Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Sirefef resurgence locked many of my computer softwares, functions and internet access


  • This topic is locked This topic is locked
81 replies to this topic

#1 Explore100

Explore100

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 12 August 2012 - 09:10 PM

Here is the description of the problems on my computer that maybe due to a resurgence of Sirefef or another virus. The first log is the one made by ComboFix, i was finally able to get ComboFix to run when i downloaded a fresh version of it last night, however as shown in the log there is a component that is missing on my Windows: it does not have the Recovery Console installed, and ComboFix said it was not able to run the full deep scan for malware. The one thing it did however is remove 5 Gigs of files from my system which it took in the Temp files (hopefully it did not remove anything that i will need in the future, but it did delete all my Google Earth kmz files... well, i can still go back and recreate those, but otherwise i didn't spot any other problems).

Below will follow my DDS and GMER logs (both before and after i ran ComboFix) as requested earlier in the Windows XP section of the forum.

I have a Dell Precision M6300 with Windows XP Professional 32 bits that i mainly use to do 3D CAD design with Rhino 3D and photo editing with Gimp.

Unfortunately my computer came with Windows XP Pro pre-installed so there was no XP Pro CD coming along with it... (it's a refurbished computer, got it from a third party dealer). Also, to make things more complicated, my DVD reader-burner is no longer working since more than a year. It's a Sony, and apparently i am not the only one who had problems with that Sony disk player-burner. So that means, i wanted to wipe out my hard disk and reinstall Windows XP from scratch i cannot, unless i bought an external CD reader (but i am not entirely sure it might work, yet.. haven't tested that, as i have not been able to make a Microsoft plug and play mouse work on my machine but strangely it works on the little inexpensive computer of my wife which is one of those new little 10 inch machines)(and Microsoft's solution seemed to risky for me to take as it involved disabling the touch pad, which mean that if it failed i would have nothing left to access my computer...). Strangely, the computer detects the Sony DVD drive and does not detect anything wrong, but it just won't open and a DVD got stuck inside it over a year ago which forced me to dismantle the machine and the drive to remove it manually. I reassembled everything and it has been working normally ever since (except for the Sony DVD player which is still out of function) until i had the following problems:

The computer now have serious trouble that started just after i installed and tested ERUNT. Here is what happened:

For a period of 1 month or so, i had big problems with the Sirefef virus. I was finally able to get rid of the last component of Sirefef when i used about 4 of the 6 or 7 tools that which i initially found here. Prior to this Sirefef had slowed down my machine and generated a lot of alerts almost all the time about my Avast antivirus stopping various viruses or websites but was never able to catch and destroy them (Avast customer service was of no help at all and i had to find the solution entirely by myself, they just didn't seem to care, which is a shame). Because my system was not the Windows 7 or Vista given as an exemple on the forum explaining how to get rid of Sirefef, the instructions did not match most of what i saw onscreen for my machine but luckily the virus removal tools worked and went into action correctly and it caught one last component of the virus. The computer have been working normally ever since and i re-installed Avast.
(With the exception of my Firewall, Sirefef virus disabled it and it has been impossible to access it ever since, even after i removed Sirefef, i don't know how to remedy to this).

However, i had saved some of my data on an external hard drive during the period when i had the virus (but didn't know yet it was Sirefef at the time). So after i got rid of Sirefef on my computer, i decided it would be a good idea to scan my external drive as well to avoid contamination. I tried to run the Sirefef removal tools in the same safe mode as i had before on my computer's drive, and with the external disk connected to my machine, but they didn't seem to find my external drive and instead they scanned again my computer hard disk. So i tried a different approach, and not sure if those tools were designed to be used that way: i directly scanned the external disk with those tools (not in safe mode). The tools didn't seem to find anything.

So i decided it would be a good idea to try Erunt, to make a copy of my directory just in case i had some future trouble with another virus as nasty as Sirefef.

I clicked and installed it and when came the moment to click where to install the copy of my Windows Directory files, i did not click save because i was not sure where it was going to send this copy and i was afraid i would not be able to find it as i had not created any special file for it that i could recognize easily.

I don't remember why i ran Erunt a 2nd time, and again it asked me to save the copy, again i didn't click save because i didn't feel safe about saving the copy where i may not be able to find it, but i may have done something wrong because the next thing i know:

My computer is now taking a very long time to booth up.

My Avast and Malwarebyte softwares cannot be opened or used anymore, i cannot reinstall Avast either.

I cannot move or drag and drop any of my icons or documents.

And, MAJOR CATASTROPHE, my Internet Explorer is down, my internet access icons on the lower right hand corner are also totally gone and i cannot go on the internet anymore ! Worse, i cannot even use MY MAIN TOOL, Rhino 3D, anymore, because it says it cannot access the license manager... so i cannot do any of my work... (thankfully i had previously saved my most recent 3D files on an external drive, because now none of them can be opened on my computer).

MAJOR headache, because this computer and 3D software are going to become my main source of income for the future (on an extremely small budget), and i was close to complete a new 3D model to sent it to RP to show to potential clients when the problem started (i had just changed to all numeric design after 15 years of building things the hard way, with manual tools, at home).

I have tried 'Undo Changes Made To Your Computer' almost right away, it is totally unaccessible... 'Search' i also not working... 'Go back to last good configuration' also just sends me back to the same situation i am right now (no change)... and Repair Mode gave no result when i booth up on Safe Mode.

ALL or most of my commercial softwares like Rhino 3D, Avast, and so on no longer work, but several of my GNU softwares such as Gimp and Blender still open and seem to work, though some others have problems.

I also cannot click open any of my photos, i have to right click and get the 'open with software so and so' command to open them with picture viewer individually with this method, which is extremely painstaking.

I also cannot open ANY of the webpages i had saved on my computer and i cannot save any of them to my external drive or a USB key......

I also cannot save to my external drive any of the movies i have on my computer (including .FLV format, which is GNU license...). I have also lost sound on all my video files.

Basically the only thing i can do is type this on Wordpad, and look at my pictures with the method mentionned above, and work on Gimp, and erase files.

My (early) suspicion was that Erunt somehow overwrote my Directory file once or even twice, as i found a lot of red dot with a white X 'error' messages in the event viewer, but i cannot locate where exactly the unwanted copies are or HOW to get rid of them without damaging my system any further.


I thank you very much in advance for all the help you may provide.

