, and installed Windows 7 using this disc. When the OS booted up for the first time (without any drivers, without any connection to the Internet), I was met with about 10 Internet Explorer windows trying to go to the default web site (msn.com).

Something that I did notice is there is only one hotkey on this laptop, which opens the default browser when you press it. I wonder if something is perhaps hitting that key, if there are crumbs in the key, etc. Just throwing it out there. I do have flash drives, but at the time of the reformat, reinstall of Windows 7 and reboots, they were not plugged into the laptop.

I'll run the tools described tonight when I'm at the laptop.


----------



## Raderick (Oct 2, 2005)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Professional x64
Ran by New Computer on Wed 02/20/2013 at 23:58:30.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/21/2013 at 0:03:49.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Raderick (Oct 2, 2005)

# AdwCleaner v2.112 - Logfile created 02/21/2013 at 00:05:10
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : New Computer - NEWCOMPUTER-PC
# Boot Mode : Normal
# Running from : C:\Users\New Computer\Desktop\adwcleaner0.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [684 octets] - [21/02/2013 00:05:10]

########## EOF - C:\AdwCleaner[R1].txt - [743 octets] ##########


----------



## Raderick (Oct 2, 2005)

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 02212013_000704


----------



## Raderick (Oct 2, 2005)

OTL logfile created on: 2/21/2013 12:08:46 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\New Computer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 69.24% Memory free
11.90 Gb Paging File | 9.79 Gb Available in Paging File | 82.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 696.53 Gb Total Space | 659.55 Gb Free Space | 94.69% Space Free | Partition Type: NTFS
Drive D: | 2.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.56% Space Free | Partition Type: FAT32

Computer Name: NEWCOMPUTER-PC | User Name: New Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\New Computer\Desktop\adwcleaner0.exe ()
PRC - C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_user_expert.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_comm_expert.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Users\New Computer\Desktop\OTS.exe (OldTimer Tools)
PRC - C:\Users\New Computer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.)
PRC - C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Users\New Computer\Desktop\adwcleaner0.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:*64bit:* - (TrueService) -- C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.)
SRV:*64bit:* - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:*64bit:* - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:*64bit:* - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:*64bit:* - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:*64bit:* - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:*64bit:* - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:*64bit:* - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:*64bit:* - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:*64bit:* - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:*64bit:* - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:*64bit:* - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:*64bit:* - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:*64bit:* - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:*64bit:* - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:*64bit:* - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:*64bit:* - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:*64bit:* - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:*64bit:* - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:*64bit:* - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 AE 14 55 61 0C CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Simple Pass (Enabled) = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\npwebsitelogon.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - Extension: Docs = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Website Logon = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\
CHR - Extension: Gmail = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/17 00:09:05 | 000,000,050 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
O3:*64bit:* - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [GoToAssist Remote Support Expert] C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE2B91CE-B331-4788-AA39-6506F8C394BA}: DhcpNameServer = 192.168.2.1
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/12 00:27:46 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/21 00:08:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/20 23:58:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/20 23:58:21 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/20 23:57:49 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\New Computer\Desktop\JRT.exe
[2013/02/17 07:35:02 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
[2013/02/17 07:34:52 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Local\Citrix
[2013/02/17 07:25:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/17 07:25:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/17 07:25:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/17 07:25:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/17 07:25:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/17 07:25:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/17 07:25:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/17 07:25:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/17 07:25:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/17 07:25:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/17 07:25:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/17 07:25:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/17 07:25:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/17 07:25:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/17 07:25:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/16 08:24:40 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/16 08:24:39 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/16 08:24:39 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/16 08:24:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/16 08:24:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/16 08:24:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/16 08:24:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/16 08:24:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/16 08:24:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/16 08:24:30 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/06 11:35:24 | 000,000,000 | ---D | C] -- C:\_OTS
[2013/02/05 20:51:24 | 000,000,000 | ---D | C] -- C:\AuthLog
[2013/02/05 20:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/05 20:47:30 | 000,763,440 | ---- | C] (Google Inc.) -- C:\Users\New Computer\Desktop\ChromeSetup.exe
[2013/02/04 21:33:32 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Users\New Computer\Desktop\OTS.exe
[2013/01/28 23:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2013/01/28 23:15:15 | 000,000,000 | ---D | C] -- C:\rsit
[2013/01/28 23:14:07 | 000,697,712 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/28 23:14:07 | 000,074,096 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/28 23:14:05 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Roaming\Macromedia
[2013/01/28 23:14:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/01/28 23:14:05 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Roaming\Adobe
[2013/01/28 23:13:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/01/24 08:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueSuite
[2013/01/24 07:53:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/24 07:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/01/24 07:39:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2013/02/21 00:08:57 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/21 00:05:07 | 000,587,671 | ---- | M] () -- C:\Users\New Computer\Desktop\adwcleaner0.exe
[2013/02/21 00:00:14 | 000,002,026 | -H-- | M] () -- C:\Users\New Computer\Documents\Default.rdp
[2013/02/20 23:57:50 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\New Computer\Desktop\JRT.exe
[2013/02/20 23:57:27 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/20 23:57:13 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/20 23:57:13 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/20 23:57:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/20 23:57:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/17 07:53:07 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/17 07:53:07 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/17 07:53:07 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/17 07:46:39 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/17 07:46:04 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/17 07:35:08 | 000,001,462 | ---- | M] () -- C:\Users\New Computer\Desktop\GoToAssist Expert.lnk
[2013/02/17 07:34:52 | 000,113,224 | ---- | M] () -- C:\Users\New Computer\g2ax_expert_downloadhelper_win32_x86.exe
[2013/02/16 08:19:25 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/16 08:19:25 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/06 08:52:48 | 000,002,283 | ---- | M] () -- C:\Users\New Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/05 20:51:10 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/05 20:47:31 | 000,763,440 | ---- | M] (Google Inc.) -- C:\Users\New Computer\Desktop\ChromeSetup.exe
[2013/02/04 21:33:35 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Users\New Computer\Desktop\OTS.exe
[2013/02/04 21:29:24 | 000,000,363 | ---- | M] () -- C:\Users\New Computer\Desktop\requested-files[2013-02-04_21_29].cab
[2013/02/04 21:29:07 | 000,264,875 | ---- | M] () -- C:\Users\New Computer\Desktop\sfp.zip
[2013/01/30 22:38:18 | 000,000,374 | ---- | M] () -- C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_38].cab
[2013/01/30 22:38:03 | 000,518,656 | ---- | M] (Safer Networking Limited) -- C:\Users\New Computer\Desktop\sfp.exe
[2013/01/30 22:33:25 | 000,000,373 | ---- | M] () -- C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_33].cab
[2013/01/28 23:14:52 | 000,781,383 | ---- | M] () -- C:\Users\New Computer\Desktop\RSIT.exe
[2013/01/24 07:39:10 | 967,923,780 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2013/02/20 23:57:58 | 000,587,671 | ---- | C] () -- C:\Users\New Computer\Desktop\adwcleaner0.exe
[2013/02/17 07:35:02 | 000,001,462 | ---- | C] () -- C:\Users\New Computer\Desktop\GoToAssist Expert.lnk
[2013/02/17 07:34:50 | 000,113,224 | ---- | C] () -- C:\Users\New Computer\g2ax_expert_downloadhelper_win32_x86.exe
[2013/02/16 08:18:49 | 000,002,026 | -H-- | C] () -- C:\Users\New Computer\Documents\Default.rdp
[2013/02/05 20:51:10 | 000,002,283 | ---- | C] () -- C:\Users\New Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/05 20:51:10 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/05 20:47:40 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/05 20:47:40 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/04 21:29:24 | 000,000,363 | ---- | C] () -- C:\Users\New Computer\Desktop\requested-files[2013-02-04_21_29].cab
[2013/01/30 22:38:18 | 000,000,374 | ---- | C] () -- C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_38].cab
[2013/01/30 22:33:25 | 000,000,373 | ---- | C] () -- C:\Users\New Computer\Desktop\requested-files[2013-01-30_22_33].cab
[2013/01/30 22:33:06 | 000,264,875 | ---- | C] () -- C:\Users\New Computer\Desktop\sfp.zip
[2013/01/28 23:14:52 | 000,781,383 | ---- | C] () -- C:\Users\New Computer\Desktop\RSIT.exe
[2013/01/28 23:14:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/24 07:39:10 | 967,923,780 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/19 13:02:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/19 13:02:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/19 13:02:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/19 13:02:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/19 13:02:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/08 21:05:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/08 20:56:56 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/09/30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/09 08:30:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/09 08:30:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/09 08:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/09 08:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/09 07:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/06/09 18:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/17 13:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 19:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 19:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IEXPLORE.EXE >
[2013/01/08 17:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/01/08 17:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2013/01/14 21:25:42 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\erdnt\cache86\iexplore.exe
[2013/01/14 21:25:42 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2013/01/08 14:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/01/08 14:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2010/11/20 19:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/11/20 19:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013/01/08 16:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013/01/08 13:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2013/01/14 21:25:42 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

< MD5 for: LSASS.EXE >
[2009/07/13 17:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/16 22:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2012/06/03 23:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2011/11/16 22:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\erdnt\cache64\lsass.exe
[2011/11/16 22:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\SysNative\lsass.exe
[2011/11/16 22:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/16 22:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: USER32.DLL >
[2010/11/20 19:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010/11/20 19:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 19:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 19:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010/11/20 19:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 19:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: WINLOGON.EXE >
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINSRV.DLL >
[2013/01/03 21:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=0C27239FEA4DB8A2AAC9E502186B7264 -- C:\Windows\SysNative\winsrv.dll
[2013/01/03 21:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=0C27239FEA4DB8A2AAC9E502186B7264 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18043_none_14830bbdb30e2246\winsrv.dll
[2013/01/03 21:43:41 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=5F38CFC96BCA5DD462E2B243B6E31849 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22209_none_153debdacc05e77d\winsrv.dll
[2012/10/04 09:45:55 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=72CC564BBC70DE268784BCE91EB8A28F -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17965_none_146f9457b31c5994\winsrv.dll
[2012/11/29 21:45:14 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=9E479C2B605C25DA4971ABA36250FAEF -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18015_none_14a57c15b2f40121\winsrv.dll
[2012/11/29 21:55:04 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=C2B1F6196C7FE1EA1BF827312B095D06 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22177_none_14f039eccc407b3f\winsrv.dll
[2012/10/04 09:43:44 | 000,215,040 | ---- | M] (Microsoft Corporation) MD5=CC44EBC3E04E76AABE19EB4A16663E4A -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22125_none_152448f4cc19bcdc\winsrv.dll
[2010/11/20 19:24:16 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=E0406AEF04B088D1C49FC78D0546F689 -- C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Well, there isn't that much jumping out, and I've refreshed myself on this entire thread, but only from the format part 

However, that is an interesting idea about the hotkey. Is this a brand name laptop/computer?

If so, what is it (HP, Compaq etc) and if you can see a model number, that would be great as well. It should all be found on the front.

Also, am I right in thinking this doesn't happen in safemode with networking?

eddie


----------



## Raderick (Oct 2, 2005)

Hmmm, didn't see this message until now.

It's an HP Pavilion DV7-6b78us Laptop. Bought it about 8 months ago. When in safe mode, the issue doesn't occur. Also of note, the hotkey previously mentioned doesn't work when pressed in safe mode. Perhaps I'm onto something, and that we need to disable this hotkey?


----------



## Raderick (Oct 2, 2005)

Raderick said:


> Hmmm, didn't see this message until now.
> 
> It's an HP Pavilion DV7-6b78us Laptop. Bought it about 8 months ago. When in safe mode, the issue doesn't occur. Also of note, the hotkey previously mentioned doesn't work when pressed in safe mode. Perhaps I'm onto something, and that we need to disable this hotkey?


Disabled the hotkey from the registry, issue still persists.


----------



## eddie5659 (Mar 19, 2001)

Nuts 

When you use the hotkey, do you have to press the function key (fn) first?

Also, when in safe mode, do any of the function keys work, as in just pressing them?

Having a look at a few things, but I have a feeling it may be the hotkey, like you said. You have no signs of a rootkit, but can you do this, just to make sure:

----

Please download the latest version of TDSSKiller from *here* and save it to your *Desktop*.

Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters.*








Put a checkmark beside *loaded modules*.








A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on *Change parameters* in TDSSKiller.
Check all boxes then click OK.








Click the *Start Scan* button.








The scan should take no longer than 2 minutes.
If a *suspicious object* is detected, the default action will be *Skip*, click on *Continue*.








 If *malicious objects* are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure *Cure* (default) is selected, then click *Continue* > *Reboot now to finish the cleaning process.*








*Note*: If *Cure* is not available, please choose *Skip* instead, do not choose *Delete* unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

--------------------------

Please download *aswMBR* ( 4.5MB ) to your desktop.

Double click the *aswMBR.exe* icon, and click *Run*.
When asked if you'd like to "download the latest Avast! virus definitions", click *Yes*.
Click the *Scan* button to start the scan.
On completion of the scan, click the *save log* button, save it to your *desktop*, then copy and paste it in your next reply.