Edited by Explore100, 12 August 2012 - 09:12 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 17 August 2012 - 09:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464964 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 20 August 2012 - 07:38 PM

Here are my new DDS and GMER scan LOGS as requested by Helpbot:

The description of the problems i am having are listed above, but the short version of it is:

No internet connection at all, no icons for internet connections on the lower right corner, no access to my antivirus and anti-malware (Avast, Malwarebyte), no access to my firewall, and no access to my main tool: the software Rhino 3D. Access to all my GNU softwares such as GIMP and FreeCAD work fine however, i can even created new files and save them, but it is totally impossible to open Rhino 3D. I can't go back to undo changes made to my computer either, i have lost sound on all my videos, i cannot click open my pictures (only can if i right click and choose open with software so and so, and only 1 picture at a time). I cannot move and drag pictures or any files, i cannot copy and save any of my videos to an external drive. I can only copy and save photos to an external drive if i right click and open individual pics one by one with a picture viewing software. I cannot directly save a WordPad document unless i open the document and save it to an external drive while it is open.

I also cannot reinstall Avast or Malwarebyte nor re-activate them, i tried several times prior to posting here.


Some of the things i did before i posted on this section of the forum:


I was also finally able to run ComboFix after i uploaded a fresh version of it. It was a partial success only, the only thing it did was remove 5 Gigs of what i suppose was useless (?) data in the Temp files, i was surprised at the qty of material it erased, the only bad thing is that it erased all my Google Earth kmz files... but it can be replaced, so no big damage there.

However it was not able to run the true deep scan for malware because it said i don't have the Recover Console installed in my Windows XP.


Prior to this i also did:

After all the previous things i tried failed except for the scans to generate logs and the short aswMBR possible (false?) suspicious couple files found, i tried the following:

I was finally able to run a scan with Avast in SAFE mode, but it did not find anything. However it is totally unable to program booth time scans, i tried to program a custom scan as it was the only one that seemed to be programmable at this point but the settings i chose self disable themselves right away. The software also refuses its own 'repair' mode. I uninstalled Malwarebyte in SAFE mode and reinstalled it to no avail, it still cannot be opened and still gives me the same error message as before.


And i also did this at the beginning:

I've run many of the tools and followed many of the steps that were provided here mostly to no avail.

I did re-run the whole Sirefef removal routine provided here on one of the threads. This was done in safe mode with prompt.

I tried reinstalling MBAM, it was a failure both times... I got a message that says runtime error '372', 'failed to load control vbalsgrid.oex from vbalsgrid.eox mbam.sys'. I've saved a print screen of this and several other error messages from my system and softwares.

First i ran FRST and aswMBR in safe mode to no result except for 2 files listed as 'suspicious' by aswMBR, one was a .SYS file and another one a .dll.dll. I had a look at one of these; the .SYS file i think; in WIN32 folder and it seems to be totally unrelated to my current problems: it's been there on the computer since before i bought it in 2010 when it worked perfectly, so, not a virus.

TDDSKiller finds nothing and scans very fast.


I then tried the instructions indicated in the answer to my post:

I did not try Cobian Backup or Drive Image XML because i already have backed up 98% of what i've got on my computer earlier on an external disk on a regular basis. The only thing i wasn't able to save were the components of XP Pro that that are used by the system and that cannot be copied... (I don't know if Cobian or Drive Image or Erunt might be able to save these ? Anyone can enlighten me on this ?).

I did not try to enable a Firewall yet, still got to try that one, but mine being inaccessible and off line i don't know how to do that.

I did not try to run DeFogger because i don't have any of the CD emulation softwares listed on the tutorial and doubt i have any others.

I ran DDS and GMER, i have logs for the first one as well as for aswMBR and another one. I`ve just re-re-run GMER as i was not able to copy and paste any of the results from the long scans the 1st time, now i`ve got it too. OK, just noticed i forgot to uncheck 1 setting in GMER, i`ll re-run it & post the log requested per the instructions.

Before i forget, here is one Windows component i may have erased accidentally before the whole trouble started, could this explain why i ran into major trouble when i tried to run Erunt ? Because i am getting this error message each time i open my computer and after my desktop icons appear:

Posted Image

I think i erased it from the Temporary files, not 100% sure, but seems to be from there, can't remember why though, maybe because i thought it was suspicious when i first saw it.

I'm also getting this now, don't remember getting it before the Erunt run froze so many of my functions and softwares on my computer:

Resized to 99% (was 611 x 175) - Click image to enlargePosted Image

I get this when i try to re-install Malwarebyte:

Resized to 65% (was 924 x 306) - Click image to enlargePosted Image

And this message appears, just before Combofix deletes itself from my USB key each time i try to run the full scan and fix operation:

Posted Image

When i click Fix avast nothing happens, it remains disabled unless i use SAFE booth up mode, and then it does not find anything. Booth time scans cannot be scheduled either, i tried different ways (booth time scan is usually the ultimate solution they gave me at Avast in case all things fail, either that or install Malwarebyte which now also now cannot be accessed after reinstall.

Posted Image

The message i get when i try to program a custom scan (i can adjust their settings but they immediately go back to their previous neutral settings after i leave the custom scan window. The other scan icons on the left are dissabled and cannot be used..

Posted Image

These are the only possible suspicious files that aswMBR found (the Avast tool that i found here on the Sirefef virus thread). No idea if these are positive or false alarms, but based on the checking i did a couple days ago when i found them, i saw thst at least one of those files if not both were created on my computer before i bought my computer (in 2010), so i suspect they are not virus components because my computer was fine until i got the Sirefef virus from a Russian website this summer (i know the exact site) and since i ran Erunt on my machine in August.

Resized to 98% (was 618 x 400) - Click image to enlargePosted Image

These are things i found on my own a few days ago while looking for a possible source of the problem. Since i don't know what the error codes mean someone here could maybe deduct something from these ? They all appeared after the Erunt run that resulted in many of my computer functions and commercial licensed softwares stopping to function:

Resized to 94% (was 640 x 400) - Click image to enlargePosted Image

Resized to 94% (was 640 x 400) - Click image to enlargePosted Image

Resized to 94% (was 640 x 400) - Click image to enlargePosted Image

Resized to 94% (was 640 x 400) - Click image to enlargePosted Image

Resized to 94% (was 640 x 400) - Click image to enlargePosted Image

Resized to 94% (was 640 x 400) - Click image to enlargePosted Image

Thank you again a million times in advance.

Attached Files


Edited by Explore100, 20 August 2012 - 08:03 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:35 PM

Posted 21 August 2012 - 06:58 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

You have a lot of problems here. aswMBR shows suspicious files but Sirefef has taken over quite a bit here.

Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!

You will need a blank CD, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

:step1:

1. Download and Run Ultimate Boot CD for Windows
  • Save it to your Desktop.
  • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
    NOTES:
  • Do not install to a folder with spaces in it's name.
  • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
  • Click "I agree" to the Builders License.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
    • Source:(path to Windows installation files)
    • Enter the path to the drive where your XP CD is located.
    • You can click on the "..." button on the right to navigate to the path as well.
  • Custom: (include files and folders from this directory)
    • No information is necessary, leave blank.
  • Output: (C:\ubcd4win\BartPE)
    • Keep the default BartPE
  • Media output
  • Choose Create ISO image
  • Do not choose Burn to CD/DVD


Please note: If your XP install disc is SP1 then please .....