eddie


----------



## Raderick (Oct 2, 2005)

16:36:26.0983 3400 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:36:27.0623 3400 ============================================================
16:36:27.0623 3400 Current date / time: 2013/02/27 16:36:27.0623
16:36:27.0623 3400 SystemInfo:
16:36:27.0623 3400 
16:36:27.0623 3400 OS Version: 6.1.7601 ServicePack: 1.0
16:36:27.0623 3400 Product type: Workstation
16:36:27.0623 3400 ComputerName: NEWCOMPUTER-PC
16:36:27.0623 3400 UserName: New Computer
16:36:27.0623 3400 Windows directory: C:\Windows
16:36:27.0623 3400 System windows directory: C:\Windows
16:36:27.0623 3400 Running under WOW64
16:36:27.0623 3400 Processor architecture: Intel x64
16:36:27.0623 3400 Number of processors: 8
16:36:27.0623 3400 Page size: 0x1000
16:36:27.0623 3400 Boot type: Normal boot
16:36:27.0623 3400 ============================================================
16:36:29.0807 3400 BG loaded
16:36:39.0183 3400 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:36:39.0198 3400 Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:36:39.0214 3400 ============================================================
16:36:39.0214 3400 \Device\Harddisk0\DR0:
16:36:39.0214 3400 MBR partitions:
16:36:39.0214 3400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:36:39.0214 3400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5710F000
16:36:39.0214 3400 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57141800, BlocksNum 0x400000
16:36:39.0214 3400 \Device\Harddisk1\DR1:
16:36:39.0214 3400 MBR partitions:
16:36:39.0214 3400 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
16:36:39.0214 3400 ============================================================
16:36:39.0541 3400 C: <-> \Device\Harddisk0\DR0\Partition2
16:36:39.0853 3400 E: <-> \Device\Harddisk1\DR1\Partition1
16:36:40.0743 3400 F: <-> \Device\Harddisk0\DR0\Partition3
16:36:40.0743 3400 ============================================================
16:36:40.0743 3400 Initialize success
16:36:40.0743 3400 ============================================================
16:36:54.0096 1368 ============================================================
16:36:54.0096 1368 Scan started
16:36:54.0096 1368 Mode: Manual; 
16:36:54.0096 1368 ============================================================
16:36:55.0017 1368 ================ Scan system memory ========================
16:36:55.0017 1368 System memory - ok
16:36:55.0017 1368 ================ Scan services =============================
16:36:57.0060 1368 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:36:57.0123 1368 1394ohci - ok
16:36:57.0326 1368 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
16:36:57.0326 1368 Accelerometer - ok
16:36:57.0404 1368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:36:57.0419 1368 ACPI - ok
16:36:57.0528 1368 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:36:57.0544 1368 AcpiPmi - ok
16:36:59.0416 1368 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:36:59.0432 1368 AdobeFlashPlayerUpdateSvc - ok
16:36:59.0572 1368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:36:59.0603 1368 adp94xx - ok
16:36:59.0728 1368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:36:59.0759 1368 adpahci - ok
16:36:59.0822 1368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:36:59.0868 1368 adpu320 - ok
16:36:59.0962 1368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:36:59.0962 1368 AeLookupSvc - ok
16:37:00.0695 1368 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
16:37:00.0758 1368 AESTFilters - ok
16:37:00.0914 1368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:37:00.0945 1368 AFD - ok
16:37:01.0038 1368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:37:01.0038 1368 agp440 - ok
16:37:01.0179 1368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:37:01.0257 1368 ALG - ok
16:37:01.0350 1368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:37:01.0366 1368 aliide - ok
16:37:01.0444 1368 [ C53D784D7303C463D004C0D5782917B4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:37:01.0506 1368 AMD External Events Utility - ok
16:37:01.0538 1368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:37:01.0538 1368 amdide - ok
16:37:01.0662 1368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:37:01.0725 1368 AmdK8 - ok
16:37:02.0895 1368 [ 06778049A44C316E8D016039B9D14667 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:37:02.0957 1368 amdkmdag - ok
16:37:03.0113 1368 [ 94B4028F0EEA1F166D78186A254676B5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:37:03.0129 1368 amdkmdap - ok
16:37:03.0207 1368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:37:03.0254 1368 AmdPPM - ok
16:37:03.0332 1368 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:37:03.0363 1368 amdsata - ok
16:37:03.0488 1368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:37:03.0519 1368 amdsbs - ok
16:37:03.0612 1368 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:37:03.0628 1368 amdxata - ok
16:37:03.0768 1368 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
16:37:03.0800 1368 AMPPAL - ok
16:37:03.0846 1368 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
16:37:03.0846 1368 AMPPALP - ok
16:37:04.0112 1368 [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:37:04.0127 1368 AMPPALR3 - ok
16:37:04.0268 1368 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:37:04.0283 1368 AppID - ok
16:37:04.0346 1368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:37:04.0392 1368 AppIDSvc - ok
16:37:04.0486 1368 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:37:04.0486 1368 Appinfo - ok
16:37:04.0564 1368 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:37:04.0658 1368 AppMgmt - ok
16:37:04.0751 1368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:37:04.0751 1368 arc - ok
16:37:04.0798 1368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:37:04.0814 1368 arcsas - ok
16:37:04.0876 1368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:37:04.0892 1368 AsyncMac - ok
16:37:04.0985 1368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:37:04.0985 1368 atapi - ok
16:37:05.0235 1368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:37:05.0250 1368 AudioEndpointBuilder - ok
16:37:05.0375 1368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:37:05.0375 1368 AudioSrv - ok
16:37:05.0438 1368 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:37:05.0500 1368 AxInstSV - ok
16:37:05.0640 1368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:37:05.0703 1368 b06bdrv - ok
16:37:05.0812 1368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:37:05.0874 1368 b57nd60a - ok
16:37:05.0937 1368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:37:05.0984 1368 BDESVC - ok
16:37:06.0077 1368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:37:06.0093 1368 Beep - ok
16:37:06.0311 1368 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:37:06.0327 1368 BFE - ok
16:37:06.0561 1368 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:37:06.0576 1368 BITS - ok
16:37:06.0623 1368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:37:06.0639 1368 blbdrive - ok
16:37:06.0795 1368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:37:06.0795 1368 bowser - ok
16:37:06.0966 1368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:37:07.0013 1368 BrFiltLo - ok
16:37:07.0029 1368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:37:07.0044 1368 BrFiltUp - ok
16:37:07.0122 1368 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:37:07.0185 1368 BridgeMP - ok
16:37:07.0606 1368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:37:07.0637 1368 Browser - ok
16:37:07.0762 1368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:37:07.0856 1368 Brserid - ok
16:37:07.0871 1368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:37:07.0902 1368 BrSerWdm - ok
16:37:07.0949 1368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:37:07.0980 1368 BrUsbMdm - ok
16:37:08.0012 1368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:37:08.0027 1368 BrUsbSer - ok
16:37:08.0043 1368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:37:08.0090 1368 BTHMODEM - ok
16:37:08.0136 1368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:37:08.0152 1368 bthserv - ok
16:37:08.0199 1368 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:37:08.0199 1368 BTHSSecurityMgr - ok
16:37:08.0292 1368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:37:08.0339 1368 cdfs - ok
16:37:08.0495 1368 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:37:08.0526 1368 cdrom - ok
16:37:08.0604 1368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:37:08.0651 1368 CertPropSvc - ok
16:37:08.0760 1368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:37:08.0792 1368 circlass - ok
16:37:08.0901 1368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:37:08.0916 1368 CLFS - ok
16:37:09.0213 1368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:37:09.0244 1368 clr_optimization_v2.0.50727_32 - ok
16:37:09.0618 1368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:37:09.0728 1368 clr_optimization_v2.0.50727_64 - ok
16:37:10.0242 1368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:37:10.0586 1368 clr_optimization_v4.0.30319_32 - ok
16:37:10.0991 1368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:37:11.0007 1368 clr_optimization_v4.0.30319_64 - ok
16:37:11.0069 1368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:37:11.0085 1368 CmBatt - ok
16:37:11.0256 1368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:37:11.0256 1368 cmdide - ok
16:37:11.0428 1368 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:37:11.0459 1368 CNG - ok
16:37:11.0537 1368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:37:11.0568 1368 Compbatt - ok
16:37:11.0600 1368 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:37:11.0615 1368 CompositeBus - ok
16:37:11.0646 1368 COMSysApp - ok
16:37:11.0693 1368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:37:11.0709 1368 crcdisk - ok
16:37:11.0834 1368 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:37:11.0865 1368 CryptSvc - ok
16:37:11.0990 1368 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:37:12.0021 1368 CSC - ok
16:37:12.0286 1368 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:37:12.0348 1368 CscService - ok
16:37:12.0520 1368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:37:12.0536 1368 DcomLaunch - ok
16:37:12.0629 1368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:37:12.0707 1368 defragsvc - ok
16:37:12.0754 1368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:37:12.0770 1368 DfsC - ok
16:37:12.0832 1368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:37:12.0832 1368 Dhcp - ok
16:37:12.0894 1368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:37:12.0910 1368 discache - ok
16:37:13.0035 1368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:37:13.0050 1368 Disk - ok
16:37:13.0160 1368 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:37:13.0206 1368 dmvsc - ok
16:37:13.0284 1368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:37:13.0331 1368 Dnscache - ok
16:37:13.0394 1368 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:37:13.0487 1368 dot3svc - ok
16:37:13.0550 1368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:37:13.0550 1368 DPS - ok
16:37:13.0643 1368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:37:13.0643 1368 drmkaud - ok
16:37:13.0768 1368 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:37:13.0768 1368 dtsoftbus01 - ok
16:37:13.0830 1368 [ CE7743807258A7D383C427E3C178A49E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:37:13.0830 1368 DXGKrnl - ok
16:37:13.0893 1368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:37:13.0908 1368 EapHost - ok
16:37:14.0361 1368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:37:14.0688 1368 ebdrv - ok
16:37:14.0735 1368 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:37:14.0751 1368 EFS - ok
16:37:15.0125 1368 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:37:15.0266 1368 ehRecvr - ok
16:37:15.0328 1368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:37:15.0390 1368 ehSched - ok
16:37:15.0515 1368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:37:15.0531 1368 elxstor - ok
16:37:15.0546 1368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:37:15.0562 1368 ErrDev - ok
16:37:15.0687 1368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:37:15.0702 1368 EventSystem - ok
16:37:15.0749 1368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:37:15.0812 1368 exfat - ok
16:37:15.0921 1368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:37:15.0952 1368 fastfat - ok
16:37:16.0092 1368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:37:16.0108 1368 Fax - ok
16:37:16.0139 1368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:37:16.0170 1368 fdc - ok
16:37:16.0264 1368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:37:16.0311 1368 fdPHost - ok
16:37:16.0373 1368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:37:16.0436 1368 FDResPub - ok
16:37:16.0545 1368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:37:16.0560 1368 FileInfo - ok
16:37:16.0592 1368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:37:16.0623 1368 Filetrace - ok
16:37:16.0654 1368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:37:16.0685 1368 flpydisk - ok
16:37:16.0763 1368 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:37:16.0763 1368 FltMgr - ok
16:37:17.0028 1368 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
16:37:17.0075 1368 FontCache - ok
16:37:17.0200 1368 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:37:17.0200 1368 FontCache3.0.0.0 - ok
16:37:17.0512 1368 [ BA0F98B69D84EFAE63EA80A957F9EF31 ] FPLService C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
16:37:17.0512 1368 FPLService - ok
16:37:17.0543 1368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:37:17.0574 1368 FsDepends - ok
16:37:17.0652 1368 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:37:17.0652 1368 Fs_Rec - ok
16:37:17.0777 1368 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:37:17.0824 1368 fvevol - ok
16:37:17.0902 1368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:37:17.0918 1368 gagp30kx - ok
16:37:18.0089 1368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:37:18.0136 1368 gpsvc - ok
16:37:18.0261 1368 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:37:18.0276 1368 gupdate - ok
16:37:18.0276 1368 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:37:18.0292 1368 gupdatem - ok
16:37:18.0339 1368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:37:18.0370 1368 hcw85cir - ok
16:37:18.0526 1368 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:37:18.0666 1368 HdAudAddService - ok
16:37:18.0776 1368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:37:18.0791 1368 HDAudBus - ok
16:37:18.0822 1368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:37:18.0869 1368 HidBatt - ok
16:37:18.0869 1368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:37:18.0900 1368 HidBth - ok
16:37:18.0963 1368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:37:18.0978 1368 HidIr - ok
16:37:19.0025 1368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:37:19.0072 1368 hidserv - ok
16:37:19.0181 1368 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:37:19.0197 1368 HidUsb - ok
16:37:19.0275 1368 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:37:19.0337 1368 hkmsvc - ok
16:37:19.0368 1368 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:37:19.0415 1368 HomeGroupListener - ok
16:37:19.0493 1368 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:37:19.0509 1368 HomeGroupProvider - ok
16:37:19.0571 1368 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
16:37:19.0571 1368 hpdskflt - ok
16:37:19.0634 1368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:37:19.0649 1368 HpSAMD - ok
16:37:19.0665 1368 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
16:37:19.0665 1368 hpsrv - ok
16:37:19.0743 1368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:37:19.0774 1368 HTTP - ok
16:37:19.0790 1368 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:37:19.0790 1368 hwpolicy - ok
16:37:19.0930 1368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:37:19.0946 1368 i8042prt - ok
16:37:20.0055 1368 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:37:20.0055 1368 iaStor - ok
16:37:20.0258 1368 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:37:20.0258 1368 IAStorDataMgrSvc - ok
16:37:20.0336 1368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:37:20.0351 1368 iaStorV - ok
16:37:20.0679 1368 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
16:37:20.0726 1368 IconMan_R - ok
16:37:20.0991 1368 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:37:21.0069 1368 idsvc - ok
16:37:21.0147 1368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:37:21.0178 1368 iirsp - ok
16:37:21.0396 1368 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:37:21.0506 1368 IKEEXT - ok
16:37:21.0615 1368 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:37:21.0646 1368 IntcDAud - ok
16:37:21.0662 1368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:37:21.0693 1368 intelide - ok
16:37:23.0159 1368 [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
16:37:23.0237 1368 intelkmd - ok
16:37:23.0424 1368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:37:23.0424 1368 intelppm - ok
16:37:23.0580 1368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:37:23.0658 1368 IPBusEnum - ok
16:37:23.0830 1368 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:37:23.0892 1368 IpFilterDriver - ok
16:37:24.0282 1368 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:37:24.0298 1368 iphlpsvc - ok
16:37:24.0407 1368 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:37:24.0454 1368 IPMIDRV - ok
16:37:24.0532 1368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:37:24.0594 1368 IPNAT - ok
16:37:24.0657 1368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:37:24.0688 1368 IRENUM - ok
16:37:24.0813 1368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:37:24.0828 1368 isapnp - ok
16:37:24.0906 1368 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:37:24.0953 1368 iScsiPrt - ok
16:37:25.0000 1368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:37:25.0016 1368 kbdclass - ok
16:37:25.0078 1368 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid  C:\Windows\system32\drivers\kbdhid.sys
16:37:25.0125 1368 kbdhid - ok
16:37:25.0140 1368 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:37:25.0156 1368 KeyIso - ok
16:37:25.0218 1368 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:37:25.0234 1368 KSecDD - ok
16:37:25.0421 1368 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:37:25.0421 1368 KSecPkg - ok
16:37:25.0499 1368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:37:25.0515 1368 ksthunk - ok
16:37:25.0593 1368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:37:25.0671 1368 KtmRm - ok
16:37:25.0780 1368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:37:25.0827 1368 LanmanServer - ok
16:37:25.0920 1368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:37:25.0967 1368 LanmanWorkstation - ok
16:37:26.0045 1368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:37:26.0061 1368 lltdio - ok
16:37:26.0154 1368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:37:26.0232 1368 lltdsvc - ok
16:37:26.0232 1368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:37:26.0248 1368 lmhosts - ok
16:37:26.0342 1368 [ 519D66259DF1672AABCE9D2E0ACC5552 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:37:26.0357 1368 LMS - ok
16:37:26.0404 1368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:37:26.0404 1368 LSI_FC - ok
16:37:26.0435 1368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:37:26.0435 1368 LSI_SAS - ok
16:37:26.0451 1368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:37:26.0466 1368 LSI_SAS2 - ok
16:37:26.0498 1368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:37:26.0498 1368 LSI_SCSI - ok
16:37:26.0513 1368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:37:26.0544 1368 luafv - ok
16:37:26.0576 1368 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:37:26.0591 1368 Mcx2Svc - ok
16:37:26.0607 1368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:37:26.0607 1368 megasas - ok
16:37:26.0654 1368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:37:26.0669 1368 MegaSR - ok
16:37:26.0716 1368 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:37:26.0716 1368 MEIx64 - ok
16:37:26.0747 1368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:37:26.0794 1368 MMCSS - ok
16:37:26.0810 1368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:37:26.0825 1368 Modem - ok
16:37:26.0872 1368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:37:26.0872 1368 monitor - ok
16:37:26.0888 1368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:37:26.0919 1368 mouclass - ok
16:37:27.0012 1368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
16:37:27.0075 1368 mouhid - ok
16:37:27.0106 1368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:37:27.0137 1368 mountmgr - ok
16:37:27.0231 1368 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:37:27.0231 1368 MpFilter - ok
16:37:27.0309 1368 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:37:27.0324 1368 mpio - ok
16:37:27.0371 1368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:37:27.0387 1368 mpsdrv - ok
16:37:27.0527 1368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:37:27.0574 1368 MpsSvc - ok
16:37:27.0636 1368 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:37:27.0699 1368 MRxDAV - ok
16:37:27.0761 1368 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:37:27.0792 1368 mrxsmb - ok
16:37:27.0792 1368 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:37:27.0808 1368 mrxsmb10 - ok
16:37:27.0824 1368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:37:27.0839 1368 mrxsmb20 - ok
16:37:27.0902 1368 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:37:27.0917 1368 msahci - ok
16:37:27.0964 1368 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:37:27.0995 1368 msdsm - ok
16:37:28.0042 1368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:37:28.0104 1368 MSDTC - ok
16:37:28.0104 1368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:37:28.0104 1368 Msfs - ok
16:37:28.0151 1368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:37:28.0167 1368 mshidkmdf - ok
16:37:28.0167 1368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:37:28.0182 1368 msisadrv - ok
16:37:28.0307 1368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:37:28.0338 1368 MSiSCSI - ok
16:37:28.0354 1368 msiserver - ok
16:37:28.0432 1368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:37:28.0463 1368 MSKSSRV - ok
16:37:28.0635 1368 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:37:28.0635 1368 MsMpSvc - ok
16:37:28.0682 1368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:37:28.0697 1368 MSPCLOCK - ok
16:37:28.0791 1368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:37:28.0822 1368 MSPQM - ok
16:37:28.0869 1368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:37:28.0900 1368 MsRPC - ok
16:37:28.0931 1368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:37:28.0931 1368 mssmbios - ok
16:37:29.0009 1368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:37:29.0056 1368 MSTEE - ok
16:37:29.0056 1368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:37:29.0072 1368 MTConfig - ok
16:37:29.0103 1368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:37:29.0118 1368 Mup - ok
16:37:29.0243 1368 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:37:29.0290 1368 napagent - ok
16:37:29.0446 1368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:37:29.0462 1368 NativeWifiP - ok
16:37:29.0649 1368 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:37:29.0696 1368 NDIS - ok
16:37:29.0758 1368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:37:29.0805 1368 NdisCap - ok
16:37:29.0883 1368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:37:29.0898 1368 NdisTapi - ok
16:37:29.0961 1368 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:37:29.0976 1368 Ndisuio - ok
16:37:30.0023 1368 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:37:30.0039 1368 NdisWan - ok
16:37:30.0070 1368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:37:30.0086 1368 NDProxy - ok
16:37:30.0195 1368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:37:30.0226 1368 NetBIOS - ok
16:37:30.0288 1368 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:37:30.0320 1368 NetBT - ok
16:37:30.0382 1368 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:37:30.0382 1368 Netlogon - ok
16:37:30.0569 1368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:37:30.0600 1368 Netman - ok
16:37:30.0741 1368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:37:30.0756 1368 netprofm - ok
16:37:30.0803 1368 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:37:30.0834 1368 NetTcpPortSharing - ok
16:37:33.0221 1368 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
16:37:33.0268 1368 NETwNs64 - ok
16:37:33.0377 1368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:37:33.0393 1368 nfrd960 - ok
16:37:33.0502 1368 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:37:33.0502 1368 NisDrv - ok
16:37:33.0611 1368 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:37:33.0611 1368 NisSrv - ok
16:37:33.0674 1368 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:37:33.0674 1368 NlaSvc - ok
16:37:33.0752 1368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:37:33.0767 1368 Npfs - ok
16:37:33.0845 1368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:37:33.0892 1368 nsi - ok
16:37:33.0908 1368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:37:33.0923 1368 nsiproxy - ok
16:37:34.0329 1368 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:37:34.0422 1368 Ntfs - ok
16:37:34.0500 1368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:37:34.0516 1368 Null - ok
16:37:34.0625 1368 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
16:37:34.0656 1368 nusb3hub - ok
16:37:34.0750 1368 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:37:34.0781 1368 nusb3xhc - ok
16:37:34.0890 1368 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:37:34.0890 1368 nvraid - ok
16:37:34.0937 1368 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:37:34.0953 1368 nvstor - ok
16:37:35.0031 1368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:37:35.0031 1368 nv_agp - ok
16:37:35.0078 1368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:37:35.0124 1368 ohci1394 - ok
16:37:35.0249 1368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:37:35.0327 1368 p2pimsvc - ok
16:37:35.0483 1368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:37:35.0577 1368 p2psvc - ok
16:37:35.0639 1368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:37:35.0702 1368 Parport - ok
16:37:35.0764 1368 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:37:35.0764 1368 partmgr - ok
16:37:35.0904 1368 [ 8A0F8A9580D9F2FC512A35D5709088A9 ] pavboot C:\Windows\system32\drivers\pavboot64.sys
16:37:35.0904 1368 pavboot - ok
16:37:35.0967 1368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:37:36.0014 1368 PcaSvc - ok
16:37:36.0092 1368 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:37:36.0107 1368 pci - ok
16:37:36.0107 1368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:37:36.0123 1368 pciide - ok
16:37:36.0138 1368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:37:36.0154 1368 pcmcia - ok
16:37:36.0185 1368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:37:36.0185 1368 pcw - ok
16:37:36.0248 1368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:37:36.0279 1368 PEAUTH - ok
16:37:36.0310 1368 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:37:36.0513 1368 PeerDistSvc - ok
16:37:36.0950 1368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:37:36.0996 1368 PerfHost - ok
16:37:37.0246 1368 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:37:37.0324 1368 pla - ok
16:37:37.0464 1368 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:37:37.0511 1368 PlugPlay - ok
16:37:37.0543 1368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:37:37.0602 1368 PNRPAutoReg - ok
16:37:37.0622 1368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:37:37.0622 1368 PNRPsvc - ok
16:37:37.0682 1368 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:37:37.0752 1368 PolicyAgent - ok
16:37:37.0792 1368 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
16:37:37.0812 1368 Power - ok
16:37:37.0862 1368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:37:37.0872 1368 PptpMiniport - ok
16:37:37.0902 1368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor  C:\Windows\system32\drivers\processr.sys
16:37:37.0912 1368 Processor - ok
16:37:37.0932 1368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:37:37.0952 1368 ProfSvc - ok
16:37:37.0972 1368 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:37:37.0972 1368 ProtectedStorage - ok
16:37:38.0022 1368 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:37:38.0052 1368 Psched - ok
16:37:38.0172 1368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:37:38.0262 1368 ql2300 - ok
16:37:38.0302 1368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:37:38.0312 1368 ql40xx - ok
16:37:38.0362 1368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:37:38.0472 1368 QWAVE - ok
16:37:38.0518 1368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:37:38.0549 1368 QWAVEdrv - ok
16:37:38.0596 1368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:37:38.0612 1368 RasAcd - ok
16:37:38.0861 1368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:37:38.0892 1368 RasAgileVpn - ok
16:37:38.0970 1368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:37:39.0064 1368 RasAuto - ok
16:37:40.0016 1368 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:37:40.0016 1368 Rasl2tp - ok
16:37:40.0094 1368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:37:40.0109 1368 RasMan - ok
16:37:40.0140 1368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:37:40.0156 1368 RasPppoe - ok
16:37:40.0172 1368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:37:40.0172 1368 RasSstp - ok
16:37:40.0218 1368 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:37:40.0218 1368 rdbss - ok
16:37:40.0234 1368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:37:40.0250 1368 rdpbus - ok
16:37:40.0265 1368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:37:40.0265 1368 RDPCDD - ok
16:37:40.0281 1368 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:37:40.0312 1368 RDPDR - ok
16:37:40.0328 1368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:37:40.0328 1368 RDPENCDD - ok
16:37:40.0374 1368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:37:40.0374 1368 RDPREFMP - ok
16:37:40.0452 1368 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:37:40.0468 1368 RdpVideoMiniport - ok
16:37:40.0562 1368 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:37:40.0577 1368 RDPWD - ok
16:37:40.0624 1368 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:37:40.0640 1368 rdyboost - ok
16:37:40.0686 1368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:37:40.0718 1368 RemoteAccess - ok
16:37:40.0764 1368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:37:40.0780 1368 RemoteRegistry - ok
16:37:40.0796 1368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:37:40.0811 1368 RpcEptMapper - ok
16:37:40.0827 1368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:37:40.0842 1368 RpcLocator - ok
16:37:40.0920 1368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
16:37:40.0920 1368 RpcSs - ok
16:37:40.0998 1368 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
16:37:41.0014 1368 RSPCIESTOR - ok
16:37:41.0092 1368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:37:41.0108 1368 rspndr - ok
16:37:41.0248 1368 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:37:41.0264 1368 RTL8167 - ok
16:37:41.0295 1368 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:37:41.0310 1368 s3cap - ok
16:37:41.0342 1368 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:37:41.0357 1368 SamSs - ok
16:37:41.0373 1368 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:37:41.0404 1368 sbp2port - ok
16:37:41.0435 1368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:37:41.0498 1368 SCardSvr - ok
16:37:41.0529 1368 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:37:41.0560 1368 scfilter - ok
16:37:41.0700 1368 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:37:41.0747 1368 Schedule - ok
16:37:41.0794 1368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:37:41.0794 1368 SCPolicySvc - ok
16:37:41.0919 1368 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:37:41.0919 1368 sdbus - ok
16:37:42.0028 1368 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:37:42.0122 1368 SDRSVC - ok
16:37:42.0184 1368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:37:42.0200 1368 secdrv - ok
16:37:42.0246 1368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:37:42.0278 1368 seclogon - ok
16:37:42.0309 1368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:37:42.0309 1368 SENS - ok
16:37:42.0371 1368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:37:42.0418 1368 SensrSvc - ok
16:37:42.0449 1368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:37:42.0480 1368 Serenum - ok
16:37:42.0590 1368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:37:42.0636 1368 Serial - ok
16:37:42.0668 1368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:37:42.0699 1368 sermouse - ok
16:37:42.0746 1368 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:37:42.0824 1368 SessionEnv - ok
16:37:42.0870 1368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:37:42.0902 1368 sffdisk - ok
16:37:42.0917 1368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:37:42.0933 1368 sffp_mmc - ok
16:37:42.0948 1368 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:37:43.0011 1368 sffp_sd - ok
16:37:43.0026 1368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:37:43.0058 1368 sfloppy - ok
16:37:43.0151 1368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:37:43.0214 1368 SharedAccess - ok
16:37:43.0276 1368 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:37:43.0323 1368 ShellHWDetection - ok
16:37:43.0401 1368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:37:43.0416 1368 SiSRaid2 - ok
16:37:43.0448 1368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:37:43.0448 1368 SiSRaid4 - ok
16:37:43.0494 1368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:37:43.0557 1368 Smb - ok
16:37:43.0619 1368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:37:43.0650 1368 SNMPTRAP - ok
16:37:43.0682 1368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:37:43.0682 1368 spldr - ok
16:37:43.0744 1368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:37:43.0791 1368 Spooler - ok
16:37:44.0025 1368 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:37:44.0056 1368 sppsvc - ok
16:37:44.0118 1368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:37:44.0181 1368 sppuinotify - ok
16:37:44.0259 1368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:37:44.0274 1368 srv - ok
16:37:44.0290 1368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:37:44.0306 1368 srv2 - ok
16:37:44.0337 1368 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:37:44.0384 1368 srvnet - ok
16:37:44.0430 1368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:37:44.0430 1368 SSDPSRV - ok
16:37:44.0462 1368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:37:49.0469 1368 SstpSvc - ok
16:37:49.0890 1368 [ D30FE3ECF1D6D521365FAE307B500BC0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
16:37:54.0586 1368 STacSV - ok
16:37:54.0633 1368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:37:54.0648 1368 stexstor - ok
16:37:54.0742 1368 [ 6F69D75F50E8FAF1003AA6CFB18B91EC ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
16:37:54.0773 1368 STHDA - ok
16:37:54.0898 1368 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:37:55.0007 1368 stisvc - ok
16:37:55.0054 1368 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:37:55.0070 1368 storflt - ok
16:37:55.0101 1368 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:37:55.0148 1368 StorSvc - ok
16:37:55.0241 1368 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:37:55.0257 1368 storvsc - ok
16:37:55.0288 1368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:37:55.0288 1368 swenum - ok
16:37:55.0397 1368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:37:55.0475 1368 swprv - ok
16:37:55.0631 1368 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:37:55.0678 1368 SynTP - ok
16:37:56.0037 1368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:37:56.0052 1368 SysMain - ok
16:37:56.0084 1368 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:37:56.0146 1368 TabletInputService - ok
16:37:56.0162 1368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:37:56.0177 1368 TapiSrv - ok
16:37:56.0255 1368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:37:56.0318 1368 TBS - ok
16:37:56.0583 1368 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:37:56.0630 1368 Tcpip - ok
16:37:56.0832 1368 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:37:56.0864 1368 TCPIP6 - ok
16:37:56.0895 1368 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:37:56.0910 1368 tcpipreg - ok
16:37:56.0973 1368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:37:57.0004 1368 TDPIPE - ok
16:37:57.0051 1368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:37:57.0066 1368 TDTCP - ok
16:37:57.0098 1368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:37:57.0113 1368 tdx - ok
16:37:57.0129 1368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:37:57.0144 1368 TermDD - ok
16:37:57.0207 1368 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:37:57.0238 1368 TermService - ok
16:37:57.0269 1368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:37:57.0285 1368 Themes - ok
16:37:57.0316 1368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:37:57.0332 1368 THREADORDER - ok
16:37:57.0347 1368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:37:57.0347 1368 TrkWks - ok
16:37:57.0550 1368 [ E06079D6BCF81AB8D07A932B209BC839 ] TrueService C:\Program Files\Common Files\AuthenTec\TrueService.exe
16:37:57.0581 1368 TrueService - ok
16:37:57.0690 1368 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:37:57.0768 1368 TrustedInstaller - ok
16:37:57.0800 1368 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:37:57.0815 1368 tssecsrv - ok
16:37:57.0924 1368 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:37:57.0956 1368 TsUsbFlt - ok
16:37:58.0002 1368 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:37:58.0018 1368 TsUsbGD - ok
16:37:58.0080 1368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:37:58.0080 1368 tunnel - ok
16:37:58.0096 1368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:37:58.0096 1368 uagp35 - ok
16:37:58.0112 1368 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:37:58.0158 1368 udfs - ok
16:37:58.0190 1368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:37:58.0221 1368 UI0Detect - ok
16:37:58.0252 1368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:37:58.0252 1368 uliagpkx - ok
16:37:58.0502 1368 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:37:58.0517 1368 umbus - ok
16:37:58.0517 1368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:37:58.0548 1368 UmPass - ok
16:37:58.0626 1368 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:37:58.0689 1368 UmRdpService - ok
16:37:59.0422 1368 [ 1B71370AEC1115F80D9A4A209317C968 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:37:59.0578 1368 UNS - ok
16:38:00.0670 1368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:38:00.0764 1368 upnphost - ok
16:38:00.0810 1368 [ 2B26FCB7C634C49313FD72120FB9946E ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:38:00.0826 1368 usbccgp - ok
16:38:00.0920 1368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:38:00.0951 1368 usbcir - ok
16:38:00.0966 1368 [ AA68C758B3F225618A5FD1ED40C383C4 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:38:00.0982 1368 usbehci - ok
16:38:01.0013 1368 [ 66E1EF753543785D7E2C44719B2C5DAD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:38:01.0029 1368 usbhub - ok
16:38:01.0091 1368 [ B26ACA4784AD1295C25A7501FD4AB79E ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:38:01.0107 1368 usbohci - ok
16:38:01.0169 1368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:38:01.0216 1368 usbprint - ok
16:38:01.0247 1368 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:38:01.0263 1368 USBSTOR - ok
16:38:01.0294 1368 [ 35944CFF264134FFD2E7EED0F8B81A56 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:38:01.0325 1368 usbuhci - ok
16:38:01.0403 1368 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:38:01.0419 1368 usbvideo - ok
16:38:01.0450 1368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:38:01.0481 1368 UxSms - ok
16:38:01.0497 1368 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:38:01.0512 1368 VaultSvc - ok
16:38:01.0559 1368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:38:01.0575 1368 vdrvroot - ok
16:38:01.0622 1368 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:38:01.0668 1368 vds - ok
16:38:01.0746 1368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:38:01.0778 1368 vga - ok
16:38:01.0793 1368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:38:01.0809 1368 VgaSave - ok
16:38:01.0824 1368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:38:01.0840 1368 vhdmp - ok
16:38:01.0887 1368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:38:01.0902 1368 viaide - ok
16:38:01.0949 1368 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:38:02.0012 1368 vmbus - ok
16:38:02.0027 1368 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:38:02.0043 1368 VMBusHID - ok
16:38:02.0090 1368 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:38:02.0121 1368 volmgr - ok
16:38:02.0152 1368 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:38:02.0168 1368 volmgrx - ok
16:38:02.0277 1368 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:38:02.0292 1368 volsnap - ok
16:38:02.0370 1368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:38:02.0402 1368 vsmraid - ok
16:38:02.0729 1368 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:38:02.0932 1368 VSS - ok
16:38:02.0963 1368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:38:02.0963 1368 vwifibus - ok
16:38:03.0088 1368 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:38:03.0104 1368 vwififlt - ok
16:38:03.0150 1368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:38:03.0182 1368 W32Time - ok
16:38:03.0197 1368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:38:03.0213 1368 WacomPen - ok
16:38:03.0244 1368 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:38:03.0260 1368 WANARP - ok
16:38:03.0275 1368 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:38:03.0275 1368 Wanarpv6 - ok
16:38:03.0868 1368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:38:03.0993 1368 WatAdminSvc - ok
16:38:04.0242 1368 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:38:04.0664 1368 wbengine - ok
16:38:04.0742 1368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:38:04.0773 1368 WbioSrvc - ok
16:38:04.0835 1368 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:38:04.0944 1368 wcncsvc - ok
16:38:04.0976 1368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:38:05.0054 1368 WcsPlugInService - ok
16:38:05.0100 1368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:38:05.0100 1368 Wd - ok
16:38:05.0194 1368 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
16:38:05.0210 1368 WDC_SAM - ok
16:38:05.0350 1368 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:38:05.0397 1368 Wdf01000 - ok
16:38:05.0475 1368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:38:05.0506 1368 WdiServiceHost - ok
16:38:05.0537 1368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:38:05.0537 1368 WdiSystemHost - ok
16:38:05.0584 1368 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:38:05.0662 1368 WebClient - ok
16:38:05.0709 1368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:38:05.0802 1368 Wecsvc - ok
16:38:05.0849 1368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:38:05.0943 1368 wercplsupport - ok
16:38:06.0021 1368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:38:06.0083 1368 WerSvc - ok
16:38:06.0177 1368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:38:06.0192 1368 WfpLwf - ok
16:38:06.0208 1368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:38:06.0208 1368 WIMMount - ok
16:38:06.0255 1368 WinDefend - ok
16:38:06.0255 1368 WinHttpAutoProxySvc - ok
16:38:06.0520 1368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:38:06.0551 1368 Winmgmt - ok
16:38:06.0785 1368 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:38:07.0144 1368 WinRM - ok
16:38:07.0269 1368 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
16:38:07.0284 1368 WinUsb - ok
16:38:07.0409 1368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:38:07.0425 1368 Wlansvc - ok
16:38:07.0487 1368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:38:07.0487 1368 WmiAcpi - ok
16:38:07.0534 1368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:38:07.0581 1368 wmiApSrv - ok
16:38:07.0612 1368 WMPNetworkSvc - ok
16:38:07.0628 1368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:38:07.0659 1368 WPCSvc - ok
16:38:07.0674 1368 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:38:07.0690 1368 WPDBusEnum - ok
16:38:07.0737 1368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:38:07.0737 1368 ws2ifsl - ok
16:38:07.0799 1368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:38:07.0799 1368 wscsvc - ok
16:38:07.0799 1368 WSearch - ok
16:38:08.0033 1368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:38:08.0049 1368 wuauserv - ok
16:38:08.0080 1368 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:38:08.0096 1368 WudfPf - ok
16:38:08.0220 1368 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:38:08.0236 1368 WUDFRd - ok
16:38:08.0283 1368 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:38:08.0298 1368 wudfsvc - ok
16:38:08.0392 1368 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:38:08.0470 1368 WwanSvc - ok
16:38:08.0486 1368 ================ Scan global ===============================
16:38:08.0564 1368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:38:08.0657 1368 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:38:08.0704 1368 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:38:08.0751 1368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:38:08.0876 1368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:38:08.0907 1368 [Global] - ok
16:38:08.0907 1368 ================ Scan MBR ==================================
16:38:08.0922 1368 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:38:09.0702 1368 \Device\Harddisk0\DR0 - ok
16:38:09.0702 1368 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:38:09.0718 1368 \Device\Harddisk1\DR1 - ok
16:38:09.0718 1368 ================ Scan VBR ==================================
16:38:09.0718 1368 [ E69A7DA77F107A817E8AE47BE862918F ] \Device\Harddisk0\DR0\Partition1
16:38:09.0718 1368 \Device\Harddisk0\DR0\Partition1 - ok
16:38:09.0749 1368 [ 058F0C7F5DDD27F7BEA7FB88B2373840 ] \Device\Harddisk0\DR0\Partition2
16:38:09.0765 1368 \Device\Harddisk0\DR0\Partition2 - ok
16:38:09.0796 1368 [ 6E3D8F2119E0E65EFDE75B2007ED73E5 ] \Device\Harddisk0\DR0\Partition3
16:38:09.0796 1368 \Device\Harddisk0\DR0\Partition3 - ok
16:38:09.0796 1368 [ 88D4D6BF121381C1CFEA1B29A66B31E5 ] \Device\Harddisk1\DR1\Partition1
16:38:09.0796 1368 \Device\Harddisk1\DR1\Partition1 - ok
16:38:09.0796 1368 ================ Scan active images ========================
16:38:09.0796 1368 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
16:38:09.0796 1368 C:\Windows\System32\drivers\crashdmp.sys - ok
16:38:09.0812 1368 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
16:38:09.0812 1368 C:\Windows\System32\drivers\dumpfve.sys - ok
16:38:09.0812 1368 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] C:\Windows\System32\drivers\iaStor.sys
16:38:09.0812 1368 C:\Windows\System32\drivers\iaStor.sys - ok
16:38:09.0812 1368 [ 46571ED73AE84469DCA53081D33CF3C8 ] C:\Windows\System32\drivers\dtsoftbus01.sys
16:38:09.0812 1368 C:\Windows\System32\drivers\dtsoftbus01.sys - ok
16:38:09.0812 1368 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
16:38:09.0812 1368 C:\Windows\System32\drivers\cdrom.sys - ok
16:38:09.0812 1368 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
16:38:09.0812 1368 C:\Windows\System32\drivers\beep.sys - ok
16:38:09.0812 1368 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
16:38:09.0812 1368 C:\Windows\System32\drivers\null.sys - ok
16:38:09.0827 1368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
16:38:09.0827 1368 C:\Windows\System32\drivers\vga.sys - ok
16:38:09.0827 1368 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
16:38:09.0827 1368 C:\Windows\System32\drivers\videoprt.sys - ok
16:38:09.0827 1368 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
16:38:09.0827 1368 C:\Windows\System32\drivers\watchdog.sys - ok
16:38:09.0827 1368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
16:38:09.0827 1368 C:\Windows\System32\drivers\RDPCDD.sys - ok
16:38:09.0827 1368 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
16:38:09.0827 1368 C:\Windows\System32\drivers\RDPENCDD.sys - ok
16:38:09.0827 1368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
16:38:09.0827 1368 C:\Windows\System32\drivers\msfs.sys - ok
16:38:09.0843 1368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
16:38:09.0843 1368 C:\Windows\System32\drivers\npfs.sys - ok
16:38:09.0843 1368 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
16:38:09.0843 1368 C:\Windows\System32\drivers\RDPREFMP.sys - ok
16:38:09.0843 1368 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
16:38:09.0843 1368 C:\Windows\System32\drivers\tdi.sys - ok
16:38:09.0843 1368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
16:38:09.0843 1368 C:\Windows\System32\drivers\tdx.sys - ok
16:38:09.0843 1368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
16:38:09.0843 1368 C:\Windows\System32\drivers\afd.sys - ok
16:38:09.0843 1368 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
16:38:09.0843 1368 C:\Windows\System32\drivers\netbt.sys - ok
16:38:09.0858 1368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
16:38:09.0858 1368 C:\Windows\System32\drivers\ws2ifsl.sys - ok
16:38:09.0858 1368 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
16:38:09.0858 1368 C:\Windows\System32\drivers\wfplwf.sys - ok
16:38:09.0858 1368 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
16:38:09.0858 1368 C:\Windows\System32\drivers\pacer.sys - ok
16:38:09.0858 1368 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
16:38:09.0858 1368 C:\Windows\System32\drivers\vwififlt.sys - ok
16:38:09.0858 1368 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
16:38:09.0858 1368 C:\Windows\System32\drivers\netbios.sys - ok
16:38:09.0858 1368 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
16:38:09.0858 1368 C:\Windows\System32\drivers\nsiproxy.sys - ok
16:38:09.0858 1368 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
16:38:09.0858 1368 C:\Windows\System32\drivers\rdbss.sys - ok
16:38:09.0874 1368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
16:38:09.0874 1368 C:\Windows\System32\drivers\termdd.sys - ok
16:38:09.0874 1368 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
16:38:09.0874 1368 C:\Windows\System32\drivers\wanarp.sys - ok
16:38:09.0874 1368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
16:38:09.0874 1368 C:\Windows\System32\drivers\discache.sys - ok
16:38:09.0874 1368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
16:38:09.0874 1368 C:\Windows\System32\drivers\mssmbios.sys - ok
16:38:09.0874 1368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
16:38:09.0874 1368 C:\Windows\System32\drivers\blbdrive.sys - ok
16:38:09.0874 1368 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] C:\Windows\System32\drivers\csc.sys
16:38:09.0874 1368 C:\Windows\System32\drivers\csc.sys - ok
16:38:09.0890 1368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
16:38:09.0890 1368 C:\Windows\System32\drivers\dfsc.sys - ok
16:38:09.0890 1368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
16:38:09.0890 1368 C:\Windows\System32\drivers\tunnel.sys - ok
16:38:09.0890 1368 [ 94B4028F0EEA1F166D78186A254676B5 ] C:\Windows\System32\drivers\atikmpag.sys
16:38:09.0890 1368 C:\Windows\System32\drivers\atikmpag.sys - ok
16:38:09.0890 1368 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
16:38:09.0890 1368 C:\Windows\System32\ntdll.dll - ok
16:38:09.0890 1368 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
16:38:09.0890 1368 C:\Windows\System32\smss.exe - ok
16:38:09.0890 1368 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
16:38:09.0890 1368 C:\Windows\System32\autochk.exe - ok
16:38:09.0905 1368 [ 06778049A44C316E8D016039B9D14667 ] C:\Windows\System32\drivers\atikmdag.sys
16:38:09.0905 1368 C:\Windows\System32\drivers\atikmdag.sys - ok
16:38:09.0905 1368 [ 0ADC83218B66A6DB380C330836F3E36D ] C:\Windows\System32\drivers\fastfat.sys
16:38:09.0905 1368 C:\Windows\System32\drivers\fastfat.sys - ok
16:38:09.0905 1368 [ 33FAA40B288002C89529DBD14F3AB72C ] C:\Windows\System32\drivers\igdpmd64.sys
16:38:09.0905 1368 C:\Windows\System32\drivers\igdpmd64.sys - ok
16:38:09.0905 1368 [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
16:38:09.0905 1368 C:\Windows\System32\usp10.dll - ok
16:38:09.0905 1368 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
16:38:09.0905 1368 C:\Windows\System32\msctf.dll - ok
16:38:09.0905 1368 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
16:38:09.0905 1368 C:\Windows\System32\ole32.dll - ok
16:38:09.0905 1368 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
16:38:09.0905 1368 C:\Windows\System32\psapi.dll - ok
16:38:09.0921 1368 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
16:38:09.0921 1368 C:\Windows\System32\oleaut32.dll - ok
16:38:09.0921 1368 [ CE7743807258A7D383C427E3C178A49E ] C:\Windows\System32\drivers\dxgkrnl.sys
16:38:09.0921 1368 C:\Windows\System32\drivers\dxgkrnl.sys - ok
16:38:09.0921 1368 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
16:38:09.0921 1368 C:\Windows\System32\sechost.dll - ok
16:38:09.0921 1368 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
16:38:09.0921 1368 C:\Windows\System32\normaliz.dll - ok
16:38:09.0921 1368 [ 447C109BB4132767C384A4DB2E11AA30 ] C:\Windows\System32\drivers\dxgmms1.sys
16:38:09.0921 1368 C:\Windows\System32\drivers\dxgmms1.sys - ok
16:38:09.0921 1368 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
16:38:09.0921 1368 C:\Windows\System32\shlwapi.dll - ok
16:38:09.0936 1368 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
16:38:09.0936 1368 C:\Windows\System32\nsi.dll - ok
16:38:09.0936 1368 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] C:\Windows\System32\drivers\HECIx64.sys
16:38:09.0936 1368 C:\Windows\System32\drivers\HECIx64.sys - ok
16:38:09.0936 1368 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
16:38:09.0936 1368 C:\Windows\System32\imagehlp.dll - ok
16:38:09.0936 1368 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
16:38:09.0936 1368 C:\Windows\System32\Wldap32.dll - ok