  • Disable- DComLaunch Service
  • Enable- LargeIDE Fix

    This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

Also note: If you have a Dell XP install disc you will need to follow the instructions here
http://www.ubcd4win.com/faq.htm#dell
[/list]
3. Click on the "Build" button
  • You will see the Windows EULA message. Click on I Agree
  • You will now see the Build Screen. Let it run it's course
  • When the Build is finished you can click close, then exit


4. Burn your ISO file to CD
  • Please see HERE on how to burn an ISO to CD.
[/list]
==========

:step2:

Next, from your clean computer:

Download Farbar Recovery Scan Tool
and save it to your flash drive.

Now plug your flashdrive back into your sick computer and follow the next instructions:

==========

:step3:

1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
  • Insert the UBCD4Win disc in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
    • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
  • You should now have a desktop that looks like this:

    Posted Image


==========

:step4:

  • Single click My computer from your UBCD4W desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.
  • Double click on it to begin running the tool.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 22 August 2012 - 07:23 PM

Hi MOle,

Thank you for your answer and for your help, i forgot to explain what i wrote in my very 1st post in the Windows XP section of the forum:

My DVD player-burner is not working on my computer, it's been out of function since more than a year, it's apparently inherent to that Sony DVD player-burner in this model of Dell machines and i have followed infos found on the web to try to fix this to no avail. Basically it refused to read a CD after a reading session of about 30 CDs, the next day i tried a DVD, it stayed stuck inside, had to dismantle both computer and DVD reader to remove the disk. After this it never opened again (it just blinks and nothing happens). Computer detects the DVD burner as being 'normal' but it is not.

So, i cannot use the exact same method you listed below, like i mentionned in the XP section, would it be possible to adapt the method so i could use a USB key to load this into my computer ? Either that or i would have to buy an external CD or DVD (?) burner, but i have NO idea if it will work because i was thinking the external CD reader-burner might use the same path as my internal DVD reader ?? (what do you think ?). If i go the road of the external CD or DVD reader-burner, i would have to know for sure that it will work before i commit to it, otherwise we will spent money we don't have for nothing (i keep in the back of my mind that i will have to buy a new disk of Windows XP Pro for about 80$ and wipe out my disk and re-install if the help on the forum does not give results, it will probably not be me who will do it i will probably have to find external help to do so if i have to do a reinstall of XP because i have read on Dell forums that it is quite easy to screw-up and end up with many functions that no longer work or a computer that works very slowly after a reinstall if you do not know what you are doing, and i don`t as i have never done this before). Our problem is that we did put all our eggs in the same basket when we purchased Rhino 3D for my work at home and we've had a couple of bad months just now (and the virus problem on top of it, meaning i was not able to do any of my work). So if i have to buy something i`d rather keep money for buying a new XP Pro disk, and get help from you on how to use your method but with a USB key or a 2nd computer connected to mine instead of an external CD reader-burner because that's what we can use right now.

I also don't have any XP Pro disk or DVD with my machine, it came without anything as i got it from a 3rd hand source (a store)(and the warranty for this machine is long gone).

i also have no idea what a Ultimate Boot CD for Windows (UBCD4win) is (never heard of it before, and as i had no disk or DVD with my machine when i bought it, it means i don't have it either). Is is free and where could i find it ?

Could you let me know what are the precise files that have been taken over by Sirefef ?

I have had a look at my early AVAST messages from before i got into bigger trouble following my ERUNT run and i have the exact names of the Sirefef variants i had, strangely enough i have messages about both Sirefef A and Sirefef PL. Avast was able to stop them or even quarantine components of Sirefef but not delete them as alert messages kept popping up (when i deleted some of them it reanimated the components. Then i ran the series of tools found here such as Combofix, DDS, GMER and i believe the Kaspersky tool and Combofix i think caught what i thought was the last component of Sirefef. Then i got this new round of problems when i ran ERUNT and I finally posted a call for help here on the forum.

I have just started reading the page about Ultimate Boot CD for Windows

Do i download it to a clean computer ? (I cannot go online with my disabled machine, all internet connections are impossible). However my wife`s computer does not have a CD burner, it's one of those tiny 10 inch machines. Do i download it there anyway ?

Please let me know of any alternative method for using the CD method and burning CD method, for exemple would it be possible for someone else's computer with have an internal CD burner to connect to my disabled computer with (?) administrator control to do this ? (sorry about the newbie question, i have never done this but i suppose it might be possible ? But not sure how avoid risks of contamination to the other computer.


I have just downloaded the Ultimate Boot CD for Windows file to my wife's small 10 inch computer (it doesn't have an internal CD reader). I haven't tried saving them to my USB key yet.

Edited by Explore100, 22 August 2012 - 08:21 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:35 PM

Posted 22 August 2012 - 08:09 PM

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:35 PM

Posted 25 August 2012 - 08:22 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#8 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 25 August 2012 - 10:32 PM

Hi MOle,

I tried TDSSKiller several times before i posted the logs on this section of the forum here but i will try it again..

What about the part i was asking you : can i do a reinstall from a USB key ? I have sifted through and tried to absorb the tons of material and info on all the pages linked that you gave me above and many sub-links on those pages and i have read somewhere that a USB key might be to slow (?) (though they were not mentionning what type of USB key, USB.2, USB.3 or .4 ? I have to go b.ack to check that as they were not using it for a reintsall of XP Pro but for something else with one of the CD's

Please take into account i have very limited internet access, i go at night to find whatever Wi-Fi spot i can find, trying to avoid thieves and beggers and police in parks, not on my computer but on my wife`s computer, as we don't get any Wi-Fi in our apartment. I am also trying to get through all the stuff i have to read and learn to do all this anti-malware removal and scanning, i don`t want to do any mistake as i am not a pro, just a guy who knows very little about Windows and who have been trying to learn a Lot in a very short time from various sources (i posted in 3 forums, did not even had time to answer a 2nd one who finally answered me a few days ago).

Also, i was asking you what about using an external DVD or CD burner-reader ? If the methods suggested here do not work on my machine due to lack of a functional internal CD burner-reader, do you think it will work if i use an external CD reader to do what you wrote in your first post ? I have to know, because i have to plan ahead and we have to find money to buy one if it turns out to be the last option, because i know it won't happen in just 3 days...! So please don't lock my post, because i REALLY need to get this fixed, but with my wife who is undergoing chemo and with me not being able to do my work with the 3D software that is blocked by the malware on my computer, i know that i cannot get everything done in just 3 days, as we are having a hard time here, so please understand., i won't get in the details here, but we've just gone through 2 Very BAD months and all our money have melted, and next month will be just a tiny bit better if all goes well but we're still on a razor line.