16:38:09.0936 1368 [ AA68C758B3F225618A5FD1ED40C383C4 ] C:\Windows\System32\drivers\usbehci.sys
16:38:09.0936 1368 C:\Windows\System32\drivers\usbehci.sys - ok
16:38:09.0936 1368 [ B082BB62FEC68D8DEFF349C445969047 ] C:\Windows\System32\drivers\usbport.sys
16:38:09.0936 1368 C:\Windows\System32\drivers\usbport.sys - ok
16:38:09.0952 1368 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
16:38:09.0952 1368 C:\Windows\System32\user32.dll - ok
16:38:09.0952 1368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
16:38:09.0952 1368 C:\Windows\System32\drivers\hdaudbus.sys - ok
16:38:09.0952 1368 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
16:38:09.0952 1368 C:\Windows\System32\shell32.dll - ok
16:38:09.0952 1368 [ ED5873F7DFB2F96D37F13322211B6BDC ] C:\Windows\System32\drivers\Rt64win7.sys
16:38:09.0952 1368 C:\Windows\System32\drivers\Rt64win7.sys - ok
16:38:09.0952 1368 [ 50AD7F7040C22BB7CAA59A0880875A21 ] C:\Windows\System32\drivers\NETwNs64.sys
16:38:09.0952 1368 C:\Windows\System32\drivers\NETwNs64.sys - ok
16:38:09.0952 1368 [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
16:38:09.0952 1368 C:\Windows\System32\kernel32.dll - ok
16:38:09.0952 1368 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
16:38:09.0952 1368 C:\Windows\System32\ws2_32.dll - ok
16:38:09.0968 1368 [ 435E9C764E1EF70058580996452BE6A2 ] C:\Windows\System32\wininet.dll
16:38:09.0968 1368 C:\Windows\System32\wininet.dll - ok
16:38:09.0968 1368 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
16:38:09.0968 1368 C:\Windows\System32\lpk.dll - ok
16:38:09.0968 1368 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
16:38:09.0968 1368 C:\Windows\System32\clbcatq.dll - ok
16:38:09.0968 1368 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
16:38:09.0968 1368 C:\Windows\System32\gdi32.dll - ok
16:38:09.0968 1368 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
16:38:09.0968 1368 C:\Windows\System32\difxapi.dll - ok
16:38:09.0968 1368 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
16:38:09.0968 1368 C:\Windows\System32\setupapi.dll - ok
16:38:09.0983 1368 [ F431C3C86FCCC1C53814F043A6CAD825 ] C:\Windows\System32\iertutil.dll
16:38:09.0983 1368 C:\Windows\System32\iertutil.dll - ok
16:38:09.0983 1368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
16:38:09.0983 1368 C:\Windows\System32\drivers\vwifibus.sys - ok
16:38:09.0983 1368 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] C:\Windows\System32\drivers\RtsPStor.sys
16:38:09.0983 1368 C:\Windows\System32\drivers\RtsPStor.sys - ok
16:38:09.0983 1368 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
16:38:09.0983 1368 C:\Windows\System32\rpcrt4.dll - ok
16:38:09.0983 1368 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] C:\Windows\System32\drivers\sdbus.sys
16:38:09.0983 1368 C:\Windows\System32\drivers\sdbus.sys - ok
16:38:09.0983 1368 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] C:\Windows\System32\drivers\nusb3xhc.sys
16:38:09.0983 1368 C:\Windows\System32\drivers\nusb3xhc.sys - ok
16:38:09.0999 1368 [ 6ED68229BCE9B35AD334E5482C44B143 ] C:\Windows\System32\drivers\usbd.sys
16:38:09.0999 1368 C:\Windows\System32\drivers\usbd.sys - ok
16:38:09.0999 1368 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
16:38:09.0999 1368 C:\Windows\System32\comdlg32.dll - ok
16:38:09.0999 1368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
16:38:09.0999 1368 C:\Windows\System32\drivers\i8042prt.sys - ok
16:38:09.0999 1368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
16:38:09.0999 1368 C:\Windows\System32\drivers\kbdclass.sys - ok
16:38:09.0999 1368 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
16:38:09.0999 1368 C:\Windows\System32\advapi32.dll - ok
16:38:09.0999 1368 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] C:\Windows\System32\drivers\SynTP.sys
16:38:09.0999 1368 C:\Windows\System32\drivers\SynTP.sys - ok
16:38:09.0999 1368 [ 87BEA2616EFDEC6A1CB3BFCFB09D816A ] C:\Windows\System32\urlmon.dll
16:38:09.0999 1368 C:\Windows\System32\urlmon.dll - ok
16:38:10.0014 1368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
16:38:10.0014 1368 C:\Windows\System32\drivers\mouclass.sys - ok
16:38:10.0014 1368 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
16:38:10.0014 1368 C:\Windows\System32\drivers\CmBatt.sys - ok
16:38:10.0014 1368 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] C:\Windows\System32\drivers\Accelerometer.sys
16:38:10.0014 1368 C:\Windows\System32\drivers\Accelerometer.sys - ok
16:38:10.0014 1368 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
16:38:10.0014 1368 C:\Windows\System32\drivers\wmiacpi.sys - ok
16:38:10.0014 1368 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
16:38:10.0014 1368 C:\Windows\System32\drivers\intelppm.sys - ok
16:38:10.0014 1368 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
16:38:10.0014 1368 C:\Windows\System32\imm32.dll - ok
16:38:10.0030 1368 [ 7D9E301AB3247765702D0B65E2E47E50 ] C:\Windows\System32\drivers\AmpPal.sys
16:38:10.0030 1368 C:\Windows\System32\drivers\AmpPal.sys - ok
16:38:10.0030 1368 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
16:38:10.0030 1368 C:\Windows\System32\msvcrt.dll - ok
16:38:10.0030 1368 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
16:38:10.0030 1368 C:\Windows\System32\wintrust.dll - ok
16:38:10.0030 1368 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
16:38:10.0030 1368 C:\Windows\System32\comctl32.dll - ok
16:38:10.0030 1368 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
16:38:10.0030 1368 C:\Windows\System32\crypt32.dll - ok
16:38:10.0030 1368 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
16:38:10.0030 1368 C:\Windows\System32\cfgmgr32.dll - ok
16:38:10.0046 1368 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
16:38:10.0046 1368 C:\Windows\System32\devobj.dll - ok
16:38:10.0046 1368 [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
16:38:10.0046 1368 C:\Windows\System32\KernelBase.dll - ok
16:38:10.0046 1368 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
16:38:10.0046 1368 C:\Windows\System32\drivers\CompositeBus.sys - ok
16:38:10.0046 1368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
16:38:10.0046 1368 C:\Windows\System32\drivers\agilevpn.sys - ok
16:38:10.0046 1368 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
16:38:10.0046 1368 C:\Windows\System32\msasn1.dll - ok
16:38:10.0046 1368 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
16:38:10.0046 1368 C:\Windows\System32\drivers\rasl2tp.sys - ok
16:38:10.0061 1368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
16:38:10.0061 1368 C:\Windows\System32\drivers\ndistapi.sys - ok
16:38:10.0061 1368 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
16:38:10.0061 1368 C:\Windows\System32\drivers\ndiswan.sys - ok
16:38:10.0061 1368 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
16:38:10.0061 1368 C:\Windows\SysWOW64\normaliz.dll - ok
16:38:10.0061 1368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
16:38:10.0061 1368 C:\Windows\System32\drivers\raspppoe.sys - ok
16:38:10.0061 1368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
16:38:10.0061 1368 C:\Windows\System32\drivers\raspptp.sys - ok
16:38:10.0061 1368 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
16:38:10.0061 1368 C:\Windows\System32\drivers\rassstp.sys - ok
16:38:10.0077 1368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
16:38:10.0077 1368 C:\Windows\System32\drivers\rdpbus.sys - ok
16:38:10.0077 1368 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
16:38:10.0077 1368 C:\Windows\System32\drivers\ks.sys - ok
16:38:10.0077 1368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
16:38:10.0077 1368 C:\Windows\System32\drivers\swenum.sys - ok
16:38:10.0077 1368 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
16:38:10.0077 1368 C:\Windows\System32\drivers\umbus.sys - ok
16:38:10.0077 1368 [ 66E1EF753543785D7E2C44719B2C5DAD ] C:\Windows\System32\drivers\usbhub.sys
16:38:10.0077 1368 C:\Windows\System32\drivers\usbhub.sys - ok
16:38:10.0077 1368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
16:38:10.0077 1368 C:\Windows\System32\drivers\ndproxy.sys - ok
16:38:10.0077 1368 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
16:38:10.0077 1368 C:\Windows\System32\drivers\drmk.sys - ok
16:38:10.0092 1368 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
16:38:10.0092 1368 C:\Windows\System32\drivers\portcls.sys - ok
16:38:10.0092 1368 [ 6F69D75F50E8FAF1003AA6CFB18B91EC ] C:\Windows\System32\drivers\stwrt64.sys
16:38:10.0092 1368 C:\Windows\System32\drivers\stwrt64.sys - ok
16:38:10.0092 1368 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
16:38:10.0092 1368 C:\Windows\System32\drivers\ksthunk.sys - ok
16:38:10.0092 1368 [ FC727061C0F47C8059E88E05D5C8E381 ] C:\Windows\System32\drivers\IntcDAud.sys
16:38:10.0092 1368 C:\Windows\System32\drivers\IntcDAud.sys - ok
16:38:10.0108 1368 [ 9A33100AC62A0463C49E47EE8E77083A ] C:\Windows\System32\drivers\nusb3hub.sys
16:38:10.0108 1368 C:\Windows\System32\drivers\nusb3hub.sys - ok
16:38:10.0108 1368 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
16:38:10.0108 1368 C:\Windows\System32\drivers\dxapi.sys - ok
16:38:10.0108 1368 [ 59E21156113E438D1D91AF4FC0C3B19F ] C:\Windows\System32\win32k.sys
16:38:10.0108 1368 C:\Windows\System32\win32k.sys - ok
16:38:10.0108 1368 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
16:38:10.0108 1368 C:\Windows\System32\csrss.exe - ok
16:38:10.0108 1368 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
16:38:10.0108 1368 C:\Windows\System32\csrsrv.dll - ok
16:38:10.0108 1368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
16:38:10.0108 1368 C:\Windows\System32\basesrv.dll - ok
16:38:10.0108 1368 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
16:38:10.0108 1368 C:\Windows\System32\winsrv.dll - ok
16:38:10.0124 1368 [ FE88B288356E7B47B74B13372ADD906D ] C:\Windows\System32\drivers\winusb.sys
16:38:10.0124 1368 C:\Windows\System32\drivers\winusb.sys - ok
16:38:10.0124 1368 [ DDA4CAF29D8C0A297F886BFE561E6659 ] C:\Windows\System32\drivers\WUDFRd.sys
16:38:10.0124 1368 C:\Windows\System32\drivers\WUDFRd.sys - ok
16:38:10.0124 1368 [ 2B26FCB7C634C49313FD72120FB9946E ] C:\Windows\System32\drivers\usbccgp.sys
16:38:10.0124 1368 C:\Windows\System32\drivers\usbccgp.sys - ok
16:38:10.0124 1368 [ 454800C2BC7F3927CE030141EE4F4C50 ] C:\Windows\System32\drivers\usbvideo.sys
16:38:10.0124 1368 C:\Windows\System32\drivers\usbvideo.sys - ok
16:38:10.0124 1368 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
16:38:10.0124 1368 C:\Windows\System32\drivers\USBSTOR.SYS - ok
16:38:10.0124 1368 [ A3D04EBF5227886029B4532F20D026F7 ] C:\Windows\System32\drivers\wdcsam64.sys
16:38:10.0124 1368 C:\Windows\System32\drivers\wdcsam64.sys - ok
16:38:10.0139 1368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
16:38:10.0139 1368 C:\Windows\System32\drivers\monitor.sys - ok
16:38:10.0139 1368 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
16:38:10.0139 1368 C:\Windows\System32\tsddd.dll - ok
16:38:10.0139 1368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
16:38:10.0139 1368 C:\Windows\System32\sxssrv.dll - ok
16:38:10.0139 1368 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
16:38:10.0139 1368 C:\Windows\System32\profapi.dll - ok
16:38:10.0139 1368 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
16:38:10.0139 1368 C:\Windows\System32\wininit.exe - ok
16:38:10.0139 1368 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
16:38:10.0139 1368 C:\Windows\System32\cdd.dll - ok
16:38:10.0155 1368 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
16:38:10.0155 1368 C:\Windows\System32\RpcRtRemote.dll - ok
16:38:10.0155 1368 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
16:38:10.0155 1368 C:\Windows\System32\KBDUS.DLL - ok
16:38:10.0155 1368 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
16:38:10.0155 1368 C:\Windows\System32\winlogon.exe - ok
16:38:10.0155 1368 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
16:38:10.0155 1368 C:\Windows\System32\winsta.dll - ok
16:38:10.0155 1368 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
16:38:10.0155 1368 C:\Windows\System32\WlS0WndH.dll - ok
16:38:10.0170 1368 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
16:38:10.0170 1368 C:\Windows\System32\sxs.dll - ok
16:38:10.0170 1368 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
16:38:10.0170 1368 C:\Windows\System32\cryptbase.dll - ok
16:38:10.0170 1368 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
16:38:10.0170 1368 C:\Windows\System32\apphelp.dll - ok
16:38:10.0170 1368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
16:38:10.0170 1368 C:\Windows\System32\services.exe - ok
16:38:10.0170 1368 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
16:38:10.0170 1368 C:\Windows\System32\lsass.exe - ok
16:38:10.0170 1368 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
16:38:10.0170 1368 C:\Windows\System32\lsm.exe - ok
16:38:10.0170 1368 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
16:38:10.0170 1368 C:\Windows\System32\sspisrv.dll - ok
16:38:10.0186 1368 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
16:38:10.0186 1368 C:\Windows\System32\sspicli.dll - ok
16:38:10.0186 1368 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
16:38:10.0186 1368 C:\Windows\System32\sysntfy.dll - ok
16:38:10.0186 1368 [ 685527DA09EBFB681E98C515978BDEE2 ] C:\Windows\System32\lsasrv.dll
16:38:10.0186 1368 C:\Windows\System32\lsasrv.dll - ok
16:38:10.0186 1368 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
16:38:10.0186 1368 C:\Windows\System32\scext.dll - ok
16:38:10.0186 1368 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
16:38:10.0186 1368 C:\Windows\System32\wmsgapi.dll - ok
16:38:10.0186 1368 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
16:38:10.0186 1368 C:\Windows\System32\secur32.dll - ok
16:38:10.0202 1368 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
16:38:10.0202 1368 C:\Windows\System32\scesrv.dll - ok
16:38:10.0202 1368 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
16:38:10.0202 1368 C:\Windows\System32\srvcli.dll - ok
16:38:10.0202 1368 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
16:38:10.0202 1368 C:\Windows\System32\samsrv.dll - ok
16:38:10.0202 1368 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
16:38:10.0202 1368 C:\Windows\System32\cryptdll.dll - ok
16:38:10.0202 1368 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
16:38:10.0202 1368 C:\Windows\System32\wevtapi.dll - ok
16:38:10.0202 1368 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
16:38:10.0202 1368 C:\Windows\System32\authz.dll - ok
16:38:10.0202 1368 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
16:38:10.0202 1368 C:\Windows\System32\cngaudit.dll - ok
16:38:10.0217 1368 [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
16:38:10.0217 1368 C:\Windows\System32\ncrypt.dll - ok
16:38:10.0217 1368 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
16:38:10.0217 1368 C:\Windows\System32\bcrypt.dll - ok
16:38:10.0217 1368 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
16:38:10.0217 1368 C:\Windows\System32\msprivs.dll - ok
16:38:10.0217 1368 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
16:38:10.0217 1368 C:\Windows\System32\netjoin.dll - ok
16:38:10.0217 1368 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
16:38:10.0217 1368 C:\Windows\System32\kerberos.dll - ok
16:38:10.0217 1368 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
16:38:10.0217 1368 C:\Windows\System32\negoexts.dll - ok
16:38:10.0233 1368 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
16:38:10.0233 1368 C:\Windows\System32\cryptsp.dll - ok
16:38:10.0233 1368 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
16:38:10.0233 1368 C:\Windows\System32\mswsock.dll - ok
16:38:10.0233 1368 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
16:38:10.0233 1368 C:\Windows\System32\version.dll - ok
16:38:10.0233 1368 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
16:38:10.0233 1368 C:\Windows\System32\msv1_0.dll - ok
16:38:10.0233 1368 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
16:38:10.0233 1368 C:\Windows\System32\wship6.dll - ok
16:38:10.0233 1368 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
16:38:10.0233 1368 C:\Windows\System32\netlogon.dll - ok
16:38:10.0233 1368 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
16:38:10.0233 1368 C:\Windows\System32\dnsapi.dll - ok
16:38:10.0248 1368 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
16:38:10.0248 1368 C:\Windows\System32\logoncli.dll - ok
16:38:10.0248 1368 [ B7D42CB36C08FA017E73FF2433CD7287 ] C:\Windows\System32\schannel.dll
16:38:10.0248 1368 C:\Windows\System32\schannel.dll - ok
16:38:10.0248 1368 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
16:38:10.0248 1368 C:\Windows\System32\wdigest.dll - ok
16:38:10.0248 1368 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
16:38:10.0248 1368 C:\Windows\System32\rsaenh.dll - ok
16:38:10.0248 1368 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
16:38:10.0248 1368 C:\Windows\System32\pku2u.dll - ok
16:38:10.0248 1368 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
16:38:10.0248 1368 C:\Windows\System32\TSpkg.dll - ok
16:38:10.0248 1368 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
16:38:10.0248 1368 C:\Windows\System32\bcryptprimitives.dll - ok
16:38:10.0264 1368 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
16:38:10.0264 1368 C:\Windows\System32\credssp.dll - ok
16:38:10.0264 1368 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
16:38:10.0264 1368 C:\Windows\System32\efslsaext.dll - ok
16:38:10.0264 1368 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
16:38:10.0264 1368 C:\Windows\System32\scecli.dll - ok
16:38:10.0264 1368 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
16:38:10.0264 1368 C:\Windows\System32\ubpm.dll - ok
16:38:10.0264 1368 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
16:38:10.0264 1368 C:\Windows\System32\svchost.exe - ok
16:38:10.0264 1368 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
16:38:10.0264 1368 C:\Windows\System32\umpnpmgr.dll - ok
16:38:10.0280 1368 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
16:38:10.0280 1368 C:\Windows\System32\devrtl.dll - ok
16:38:10.0280 1368 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
16:38:10.0280 1368 C:\Windows\System32\gpapi.dll - ok
16:38:10.0280 1368 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
16:38:10.0280 1368 C:\Windows\System32\SPInf.dll - ok
16:38:10.0280 1368 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
16:38:10.0280 1368 C:\Windows\System32\userenv.dll - ok
16:38:10.0280 1368 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
16:38:10.0280 1368 C:\Windows\System32\pcwum.dll - ok
16:38:10.0280 1368 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] C:\Windows\System32\umpo.dll
16:38:10.0280 1368 C:\Windows\System32\umpo.dll - ok
16:38:10.0280 1368 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
16:38:10.0280 1368 C:\Windows\System32\powrprof.dll - ok
16:38:10.0295 1368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
16:38:10.0295 1368 C:\Windows\System32\drivers\luafv.sys - ok
16:38:10.0295 1368 [ BA0F98B69D84EFAE63EA80A957F9EF31 ] C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
16:38:10.0295 1368 C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe - ok
16:38:10.0295 1368 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
16:38:10.0295 1368 C:\Windows\SysWOW64\ntdll.dll - ok
16:38:10.0295 1368 [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
16:38:10.0295 1368 C:\Windows\System32\wow64.dll - ok
16:38:10.0295 1368 [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
16:38:10.0295 1368 C:\Windows\System32\wow64win.dll - ok
16:38:10.0295 1368 [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
16:38:10.0295 1368 C:\Windows\System32\wow64cpu.dll - ok
16:38:10.0311 1368 [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
16:38:10.0311 1368 C:\Windows\SysWOW64\kernel32.dll - ok
16:38:10.0311 1368 [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
16:38:10.0311 1368 C:\Windows\SysWOW64\KernelBase.dll - ok
16:38:10.0311 1368 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
16:38:10.0311 1368 C:\Windows\SysWOW64\msvcrt.dll - ok
16:38:10.0311 1368 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
16:38:10.0311 1368 C:\Windows\SysWOW64\wtsapi32.dll - ok
16:38:10.0311 1368 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
16:38:10.0311 1368 C:\Windows\SysWOW64\rpcrt4.dll - ok
16:38:10.0311 1368 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
16:38:10.0311 1368 C:\Windows\SysWOW64\userenv.dll - ok
16:38:10.0311 1368 [ 3D57FEAD78BD4AD3E29BB098AA80EE03 ] C:\Program Files (x86)\HP SimplePass\TSLog.dll
16:38:10.0326 1368 C:\Program Files (x86)\HP SimplePass\TSLog.dll - ok
16:38:10.0326 1368 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
16:38:10.0326 1368 C:\Windows\SysWOW64\cryptbase.dll - ok
16:38:10.0326 1368 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
16:38:10.0326 1368 C:\Windows\SysWOW64\profapi.dll - ok
16:38:10.0326 1368 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
16:38:10.0326 1368 C:\Windows\SysWOW64\sechost.dll - ok
16:38:10.0326 1368 [ BFB26890612FB8AE8B0463EBEBE84B7E ] C:\Windows\SysWOW64\sspicli.dll
16:38:10.0326 1368 C:\Windows\SysWOW64\sspicli.dll - ok
16:38:10.0326 1368 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
16:38:10.0326 1368 C:\Windows\SysWOW64\user32.dll - ok
16:38:10.0326 1368 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
16:38:10.0326 1368 C:\Windows\SysWOW64\gdi32.dll - ok
16:38:10.0342 1368 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
16:38:10.0342 1368 C:\Windows\SysWOW64\lpk.dll - ok
16:38:10.0342 1368 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
16:38:10.0342 1368 C:\Windows\SysWOW64\usp10.dll - ok
16:38:10.0342 1368 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
16:38:10.0342 1368 C:\Windows\SysWOW64\advapi32.dll - ok
16:38:10.0342 1368 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
16:38:10.0342 1368 C:\Windows\SysWOW64\shell32.dll - ok
16:38:10.0342 1368 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
16:38:10.0342 1368 C:\Windows\SysWOW64\shlwapi.dll - ok
16:38:10.0342 1368 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
16:38:10.0342 1368 C:\Windows\SysWOW64\winspool.drv - ok
16:38:10.0342 1368 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
16:38:10.0342 1368 C:\Windows\SysWOW64\ole32.dll - ok
16:38:10.0358 1368 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
16:38:10.0358 1368 C:\Windows\SysWOW64\oleaut32.dll - ok
16:38:10.0358 1368 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
16:38:10.0358 1368 C:\Windows\SysWOW64\oleacc.dll - ok
16:38:10.0358 1368 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
16:38:10.0358 1368 C:\Windows\SysWOW64\imm32.dll - ok
16:38:10.0358 1368 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
16:38:10.0358 1368 C:\Windows\SysWOW64\msctf.dll - ok
16:38:10.0358 1368 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
16:38:10.0358 1368 C:\Windows\SysWOW64\ntmarta.dll - ok
16:38:10.0358 1368 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
16:38:10.0358 1368 C:\Windows\SysWOW64\Wldap32.dll - ok
16:38:10.0373 1368 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
16:38:10.0373 1368 C:\Windows\System32\drivers\WUDFPf.sys - ok
16:38:10.0373 1368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
16:38:10.0373 1368 C:\Windows\System32\rpcss.dll - ok
16:38:10.0373 1368 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
16:38:10.0373 1368 C:\Windows\SysWOW64\winsta.dll - ok
16:38:10.0373 1368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
16:38:10.0373 1368 C:\Windows\System32\RpcEpMap.dll - ok
16:38:10.0373 1368 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
16:38:10.0373 1368 C:\Windows\System32\FirewallAPI.dll - ok
16:38:10.0373 1368 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
16:38:10.0373 1368 C:\Windows\System32\wshqos.dll - ok
16:38:10.0373 1368 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
16:38:10.0373 1368 C:\Windows\System32\WSHTCPIP.DLL - ok
16:38:10.0389 1368 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
16:38:10.0389 1368 C:\Windows\System32\LogonUI.exe - ok
16:38:10.0389 1368 [ E07DEC52FF801841BA9B6878A60304FB ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:38:10.0389 1368 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
16:38:10.0389 1368 [ 905601FFF40D8DA9FA82CBE77D1F5EB1 ] C:\Program Files\Microsoft Security Client\MpSvc.dll
16:38:10.0389 1368 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
16:38:10.0389 1368 [ 2D4230F2F1D204A523998DF93F9DF066 ] C:\Program Files\Microsoft Security Client\MpClient.dll
16:38:10.0389 1368 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
16:38:10.0389 1368 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
16:38:10.0389 1368 C:\Windows\System32\wtsapi32.dll - ok
16:38:10.0389 1368 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
16:38:10.0389 1368 C:\Windows\System32\ntmarta.dll - ok
16:38:10.0404 1368 [ C53D784D7303C463D004C0D5782917B4 ] C:\Windows\System32\atiesrxx.exe
16:38:10.0404 1368 C:\Windows\System32\atiesrxx.exe - ok
16:38:10.0404 1368 [ 9121C2E2507AD0BCBF9A7438051BEF34 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
16:38:10.0404 1368 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
16:38:10.0404 1368 [ 2F034150ECCBC498C53B61F98C5378AC ] C:\Program Files\Microsoft Security Client\MpRTP.dll
16:38:10.0404 1368 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
16:38:10.0404 1368 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
16:38:10.0404 1368 C:\Windows\System32\fltLib.dll - ok
16:38:10.0404 1368 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
16:38:10.0404 1368 C:\Windows\System32\wevtsvc.dll - ok
16:38:10.0404 1368 [ C4C183E6551084039EC862DA1C945E3D ] C:\Windows\System32\FntCache.dll
16:38:10.0404 1368 C:\Windows\System32\FntCache.dll - ok
16:38:10.0420 1368 [ D30FE3ECF1D6D521365FAE307B500BC0 ] C:\Program Files\IDT\WDM\stacsv64.exe
16:38:10.0420 1368 C:\Program Files\IDT\WDM\stacsv64.exe - ok
16:38:10.0420 1368 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
16:38:10.0420 1368 C:\Windows\System32\authui.dll - ok
16:38:10.0420 1368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
16:38:10.0420 1368 C:\Windows\System32\profsvc.dll - ok
16:38:10.0420 1368 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
16:38:10.0420 1368 C:\Windows\System32\adtschema.dll - ok
16:38:10.0420 1368 [ C4C1947985144721A809965A19D616BC ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
16:38:10.0420 1368 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
16:38:10.0420 1368 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] C:\Windows\System32\drivers\MpFilter.sys
16:38:10.0420 1368 C:\Windows\System32\drivers\MpFilter.sys - ok
16:38:10.0420 1368 [ 967BC3664DDC26959BD43A7B1681FF86 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
16:38:10.0420 1368 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
16:38:10.0436 1368 [ 76A11F575782DBAE74F05B8796EF7F9D ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C08CB2FD-BF76-4453-9B3A-CE42346156CE}\mpengine.dll
16:38:10.0436 1368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C08CB2FD-BF76-4453-9B3A-CE42346156CE}\mpengine.dll - ok
16:38:10.0436 1368 [ 436EB2742ED35C1ED9DDCB83C9BCF68A ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C08CB2FD-BF76-4453-9B3A-CE42346156CE}\mpasbase.vdm
16:38:10.0436 1368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C08CB2FD-BF76-4453-9B3A-CE42346156CE}\mpasbase.vdm - ok
16:38:10.0436 1368 [ 00F8D38C1AC70AE0635F004EEDD0D77A ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C08CB2FD-BF76-4453-9B3A-CE42346156CE}\mpasdlta.vdm
16:38:10.0436 1368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C08CB2FD-BF76-4453-9B3A-CE42346156CE}\mpasdlta.vdm - ok
16:38:10.0436 1368 [ 425800DD197C336EF1D6A3AC6428DEB3 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C08CB2FD-BF76-4453-9B3A-CE42346156CE}\mpavbase.vdm
16:38:10.0436 1368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C08CB2FD-BF76-4453-9B3A-CE42346156CE}\mpavbase.vdm - ok
16:38:10.0436 1368 [ 6C11A4EAA53199A6BFA0FCD4FFD0FB0F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C08CB2FD-BF76-4453-9B3A-CE42346156CE}\mpavdlta.vdm
16:38:10.0436 1368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C08CB2FD-BF76-4453-9B3A-CE42346156CE}\mpavdlta.vdm - ok
16:38:10.0451 1368 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
16:38:10.0451 1368 C:\Windows\System32\atl.dll - ok
16:38:10.0451 1368 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
16:38:10.0451 1368 C:\Windows\System32\audiosrv.dll - ok
16:38:10.0451 1368 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
16:38:10.0451 1368 C:\Windows\System32\cryptui.dll - ok
16:38:10.0451 1368 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
16:38:10.0451 1368 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
16:38:10.0451 1368 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
16:38:10.0451 1368 C:\Windows\System32\dsound.dll - ok
16:38:10.0451 1368 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
16:38:10.0451 1368 C:\Windows\System32\avrt.dll - ok
16:38:10.0451 1368 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
16:38:10.0451 1368 C:\Windows\System32\mmcss.dll - ok
16:38:10.0467 1368 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
16:38:10.0467 1368 C:\Windows\System32\MMDevAPI.dll - ok
16:38:10.0467 1368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
16:38:10.0467 1368 C:\Windows\System32\netprofm.dll - ok
16:38:10.0467 1368 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
16:38:10.0467 1368 C:\Windows\System32\propsys.dll - ok
16:38:10.0467 1368 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
16:38:10.0467 1368 C:\Windows\System32\samlib.dll - ok
16:38:10.0467 1368 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
16:38:10.0467 1368 C:\Windows\System32\shacct.dll - ok
16:38:10.0467 1368 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
16:38:10.0467 1368 C:\Windows\System32\uxtheme.dll - ok
16:38:10.0482 1368 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
16:38:10.0482 1368 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
16:38:10.0482 1368 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
16:38:10.0482 1368 C:\Windows\System32\dui70.dll - ok
16:38:10.0482 1368 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
16:38:10.0482 1368 C:\Windows\System32\duser.dll - ok
16:38:10.0482 1368 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
16:38:10.0482 1368 C:\Windows\System32\winmm.dll - ok
16:38:10.0482 1368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
16:38:10.0482 1368 C:\Windows\System32\wlansvc.dll - ok
16:38:10.0482 1368 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
16:38:10.0482 1368 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
16:38:10.0499 1368 [ 140A58F07F1AF677A8671CBD272667CB ] C:\Windows\System32\stapi64.dll
16:38:10.0499 1368 C:\Windows\System32\stapi64.dll - ok
16:38:10.0501 1368 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
16:38:10.0501 1368 C:\Windows\System32\SndVolSSO.dll - ok
16:38:10.0503 1368 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
16:38:10.0503 1368 C:\Windows\System32\WUDFPlatform.dll - ok
16:38:10.0506 1368 [ 0BEB0C931BC24F610EE87179F31A8A42 ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
16:38:10.0506 1368 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
16:38:10.0508 1368 [ E3BF12C68F844E689D1A9D7E6B54742A ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
16:38:10.0509 1368 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
16:38:10.0511 1368 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
16:38:10.0511 1368 C:\Windows\System32\wscapi.dll - ok
16:38:10.0513 1368 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
16:38:10.0513 1368 C:\Windows\System32\AudioSes.dll - ok
16:38:10.0515 1368 [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
16:38:10.0516 1368 C:\Windows\System32\conhost.exe - ok
16:38:10.0518 1368 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
16:38:10.0518 1368 C:\Windows\System32\audiodg.exe - ok
16:38:10.0520 1368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
16:38:10.0520 1368 C:\Windows\System32\MPSSVC.dll - ok
16:38:10.0522 1368 [ EF069CD405BA7D992FB96BDE45588B89 ] C:\Windows\System32\stapo64.dll
16:38:10.0522 1368 C:\Windows\System32\stapo64.dll - ok
16:38:10.0525 1368 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
16:38:10.0525 1368 C:\Windows\System32\cabinet.dll - ok
16:38:10.0527 1368 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
16:38:10.0527 1368 C:\Windows\System32\drivers\fltMgr.sys - ok
16:38:10.0529 1368 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] C:\Windows\System32\cscsvc.dll
16:38:10.0529 1368 C:\Windows\System32\cscsvc.dll - ok
16:38:10.0532 1368 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
16:38:10.0532 1368 C:\Windows\System32\themeservice.dll - ok
16:38:10.0534 1368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
16:38:10.0534 1368 C:\Windows\System32\es.dll - ok
16:38:10.0536 1368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
16:38:10.0536 1368 C:\Windows\System32\gpsvc.dll - ok
16:38:10.0539 1368 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
16:38:10.0539 1368 C:\Windows\System32\PSHED.DLL - ok
16:38:10.0541 1368 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
16:38:10.0541 1368 C:\Windows\System32\Sens.dll - ok
16:38:10.0543 1368 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
16:38:10.0543 1368 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
16:38:10.0546 1368 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
16:38:10.0546 1368 C:\Windows\System32\comres.dll - ok
16:38:10.0548 1368 [ 29910D50542B1AA0F162EF3339C61B6D ] C:\Windows\System32\PeerDist.dll
16:38:10.0548 1368 C:\Windows\System32\PeerDist.dll - ok
16:38:10.0550 1368 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
16:38:10.0551 1368 C:\Windows\System32\nlaapi.dll - ok
16:38:10.0553 1368 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
16:38:10.0553 1368 C:\Windows\System32\dsrole.dll - ok
16:38:10.0555 1368 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
16:38:10.0555 1368 C:\Windows\System32\p2pcollab.dll - ok
16:38:10.0557 1368 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
16:38:10.0557 1368 C:\Windows\System32\slc.dll - ok
16:38:10.0559 1368 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
16:38:10.0559 1368 C:\Windows\System32\taskschd.dll - ok
16:38:10.0561 1368 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
16:38:10.0561 1368 C:\Windows\System32\QAGENTRT.DLL - ok
16:38:10.0564 1368 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
16:38:10.0564 1368 C:\Windows\System32\UXInit.dll - ok
16:38:10.0566 1368 [ C544AF647337B9B274F2AFC068786C86 ] C:\Windows\System32\atieclxx.exe
16:38:10.0566 1368 C:\Windows\System32\atieclxx.exe - ok
16:38:10.0569 1368 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
16:38:10.0569 1368 C:\Windows\System32\fveui.dll - ok
16:38:10.0571 1368 [ BDDF242A49E7B7DC5CCEC291BCE53ACB ] C:\Windows\System32\WindowsCodecs.dll
16:38:10.0571 1368 C:\Windows\System32\WindowsCodecs.dll - ok
16:38:10.0573 1368 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
16:38:10.0573 1368 C:\Windows\System32\dwmapi.dll - ok
16:38:10.0575 1368 [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
16:38:10.0576 1368 C:\Windows\System32\mstask.dll - ok
16:38:10.0578 1368 [ 577D0DC85524A16FE29D7956B22974C4 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
16:38:10.0578 1368 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
16:38:10.0580 1368 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] C:\Windows\System32\hpservice.exe
16:38:10.0580 1368 C:\Windows\System32\hpservice.exe - ok
16:38:10.0582 1368 [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
16:38:10.0582 1368 C:\Windows\System32\slwga.dll - ok
16:38:10.0585 1368 [ 3D214B8D15B05DB873B8241626C9C23E ] C:\Windows\System32\atiadlxx.dll
16:38:10.0585 1368 C:\Windows\System32\atiadlxx.dll - ok
16:38:10.0587 1368 [ 19F9B524A525D202194247E96656CB88 ] C:\Windows\System32\mfc42u.dll
16:38:10.0587 1368 C:\Windows\System32\mfc42u.dll - ok
16:38:10.0589 1368 [ 9071DD242AAA24558370537BF1C289A8 ] C:\Windows\System32\atimuixx.dll
16:38:10.0589 1368 C:\Windows\System32\atimuixx.dll - ok
16:38:10.0591 1368 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
16:38:10.0591 1368 C:\Windows\System32\sppc.dll - ok
16:38:10.0593 1368 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
16:38:10.0593 1368 C:\Windows\System32\wkscli.dll - ok
16:38:10.0595 1368 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
16:38:10.0596 1368 C:\Windows\System32\netutils.dll - ok
16:38:10.0598 1368 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
16:38:10.0598 1368 C:\Windows\System32\AudioEng.dll - ok
16:38:10.0600 1368 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
16:38:10.0600 1368 C:\Windows\System32\hid.dll - ok
16:38:10.0603 1368 [ 7FF8E121AFA05BDAB23B9FEDCDAB7A33 ] C:\Windows\System32\odbc32.dll
16:38:10.0603 1368 C:\Windows\System32\odbc32.dll - ok
16:38:10.0605 1368 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
16:38:10.0605 1368 C:\Windows\System32\WMALFXGFXDSP.dll - ok
16:38:10.0607 1368 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
16:38:10.0607 1368 C:\Windows\System32\xmllite.dll - ok
16:38:10.0610 1368 [ E83C1989A52459D6D8E143AC9F23C93D ] C:\Windows\System32\accelerometerdll.DLL
16:38:10.0610 1368 C:\Windows\System32\accelerometerdll.DLL - ok
16:38:10.0612 1368 [ 3E466073C3B1033FF92ADE9031E3D4A2 ] C:\Windows\System32\odbcint.dll
16:38:10.0612 1368 C:\Windows\System32\odbcint.dll - ok
16:38:10.0614 1368 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
16:38:10.0614 1368 C:\Windows\System32\winbrand.dll - ok
16:38:10.0617 1368 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
16:38:10.0617 1368 C:\Windows\System32\VaultCredProvider.dll - ok
16:38:10.0619 1368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
16:38:10.0619 1368 C:\Windows\System32\uxsms.dll - ok
16:38:10.0622 1368 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
16:38:10.0622 1368 C:\Windows\System32\WUDFSvc.dll - ok
16:38:10.0624 1368 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
16:38:10.0624 1368 C:\Windows\System32\mfplat.dll - ok
16:38:10.0626 1368 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
16:38:10.0626 1368 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
16:38:10.0629 1368 [ C469893743E18BA547DB3C7ED98B32F5 ] C:\Windows\System32\AESTAR64.dll
16:38:10.0629 1368 C:\Windows\System32\AESTAR64.dll - ok
16:38:10.0632 1368 [ A1083A026F9FBF049E757AEB53D48546 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo64.dll
16:38:10.0632 1368 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo64.dll - ok
16:38:10.0634 1368 [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
16:38:10.0634 1368 C:\Windows\System32\WUDFHost.exe - ok
16:38:10.0637 1368 [ 5D0F03EEF3205F66ECFBE72A7CBBAD1F ] C:\Windows\System32\winusb.dll
16:38:10.0637 1368 C:\Windows\System32\winusb.dll - ok
16:38:10.0639 1368 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
16:38:10.0639 1368 C:\Windows\System32\msdmo.dll - ok
16:38:10.0641 1368 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
16:38:10.0641 1368 C:\Windows\System32\WUDFx.dll - ok
16:38:10.0643 1368 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
16:38:10.0643 1368 C:\Windows\System32\BioCredProv.dll - ok
16:38:10.0645 1368 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
16:38:10.0645 1368 C:\Windows\System32\winbio.dll - ok
16:38:10.0648 1368 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
16:38:10.0648 1368 C:\Windows\System32\AUDIOKSE.dll - ok
16:38:10.0650 1368 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
16:38:10.0650 1368 C:\Windows\System32\credui.dll - ok
16:38:10.0653 1368 [ E3849D1D6FD5A9787586AD97B3F9B89A ] C:\Windows\System32\drivers\UMDF\wbf_vfs_0018.dll
16:38:10.0653 1368 C:\Windows\System32\drivers\UMDF\wbf_vfs_0018.dll - ok
16:38:10.0655 1368 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
16:38:10.0655 1368 C:\Windows\System32\ksuser.dll - ok
16:38:10.0657 1368 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
16:38:10.0657 1368 C:\Windows\System32\vaultcli.dll - ok
16:38:10.0659 1368 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
16:38:10.0659 1368 C:\Windows\System32\netapi32.dll - ok
16:38:10.0662 1368 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
16:38:10.0662 1368 C:\Windows\System32\samcli.dll - ok
16:38:10.0664 1368 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
16:38:10.0664 1368 C:\Windows\System32\certCredProvider.dll - ok
16:38:10.0666 1368 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
16:38:10.0666 1368 C:\Windows\System32\rasplap.dll - ok
16:38:10.0669 1368 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
16:38:10.0669 1368 C:\Windows\System32\rasapi32.dll - ok
16:38:10.0671 1368 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
16:38:10.0671 1368 C:\Windows\System32\rasman.dll - ok
16:38:10.0673 1368 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
16:38:10.0673 1368 C:\Windows\System32\rtutils.dll - ok
16:38:10.0675 1368 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
16:38:10.0675 1368 C:\Windows\System32\imageres.dll - ok
16:38:10.0678 1368 [ 5E65E90DA3A478C377F7332A9386B023 ] C:\Windows\System32\AESTAC64.dll
16:38:10.0678 1368 C:\Windows\System32\AESTAC64.dll - ok
16:38:10.0680 1368 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
16:38:10.0680 1368 C:\Windows\System32\drivers\lltdio.sys - ok
16:38:10.0683 1368 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
16:38:10.0683 1368 C:\Windows\System32\drivers\ndisuio.sys - ok
16:38:10.0685 1368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
16:38:10.0685 1368 C:\Windows\System32\drivers\nwifi.sys - ok
16:38:10.0688 1368 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
16:38:10.0688 1368 C:\Windows\System32\drivers\rspndr.sys - ok
16:38:10.0690 1368 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
16:38:10.0690 1368 C:\Windows\System32\lmhsvc.dll - ok
16:38:10.0692 1368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
16:38:10.0692 1368 C:\Windows\System32\nsisvc.dll - ok
16:38:10.0694 1368 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
16:38:10.0694 1368 C:\Windows\System32\IPHLPAPI.DLL - ok
16:38:10.0697 1368 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
16:38:10.0697 1368 C:\Windows\System32\keyiso.dll - ok
16:38:10.0699 1368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
16:38:10.0699 1368 C:\Windows\System32\eapsvc.dll - ok
16:38:10.0701 1368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
16:38:10.0701 1368 C:\Windows\System32\dnsrslvr.dll - ok
16:38:10.0704 1368 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
16:38:10.0704 1368 C:\Windows\System32\winnsi.dll - ok
16:38:10.0706 1368 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
16:38:10.0706 1368 C:\Windows\System32\eapphost.dll - ok
16:38:10.0708 1368 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
16:38:10.0708 1368 C:\Windows\System32\FWPUCLNT.DLL - ok
16:38:10.0711 1368 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
16:38:10.0711 1368 C:\Windows\System32\nrpsrv.dll - ok
16:38:10.0713 1368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
16:38:10.0713 1368 C:\Windows\System32\dhcpcore.dll - ok
16:38:10.0715 1368 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
16:38:10.0715 1368 C:\Windows\System32\dnsext.dll - ok
16:38:10.0718 1368 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
16:38:10.0718 1368 C:\Windows\System32\dhcpcore6.dll - ok
16:38:10.0720 1368 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
16:38:10.0720 1368 C:\Windows\System32\dhcpcsvc.dll - ok
16:38:10.0723 1368 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
16:38:10.0723 1368 C:\Windows\System32\dhcpcsvc6.dll - ok
16:38:10.0725 1368 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
16:38:10.0725 1368 C:\Windows\System32\umb.dll - ok
16:38:10.0727 1368 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
16:38:10.0727 1368 C:\Windows\System32\wlanmsm.dll - ok
16:38:10.0729 1368 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
16:38:10.0729 1368 C:\Windows\System32\wlansec.dll - ok
16:38:10.0732 1368 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
16:38:10.0732 1368 C:\Windows\System32\onex.dll - ok
16:38:10.0734 1368 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
16:38:10.0734 1368 C:\Windows\System32\eappprxy.dll - ok
16:38:10.0736 1368 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
16:38:10.0736 1368 C:\Windows\System32\eappcfg.dll - ok
16:38:10.0738 1368 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
16:38:10.0738 1368 C:\Windows\System32\wlgpclnt.dll - ok
16:38:10.0741 1368 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
16:38:10.0741 1368 C:\Windows\System32\l2gpstore.dll - ok
16:38:10.0744 1368 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
16:38:10.0744 1368 C:\Windows\System32\wlanutil.dll - ok
16:38:10.0746 1368 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
16:38:10.0746 1368 C:\Windows\System32\WinSCard.dll - ok
16:38:10.0748 1368 [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
16:38:10.0748 1368 C:\Windows\System32\msxml6.dll - ok
16:38:10.0750 1368 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
16:38:10.0750 1368 C:\Windows\System32\shsvcs.dll - ok
16:38:10.0753 1368 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
16:38:10.0753 1368 C:\Windows\System32\schedsvc.dll - ok
16:38:10.0755 1368 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
16:38:10.0755 1368 C:\Windows\System32\netcfgx.dll - ok
16:38:10.0758 1368 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
16:38:10.0758 1368 C:\Windows\System32\ktmw32.dll - ok
16:38:10.0760 1368 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
16:38:10.0760 1368 C:\Windows\System32\taskcomp.dll - ok
16:38:10.0762 1368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
16:38:10.0762 1368 C:\Windows\System32\drivers\http.sys - ok
16:38:10.0764 1368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
16:38:10.0764 1368 C:\Windows\System32\spoolsv.exe - ok
16:38:10.0767 1368 [ 567BC1309E05FCFA680ADB6E02260736 ] C:\Windows\System32\vaultsvc.dll
16:38:10.0767 1368 C:\Windows\System32\vaultsvc.dll - ok
16:38:10.0769 1368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] C:\Windows\System32\wbiosrvc.dll
16:38:10.0769 1368 C:\Windows\System32\wbiosrvc.dll - ok
16:38:10.0771 1368 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
16:38:10.0772 1368 C:\Windows\System32\BFE.DLL - ok
16:38:10.0774 1368 [ 3D0832480CA0A76D2C5AA903E7B3F895 ] C:\Windows\System32\WinBioPlugIns\vcsWBFEngineAdapter.dll
16:38:10.0774 1368 C:\Windows\System32\WinBioPlugIns\vcsWBFEngineAdapter.dll - ok
16:38:10.0777 1368 [ 056D5D304B880AD099DA6D0E7A0C138D ] C:\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll
16:38:10.0777 1368 C:\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll - ok
16:38:10.0779 1368 [ 21EE912784A013DC44071ECC4F932388 ] C:\Windows\winsxs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\mfc80u.dll
16:38:10.0779 1368 C:\Windows\winsxs\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\mfc80u.dll - ok
16:38:10.0782 1368 [ 06A754FE28A06F780A099703CFCAAA22 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
16:38:10.0782 1368 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll - ok
16:38:10.0784 1368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
16:38:10.0784 1368 C:\Windows\System32\drivers\bowser.sys - ok
16:38:10.0787 1368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
16:38:10.0787 1368 C:\Windows\System32\drivers\mpsdrv.sys - ok
16:38:10.0789 1368 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
16:38:10.0789 1368 C:\Windows\System32\drivers\mrxsmb.sys - ok
16:38:10.0792 1368 [ 9935F595C9B80BC40723042B43086549 ] C:\Windows\winsxs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_fc42961a63b5a82b\mfc80ENU.dll
16:38:10.0792 1368 C:\Windows\winsxs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_fc42961a63b5a82b\mfc80ENU.dll - ok
16:38:10.0794 1368 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
16:38:10.0794 1368 C:\Windows\System32\drivers\mrxsmb10.sys - ok
16:38:10.0797 1368 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
16:38:10.0797 1368 C:\Windows\System32\wfapigp.dll - ok
16:38:10.0799 1368 [ D41526C0E9214BD8AB239B2C02541B18 ] C:\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll
16:38:10.0799 1368 C:\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll - ok
16:38:10.0801 1368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
16:38:10.0801 1368 C:\Windows\System32\drivers\mrxsmb20.sys - ok
16:38:10.0804 1368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
16:38:10.0804 1368 C:\Windows\System32\wkssvc.dll - ok
16:38:10.0806 1368 [ A6FB9DB8F1A86861D955FD6975977AE0 ] C:\Program Files\IDT\WDM\AESTSr64.exe
16:38:10.0806 1368 C:\Program Files\IDT\WDM\AESTSr64.exe - ok
16:38:10.0809 1368 [ 576134E43169810B560F0BB6FDEE13F5 ] C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:38:10.0809 1368 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe - ok
16:38:10.0811 1368 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
16:38:10.0811 1368 C:\Windows\System32\mscms.dll - ok
16:38:10.0813 1368 [ 9E2AF97302B9F4BF97E952A865EB31AE ] C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:38:10.0813 1368 C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe - ok
16:38:10.0816 1368 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
16:38:10.0816 1368 C:\Windows\System32\pcasvc.dll - ok
16:38:10.0818 1368 [ 6D2C1248A65CCFD78983709463184F43 ] C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll
16:38:10.0818 1368 C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll - ok
16:38:10.0820 1368 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
16:38:10.0820 1368 C:\Windows\System32\snmptrap.exe - ok
16:38:10.0823 1368 [ BE165318E0052A91F7EA36F515B5F2B1 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcp90.dll
16:38:10.0823 1368 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcp90.dll - ok
16:38:10.0825 1368 [ E9A0777DCA9148157E0EF9B71D7DE353 ] C:\Windows\System32\RdpGroupPolicyExtension.dll
16:38:10.0825 1368 C:\Windows\System32\RdpGroupPolicyExtension.dll - ok
16:38:10.0828 1368 [ 91A8E32B00BF7899EDAB6783287DDDA6 ] C:\Windows\System32\PeerDistSh.dll
16:38:10.0828 1368 C:\Windows\System32\PeerDistSh.dll - ok
16:38:10.0830 1368 [ 0D7BE936A44E6B70F822D272A5CEBC22 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll
16:38:10.0830 1368 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll - ok
16:38:10.0833 1368 [ 79488508B1DB86A2E2B2C89DFC0CC34B ] C:\Program Files\Intel\BluetoothHS\KmmdlPlugins\BTSupplicantPlugin.dll
16:38:10.0833 1368 C:\Program Files\Intel\BluetoothHS\KmmdlPlugins\BTSupplicantPlugin.dll - ok
16:38:10.0836 1368 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
16:38:10.0836 1368 C:\Windows\System32\cryptsvc.dll - ok
16:38:10.0838 1368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
16:38:10.0838 1368 C:\Windows\System32\dps.dll - ok
16:38:10.0840 1368 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
16:38:10.0840 1368 C:\Windows\System32\oleacc.dll - ok
16:38:10.0843 1368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
16:38:10.0843 1368 C:\Windows\System32\sstpsvc.dll - ok
16:38:10.0845 1368 [ D72BF0AE484F88399E8343E821C10D6A ] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
16:38:10.0845 1368 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe - ok
16:38:10.0848 1368 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
16:38:10.0848 1368 C:\Windows\System32\cryptnet.dll - ok
16:38:10.0850 1368 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
16:38:10.0850 1368 C:\Windows\System32\vssapi.dll - ok
16:38:10.0852 1368 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
16:38:10.0853 1368 C:\Windows\System32\winspool.drv - ok
16:38:10.0855 1368 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
16:38:10.0855 1368 C:\Windows\System32\provsvc.dll - ok
16:38:10.0857 1368 [ 0F0BF1380A72A6CF0BE0E9449C83526C ] C:\Program Files\Intel\BluetoothHS\KmmdlPlugins\PanAuthenticator.dll
16:38:10.0857 1368 C:\Program Files\Intel\BluetoothHS\KmmdlPlugins\PanAuthenticator.dll - ok
16:38:10.0860 1368 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
16:38:10.0860 1368 C:\Windows\System32\msimg32.dll - ok
16:38:10.0862 1368 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
16:38:10.0862 1368 C:\Windows\System32\vsstrace.dll - ok
16:38:10.0865 1368 [ 162100E0BC8377710F9D170631921C03 ] C:\Windows\System32\drivers\NisDrvWFP.sys
16:38:10.0865 1368 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
16:38:10.0868 1368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
16:38:10.0868 1368 C:\Windows\System32\drivers\PEAuth.sys - ok
16:38:10.0870 1368 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
16:38:10.0870 1368 C:\Windows\System32\netman.dll - ok
16:38:10.0872 1368 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
16:38:10.0872 1368 C:\Windows\System32\nlasvc.dll - ok
16:38:10.0875 1368 [ DCBBF5BE7B585661E6E6E23BE1AD7FDB ] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll
16:38:10.0875 1368 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll - ok
16:38:10.0877 1368 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
16:38:10.0877 1368 C:\Windows\System32\drivers\secdrv.sys - ok
16:38:10.0879 1368 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
16:38:10.0879 1368 C:\Windows\System32\ncsi.dll - ok
16:38:10.0881 1368 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
16:38:10.0881 1368 C:\Windows\System32\aepic.dll - ok
16:38:10.0884 1368 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
16:38:10.0884 1368 C:\Windows\System32\drivers\srvnet.sys - ok
16:38:10.0886 1368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
16:38:10.0886 1368 C:\Windows\System32\seclogon.dll - ok
16:38:10.0888 1368 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
16:38:10.0889 1368 C:\Windows\System32\drivers\tcpipreg.sys - ok
16:38:10.0891 1368 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
16:38:10.0891 1368 C:\Windows\System32\httpapi.dll - ok
16:38:10.0894 1368 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
16:38:10.0894 1368 C:\Windows\System32\sfc.dll - ok
16:38:10.0896 1368 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
16:38:10.0896 1368 C:\Windows\System32\sfc_os.dll - ok
16:38:10.0898 1368 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
16:38:10.0898 1368 C:\Windows\System32\winhttp.dll - ok
16:38:10.0900 1368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
16:38:10.0900 1368 C:\Windows\System32\drivers\srv2.sys - ok
16:38:10.0902 1368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
16:38:10.0902 1368 C:\Windows\System32\trkwks.dll - ok
16:38:10.0905 1368 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
16:38:10.0905 1368 C:\Windows\System32\wbem\WMIsvc.dll - ok
16:38:10.0908 1368 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
16:38:10.0908 1368 C:\Windows\System32\webio.dll - ok
16:38:10.0910 1368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