I also try not to use my infected PC unless i do a scan on it as requested here. All my communication with internet is done on another portable computer since mine cannot connect to the web anymore.

And yes, i still absolutely and definitely need help, because unless i tell everyone here, it means i still have the malware or virus and i still cannot do anything with my Rhino 3D or internet on my own computer.

So what should i do about the solution you gave me above with the CD reader system ? Should i buy an external CD reader-burner or should is it possible to do this from a USB key or is it possible to do this with an another computer connected to mine (don't know how, someone will have to let me know the procedure) with some type of administrator control maybe ? (not sure if it's possible, i`m not expert, so i`m asking) ?

Also i know that if i use that solution and if i need to get a Dell CD i won`t get the Dell CD overnight either, as i`ll have to order one from them and it will take time and i think it won`t be free. If we have to buy an external drive we won't be able to do that until sometime in September. Though i'll start looking for 2nd hand ones if you tell me that the external CD-reader-burner solution will work, so please let me know, as we really have to know first rather than spend money we don't have for an external CD player solution that may not work at all... Please...


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt
  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Edited by Explore100, 25 August 2012 - 10:47 PM.


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:35 PM

Posted 26 August 2012 - 04:32 AM

can i do a reinstall from a USB key

Yes you can.

i know that i cannot get everything done in just 3 days

Noted. I will give you 7 days after which I will bump the topic. Keep me informed as much as you can.

is it possible to do this with an another computer connected to mine?

Yes but we will avoid that if we can.

So what should i do about the solution you gave me above with the CD reader system ?

We will try and fix this without using options which involve CDs. An external CD drive is a possibility but, again, we don't want this to cost you money if we can help it.


We need to try and gain some info from this machine. On the clean machine download Combofix (your copy is now out of date)

Please download ComboFix from one of these locations:
Transfer this to your USB drive

Now do the same with OTL

Please download OTL


Then please download aswMBR ( 511KB )to the clean computer and transfer that onto the USB


Plug the USB into the infected machine and run aswMBR
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Now try Combofix
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.


If neither of these tools work then boot to safe mode and try again. Let me know how those instructions go.
Posted Image
m0le is a proud member of UNITE

#10 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 27 August 2012 - 03:19 PM

Hi !

Thank you so much MOle,

I have the TDSSKiller logs for my computer. posting them in one moment.

The bad news is the my wife's good computer is now infected by ZeroAcess-Sirefef too now.... :( So we are in deeper doo-doo than before now... we now have to reserve a seat at a library to get internet time. She got a black screen on her small 10 inch machine that uses Windows 7 Starter, no more internet, no more videos can be opened, though i can still copy and save files and i saved most of her files last night to an external disk (which is no doubt also contaminated with Sirefef since i used it on my computer before to save my own files). I think her computer must have been contaminated by the USB key i was using to dowload all the anti-malware and log tools. So i am bringing you a new member.... (first prize for me for stupidity). A few days ago i ran a high sensitivity boot scan with Avast on her machine, it came up with 3 Exploits called Java:CVE-2012-05-12-AL (and AW and BA) plus 2 corrupt files. It deleted all of them successfully. Despite me having run a ton of deep scans on the USB key with both her Avast and her Malwarebyte it did not detect anything on the key. Oh, and over a month ago or so i found a Ton of keylogger trojans on her machine when i adjusted the settings on her Avast to high. I think there were something like more than 60 or even 300, i can't remember. I'll let her post all the info on a new post at the appropriate section of the forum so someone can help her too.

Here are my TDSSKiller logs:

(the 2nd log was too long to attach, so i am pasting it):