16:38:10.0910 1368 C:\Windows\System32\sysmain.dll - ok
16:38:10.0912 1368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
16:38:10.0912 1368 C:\Windows\System32\drivers\srv.sys - ok
16:38:10.0915 1368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
16:38:10.0915 1368 C:\Windows\System32\tapisrv.dll - ok
16:38:10.0917 1368 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
16:38:10.0917 1368 C:\Windows\System32\wbemcomn.dll - ok
16:38:10.0919 1368 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
16:38:10.0919 1368 C:\Windows\System32\ssdpapi.dll - ok
16:38:10.0921 1368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
16:38:10.0921 1368 C:\Windows\System32\srvsvc.dll - ok
16:38:10.0924 1368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
16:38:10.0924 1368 C:\Windows\System32\browser.dll - ok
16:38:10.0926 1368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
16:38:10.0926 1368 C:\Windows\System32\rasmans.dll - ok
16:38:10.0928 1368 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
16:38:10.0928 1368 C:\Windows\System32\netmsg.dll - ok
16:38:10.0931 1368 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
16:38:10.0931 1368 C:\Windows\System32\iphlpsvc.dll - ok
16:38:10.0933 1368 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
16:38:10.0933 1368 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
16:38:10.0936 1368 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
16:38:10.0936 1368 C:\Windows\System32\wbem\fastprox.dll - ok
16:38:10.0938 1368 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
16:38:10.0938 1368 C:\Windows\System32\sqmapi.dll - ok
16:38:10.0940 1368 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
16:38:10.0940 1368 C:\Windows\System32\ntdsapi.dll - ok
16:38:10.0943 1368 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
16:38:10.0943 1368 C:\Windows\System32\wdscore.dll - ok
16:38:10.0945 1368 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
16:38:10.0945 1368 C:\Windows\System32\wbem\wbemprox.dll - ok
16:38:10.0948 1368 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
16:38:10.0948 1368 C:\Windows\System32\rastapi.dll - ok
16:38:10.0950 1368 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
16:38:10.0950 1368 C:\Windows\System32\aeevts.dll - ok
16:38:10.0952 1368 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
16:38:10.0952 1368 C:\Windows\System32\tapi32.dll - ok
16:38:10.0954 1368 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
16:38:10.0954 1368 C:\Windows\System32\wbem\WinMgmtR.dll - ok
16:38:10.0956 1368 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
16:38:10.0956 1368 C:\Windows\System32\sscore.dll - ok
16:38:10.0958 1368 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
16:38:10.0958 1368 C:\Windows\System32\unimdm.tsp - ok
16:38:10.0961 1368 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
16:38:10.0961 1368 C:\Windows\System32\clusapi.dll - ok
16:38:10.0963 1368 [ E34D070DF6F3574B3EF5336EA021A216 ] C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll
16:38:10.0963 1368 C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll - ok
16:38:10.0966 1368 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
16:38:10.0966 1368 C:\Windows\System32\resutils.dll - ok
16:38:10.0968 1368 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
16:38:10.0968 1368 C:\Windows\System32\uniplat.dll - ok
16:38:10.0970 1368 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
16:38:10.0970 1368 C:\Windows\System32\hnetcfg.dll - ok
16:38:10.0973 1368 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
16:38:10.0973 1368 C:\Windows\System32\kmddsp.tsp - ok
16:38:10.0975 1368 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
16:38:10.0975 1368 C:\Windows\System32\ndptsp.tsp - ok
16:38:10.0977 1368 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
16:38:10.0977 1368 C:\Windows\System32\hidphone.tsp - ok
16:38:10.0979 1368 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
16:38:10.0979 1368 C:\Windows\System32\rasppp.dll - ok
16:38:10.0982 1368 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
16:38:10.0982 1368 C:\Windows\System32\vpnike.dll - ok
16:38:10.0984 1368 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
16:38:10.0984 1368 C:\Windows\System32\raschap.dll - ok
16:38:10.0987 1368 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
16:38:10.0987 1368 C:\Windows\System32\wbem\wbemcore.dll - ok
16:38:10.0989 1368 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
16:38:10.0989 1368 C:\Windows\System32\wbem\esscli.dll - ok
16:38:10.0991 1368 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
16:38:10.0991 1368 C:\Windows\System32\ipnathlp.dll - ok
16:38:10.0993 1368 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
16:38:10.0993 1368 C:\Windows\System32\mprapi.dll - ok
16:38:10.0996 1368 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
16:38:10.0996 1368 C:\Windows\System32\netshell.dll - ok
16:38:10.0998 1368 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
16:38:10.0998 1368 C:\Windows\System32\wbem\wbemsvc.dll - ok
16:38:11.0000 1368 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
16:38:11.0000 1368 C:\Windows\System32\wbem\wmiutils.dll - ok
16:38:11.0003 1368 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
16:38:11.0003 1368 C:\Windows\System32\wbem\repdrvfs.dll - ok
16:38:11.0005 1368 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
16:38:11.0005 1368 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
16:38:11.0007 1368 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
16:38:11.0007 1368 C:\Windows\System32\ncobjapi.dll - ok
16:38:11.0010 1368 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
16:38:11.0010 1368 C:\Windows\System32\wbem\wbemess.dll - ok
16:38:11.0012 1368 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
16:38:11.0012 1368 C:\Windows\System32\rasadhlp.dll - ok
16:38:11.0014 1368 [ C6E15F2F95F9C0A6098D43510B604E52 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
16:38:11.0014 1368 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
16:38:11.0017 1368 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
16:38:11.0017 1368 C:\Windows\System32\npmproxy.dll - ok
16:38:11.0019 1368 [ 6BF27D309C6077F1E8A7747B49F7B17F ] C:\Program Files\Microsoft Security Client\NisLog.dll
16:38:11.0019 1368 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
16:38:11.0022 1368 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
16:38:11.0022 1368 C:\Windows\System32\ndiscapCfg.dll - ok
16:38:11.0024 1368 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
16:38:11.0024 1368 C:\Windows\System32\wdi.dll - ok
16:38:11.0026 1368 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
16:38:11.0026 1368 C:\Windows\System32\wpdbusenum.dll - ok
16:38:11.0029 1368 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
16:38:11.0029 1368 C:\Windows\System32\diagperf.dll - ok
16:38:11.0031 1368 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
16:38:11.0031 1368 C:\Windows\System32\perftrack.dll - ok
16:38:11.0034 1368 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
16:38:11.0034 1368 C:\Windows\System32\PortableDeviceApi.dll - ok
16:38:11.0036 1368 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
16:38:11.0036 1368 C:\Windows\System32\rascfg.dll - ok
16:38:11.0038 1368 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
16:38:11.0038 1368 C:\Windows\System32\mprmsg.dll - ok
16:38:11.0040 1368 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
16:38:11.0040 1368 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
16:38:11.0043 1368 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
16:38:11.0043 1368 C:\Windows\System32\tcpipcfg.dll - ok
16:38:11.0045 1368 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
16:38:11.0045 1368 C:\Windows\System32\wer.dll - ok
16:38:11.0048 1368 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
16:38:11.0048 1368 C:\Windows\System32\Apphlpdm.dll - ok
16:38:11.0050 1368 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
16:38:11.0050 1368 C:\Windows\System32\pnpts.dll - ok
16:38:11.0052 1368 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
16:38:11.0052 1368 C:\Windows\System32\wdiasqmmodule.dll - ok
16:38:11.0054 1368 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
16:38:11.0054 1368 C:\Windows\System32\NapiNSP.dll - ok
16:38:11.0057 1368 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
16:38:11.0057 1368 C:\Windows\System32\pnrpnsp.dll - ok
16:38:11.0059 1368 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
16:38:11.0059 1368 C:\Windows\System32\SensApi.dll - ok
16:38:11.0062 1368 [ 20C7F2ADAE249D6708941BC8CDD9735F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75C03318-086E-4BD7-B8D6-21E30EC733E4}\gapaengine.dll
16:38:11.0062 1368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75C03318-086E-4BD7-B8D6-21E30EC733E4}\gapaengine.dll - ok
16:38:11.0064 1368 [ D729084195C952B7ED14AA6DA4B44DCA ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75C03318-086E-4BD7-B8D6-21E30EC733E4}\nisfull.vdm
16:38:11.0064 1368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75C03318-086E-4BD7-B8D6-21E30EC733E4}\nisfull.vdm - ok
16:38:11.0067 1368 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
16:38:11.0067 1368 C:\Windows\System32\winrnr.dll - ok
16:38:11.0069 1368 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
16:38:11.0069 1368 C:\Windows\System32\fveapi.dll - ok
16:38:11.0071 1368 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
16:38:11.0071 1368 C:\Program Files\Windows Defender\MpClient.dll - ok
16:38:11.0073 1368 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
16:38:11.0074 1368 C:\Windows\System32\tbs.dll - ok
16:38:11.0076 1368 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
16:38:11.0076 1368 C:\Windows\System32\fvecerts.dll - ok
16:38:11.0078 1368 [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
16:38:11.0078 1368 C:\Windows\System32\taskhost.exe - ok
16:38:11.0081 1368 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
16:38:11.0081 1368 C:\Windows\System32\esent.dll - ok
16:38:11.0083 1368 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
16:38:11.0083 1368 C:\Windows\System32\wiarpc.dll - ok
16:38:11.0085 1368 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
16:38:11.0085 1368 C:\Windows\System32\nci.dll - ok
16:38:11.0087 1368 [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
16:38:11.0087 1368 C:\Windows\System32\wlaninst.dll - ok
16:38:11.0090 1368 [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
16:38:11.0090 1368 C:\Windows\System32\wwaninst.dll - ok
16:38:11.0092 1368 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
16:38:11.0092 1368 C:\Windows\System32\dimsjob.dll - ok
16:38:11.0094 1368 [ 198803E5E93E29967DFB0BCFD0186151 ] C:\Windows\System32\spfileq.dll
16:38:11.0094 1368 C:\Windows\System32\spfileq.dll - ok
16:38:11.0097 1368 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
16:38:11.0097 1368 C:\Windows\System32\tdh.dll - ok
16:38:11.0099 1368 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
16:38:11.0099 1368 C:\Windows\System32\wbem\NCProv.dll - ok
16:38:11.0101 1368 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
16:38:11.0102 1368 C:\Windows\System32\pautoenr.dll - ok
16:38:11.0104 1368 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
16:38:11.0104 1368 C:\Windows\System32\certcli.dll - ok
16:38:11.0106 1368 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
16:38:11.0106 1368 C:\Windows\System32\pnidui.dll - ok
16:38:11.0109 1368 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
16:38:11.0109 1368 C:\Windows\System32\CertEnroll.dll - ok
16:38:11.0111 1368 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
16:38:11.0111 1368 C:\Windows\System32\wmp.dll - ok
16:38:11.0114 1368 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
16:38:11.0114 1368 C:\Windows\System32\dllhost.exe - ok
16:38:11.0117 1368 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
16:38:11.0117 1368 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
16:38:11.0119 1368 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
16:38:11.0119 1368 C:\Windows\System32\IDStore.dll - ok
16:38:11.0121 1368 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
16:38:11.0121 1368 C:\Windows\System32\mpr.dll - ok
16:38:11.0124 1368 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
16:38:11.0124 1368 C:\Windows\System32\taskeng.exe - ok
16:38:11.0126 1368 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
16:38:11.0126 1368 C:\Windows\System32\radardt.dll - ok
16:38:11.0129 1368 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
16:38:11.0129 1368 C:\Windows\System32\PlaySndSrv.dll - ok
16:38:11.0131 1368 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
16:38:11.0131 1368 C:\Windows\System32\userinit.exe - ok
16:38:11.0134 1368 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
16:38:11.0134 1368 C:\Windows\System32\localspl.dll - ok
16:38:11.0136 1368 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
16:38:11.0136 1368 C:\Windows\System32\dwm.exe - ok
16:38:11.0139 1368 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
16:38:11.0139 1368 C:\Windows\System32\MsCtfMonitor.dll - ok
16:38:11.0140 1368 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
16:38:11.0140 1368 C:\Windows\System32\msutb.dll - ok
16:38:11.0143 1368 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
16:38:11.0143 1368 C:\Windows\System32\TSChannel.dll - ok
16:38:11.0145 1368 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
16:38:11.0145 1368 C:\Windows\SysWOW64\apphelp.dll - ok
16:38:11.0148 1368 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
16:38:11.0148 1368 C:\Windows\System32\HotStartUserAgent.dll - ok
16:38:11.0150 1368 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
16:38:11.0150 1368 C:\Windows\explorer.exe - ok
16:38:11.0153 1368 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:38:11.0153 1368 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
16:38:11.0155 1368 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
16:38:11.0155 1368 C:\Windows\System32\spoolss.dll - ok
16:38:11.0158 1368 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
16:38:11.0158 1368 C:\Windows\System32\PrintIsolationProxy.dll - ok
16:38:11.0160 1368 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
16:38:11.0160 1368 C:\Windows\System32\FXSMON.dll - ok
16:38:11.0163 1368 [ 73F3118CD145756A812A2529281D6F36 ] C:\Program Files (x86)\HP SimplePass\TouchControl.exe
16:38:11.0163 1368 C:\Program Files (x86)\HP SimplePass\TouchControl.exe - ok
16:38:11.0165 1368 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
16:38:11.0165 1368 C:\Windows\System32\tcpmon.dll - ok
16:38:11.0168 1368 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
16:38:11.0168 1368 C:\Windows\System32\snmpapi.dll - ok
16:38:11.0170 1368 [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files (x86)\Google\Update\1.3.21.135\goopdate.dll
16:38:11.0170 1368 C:\Program Files (x86)\Google\Update\1.3.21.135\goopdate.dll - ok
16:38:11.0173 1368 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
16:38:11.0173 1368 C:\Windows\System32\wsnmp32.dll - ok
16:38:11.0175 1368 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
16:38:11.0175 1368 C:\Windows\System32\dwmredir.dll - ok
16:38:11.0178 1368 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
16:38:11.0178 1368 C:\Windows\SysWOW64\powrprof.dll - ok
16:38:11.0180 1368 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
16:38:11.0180 1368 C:\Windows\System32\usbmon.dll - ok
16:38:11.0183 1368 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
16:38:11.0183 1368 C:\Windows\System32\dwmcore.dll - ok
16:38:11.0185 1368 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
16:38:11.0185 1368 C:\Windows\SysWOW64\setupapi.dll - ok
16:38:11.0187 1368 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
16:38:11.0187 1368 C:\Windows\System32\WSDMon.dll - ok
16:38:11.0190 1368 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
16:38:11.0190 1368 C:\Windows\System32\WSDApi.dll - ok
16:38:11.0192 1368 [ 9AE80F6A66B30E3ED8CDF858CF28B11B ] C:\Windows\System32\d3d10_1.dll
16:38:11.0192 1368 C:\Windows\System32\d3d10_1.dll - ok
16:38:11.0194 1368 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
16:38:11.0194 1368 C:\Windows\System32\webservices.dll - ok
16:38:11.0197 1368 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
16:38:11.0197 1368 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
16:38:11.0199 1368 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
16:38:11.0199 1368 C:\Windows\SysWOW64\nsi.dll - ok
16:38:11.0202 1368 [ 63F72417CA38D8FC8F53709649B589E3 ] C:\Windows\System32\d3d10_1core.dll
16:38:11.0202 1368 C:\Windows\System32\d3d10_1core.dll - ok
16:38:11.0204 1368 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
16:38:11.0204 1368 C:\Windows\SysWOW64\winnsi.dll - ok
16:38:11.0207 1368 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
16:38:11.0207 1368 C:\Windows\SysWOW64\netapi32.dll - ok
16:38:11.0209 1368 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
16:38:11.0209 1368 C:\Windows\SysWOW64\netutils.dll - ok
16:38:11.0212 1368 [ 8DFB5752FCE145A6B295093C0A8BE131 ] C:\Windows\System32\dxgi.dll
16:38:11.0212 1368 C:\Windows\System32\dxgi.dll - ok
16:38:11.0214 1368 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
16:38:11.0214 1368 C:\Windows\SysWOW64\cfgmgr32.dll - ok
16:38:11.0217 1368 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
16:38:11.0217 1368 C:\Windows\SysWOW64\srvcli.dll - ok
16:38:11.0219 1368 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
16:38:11.0219 1368 C:\Windows\SysWOW64\wkscli.dll - ok
16:38:11.0222 1368 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
16:38:11.0222 1368 C:\Windows\System32\fundisc.dll - ok
16:38:11.0224 1368 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
16:38:11.0224 1368 C:\Windows\SysWOW64\devobj.dll - ok
16:38:11.0227 1368 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
16:38:11.0227 1368 C:\Windows\System32\fdPnp.dll - ok
16:38:11.0229 1368 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
16:38:11.0229 1368 C:\Windows\SysWOW64\msimg32.dll - ok
16:38:11.0232 1368 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
16:38:11.0232 1368 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
16:38:11.0234 1368 [ 0353B239C28B0E9EBC7FA3D1F6181661 ] C:\Windows\System32\win32spl.dll
16:38:11.0234 1368 C:\Windows\System32\win32spl.dll - ok
16:38:11.0237 1368 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
16:38:11.0237 1368 C:\Windows\SysWOW64\comdlg32.dll - ok
16:38:11.0239 1368 [ 448B02AD260EC3E1E892FCE6DFDDEEBD ] C:\Windows\System32\d3d11.dll
16:38:11.0239 1368 C:\Windows\System32\d3d11.dll - ok
16:38:11.0242 1368 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
16:38:11.0242 1368 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
16:38:11.0244 1368 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
16:38:11.0244 1368 C:\Windows\System32\inetpp.dll - ok
16:38:11.0247 1368 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
16:38:11.0247 1368 C:\Windows\SysWOW64\oledlg.dll - ok
16:38:11.0249 1368 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
16:38:11.0249 1368 C:\Windows\System32\cscapi.dll - ok
16:38:11.0252 1368 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
16:38:11.0252 1368 C:\Windows\System32\ExplorerFrame.dll - ok
16:38:11.0254 1368 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
16:38:11.0254 1368 C:\Windows\SysWOW64\crypt32.dll - ok
16:38:11.0256 1368 [ BE157C3800DA3010EFC48280ECF81C16 ] C:\Windows\SysWOW64\urlmon.dll
16:38:11.0257 1368 C:\Windows\SysWOW64\urlmon.dll - ok
16:38:11.0259 1368 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
16:38:11.0259 1368 C:\Windows\SysWOW64\msasn1.dll - ok
16:38:11.0261 1368 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
16:38:11.0261 1368 C:\Windows\SysWOW64\imagehlp.dll - ok
16:38:11.0264 1368 [ D171EAA745A2C0C583CDDA13D9088EE4 ] C:\Windows\SysWOW64\iertutil.dll
16:38:11.0264 1368 C:\Windows\SysWOW64\iertutil.dll - ok
16:38:11.0266 1368 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
16:38:11.0266 1368 C:\Windows\SysWOW64\msi.dll - ok
16:38:11.0269 1368 [ 93E76ED0F310A1A1C2A9C1B8557F14BD ] C:\Windows\System32\aticfx64.dll
16:38:11.0269 1368 C:\Windows\System32\aticfx64.dll - ok
16:38:11.0271 1368 [ B49B56B64F57699A1A663D2CF7D0A56F ] C:\Windows\SysWOW64\wininet.dll
16:38:11.0271 1368 C:\Windows\SysWOW64\wininet.dll - ok
16:38:11.0273 1368 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
16:38:11.0273 1368 C:\Windows\System32\EhStorShell.dll - ok
16:38:11.0276 1368 [ 1851C2C15397DD849E5F3ED9B4CE23DC ] C:\Windows\System32\atiuxp64.dll
16:38:11.0276 1368 C:\Windows\System32\atiuxp64.dll - ok
16:38:11.0278 1368 [ 32802C0F6FC7C8F561B9D91F52A46421 ] C:\Windows\System32\cscui.dll
16:38:11.0278 1368 C:\Windows\System32\cscui.dll - ok
16:38:11.0280 1368 [ 7EE5F17A21D9A9101207DF4BC37B085D ] C:\Windows\System32\cscdll.dll
16:38:11.0280 1368 C:\Windows\System32\cscdll.dll - ok
16:38:11.0283 1368 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
16:38:11.0283 1368 C:\Windows\System32\ntshrui.dll - ok
16:38:11.0286 1368 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
16:38:11.0286 1368 C:\Windows\SysWOW64\wintrust.dll - ok
16:38:11.0288 1368 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
16:38:11.0288 1368 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
16:38:11.0291 1368 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
16:38:11.0291 1368 C:\Windows\SysWOW64\version.dll - ok
16:38:11.0293 1368 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
16:38:11.0293 1368 C:\Windows\SysWOW64\cscapi.dll - ok
16:38:11.0296 1368 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
16:38:11.0296 1368 C:\Windows\System32\IconCodecService.dll - ok
16:38:11.0298 1368 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
16:38:11.0298 1368 C:\Windows\System32\appinfo.dll - ok
16:38:11.0300 1368 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
16:38:11.0300 1368 C:\Windows\SysWOW64\dbghelp.dll - ok
16:38:11.0303 1368 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
16:38:11.0303 1368 C:\Windows\SysWOW64\winmm.dll - ok
16:38:11.0305 1368 [ 8A71476309AD2765391C8DDF4D2A5BEE ] C:\Windows\System32\igd10umd64.dll
16:38:11.0305 1368 C:\Windows\System32\igd10umd64.dll - ok
16:38:11.0308 1368 [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
16:38:11.0308 1368 C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
16:38:11.0310 1368 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
16:38:11.0310 1368 C:\Windows\SysWOW64\uxtheme.dll - ok
16:38:11.0313 1368 [ B676429E44F2F8ACC3BAE7C89F46B212 ] C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
16:38:11.0313 1368 C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe - ok
16:38:11.0315 1368 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
16:38:11.0315 1368 C:\Windows\SysWOW64\clbcatq.dll - ok
16:38:11.0318 1368 [ 3BCECD87AB4E6743BFB45B352AD1A529 ] C:\Windows\SysWOW64\WindowsCodecs.dll
16:38:11.0318 1368 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
16:38:11.0320 1368 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
16:38:11.0320 1368 C:\Windows\System32\runonce.exe - ok
16:38:11.0323 1368 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
16:38:11.0323 1368 C:\Windows\SysWOW64\runonce.exe - ok
16:38:11.0325 1368 [ 44B0560BB91ADCC6B2447272B1898F16 ] C:\Program Files (x86)\HP SimplePass\BioLayer.dll
16:38:11.0325 1368 C:\Program Files (x86)\HP SimplePass\BioLayer.dll - ok
16:38:11.0328 1368 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
16:38:11.0328 1368 C:\Windows\SysWOW64\dwmapi.dll - ok
16:38:11.0330 1368 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
16:38:11.0330 1368 C:\Windows\SysWOW64\propsys.dll - ok
16:38:11.0333 1368 [ 0956F2A198E5C1235A9FC584411E678B ] C:\Program Files (x86)\HP SimplePass\TokenMachine.dll
16:38:11.0333 1368 C:\Program Files (x86)\HP SimplePass\TokenMachine.dll - ok
16:38:11.0335 1368 [ A113AFEED3159A1ED52D78CB0226006D ] C:\Windows\SysWOW64\secur32.dll
16:38:11.0335 1368 C:\Windows\SysWOW64\secur32.dll - ok
16:38:11.0337 1368 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
16:38:11.0337 1368 C:\Windows\SysWOW64\cmd.exe - ok
16:38:11.0340 1368 [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\SysWOW64\winbio.dll
16:38:11.0340 1368 C:\Windows\SysWOW64\winbio.dll - ok
16:38:11.0342 1368 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\SysWOW64\credui.dll
16:38:11.0342 1368 C:\Windows\SysWOW64\credui.dll - ok
16:38:11.0345 1368 [ FE1D42088C1C4C671CCCD609E8679466 ] C:\Program Files (x86)\HP SimplePass\TrueSuite.AutoSoftwareUpdate.dll
16:38:11.0345 1368 C:\Program Files (x86)\HP SimplePass\TrueSuite.AutoSoftwareUpdate.dll - ok
16:38:11.0347 1368 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
16:38:11.0347 1368 C:\Windows\SysWOW64\winbrand.dll - ok
16:38:11.0350 1368 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
16:38:11.0350 1368 C:\Windows\SysWOW64\winhttp.dll - ok
16:38:11.0352 1368 [ D01AE2246B0BBB88A8A293BC0C27BD32 ] C:\Program Files (x86)\HP SimplePass\DataManager.dll
16:38:11.0352 1368 C:\Program Files (x86)\HP SimplePass\DataManager.dll - ok
16:38:11.0355 1368 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
16:38:11.0355 1368 C:\Windows\SysWOW64\webio.dll - ok
16:38:11.0357 1368 [ 24E3B734BCFB79B5334D4B1F7655431F ] C:\Program Files (x86)\Common Files\AuthenTec\TrueAPI.dll
16:38:11.0357 1368 C:\Program Files (x86)\Common Files\AuthenTec\TrueAPI.dll - ok
16:38:11.0359 1368 [ 0E816EA3C5DCE94C95099E8B38E75E67 ] C:\Windows\SysWOW64\ieframe.dll
16:38:11.0359 1368 C:\Windows\SysWOW64\ieframe.dll - ok
16:38:11.0362 1368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
16:38:11.0362 1368 C:\Windows\System32\aelupsvc.dll - ok
16:38:11.0364 1368 [ 2A6A9A22FFA68DA8B2A337FB50236E1D ] C:\Windows\System32\atidxx64.dll
16:38:11.0364 1368 C:\Windows\System32\atidxx64.dll - ok
16:38:11.0367 1368 [ B3892E6DA8E2C8CE4B0A9D3EB9A185E5 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll
16:38:11.0367 1368 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll - ok
16:38:11.0369 1368 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
16:38:11.0369 1368 C:\Windows\System32\dbghelp.dll - ok
16:38:11.0372 1368 [ DB001FAEA818AE2E14A74E0ADC530FC0 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll
16:38:11.0372 1368 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll - ok
16:38:11.0375 1368 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
16:38:11.0375 1368 C:\Windows\SysWOW64\psapi.dll - ok
16:38:11.0377 1368 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
16:38:11.0377 1368 C:\Windows\SysWOW64\cryptsp.dll - ok
16:38:11.0379 1368 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
16:38:11.0379 1368 C:\Windows\SysWOW64\rsaenh.dll - ok
16:38:11.0382 1368 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
16:38:11.0382 1368 C:\Windows\SysWOW64\ncrypt.dll - ok
16:38:11.0384 1368 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
16:38:11.0384 1368 C:\Windows\SysWOW64\bcrypt.dll - ok
16:38:11.0386 1368 [ 862586AD4B1355F7DCDE111EE0AAF350 ] C:\Windows\System32\d3dx10_40.dll
16:38:11.0386 1368 C:\Windows\System32\d3dx10_40.dll - ok
16:38:11.0389 1368 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
16:38:11.0389 1368 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
16:38:11.0391 1368 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
16:38:11.0391 1368 C:\Windows\SysWOW64\gpapi.dll - ok
16:38:11.0393 1368 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
16:38:11.0393 1368 C:\Windows\SysWOW64\shdocvw.dll - ok
16:38:11.0395 1368 [ F88D89A73142BA1148453654EEC12E02 ] C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
16:38:11.0395 1368 C:\Program Files (x86)\HP SimplePass\BioMonitor.exe - ok
16:38:11.0398 1368 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
16:38:11.0398 1368 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
16:38:11.0400 1368 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
16:38:11.0400 1368 C:\Windows\SysWOW64\sxs.dll - ok
16:38:11.0403 1368 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
16:38:11.0403 1368 C:\Windows\SysWOW64\mstask.dll - ok
16:38:11.0405 1368 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
16:38:11.0405 1368 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
16:38:11.0408 1368 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
16:38:11.0408 1368 C:\Windows\SysWOW64\wbemcomn.dll - ok
16:38:11.0410 1368 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
16:38:11.0410 1368 C:\Windows\SysWOW64\ws2_32.dll - ok
16:38:11.0412 1368 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
16:38:11.0412 1368 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
16:38:11.0415 1368 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
16:38:11.0415 1368 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
16:38:11.0417 1368 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
16:38:11.0417 1368 C:\Windows\SysWOW64\ntdsapi.dll - ok
16:38:11.0419 1368 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
16:38:11.0419 1368 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
16:38:11.0422 1368 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
16:38:11.0422 1368 C:\Windows\System32\wbem\wmiprov.dll - ok
16:38:11.0425 1368 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\New Computer\AppData\Local\Temp\987460BA-22CA-4183-B194-8F65DEF40808.exe
16:38:11.0425 1368 C:\Users\New Computer\AppData\Local\Temp\987460BA-22CA-4183-B194-8F65DEF40808.exe - ok
16:38:11.0427 1368 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
16:38:11.0427 1368 C:\Windows\SysWOW64\cryptnet.dll - ok
16:38:11.0429 1368 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
16:38:11.0430 1368 C:\Windows\SysWOW64\SensApi.dll - ok
16:38:11.0432 1368 [ 521202AA6F2B74FCCC6BC7E162109D71 ] C:\Windows\System32\wbem\unsecapp.exe
16:38:11.0432 1368 C:\Windows\System32\wbem\unsecapp.exe - ok
16:38:11.0434 1368 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
16:38:11.0434 1368 C:\Windows\SysWOW64\EhStorShell.dll - ok
16:38:11.0437 1368 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
16:38:11.0437 1368 C:\Windows\SysWOW64\ntshrui.dll - ok
16:38:11.0439 1368 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
16:38:11.0439 1368 C:\Windows\SysWOW64\slc.dll - ok
16:38:11.0442 1368 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
16:38:11.0442 1368 C:\Windows\SysWOW64\imageres.dll - ok
16:38:11.0444 1368 [ D7F5B2302F5D4F89C16F897AF191BF26 ] C:\Program Files (x86)\Common Files\AuthenTec\TrueOTPValidity.dll
16:38:11.0444 1368 C:\Program Files (x86)\Common Files\AuthenTec\TrueOTPValidity.dll - ok
16:38:11.0447 1368 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
16:38:11.0447 1368 C:\Windows\SysWOW64\sfc.dll - ok
16:38:11.0449 1368 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
16:38:11.0449 1368 C:\Windows\SysWOW64\sfc_os.dll - ok
16:38:11.0451 1368 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
16:38:11.0451 1368 C:\Windows\SysWOW64\devrtl.dll - ok
16:38:11.0453 1368 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
16:38:11.0453 1368 C:\Windows\SysWOW64\mpr.dll - ok
16:38:11.0456 1368 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
16:38:11.0456 1368 C:\Windows\System32\ie4uinit.exe - ok
16:38:11.0458 1368 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
16:38:11.0458 1368 C:\Windows\System32\iedkcs32.dll - ok
16:38:11.0461 1368 [ 2C647ABE9A424E55B5F3DAE4629B4277 ] C:\Windows\System32\themeui.dll
16:38:11.0461 1368 C:\Windows\System32\themeui.dll - ok
16:38:11.0463 1368 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
16:38:11.0463 1368 C:\Windows\SysWOW64\credssp.dll - ok
16:38:11.0466 1368 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
16:38:11.0466 1368 C:\Windows\SysWOW64\mswsock.dll - ok
16:38:11.0468 1368 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
16:38:11.0468 1368 C:\Windows\System32\timedate.cpl - ok
16:38:11.0471 1368 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
16:38:11.0471 1368 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
16:38:11.0473 1368 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
16:38:11.0473 1368 C:\Windows\SysWOW64\wship6.dll - ok
16:38:11.0476 1368 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
16:38:11.0476 1368 C:\Windows\System32\actxprxy.dll - ok
16:38:11.0478 1368 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
16:38:11.0478 1368 C:\Windows\SysWOW64\dnsapi.dll - ok
16:38:11.0480 1368 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
16:38:11.0480 1368 C:\Windows\SysWOW64\rasadhlp.dll - ok
16:38:11.0483 1368 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
16:38:11.0483 1368 C:\Windows\System32\shdocvw.dll - ok
16:38:11.0485 1368 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
16:38:11.0485 1368 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
16:38:11.0487 1368 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
16:38:11.0487 1368 C:\Windows\System32\linkinfo.dll - ok
16:38:11.0490 1368 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
16:38:11.0490 1368 C:\Windows\System32\msftedit.dll - ok
16:38:11.0492 1368 [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
16:38:11.0492 1368 C:\Windows\System32\gameux.dll - ok
16:38:11.0494 1368 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
16:38:11.0494 1368 C:\Windows\System32\msls31.dll - ok
16:38:11.0497 1368 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
16:38:11.0497 1368 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
16:38:11.0499 1368 [ 39AC970429FB9E56A29655FA8B959E90 ] C:\Windows\System32\hkcmd.exe
16:38:11.0499 1368 C:\Windows\System32\hkcmd.exe - ok
16:38:11.0502 1368 [ 31F52459AA89317FFB57EBAF9B4DD8BC ] C:\Windows\System32\igfxtray.exe
16:38:11.0502 1368 C:\Windows\System32\igfxtray.exe - ok
16:38:11.0504 1368 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
16:38:11.0504 1368 C:\Windows\System32\thumbcache.dll - ok
16:38:11.0506 1368 [ 4076E418CD3EB0E09FFBCD828C35CE26 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
16:38:11.0507 1368 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
16:38:11.0509 1368 [ 7CA105C4CCDFCA407859B2DF3D05A645 ] C:\Windows\System32\igfxpers.exe
16:38:11.0509 1368 C:\Windows\System32\igfxpers.exe - ok
16:38:11.0512 1368 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
16:38:11.0512 1368 C:\Windows\System32\DeviceCenter.dll - ok
16:38:11.0514 1368 [ DD7A1B032B709C7BFC3A47BBB7B79B8C ] C:\Windows\System32\hccutils.dll
16:38:11.0514 1368 C:\Windows\System32\hccutils.dll - ok
16:38:11.0516 1368 [ CF7479D5023E65C20370AA99D7F57A96 ] C:\Windows\System32\igfxsrvc.exe
16:38:11.0516 1368 C:\Windows\System32\igfxsrvc.exe - ok
16:38:11.0519 1368 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
16:38:11.0519 1368 C:\Windows\System32\networkexplorer.dll - ok
16:38:11.0521 1368 [ 07A0D5E510129AFD88AB578CC534D5B3 ] C:\Windows\System32\igfxsrvc.dll
16:38:11.0521 1368 C:\Windows\System32\igfxsrvc.dll - ok
16:38:11.0524 1368 [ 60CB2336DD3707A61E637FC97A4A58DD ] C:\Program Files\IDT\WDM\sttray64.exe
16:38:11.0524 1368 C:\Program Files\IDT\WDM\sttray64.exe - ok
16:38:11.0526 1368 [ 3911917B93DD9023DAA8258147AA7BCF ] C:\Program Files\Microsoft Security Client\msseces.exe
16:38:11.0526 1368 C:\Program Files\Microsoft Security Client\msseces.exe - ok
16:38:11.0529 1368 [ 590FECBB753173CFE99F5F945B0883C4 ] C:\Windows\System32\igfxdev.dll
16:38:11.0529 1368 C:\Windows\System32\igfxdev.dll - ok
16:38:11.0531 1368 [ DF48408BD8A76BC35FCC8514A89B55A9 ] C:\Windows\System32\SynCOM.dll
16:38:11.0531 1368 C:\Windows\System32\SynCOM.dll - ok
16:38:11.0533 1368 [ 4C865824DA60C3CFB8F5AFAD61A8645B ] C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe
16:38:11.0533 1368 C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe - ok
16:38:11.0536 1368 [ 8DE4BC17F687EAA5F0827296403AE0F5 ] C:\Program Files\IDT\WDM\stlang64.dll
16:38:11.0536 1368 C:\Program Files\IDT\WDM\stlang64.dll - ok
16:38:11.0538 1368 [ 773D7DC2BABC0C3DEFE910C44637F573 ] C:\Windows\System32\SynTPAPI.dll
16:38:11.0538 1368 C:\Windows\System32\SynTPAPI.dll - ok
16:38:11.0541 1368 [ C340C013490E7CC96EB7E3D82D8EE5AC ] C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_combined_expert.dll
16:38:11.0541 1368 C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_combined_expert.dll - ok
16:38:11.0543 1368 [ 105CFE016CCB20175BEACEC146F175AB ] C:\Windows\System32\IccLibDll_x64.dll
16:38:11.0543 1368 C:\Windows\System32\IccLibDll_x64.dll - ok
16:38:11.0546 1368 [ AF4B928C347C2B4865A3B8FD12C6702F ] C:\Windows\System32\igfxrenu.lrc
16:38:11.0546 1368 C:\Windows\System32\igfxrenu.lrc - ok
16:38:11.0548 1368 [ 7F2D96D28D47ED3E0974B72580FE965F ] C:\Program Files\Synaptics\SynTP\SynTPRes.dll
16:38:11.0548 1368 C:\Program Files\Synaptics\SynTP\SynTPRes.dll - ok
16:38:11.0551 1368 [ A522D3963957EB2E68B1ADD5C07904D9 ] C:\Windows\System32\igfxress.dll
16:38:11.0551 1368 C:\Windows\System32\igfxress.dll - ok
16:38:11.0553 1368 [ EA7FD4F1C1C9E04438E159CFC622C421 ] C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll
16:38:11.0553 1368 C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll - ok
16:38:11.0555 1368 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\94561888.sys
16:38:11.0555 1368 C:\Windows\System32\drivers\94561888.sys - ok
16:38:11.0558 1368 [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
16:38:11.0558 1368 C:\Windows\System32\msxml3.dll - ok
16:38:11.0560 1368 [ 5FB4B4B99C9CC981C4A6B05A0EB53386 ] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
16:38:11.0560 1368 C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe - ok
16:38:11.0563 1368 [ A905E156A7D52B55892C3255670FE97B ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
16:38:11.0563 1368 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
16:38:11.0566 1368 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
16:38:11.0566 1368 C:\Windows\SysWOW64\wsock32.dll - ok
16:38:11.0568 1368 [ 85A5DB9C8DEFDDE941EC121ADB5B3175 ] C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
16:38:11.0568 1368 C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe - ok
16:38:11.0571 1368 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
16:38:11.0571 1368 C:\Windows\System32\stobject.dll - ok
16:38:11.0573 1368 [ DCCA4B04AF87E52EF9EAA2190E06CBAC ] C:\Program Files (x86)\Windows Sidebar\sidebar.exe
16:38:11.0573 1368 C:\Program Files (x86)\Windows Sidebar\sidebar.exe - ok
16:38:11.0576 1368 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
16:38:11.0576 1368 C:\Windows\System32\batmeter.dll - ok
16:38:11.0578 1368 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
16:38:11.0578 1368 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
16:38:11.0581 1368 [ BD0EA5C8A4EF518C46E05F99908A56CE ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
16:38:11.0581 1368 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
16:38:11.0584 1368 [ AE797B72D85E87D403FC11135507922C ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
16:38:11.0584 1368 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe - ok
16:38:11.0586 1368 [ 72CB79095A1D491B0BBC26D7008FCA4C ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
16:38:11.0586 1368 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - ok
16:38:11.0589 1368 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
16:38:11.0589 1368 C:\Windows\SysWOW64\atl.dll - ok
16:38:11.0591 1368 [ 0B5511674394666E9D221F8681B2C2E6 ] C:\Windows\System32\consent.exe
16:38:11.0591 1368 C:\Windows\System32\consent.exe - ok
16:38:11.0594 1368 [ D8189A2A071A1AC1C2DBE5C468E07FD7 ] C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_expert_resource_win32_x86_en_US_498.dll
16:38:11.0594 1368 C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_expert_resource_win32_x86_en_US_498.dll - ok
16:38:11.0596 1368 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
16:38:11.0596 1368 C:\Windows\System32\prnfldr.dll - ok
16:38:11.0599 1368 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\SysWOW64\cryptui.dll
16:38:11.0599 1368 C:\Windows\SysWOW64\cryptui.dll - ok
16:38:11.0601 1368 [ DC73E11DC27E7D9AEF884EBE816C4240 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
16:38:11.0601 1368 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe - ok
16:38:11.0604 1368 [ 41C302A6680881F47820524CEA8C676E ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
16:38:11.0604 1368 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll - ok
16:38:11.0606 1368 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
16:38:11.0606 1368 C:\Windows\System32\DXP.dll - ok
16:38:11.0609 1368 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
16:38:11.0609 1368 C:\Windows\SysWOW64\mscoree.dll - ok
16:38:11.0612 1368 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
16:38:11.0612 1368 C:\Windows\System32\Syncreg.dll - ok
16:38:11.0614 1368 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
16:38:11.0614 1368 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
16:38:11.0617 1368 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\SqmApi.dll
16:38:11.0617 1368 C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
16:38:11.0619 1368 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
16:38:11.0619 1368 C:\Windows\ehome\ehSSO.dll - ok
16:38:11.0621 1368 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
16:38:11.0621 1368 C:\Windows\System32\WPDShServiceObj.dll - ok
16:38:11.0624 1368 [ 8B92BED5B8D4A8480E7AA631F35A6F35 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
16:38:11.0624 1368 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
16:38:11.0627 1368 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
16:38:11.0627 1368 C:\Windows\System32\PortableDeviceTypes.dll - ok
16:38:11.0629 1368 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
16:38:11.0629 1368 C:\Windows\System32\ActionCenter.dll - ok
16:38:11.0632 1368 [ 33BD835406BC1261EFFB518AD15BCD66 ] C:\Program Files (x86)\DAEMON Tools Pro\DTCommonRes.dll
16:38:11.0632 1368 C:\Program Files (x86)\DAEMON Tools Pro\DTCommonRes.dll - ok
16:38:11.0634 1368 [ 21D3A18769EC2C4E56756D04E989A221 ] C:\Windows\SysWOW64\msxml3.dll
16:38:11.0634 1368 C:\Windows\SysWOW64\msxml3.dll - ok
16:38:11.0636 1368 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
16:38:11.0636 1368 C:\Windows\System32\AltTab.dll - ok
16:38:11.0638 1368 [ 234AFA322624B3203A2E720F08292B03 ] C:\Windows\System32\cscobj.dll
16:38:11.0638 1368 C:\Windows\System32\cscobj.dll - ok
16:38:11.0641 1368 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
16:38:11.0641 1368 C:\Windows\System32\QUTIL.DLL - ok
16:38:11.0643 1368 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
16:38:11.0643 1368 C:\Windows\System32\srchadmin.dll - ok
16:38:11.0645 1368 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
16:38:11.0645 1368 C:\Windows\System32\SearchIndexer.exe - ok
16:38:11.0647 1368 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
16:38:11.0647 1368 C:\Windows\System32\bthprops.cpl - ok
16:38:11.0650 1368 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
16:38:11.0650 1368 C:\Windows\SysWOW64\riched20.dll - ok
16:38:11.0652 1368 [ 4C865824DA60C3CFB8F5AFAD61A8645B ] C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_comm_expert.exe
16:38:11.0652 1368 C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_comm_expert.exe - ok
16:38:11.0655 1368 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
16:38:11.0655 1368 C:\Windows\SysWOW64\wlanapi.dll - ok
16:38:11.0657 1368 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
16:38:11.0657 1368 C:\Windows\SysWOW64\wlanutil.dll - ok
16:38:11.0660 1368 [ 35126DDDE8241C4C4A5F15F6CDDF4434 ] C:\Windows\System32\ieframe.dll
16:38:11.0660 1368 C:\Windows\System32\ieframe.dll - ok
16:38:11.0662 1368 [ B9274CDEAD3DDB17B5C3D0D5A6EA46F1 ] C:\Windows\System32\wbem\WMIPIPRT.dll
16:38:11.0662 1368 C:\Windows\System32\wbem\WMIPIPRT.dll - ok
16:38:11.0664 1368 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
16:38:11.0664 1368 C:\Windows\System32\framedynos.dll - ok
16:38:11.0667 1368 [ 5AAF10198FFBD79E7F022625FEDB79B7 ] C:\Windows\System32\provthrd.dll
16:38:11.0667 1368 C:\Windows\System32\provthrd.dll - ok
16:38:11.0669 1368 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
16:38:11.0669 1368 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
16:38:11.0672 1368 [ 4C865824DA60C3CFB8F5AFAD61A8645B ] C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_user_expert.exe
16:38:11.0672 1368 C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_user_expert.exe - ok
16:38:11.0674 1368 [ 2986F2B8E85AF015B9B85756EADDCEAD ] C:\Windows\System32\msvcirt.dll
16:38:11.0674 1368 C:\Windows\System32\msvcirt.dll - ok
16:38:11.0676 1368 [ 5FF5E12F28725D14CAA3B408848ADFFC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
16:38:11.0676 1368 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll - ok
16:38:11.0679 1368 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
16:38:11.0679 1368 C:\Windows\System32\wsock32.dll - ok
16:38:11.0681 1368 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
16:38:11.0681 1368 C:\Windows\System32\tquery.dll - ok
16:38:11.0683 1368 [ C97434C851C4821BD92D2831FDF1ECBE ] C:\Windows\SysWOW64\mshtml.dll
16:38:11.0683 1368 C:\Windows\SysWOW64\mshtml.dll - ok
16:38:11.0686 1368 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
16:38:11.0686 1368 C:\Windows\SysWOW64\duser.dll - ok
16:38:11.0688 1368 [ C3E39FB1398EEE8E612C2FE53A9192EF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
16:38:11.0688 1368 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll - ok
16:38:11.0691 1368 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
16:38:11.0691 1368 C:\Windows\SysWOW64\dui70.dll - ok
16:38:11.0693 1368 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
16:38:11.0693 1368 C:\Windows\System32\mssrch.dll - ok
16:38:11.0695 1368 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
16:38:11.0695 1368 C:\Windows\System32\msidle.dll - ok
16:38:11.0698 1368 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
16:38:11.0698 1368 C:\Windows\System32\mssprxy.dll - ok
16:38:11.0700 1368 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
16:38:11.0700 1368 C:\Windows\System32\en-US\tquery.dll.mui - ok
16:38:11.0703 1368 [ C79918B15465856ECBB758AF93692CFD ] C:\Program Files (x86)\DAEMON Tools Pro\Engine.dll
16:38:11.0703 1368 C:\Program Files (x86)\DAEMON Tools Pro\Engine.dll - ok
16:38:11.0705 1368 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
16:38:11.0705 1368 C:\Windows\System32\SearchProtocolHost.exe - ok
16:38:11.0708 1368 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
16:38:11.0708 1368 C:\Windows\System32\msshooks.dll - ok
16:38:11.0710 1368 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
16:38:11.0710 1368 C:\Windows\System32\SearchFilterHost.exe - ok
16:38:11.0713 1368 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\SysWOW64\msimtf.dll
16:38:11.0713 1368 C:\Windows\SysWOW64\msimtf.dll - ok
16:38:11.0715 1368 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
16:38:11.0715 1368 C:\Windows\System32\FXSST.dll - ok
16:38:11.0717 1368 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
16:38:11.0717 1368 C:\Windows\System32\mscoree.dll - ok
16:38:11.0719 1368 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
16:38:11.0719 1368 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
16:38:11.0722 1368 [ 09A116FB06C5E362EF8938D29CDAB27B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
16:38:11.0722 1368 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
16:38:11.0724 1368 [ 7AFA393DD161F37D678EC1677ECB32B0 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUtil.dll
16:38:11.0725 1368 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUtil.dll - ok
16:38:11.0727 1368 [ C079169E6A07FC4412475C02969EB9CE ] C:\Windows\SysWOW64\jscript9.dll
16:38:11.0727 1368 C:\Windows\SysWOW64\jscript9.dll - ok
16:38:11.0730 1368 [ 3518CB4E2D896CAB53D5386F15AC0566 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
16:38:11.0730 1368 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll - ok
16:38:11.0732 1368 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
16:38:11.0732 1368 C:\Windows\System32\FXSAPI.dll - ok
16:38:11.0735 1368 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
16:38:11.0735 1368 C:\Windows\System32\qmgr.dll - ok
16:38:11.0737 1368 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
16:38:11.0737 1368 C:\Windows\System32\FXSRESM.dll - ok
16:38:11.0739 1368 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
16:38:11.0739 1368 C:\Windows\SysWOW64\rasapi32.dll - ok
16:38:11.0742 1368 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
16:38:11.0742 1368 C:\Windows\SysWOW64\rasman.dll - ok
16:38:11.0744 1368 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
16:38:11.0744 1368 C:\Windows\SysWOW64\rtutils.dll - ok
16:38:11.0746 1368 [ 9FF8F684BACF326082E5562F7C104A79 ] C:\Windows\SysWOW64\d2d1.dll
16:38:11.0746 1368 C:\Windows\SysWOW64\d2d1.dll - ok
16:38:11.0749 1368 [ 04CB7C8FDC6D9640DD82A527208F72C4 ] C:\Windows\System32\UIAnimation.dll
16:38:11.0749 1368 C:\Windows\System32\UIAnimation.dll - ok
16:38:11.0751 1368 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
16:38:11.0751 1368 C:\Windows\System32\rasdlg.dll - ok
16:38:11.0753 1368 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
16:38:11.0753 1368 C:\Windows\System32\webcheck.dll - ok
16:38:11.0756 1368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
16:38:11.0756 1368 C:\Windows\System32\FXSSVC.exe - ok
16:38:11.0758 1368 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
16:38:11.0758 1368 C:\Windows\System32\dot3api.dll - ok
16:38:11.0760 1368 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
16:38:11.0760 1368 C:\Windows\System32\wlanhlp.dll - ok
16:38:11.0763 1368 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
16:38:11.0763 1368 C:\Windows\System32\wlanapi.dll - ok
16:38:11.0765 1368 [ 4DE1EBB2314E2F10AC9EC83138193F8B ] C:\Program Files (x86)\DAEMON Tools Pro\imgengine.dll
16:38:11.0765 1368 C:\Program Files (x86)\DAEMON Tools Pro\imgengine.dll - ok
16:38:11.0768 1368 [ 4277F5164DE9B7C665BB928B9145BEE0 ] C:\Windows\SysWOW64\DWrite.dll
16:38:11.0768 1368 C:\Windows\SysWOW64\DWrite.dll - ok
16:38:11.0770 1368 [ D4F264FE23F8953D840904418220C15E ] C:\Windows\SysWOW64\dxgi.dll
16:38:11.0770 1368 C:\Windows\SysWOW64\dxgi.dll - ok
16:38:11.0772 1368 [ 3C1936A12C62254F914A01BBC6A8DC69 ] C:\Windows\SysWOW64\d3d10_1.dll
16:38:11.0772 1368 C:\Windows\SysWOW64\d3d10_1.dll - ok
16:38:11.0775 1368 [ 191EBD9CF58126D195817C3BEBCD20F6 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorCommon.dll
16:38:11.0775 1368 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorCommon.dll - ok
16:38:11.0778 1368 [ D576AADC3C1D727E4121229FF658D0D3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll
16:38:11.0778 1368 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll - ok
16:38:11.0780 1368 [ D4212AB475A3B25EC4DF574536C3EDC5 ] C:\Windows\SysWOW64\d3d10_1core.dll
16:38:11.0780 1368 C:\Windows\SysWOW64\d3d10_1core.dll - ok
16:38:11.0783 1368 [ 7ACDFB4CC67F4993DF0E0731576309B2 ] C:\Windows\SysWOW64\d3d11.dll
16:38:11.0783 1368 C:\Windows\SysWOW64\d3d11.dll - ok
16:38:11.0785 1368 [ 27E79A455EF80647F4F57FA3C2B09C94 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
16:38:11.0785 1368 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll - ok
16:38:11.0787 1368 [ B3170CCC779B682C3341873EA60CF084 ] C:\Windows\SysWOW64\d3d10warp.dll
16:38:11.0787 1368 C:\Windows\SysWOW64\d3d10warp.dll - ok
16:38:11.0790 1368 [ 8B1590C627138166C015A5680ABF6BB2 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
16:38:11.0790 1368 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll - ok
16:38:11.0792 1368 [ 6038306905F1BE6C91E1F0EE2222451F ] C:\Windows\SysWOW64\aticfx32.dll
16:38:11.0792 1368 C:\Windows\SysWOW64\aticfx32.dll - ok
16:38:11.0795 1368 [ 21E110FF1C0E948860458BD7B692DE13 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
16:38:11.0795 1368 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll - ok
16:38:11.0798 1368 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
16:38:11.0798 1368 C:\Windows\System32\mlang.dll - ok
16:38:11.0800 1368 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
16:38:11.0800 1368 C:\Windows\System32\SyncCenter.dll - ok
16:38:11.0803 1368 [ 871F7F32E3441580138E61A4AA072DF6 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
16:38:11.0803 1368 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll - ok
16:38:11.0805 1368 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
16:38:11.0805 1368 C:\Windows\System32\imapi2.dll - ok
16:38:11.0807 1368 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
16:38:11.0807 1368 C:\Windows\System32\wdmaud.drv - ok
16:38:11.0810 1368 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
16:38:11.0810 1368 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
16:38:11.0812 1368 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
16:38:11.0812 1368 C:\Windows\System32\msacm32.drv - ok
16:38:11.0814 1368 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
16:38:11.0814 1368 C:\Windows\System32\msacm32.dll - ok
16:38:11.0817 1368 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
16:38:11.0817 1368 C:\Windows\System32\midimap.dll - ok
16:38:11.0820 1368 [ 3D7D2E825C63FF501E896CF008C70D75 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
16:38:11.0820 1368 C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok
16:38:11.0822 1368 [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
16:38:11.0822 1368 C:\Windows\System32\bitsperf.dll - ok
16:38:11.0824 1368 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
16:38:11.0824 1368 C:\Windows\System32\bitsigd.dll - ok
16:38:11.0827 1368 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
16:38:11.0827 1368 C:\Windows\System32\upnp.dll - ok
16:38:11.0829 1368 [ C1B5307377C98F87E0152C44E9FF8DEE ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
16:38:11.0829 1368 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
16:38:11.0832 1368 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
16:38:11.0832 1368 C:\Windows\System32\WWanAPI.dll - ok
16:38:11.0834 1368 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
16:38:11.0834 1368 C:\Windows\System32\wwapi.dll - ok
16:38:11.0836 1368 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:38:11.0836 1368 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
16:38:11.0839 1368 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
16:38:11.0839 1368 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
16:38:11.0841 1368 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
16:38:11.0841 1368 C:\Windows\System32\QAGENT.DLL - ok
16:38:11.0844 1368 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
16:38:11.0844 1368 C:\Windows\SysWOW64\msls31.dll - ok
16:38:11.0846 1368 [ 24FCC3CDAE327F632CB8696E1E40F772 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
16:38:11.0846 1368 C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
16:38:11.0848 1368 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
16:38:11.0849 1368 C:\Windows\System32\hgcpl.dll - ok
16:38:11.0850 1368 ============================================================
16:38:11.0850 1368 Scan finished
16:38:11.0850 1368 ============================================================
16:38:11.0856 1440 Detected object count: 0
16:38:11.0856 1440 Actual detected object count: 0