05:23:46.0343 1904 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
05:23:46.0468 1904 ============================================================
05:23:46.0468 1904 Current date / time: 2012/08/26 05:23:46.0468
05:23:46.0468 1904 SystemInfo:
05:23:46.0468 1904
05:23:46.0468 1904 OS Version: 5.1.2600 ServicePack: 3.0
05:23:46.0468 1904 Product type: Workstation
05:23:46.0468 1904 ComputerName: M8C6FD1A41LR8A5
05:23:46.0468 1904 UserName: user
05:23:46.0468 1904 Windows directory: C:\WINDOWS
05:23:46.0468 1904 System windows directory: C:\WINDOWS
05:23:46.0468 1904 Processor architecture: Intel x86
05:23:46.0468 1904 Number of processors: 2
05:23:46.0468 1904 Page size: 0x1000
05:23:46.0468 1904 Boot type: Normal boot
05:23:46.0468 1904 ============================================================
05:23:49.0046 1904 BG loaded
05:23:49.0406 1904 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
05:23:49.0453 1904 Drive \Device\Harddisk1\DR2 - Size: 0xEEA89000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:23:49.0453 1904 ============================================================
05:23:49.0453 1904 \Device\Harddisk0\DR0:
05:23:49.0453 1904 MBR partitions:
05:23:49.0453 1904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
05:23:49.0453 1904 \Device\Harddisk1\DR2:
05:23:49.0453 1904 MBR partitions:
05:23:49.0453 1904 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7752E1
05:23:49.0453 1904 ============================================================
05:23:49.0546 1904 C: <-> \Device\Harddisk0\DR0\Partition1
05:23:49.0750 1904 ============================================================
05:23:49.0750 1904 Initialize success
05:23:49.0750 1904 ============================================================
05:24:16.0578 0948 ============================================================
05:24:16.0578 0948 Scan started
05:24:16.0578 0948 Mode: Manual; TDLFS;
05:24:16.0578 0948 ============================================================
05:24:17.0890 0948 ================ Scan system memory ========================
05:24:17.0906 0948 System memory - ok
05:24:17.0906 0948 ================ Scan services =============================
05:24:18.0062 0948 21082822 - ok
05:24:18.0109 0948 [ 473F97EDC5A5312F3665AB2921196C0C ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
05:24:18.0109 0948 Aavmker4 - ok
05:24:18.0125 0948 Abiosdsk - ok
05:24:18.0125 0948 abp480n5 - ok
05:24:18.0171 0948 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:24:18.0187 0948 ACPI - ok
05:24:18.0234 0948 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
05:24:18.0234 0948 ACPIEC - ok
05:24:18.0234 0948 adpu160m - ok
05:24:18.0296 0948 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
05:24:18.0296 0948 aec - ok
05:24:18.0375 0948 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
05:24:18.0375 0948 AFD - ok
05:24:18.0390 0948 Aha154x - ok
05:24:18.0406 0948 aic78u2 - ok
05:24:18.0406 0948 aic78xx - ok
05:24:18.0468 0948 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
05:24:18.0468 0948 Alerter - ok
05:24:18.0484 0948 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
05:24:18.0484 0948 ALG - ok
05:24:18.0484 0948 AliIde - ok
05:24:18.0500 0948 amsint - ok
05:24:18.0546 0948 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
05:24:18.0546 0948 APPDRV - ok
05:24:18.0578 0948 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
05:24:18.0578 0948 AppMgmt - ok
05:24:18.0609 0948 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:24:18.0609 0948 Arp1394 - ok
05:24:18.0625 0948 asc - ok
05:24:18.0625 0948 asc3350p - ok
05:24:18.0640 0948 asc3550 - ok
05:24:18.0765 0948 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
05:24:18.0796 0948 aspnet_state - ok
05:24:18.0828 0948 [ 0AE43C6C411254049279C2EE55630F95 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
05:24:18.0828 0948 aswFsBlk - ok
05:24:18.0843 0948 [ 8C30B7DDD2F1D8D138EBE40345AF2B11 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
05:24:18.0859 0948 aswMon2 - ok
05:24:18.0875 0948 [ DA12626FD9A67F4E917E2F2FBE1E1764 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
05:24:18.0875 0948 AswRdr - ok
05:24:18.0937 0948 [ DCB199B967375753B5019EC15F008F53 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
05:24:18.0953 0948 aswSnx - ok
05:24:18.0984 0948 [ B32873E5A1443C0A1E322266E203BF10 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
05:24:19.0000 0948 aswSP - ok
05:24:19.0015 0948 [ 6FF544175A9180C5D88534D3D9C9A9F7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
05:24:19.0015 0948 aswTdi - ok
05:24:19.0046 0948 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:24:19.0078 0948 AsyncMac - ok
05:24:19.0109 0948 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
05:24:19.0125 0948 atapi - ok
05:24:19.0125 0948 Atdisk - ok
05:24:19.0140 0948 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:24:19.0140 0948 Atmarpc - ok
05:24:19.0203 0948 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
05:24:19.0203 0948 AudioSrv - ok
05:24:19.0250 0948 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
05:24:19.0250 0948 audstub - ok
05:24:19.0359 0948 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
05:24:19.0359 0948 avast! Antivirus - ok
05:24:19.0406 0948 [ D0692F7B8217E3B82D2BFAC535816117 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
05:24:19.0406 0948 b57w2k - ok
05:24:19.0578 0948 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
05:24:19.0625 0948 BCM43XX - ok
05:24:19.0687 0948 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
05:24:19.0687 0948 Beep - ok
05:24:19.0765 0948 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
05:24:19.0828 0948 BITS - ok
05:24:19.0890 0948 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
05:24:19.0890 0948 Browser - ok
05:24:20.0046 0948 catchme - ok
05:24:20.0078 0948 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
05:24:20.0093 0948 cbidf2k - ok
05:24:20.0140 0948 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:24:20.0140 0948 CCDECODE - ok
05:24:20.0140 0948 cd20xrnt - ok
05:24:20.0187 0948 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
05:24:20.0203 0948 Cdaudio - ok
05:24:20.0250 0948 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
05:24:20.0250 0948 Cdfs - ok
05:24:20.0312 0948 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:24:20.0312 0948 Cdrom - ok
05:24:20.0328 0948 Changer - ok
05:24:20.0343 0948 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
05:24:20.0359 0948 CiSvc - ok
05:24:20.0390 0948 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
05:24:20.0390 0948 ClipSrv - ok
05:24:20.0468 0948 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:24:20.0609 0948 clr_optimization_v2.0.50727_32 - ok
05:24:20.0656 0948 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:24:20.0781 0948 clr_optimization_v4.0.30319_32 - ok
05:24:20.0812 0948 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
05:24:20.0812 0948 CmBatt - ok
05:24:20.0828 0948 CmdIde - ok
05:24:20.0843 0948 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
05:24:20.0843 0948 Compbatt - ok
05:24:20.0859 0948 COMSysApp - ok
05:24:20.0875 0948 Cpqarray - ok
05:24:20.0921 0948 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
05:24:20.0937 0948 CryptSvc - ok
05:24:20.0937 0948 dac2w2k - ok
05:24:20.0953 0948 dac960nt - ok
05:24:20.0984 0948 [ 90F8539FA0DE4AAFE4FDBE7F95D6A512 ] dc3d C:\WINDOWS\system32\DRIVERS\dc3d.sys
05:24:20.0984 0948 dc3d - ok
05:24:21.0062 0948 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
05:24:21.0078 0948 DcomLaunch - ok
05:24:21.0109 0948 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
05:24:21.0109 0948 Dhcp - ok
05:24:21.0140 0948 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
05:24:21.0140 0948 Disk - ok
05:24:21.0156 0948 dmadmin - ok
05:24:21.0218 0948 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
05:24:21.0234 0948 dmboot - ok
05:24:21.0265 0948 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
05:24:21.0265 0948 dmio - ok
05:24:21.0312 0948 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
05:24:21.0312 0948 dmload - ok
05:24:21.0343 0948 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
05:24:21.0343 0948 dmserver - ok
05:24:21.0390 0948 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
05:24:21.0390 0948 DMusic - ok
05:24:21.0437 0948 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
05:24:21.0453 0948 Dnscache - ok
05:24:21.0468 0948 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
05:24:21.0484 0948 Dot3svc - ok
05:24:21.0500 0948 dpti2o - ok
05:24:21.0515 0948 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
05:24:21.0515 0948 drmkaud - ok
05:24:21.0562 0948 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
05:24:21.0578 0948 EapHost - ok
05:24:21.0593 0948 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
05:24:21.0593 0948 ERSvc - ok
05:24:21.0656 0948 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
05:24:21.0671 0948 Eventlog - ok
05:24:21.0765 0948 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
05:24:21.0781 0948 EventSystem - ok
05:24:21.0828 0948 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
05:24:21.0828 0948 Fastfat - ok
05:24:21.0875 0948 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
05:24:21.0906 0948 FastUserSwitchingCompatibility - ok
05:24:21.0953 0948 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
05:24:21.0953 0948 Fdc - ok
05:24:22.0000 0948 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
05:24:22.0000 0948 Fips - ok
05:24:22.0015 0948 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
05:24:22.0015 0948 Flpydisk - ok
05:24:22.0078 0948 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
05:24:22.0078 0948 FltMgr - ok
05:24:22.0125 0948 [ A9E2DF40ED6EC9E8885DA72B6E1818F3 ] FNETTBOH C:\WINDOWS\system32\drivers\FNETTBOH.SYS
05:24:22.0125 0948 FNETTBOH - ok
05:24:22.0140 0948 [ 784FFBA7EE5C5F3A396407E4712F72F0 ] FNETURPX C:\WINDOWS\system32\drivers\FNETURPX.SYS
05:24:22.0140 0948 FNETURPX - ok
05:24:22.0218 0948 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
05:24:22.0218 0948 FontCache3.0.0.0 - ok
05:24:22.0250 0948 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:24:22.0265 0948 Fs_Rec - ok
05:24:22.0281 0948 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:24:22.0281 0948 Ftdisk - ok
05:24:22.0296 0948 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:24:22.0296 0948 Gpc - ok
05:24:22.0359 0948 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
05:24:22.0359 0948 guardian2 - ok
05:24:22.0453 0948 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
05:24:22.0453 0948 gupdate - ok
05:24:22.0468 0948 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
05:24:22.0468 0948 gupdatem - ok
05:24:22.0515 0948 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
05:24:22.0531 0948 gusvc - ok
05:24:22.0578 0948 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:24:22.0593 0948 HDAudBus - ok
05:24:22.0656 0948 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
05:24:22.0671 0948 helpsvc - ok
05:24:22.0671 0948 HidServ - ok
05:24:22.0718 0948 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
05:24:22.0734 0948 hkmsvc - ok
05:24:22.0750 0948 hpn - ok
05:24:22.0812 0948 [ 290CDBB05903742EA06B7203C5A662F5 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
05:24:22.0812 0948 HSFHWAZL - ok
05:24:22.0875 0948 [ 7AB812355F98858B9ECDD46E6FCC221F ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
05:24:22.0890 0948 HSF_DPV - ok
05:24:22.0953 0948 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
05:24:22.0953 0948 HTTP - ok
05:24:23.0015 0948 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
05:24:23.0078 0948 HTTPFilter - ok
05:24:23.0078 0948 i2omgmt - ok
05:24:23.0093 0948 i2omp - ok
05:24:23.0125 0948 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:24:23.0140 0948 i8042prt - ok
05:24:23.0218 0948 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:24:23.0250 0948 idsvc - ok
05:24:23.0265 0948 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
05:24:23.0265 0948 Imapi - ok
05:24:23.0312 0948 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
05:24:23.0328 0948 ImapiService - ok
05:24:23.0328 0948 imvt - ok
05:24:23.0343 0948 ini910u - ok
05:24:23.0359 0948 IntelIde - ok
05:24:23.0406 0948 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:24:23.0406 0948 intelppm - ok
05:24:23.0421 0948 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
05:24:23.0421 0948 Ip6Fw - ok
05:24:23.0453 0948 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:24:23.0453 0948 IpFilterDriver - ok
05:24:23.0484 0948 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:24:23.0484 0948 IpInIp - ok
05:24:23.0500 0948 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:24:23.0515 0948 IpNat - ok
05:24:23.0562 0948 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:24:23.0562 0948 IPSec - ok
05:24:23.0625 0948 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
05:24:23.0625 0948 IRENUM - ok
05:24:23.0671 0948 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:24:23.0671 0948 isapnp - ok
05:24:23.0765 0948 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
05:24:23.0765 0948 JavaQuickStarterService - ok
05:24:23.0812 0948 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:24:23.0812 0948 Kbdclass - ok
05:24:23.0843 0948 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
05:24:23.0843 0948 kmixer - ok
05:24:23.0875 0948 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
05:24:23.0875 0948 KSecDD - ok
05:24:23.0953 0948 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
05:24:23.0968 0948 LanmanServer - ok
05:24:24.0031 0948 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
05:24:24.0046 0948 lanmanworkstation - ok
05:24:24.0062 0948 lbrtfdc - ok
05:24:24.0109 0948 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
05:24:24.0125 0948 LmHosts - ok
05:24:24.0171 0948 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
05:24:24.0171 0948 MBAMSwissArmy - ok
05:24:24.0187 0948 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
05:24:24.0187 0948 mdmxsdk - ok
05:24:24.0203 0948 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
05:24:24.0218 0948 Messenger - ok
05:24:24.0281 0948 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
05:24:24.0281 0948 mnmdd - ok
05:24:24.0328 0948 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
05:24:24.0343 0948 mnmsrvc - ok
05:24:24.0375 0948 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
05:24:24.0375 0948 Modem - ok
05:24:24.0390 0948 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:24:24.0390 0948 Mouclass - ok
05:24:24.0406 0948 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
05:24:24.0406 0948 MountMgr - ok
05:24:24.0421 0948 mraid35x - ok
05:24:24.0437 0948 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:24:24.0453 0948 MRxDAV - ok
05:24:24.0515 0948 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:24:24.0515 0948 MRxSmb - ok
05:24:24.0578 0948 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
05:24:24.0578 0948 MSDTC - ok
05:24:24.0609 0948 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
05:24:24.0609 0948 Msfs - ok
05:24:24.0625 0948 MSIServer - ok
05:24:24.0671 0948 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:24:24.0671 0948 MSKSSRV - ok
05:24:24.0718 0948 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:24:24.0718 0948 MSPCLOCK - ok
05:24:24.0750 0948 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
05:24:24.0750 0948 MSPQM - ok
05:24:24.0796 0948 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:24:24.0796 0948 mssmbios - ok
05:24:24.0828 0948 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
05:24:24.0828 0948 MSTEE - ok
05:24:24.0843 0948 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
05:24:24.0859 0948 Mup - ok
05:24:24.0875 0948 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:24:24.0890 0948 NABTSFEC - ok
05:24:24.0937 0948 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
05:24:24.0953 0948 napagent - ok
05:24:24.0984 0948 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
05:24:25.0000 0948 NDIS - ok
05:24:25.0015 0948 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:24:25.0031 0948 NdisIP - ok