----------



## Raderick (Oct 2, 2005)

So I was in fact able to trigger the issue when the computer is in safe mode after all. The problem seems to only happen now when a browser window is open. I'd, say be at this web site, and then randomly, it would go to the home page (msn.com in Internet Explorer). The default browser won't open anymore by itself if I am in a different application altogether or if I have no application open at all.


----------



## Raderick (Oct 2, 2005)

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-27 16:47:37
-----------------------------
16:47:37.702 OS Version: Windows x64 6.1.7601 Service Pack 1
16:47:37.702 Number of processors: 8 586 0x2A07
16:47:37.702 ComputerName: NEWCOMPUTER-PC UserName: New Computer
16:47:40.104 Initialize success
17:20:08.458 AVAST engine defs: 13022701
17:21:31.341 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:21:31.357 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
17:21:31.357 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000081
17:21:31.372 Disk 1 Vendor: Size: 715404MB BusType: 0
17:21:31.372 Disk 0 MBR read successfully
17:21:31.388 Disk 0 MBR scan
17:21:31.404 Disk 0 Windows 7 default MBR code
17:21:31.404 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:21:31.450 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 713246 MB offset 206848
17:21:31.497 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 2048 MB offset 1460934656
17:21:31.606 Disk 0 scanning C:\Windows\system32\drivers
17:21:41.637 Service scanning
17:22:22.852 Modules scanning
17:22:22.868 Disk 0 trace - called modules:
17:22:22.962 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 
17:22:22.977 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c45790]
17:22:22.977 3 CLASSPNP.SYS[fffff880019b543f] -> nt!IofCallDriver -> [0xfffffa8006b3eb10]
17:22:22.993 5 hpdskflt.sys[fffff88001a5f189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006997050]
17:22:24.490 AVAST engine scan C:\Windows
17:22:30.122 AVAST engine scan C:\Windows\system32
17:26:41.626 AVAST engine scan C:\Windows\system32\drivers
17:26:53.279 AVAST engine scan C:\Users\New Computer
17:28:21.232 Disk 0 MBR has been saved successfully to "C:\Users\New Computer\Desktop\MBR.dat"
17:28:21.232 The log file has been saved successfully to "C:\Users\New Computer\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-27 17:33:29
-----------------------------
17:33:29.087 OS Version: Windows x64 6.1.7601 Service Pack 1
17:33:29.087 Number of processors: 8 586 0x2A07
17:33:29.087 ComputerName: NEWCOMPUTER-PC UserName: New Computer
17:33:31.683 Initialize success
17:33:41.152 AVAST engine defs: 13022701
17:33:43.071 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:33:43.087 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
17:33:43.133 Disk 0 MBR read successfully
17:33:43.133 Disk 0 MBR scan
17:33:43.149 Disk 0 Windows 7 default MBR code
17:33:43.165 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:33:43.211 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 713246 MB offset 206848
17:33:43.243 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 2048 MB offset 1460934656
17:33:43.367 Disk 0 scanning C:\Windows\system32\drivers
17:34:15.613 Service scanning
17:35:22.506 Modules scanning
17:35:22.521 Disk 0 trace - called modules:
17:35:22.552 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 
17:35:22.568 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c1d790]
17:35:22.568 3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> [0xfffffa8006b18b10]
17:35:22.584 5 hpdskflt.sys[fffff88001dce189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006935050]
17:35:29.666 AVAST engine scan C:\Windows
17:35:38.636 AVAST engine scan C:\Windows\system32
17:41:52.132 AVAST engine scan C:\Windows\system32\drivers
17:42:42.130 AVAST engine scan C:\Users\New Computer
17:47:09.015 AVAST engine scan C:\ProgramData
17:47:29.186 Scan finished successfully
17:52:50.094 Disk 0 MBR has been saved successfully to "C:\Users\New Computer\Desktop\MBR.dat"
17:52:50.094 The log file has been saved successfully to "C:\Users\New Computer\Desktop\aswMBR.txt"


----------



## Raderick (Oct 2, 2005)

Any further ideas?


----------



## eddie5659 (Mar 19, 2001)

Hi, I hadn't forgotten you, just trying to delve deeper. Looking online, a few people have the issue, but no actual solution 


Still, I live in hope and I've solved other stranger ones, so lets get this one in there as well 

Can you see if its an Add-On:

Go to Start - All Programs - Accessories - System Tools - Internet Explorer (no Add-ons).

Does that help?

---

If not, and the fact that it does it in safemode and with a re-install, let me go through the last OTL log you posted, to see if there are any programs that can cause this.

I'm here till 10pm tonight, and have a few days off work so I'll be replying a bit quicker, as I can look during the day


----------



## eddie5659 (Mar 19, 2001)

Can you run OTL in SafeMode for me? Curious what the difference is.

Before you run it, in the section *Extra Registry*, select the option *ALL*.

Then click *Run Scan* and two logs should hopefully appear. Copy/paste here as normal


----------



## eddie5659 (Mar 19, 2001)

Just about to edit the above, but need to test something first. If you read this, just wait a few mins before I repost about OTL


----------



## eddie5659 (Mar 19, 2001)

Nope, its fine, just do it as above, and post the logs


----------



## Raderick (Oct 2, 2005)

eddie5659 said:


> Hi, I hadn't forgotten you, just trying to delve deeper. Looking online, a few people have the issue, but no actual solution
> 
> Still, I live in hope and I've solved other stranger ones, so lets get this one in there as well
> 
> ...


Same issue occurs when IE launches with no add-ons.


----------



## Raderick (Oct 2, 2005)

OTL logfile created on: 3/6/2013 2:31:38 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.84 Gb Available Physical Memory | 81.28% Memory free
11.90 Gb Paging File | 10.87 Gb Available in Paging File | 91.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 696.53 Gb Total Space | 656.91 Gb Free Space | 94.31% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 13.45 Gb Free Space | 90.26% Space Free | Partition Type: FAT32
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.56% Space Free | Partition Type: FAT32

Computer Name: NEWCOMPUTER-PC | User Name: New Computer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\New Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URUET8WP\EIE10_EN-US_MSN_Win764.EXE (Microsoft Corporation)
PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\New Computer\AppData\Local\Temp\IXP000.TMP\IE-REDIST.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll ()

========== Services (SafeList) ==========

SRV:*64bit:* - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:*64bit:* - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:*64bit:* - (TrueService) -- C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.)
SRV:*64bit:* - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:*64bit:* - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:*64bit:* - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:*64bit:* - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:*64bit:* - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SProtection) -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (Iminent)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:*64bit:* - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:*64bit:* - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:*64bit:* - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:*64bit:* - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:*64bit:* - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:*64bit:* - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:*64bit:* - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:*64bit:* - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:*64bit:* - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:*64bit:* - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:*64bit:* - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:*64bit:* - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:*64bit:* - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:*64bit:* - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:*64bit:* - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:*64bit:* - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=UP72DHP&pc=UP72&dt=030613
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 9D 93 36 B8 1A CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Simple Pass (Enabled) = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\npwebsitelogon.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - Extension: Google Docs = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Iminent = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.10.2.1_0\
CHR - Extension: Website Logon = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\
CHR - Extension: GetSavin = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: Gmail = C:\Users\New Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/17 00:09:05 | 000,000,050 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (GetSavin 5.0) - {C2EC9B50-84DE-4A86-B75E-38C6A5C8E956} - C:\Users\New Computer\AppData\Local\getsavin\ie\getsavin_1362445201.dll ()
O3:*64bit:* - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_D812AE6282F3418C34336B2877EA5D20] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoToAssist Remote Support Expert] C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [service.exe] C:\Program Files (x86)\FK_Monitor\service.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE2B91CE-B331-4788-AA39-6506F8C394BA}: DhcpNameServer = 8.8.8.8 8.8.4.4
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/06 14:31:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/03/04 17:07:24 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Roaming\Iminent
[2013/03/04 17:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013/03/04 17:07:07 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Roaming\FK_Monitor
[2013/03/04 17:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeKeylogger
[2013/03/04 17:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FK_Monitor
[2013/03/04 17:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2013/03/04 17:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013/03/04 17:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013/03/04 17:06:28 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Local\getsavin
[2013/02/27 16:31:44 | 002,270,652 | ---- | C] (AVAST Software) -- C:\Users\New Computer\Desktop\aswMBR.exe.5jkjfq9.partial
[2013/02/27 16:31:28 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\New Computer\Desktop\tdsskiller.exe
[2013/02/27 09:55:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/02/27 09:55:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/02/27 09:55:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/02/27 09:55:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/02/27 09:55:37 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013/02/27 09:55:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/02/27 09:55:36 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/02/27 09:55:36 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/02/27 09:55:36 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/02/27 09:55:36 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/02/27 09:55:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/02/27 09:55:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/02/27 09:55:36 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/02/27 09:55:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/02/27 09:55:35 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/02/27 09:55:35 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/02/27 09:55:35 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/02/27 09:55:35 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/02/27 09:55:35 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/02/27 09:55:35 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/02/27 09:55:35 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/02/27 09:55:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/02/27 09:55:35 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/02/27 09:55:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/02/27 09:55:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/02/27 09:52:24 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/27 09:52:24 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 09:52:24 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/27 09:52:24 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/27 09:52:13 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/27 09:52:13 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/27 09:52:11 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/27 09:52:11 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 09:52:11 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 09:52:11 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 09:52:11 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 09:52:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 09:52:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 09:52:11 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 09:52:11 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 09:52:10 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/27 09:52:10 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/27 09:52:10 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 09:52:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 09:52:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 09:52:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 09:52:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 09:52:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 09:52:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 09:52:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 09:52:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 09:52:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 09:52:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 09:52:09 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/27 09:52:09 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/27 09:52:09 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/27 09:52:09 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/27 09:52:09 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/27 09:52:09 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/27 09:52:09 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/27 09:52:09 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/27 09:52:09 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/27 09:52:08 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/27 09:52:08 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/27 09:52:08 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/27 09:52:08 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/27 09:47:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/02/27 09:47:03 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/02/27 09:47:03 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/02/26 18:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/02/26 18:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/02/21 19:30:13 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2013/02/21 19:30:13 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013/02/21 19:30:13 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2013/02/21 19:30:13 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2013/02/21 19:30:13 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2013/02/21 19:30:13 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2013/02/21 19:30:13 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013/02/21 19:30:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2013/02/21 19:30:13 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013/02/21 19:30:13 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2013/02/21 19:30:13 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2013/02/21 19:30:13 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2013/02/21 19:30:12 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2013/02/21 19:30:12 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013/02/21 19:30:12 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2013/02/21 19:30:12 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013/02/21 19:30:12 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2013/02/21 19:30:12 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013/02/21 19:30:11 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2013/02/21 19:30:11 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013/02/21 19:30:11 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2013/02/21 19:30:11 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013/02/21 19:30:11 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013/02/21 19:30:11 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2013/02/21 19:30:11 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2013/02/21 19:30:11 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013/02/21 19:30:11 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2013/02/21 19:30:11 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013/02/21 19:30:10 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2013/02/21 19:30:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013/02/21 19:30:10 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2013/02/21 19:30:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013/02/21 19:30:09 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2013/02/21 19:30:09 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013/02/21 19:30:09 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2013/02/21 19:30:09 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/02/21 19:30:09 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2013/02/21 19:30:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013/02/21 19:30:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013/02/21 19:30:09 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2013/02/21 19:30:08 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2013/02/21 19:30:08 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013/02/21 19:30:08 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2013/02/21 19:30:08 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013/02/21 19:30:07 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2013/02/21 19:30:07 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013/02/21 19:30:07 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2013/02/21 19:30:07 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013/02/21 19:30:07 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2013/02/21 19:30:07 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2013/02/21 19:30:07 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013/02/21 19:30:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013/02/21 19:30:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013/02/21 19:30:07 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2013/02/21 19:30:07 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2013/02/21 19:30:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013/02/21 19:30:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013/02/21 19:30:06 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2013/02/21 19:30:06 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2013/02/21 19:30:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013/02/21 19:30:05 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2013/02/21 19:30:05 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013/02/21 19:30:05 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2013/02/21 19:30:05 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013/02/21 19:30:05 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2013/02/21 19:30:05 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013/02/21 19:30:05 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2013/02/21 19:30:05 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013/02/21 19:30:04 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2013/02/21 19:30:04 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013/02/21 19:30:04 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2013/02/21 19:30:04 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013/02/21 19:30:04 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2013/02/21 19:30:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013/02/21 19:30:03 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2013/02/21 19:30:03 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013/02/21 19:30:03 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2013/02/21 19:30:03 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013/02/21 19:30:03 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2013/02/21 19:30:03 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013/02/21 19:29:55 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2013/02/21 19:29:55 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013/02/21 19:29:54 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2013/02/21 19:29:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013/02/21 19:29:54 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2013/02/21 19:29:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013/02/21 19:29:54 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2013/02/21 19:29:54 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013/02/21 19:29:54 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2013/02/21 19:29:54 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013/02/21 19:29:53 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2013/02/21 19:29:53 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013/02/21 19:29:53 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2013/02/21 19:29:53 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013/02/21 19:29:53 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2013/02/21 19:29:53 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013/02/21 19:29:52 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2013/02/21 19:29:52 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013/02/21 19:29:52 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2013/02/21 19:29:52 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013/02/21 19:29:52 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2013/02/21 19:29:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013/02/21 19:29:52 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2013/02/21 19:29:52 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013/02/21 19:29:51 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2013/02/21 19:29:51 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013/02/21 19:29:51 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2013/02/21 19:29:51 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013/02/21 19:29:50 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2013/02/21 19:29:50 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013/02/21 19:29:50 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2013/02/21 19:29:50 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013/02/21 19:29:50 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2013/02/21 19:29:50 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013/02/21 19:29:49 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2013/02/21 19:29:49 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013/02/21 19:29:48 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2013/02/21 19:29:48 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013/02/21 19:29:47 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2013/02/21 19:29:47 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013/02/21 19:29:46 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2013/02/21 19:29:46 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013/02/21 19:29:45 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2013/02/21 19:29:45 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013/02/21 19:29:44 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2013/02/21 19:29:44 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013/02/21 19:29:37 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2013/02/21 19:29:37 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013/02/21 19:29:35 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2013/02/21 19:29:35 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2013/02/21 19:29:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013/02/21 19:29:35 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013/02/21 19:29:35 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2013/02/21 19:29:35 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013/02/21 19:29:35 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2013/02/21 19:29:35 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013/02/21 19:29:34 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2013/02/21 19:29:34 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2013/02/21 19:29:34 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013/02/21 19:29:34 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013/02/21 19:29:33 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2013/02/21 19:29:33 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013/02/21 19:29:32 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2013/02/21 19:29:32 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013/02/21 19:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[2013/02/21 19:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2013/02/21 19:20:16 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/02/21 19:20:14 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Roaming\DAEMON Tools Pro
[2013/02/21 19:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2013/02/21 19:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2013/02/21 00:08:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/20 23:58:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/20 23:58:21 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/17 07:35:02 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
[2013/02/17 07:34:52 | 000,000,000 | ---D | C] -- C:\Users\New Computer\AppData\Local\Citrix
[2013/02/17 07:25:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/17 07:25:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/17 07:25:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/17 07:25:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/17 07:25:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/17 07:25:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/17 07:25:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/17 07:25:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/17 07:25:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/17 07:25:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/17 07:25:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/17 07:25:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/17 07:25:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/17 07:25:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/17 07:25:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/16 08:24:40 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/16 08:24:39 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/16 08:24:39 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/16 08:24:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/16 08:24:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/16 08:24:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/16 08:24:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/16 08:24:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/16 08:24:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/16 08:24:30 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/06 11:35:24 | 000,000,000 | ---D | C] -- C:\_OTS
[2013/02/05 20:51:24 | 000,000,000 | ---D | C] -- C:\AuthLog
[2013/02/05 20:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/06 14:31:48 | 000,727,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/06 14:31:48 | 000,624,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/06 14:31:48 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/06 14:22:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/06 14:22:21 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/06 14:21:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/06 14:12:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/06 13:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/06 08:15:09 | 000,022,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 08:15:09 | 000,022,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/04 17:07:18 | 000,000,620 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/03/04 17:06:31 | 000,000,000 | ---- | M] () -- C:\end
[2013/03/04 17:06:29 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/02/27 17:52:50 | 000,000,512 | ---- | M] () -- C:\Users\New Computer\Desktop\MBR.dat
[2013/02/27 16:32:21 | 002,270,652 | ---- | M] (AVAST Software) -- C:\Users\New Computer\Desktop\aswMBR.exe.5jkjfq9.partial
[2013/02/27 16:31:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\New Computer\Desktop\tdsskiller.exe
[2013/02/27 10:32:06 | 000,001,020 | ---- | M] () -- C:\Users\New Computer\Desktop\test.reg
[2013/02/27 10:24:56 | 000,001,190 | ---- | M] () -- C:\Users\New Computer\Desktop\reg.reg
[2013/02/27 09:02:05 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/27 09:02:05 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/26 18:03:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/21 19:20:16 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/02/21 00:00:14 | 000,002,026 | -H-- | M] () -- C:\Users\New Computer\Documents\Default.rdp
[2013/02/17 07:46:39 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/17 07:34:52 | 000,113,224 | ---- | M] () -- C:\Users\New Computer\g2ax_expert_downloadhelper_win32_x86.exe
[2013/02/17 01:40:40 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/02/06 08:52:48 | 000,002,283 | ---- | M] () -- C:\Users\New Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/04 17:07:09 | 000,000,620 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/03/04 17:06:29 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/03/04 17:06:23 | 000,000,000 | ---- | C] () -- C:\end
[2013/02/27 17:28:21 | 000,000,512 | ---- | C] () -- C:\Users\New Computer\Desktop\MBR.dat
[2013/02/27 10:32:06 | 000,001,020 | ---- | C] () -- C:\Users\New Computer\Desktop\test.reg
[2013/02/27 10:24:56 | 000,001,190 | ---- | C] () -- C:\Users\New Computer\Desktop\reg.reg
[2013/02/26 18:03:14 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/02/26 18:02:30 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/02/17 07:34:50 | 000,113,224 | ---- | C] () -- C:\Users\New Computer\g2ax_expert_downloadhelper_win32_x86.exe
[2013/02/16 08:18:49 | 000,002,026 | -H-- | C] () -- C:\Users\New Computer\Documents\Default.rdp
[2013/02/05 20:51:10 | 000,002,283 | ---- | C] () -- C:\Users\New Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/05 20:47:40 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/05 20:47:40 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/19 13:02:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/19 13:02:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/19 13:02:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/19 13:02:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/19 13:02:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/08 21:05:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/08 20:56:56 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/09/30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/09 08:30:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/09 08:30:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/09 08:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/09 08:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/09 07:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/03/17 13:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Now, looking at the two logs, I see a few entries that are still the same, so looking at them below that I'm just checking on.

Also, in your latest log you have a few new entries, which are classed as malware:

*Iminent
GetSavin*

Did you install these?

Also, you have this:

*
FreeKeylogger
*

Again, did you install this? If so, can I grab some info on it, just to see what it is for the future?

So, you should still have these programs, but as its been a while, they may have been updated. Delete them and download and run the fresh ones as follows:








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

---

Please download *AdwCleaner* by Xplode onto your desktop.

Double click on *AdwCleaner.exe* to run the tool.
Click on *Search*.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[R1].txt* as well.

---

Also, update MBAM and run a full scan and post the log.

Then, can you do the following:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:file
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysNative\drivers\atikmdag.sys
C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe
C:\Program Files (x86)\FK_Monitor\service.exe
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

----

In normal mode, run this OTL scan:


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Select 
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*
Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
/md5start
cmd.exe
atikmdag.sys
g2ax_start.exe
/md5stop
```

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

*IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES*

When the scan completes, it will open one notepad window. *OTL.Txt*. This is saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of this file and post them in your topic


eddie


----------



## Raderick (Oct 2, 2005)

We were able to resolve the issue! There was lent building up in the ZIF connector when we took the laptop apart completely. Browsing free of issues now! Thank you for your help.


----------



## eddie5659 (Mar 19, 2001)

Excellent :up:


Had a feeling it was a hardware issue, as all malware routes were clear, and other things like the full format kept pointing to it, but I thought it was just a keyboard issue.

Now I know that fur etc in the laptop can also cause this, will remember that for the future 

So, lets remove the tools we've used 


But, before I post, you do have these:

Iminent
GetSavin

and they're classed as malware. Plus, you have this:

FreeKeylogger

We can remove the above, so let me know if you installed and still want them. I'll post the removal of tools etc after I hear from you


----------



## Raderick (Oct 2, 2005)

eddie5659 said:


> Excellent :up:
> 
> Had a feeling it was a hardware issue, as all malware routes were clear, and other things like the full format kept pointing to it, but I thought it was just a keyboard issue.
> 
> ...


I actually installed FreeKeylogger in an attempt to see if it's sending some sort of command to the computer to open the browser. The other two, I didn't install.


----------



## Raderick (Oct 2, 2005)

I want to respond and say the issue is still persisting!


----------



## eddie5659 (Mar 19, 2001)

Double nuts 

Am I right in thinking you're the only user on this computer? If not, does this occur with anyone else?

Okay, lets get rid of that extra stuff you didn't install. I know you have these already, but they may have been updated so, delete the ones you have and get fresh ones and post the logs as before:








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

----

Please download *AdwCleaner* by Xplode onto your desktop.

Double click on *AdwCleaner.exe* to run the tool.
Click on *Search*.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[R1].txt* as well.

------

Also, update MBAM and run a full scan and post the log.

Then, can you do the following:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:file
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysNative\drivers\atikmdag.sys
C:\Users\New Computer\AppData\Local\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe
C:\Program Files (x86)\FK_Monitor\service.exe
:filefind
*Iminent*
*GetSavin*
:folderfind
*Iminent*
*GetSavin*
:regfind
Iminent
GetSavin
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

----

In normal mode, run this OTL scan:


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Select 
*All Users*
*LOP Check*
*Purity Check*
Under the *Standard Registry* box change it to *All*
Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
/md5start
cmd.exe
atikmdag.sys
g2ax_start.exe
/md5stop
```

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

*IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES*

When the scan completes, it will open one notepad window. *OTL.Txt*. This is saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of this file and post them in your topic


eddie


----------