05:24:25.0062 0948 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:24:25.0062 0948 NdisTapi - ok
05:24:25.0109 0948 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:24:25.0125 0948 Ndisuio - ok
05:24:25.0171 0948 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:24:25.0171 0948 NdisWan - ok
05:24:25.0218 0948 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
05:24:25.0234 0948 NDProxy - ok
05:24:25.0250 0948 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
05:24:25.0250 0948 NetBIOS - ok
05:24:25.0281 0948 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
05:24:25.0281 0948 NetBT - ok
05:24:25.0312 0948 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
05:24:25.0328 0948 NetDDE - ok
05:24:25.0343 0948 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
05:24:25.0343 0948 NetDDEdsdm - ok
05:24:25.0375 0948 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
05:24:25.0390 0948 Netlogon - ok
05:24:25.0421 0948 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
05:24:25.0437 0948 Netman - ok
05:24:25.0468 0948 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
05:24:25.0500 0948 NetTcpPortSharing - ok
05:24:25.0546 0948 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:24:25.0546 0948 NIC1394 - ok
05:24:25.0703 0948 [ 27D38B7D646283D98D65E3435B1E6197 ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
05:24:25.0703 0948 NICCONFIGSVC - ok
05:24:25.0781 0948 [ 326D050EF23AC4518EFC1BB06CFAE530 ] NitroReaderDriverReadSpool C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
05:24:25.0781 0948 NitroReaderDriverReadSpool - ok
05:24:25.0812 0948 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
05:24:25.0828 0948 Nla - ok
05:24:25.0843 0948 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
05:24:25.0859 0948 Npfs - ok
05:24:25.0890 0948 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
05:24:25.0906 0948 Ntfs - ok
05:24:25.0921 0948 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
05:24:25.0937 0948 NtLmSsp - ok
05:24:25.0984 0948 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
05:24:26.0000 0948 NtmsSvc - ok
05:24:26.0015 0948 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
05:24:26.0015 0948 Null - ok
05:24:26.0359 0948 [ E036D93B0E073650CF6CF826CD9E1FBE ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
05:24:26.0468 0948 nv - ok
05:24:26.0500 0948 [ 8CE9B8F0E1D36BAE1C9FCC0693FE09BF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
05:24:26.0515 0948 NVSvc - ok
05:24:26.0546 0948 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:24:26.0546 0948 NwlnkFlt - ok
05:24:26.0562 0948 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:24:26.0562 0948 NwlnkFwd - ok
05:24:26.0578 0948 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:24:26.0578 0948 ohci1394 - ok
05:24:26.0609 0948 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
05:24:26.0609 0948 Parport - ok
05:24:26.0625 0948 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
05:24:26.0625 0948 PartMgr - ok
05:24:26.0671 0948 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
05:24:26.0671 0948 ParVdm - ok
05:24:26.0734 0948 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
05:24:26.0734 0948 PCI - ok
05:24:26.0734 0948 PCIDump - ok
05:24:26.0750 0948 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
05:24:26.0750 0948 PCIIde - ok
05:24:26.0796 0948 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
05:24:26.0796 0948 Pcmcia - ok
05:24:26.0812 0948 PDCOMP - ok
05:24:26.0812 0948 PDFRAME - ok
05:24:26.0812 0948 PDRELI - ok
05:24:26.0828 0948 PDRFRAME - ok
05:24:26.0828 0948 perc2 - ok
05:24:26.0828 0948 perc2hib - ok
05:24:26.0843 0948 PEVSystemStart - ok
05:24:26.0843 0948 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
05:24:26.0859 0948 PlugPlay - ok
05:24:26.0875 0948 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
05:24:26.0875 0948 PolicyAgent - ok
05:24:26.0890 0948 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:24:26.0890 0948 PptpMiniport - ok
05:24:26.0906 0948 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
05:24:26.0906 0948 ProtectedStorage - ok
05:24:26.0921 0948 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
05:24:26.0921 0948 PSched - ok
05:24:26.0921 0948 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:24:26.0921 0948 Ptilink - ok
05:24:26.0937 0948 ql1080 - ok
05:24:26.0937 0948 Ql10wnt - ok
05:24:26.0937 0948 ql12160 - ok
05:24:26.0953 0948 ql1240 - ok
05:24:26.0953 0948 ql1280 - ok
05:24:26.0953 0948 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:24:26.0953 0948 RasAcd - ok
05:24:26.0968 0948 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
05:24:26.0968 0948 RasAuto - ok
05:24:26.0984 0948 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:24:26.0984 0948 Rasl2tp - ok
05:24:27.0000 0948 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
05:24:27.0015 0948 RasMan - ok
05:24:27.0031 0948 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:24:27.0031 0948 RasPppoe - ok
05:24:27.0031 0948 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
05:24:27.0031 0948 Raspti - ok
05:24:27.0046 0948 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:24:27.0046 0948 Rdbss - ok
05:24:27.0046 0948 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:24:27.0046 0948 RDPCDD - ok
05:24:27.0109 0948 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:24:27.0109 0948 rdpdr - ok
05:24:27.0171 0948 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
05:24:27.0171 0948 RDPWD - ok
05:24:27.0218 0948 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
05:24:27.0234 0948 RDSessMgr - ok
05:24:27.0265 0948 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
05:24:27.0265 0948 redbook - ok
05:24:27.0328 0948 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
05:24:27.0328 0948 RemoteAccess - ok
05:24:27.0390 0948 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
05:24:27.0406 0948 RemoteRegistry - ok
05:24:27.0453 0948 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
05:24:27.0453 0948 rimmptsk - ok
05:24:27.0468 0948 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
05:24:27.0468 0948 rimsptsk - ok
05:24:27.0484 0948 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
05:24:27.0484 0948 rismxdp - ok
05:24:27.0515 0948 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
05:24:27.0515 0948 RpcLocator - ok
05:24:27.0562 0948 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
05:24:27.0593 0948 RpcSs - ok
05:24:27.0625 0948 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
05:24:27.0656 0948 RSVP - ok
05:24:27.0703 0948 [ D40E3CEC0813F6B812BB556F809DEE49 ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
05:24:27.0718 0948 RT73 - ok
05:24:27.0734 0948 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
05:24:27.0750 0948 SamSs - ok
05:24:27.0796 0948 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
05:24:27.0828 0948 SCardSvr - ok
05:24:27.0890 0948 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
05:24:27.0906 0948 Schedule - ok
05:24:27.0921 0948 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
05:24:27.0921 0948 sdbus - ok
05:24:27.0937 0948 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:24:27.0953 0948 Secdrv - ok
05:24:27.0968 0948 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
05:24:27.0984 0948 seclogon - ok
05:24:28.0015 0948 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
05:24:28.0031 0948 SENS - ok
05:24:28.0046 0948 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
05:24:28.0046 0948 Serial - ok
05:24:28.0078 0948 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
05:24:28.0093 0948 sffdisk - ok
05:24:28.0093 0948 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
05:24:28.0109 0948 sffp_sd - ok
05:24:28.0125 0948 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
05:24:28.0125 0948 Sfloppy - ok
05:24:28.0156 0948 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
05:24:28.0171 0948 SharedAccess - ok
05:24:28.0187 0948 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
05:24:28.0218 0948 ShellHWDetection - ok
05:24:28.0218 0948 Simbad - ok
05:24:28.0281 0948 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:24:28.0281 0948 SLIP - ok
05:24:28.0296 0948 Sparrow - ok
05:24:28.0343 0948 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
05:24:28.0343 0948 splitter - ok
05:24:28.0390 0948 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
05:24:28.0421 0948 Spooler - ok
05:24:28.0468 0948 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
05:24:28.0468 0948 sr - ok
05:24:28.0500 0948 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
05:24:28.0515 0948 srservice - ok
05:24:28.0578 0948 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
05:24:28.0593 0948 Srv - ok
05:24:28.0640 0948 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
05:24:28.0656 0948 SSDPSRV - ok
05:24:28.0765 0948 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
05:24:28.0781 0948 STHDA - ok
05:24:28.0859 0948 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
05:24:28.0890 0948 stisvc - ok
05:24:28.0906 0948 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:24:28.0906 0948 streamip - ok
05:24:28.0921 0948 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
05:24:28.0921 0948 swenum - ok
05:24:28.0937 0948 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
05:24:28.0937 0948 swmidi - ok
05:24:28.0953 0948 SwPrv - ok
05:24:28.0968 0948 symc810 - ok
05:24:28.0968 0948 symc8xx - ok
05:24:28.0984 0948 sym_hi - ok
05:24:28.0984 0948 sym_u3 - ok
05:24:29.0062 0948 [ DC1E7EE0A6494CD79D624BD8D5DA8BFB ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
05:24:29.0062 0948 SynTP - ok
05:24:29.0093 0948 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
05:24:29.0093 0948 sysaudio - ok
05:24:29.0125 0948 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
05:24:29.0140 0948 SysmonLog - ok
05:24:29.0203 0948 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
05:24:29.0234 0948 TapiSrv - ok
05:24:29.0281 0948 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:24:29.0296 0948 Tcpip - ok
05:24:29.0343 0948 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
05:24:29.0343 0948 TDPIPE - ok
05:24:29.0359 0948 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
05:24:29.0359 0948 TDTCP - ok
05:24:29.0375 0948 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
05:24:29.0390 0948 TermDD - ok
05:24:29.0421 0948 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
05:24:29.0453 0948 TermService - ok
05:24:29.0468 0948 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
05:24:29.0484 0948 Themes - ok
05:24:29.0531 0948 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
05:24:29.0546 0948 TlntSvr - ok
05:24:29.0562 0948 TosIde - ok
05:24:29.0609 0948 [ 8D624D3BD1F2D78BD1C01A2D4E954B4E ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys
05:24:29.0609 0948 tosporte - ok
05:24:29.0640 0948 [ 8C3BFAF3FCA90502E6FA35503B8E979E ] tosrfbd C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
05:24:29.0640 0948 tosrfbd - ok
05:24:29.0687 0948 [ 90C8525BC578AAFFE87C2D0ED4379E9E ] tosrfbnp C:\WINDOWS\system32\Drivers\tosrfbnp.sys
05:24:29.0687 0948 tosrfbnp - ok
05:24:29.0718 0948 [ 4742F0BAD28268AB093ED6F4EA857997 ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys
05:24:29.0718 0948 Tosrfcom - ok
05:24:29.0718 0948 [ 7C807BA9660E2995CC0217A14A24094C ] Tosrfhid C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
05:24:29.0734 0948 Tosrfhid - ok
05:24:29.0765 0948 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
05:24:29.0781 0948 tosrfnds - ok
05:24:29.0781 0948 [ 01C90086CD37E7E8D9A827E24167FCB7 ] Tosrfusb C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
05:24:29.0796 0948 Tosrfusb - ok
05:24:29.0843 0948 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
05:24:29.0875 0948 TrkWks - ok
05:24:29.0890 0948 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
05:24:29.0906 0948 Udfs - ok
05:24:29.0906 0948 ultra - ok
05:24:29.0984 0948 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
05:24:29.0984 0948 Update - ok
05:24:30.0031 0948 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
05:24:30.0046 0948 upnphost - ok
05:24:30.0078 0948 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
05:24:30.0093 0948 UPS - ok
05:24:30.0140 0948 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:24:30.0140 0948 usbccgp - ok
05:24:30.0187 0948 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:24:30.0203 0948 usbehci - ok
05:24:30.0203 0948 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:24:30.0218 0948 usbhub - ok
05:24:30.0281 0948 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:24:30.0281 0948 usbstor - ok
05:24:30.0296 0948 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:24:30.0296 0948 usbuhci - ok
05:24:30.0328 0948 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
05:24:30.0328 0948 usbvideo - ok
05:24:30.0343 0948 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
05:24:30.0359 0948 VgaSave - ok
05:24:30.0359 0948 ViaIde - ok
05:24:30.0390 0948 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
05:24:30.0390 0948 VolSnap - ok
05:24:30.0437 0948 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
05:24:30.0468 0948 VSS - ok
05:24:30.0515 0948 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
05:24:30.0531 0948 W32Time - ok
05:24:30.0546 0948 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:24:30.0546 0948 Wanarp - ok
05:24:30.0609 0948 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
05:24:30.0625 0948 Wdf01000 - ok
05:24:30.0640 0948 WDICA - ok
05:24:30.0656 0948 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
05:24:30.0656 0948 wdmaud - ok
05:24:30.0671 0948 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
05:24:30.0703 0948 WebClient - ok
05:24:30.0750 0948 [ A8596CF86D445269A42ECC08B7066A4C ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
05:24:30.0765 0948 winachsf - ok
05:24:30.0875 0948 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
05:24:30.0890 0948 winmgmt - ok
05:24:30.0906 0948 wltrysvc - ok
05:24:30.0953 0948 [ 482069CDA24AA0E94B1351E30EB3D01F ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
05:24:30.0968 0948 WmdmPmSN - ok
05:24:31.0015 0948 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
05:24:31.0015 0948 Wmi - ok
05:24:31.0046 0948 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
05:24:31.0046 0948 WmiAcpi - ok
05:24:31.0078 0948 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
05:24:31.0078 0948 WmiApSrv - ok
05:24:31.0187 0948 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
05:24:31.0203 0948 WPFFontCache_v0400 - ok
05:24:31.0265 0948 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
05:24:31.0265 0948 WS2IFSL - ok
05:24:31.0312 0948 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
05:24:31.0343 0948 wscsvc - ok
05:24:31.0375 0948 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:24:31.0390 0948 WSTCODEC - ok
05:24:31.0437 0948 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
05:24:31.0453 0948 wuauserv - ok
05:24:31.0484 0948 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
05:24:31.0515 0948 WZCSVC - ok
05:24:31.0562 0948 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
05:24:31.0609 0948 xmlprov - ok
05:24:31.0640 0948 ================ Scan global ===============================
05:24:31.0671 0948 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
05:24:31.0734 0948 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
05:24:31.0765 0948 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
05:24:31.0812 0948 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
05:24:31.0828 0948 [Global] - ok
05:24:31.0828 0948 ================ Scan MBR ==================================
05:24:31.0859 0948 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
05:24:32.0171 0948 \Device\Harddisk0\DR0 - ok
05:24:32.0171 0948 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR2
05:24:32.0328 0948 \Device\Harddisk1\DR2 - ok
05:24:32.0328 0948 ================ Scan VBR ==================================
05:24:32.0343 0948 [ A08AC86EE51706393292FEEACBB4405A ] \Device\Harddisk0\DR0\Partition1
05:24:32.0343 0948 \Device\Harddisk0\DR0\Partition1 - ok
05:24:32.0343 0948 [ 125AD0DE4C11A39CFF4CD9A93FB308D0 ] \Device\Harddisk1\DR2\Partition1
05:24:32.0359 0948 \Device\Harddisk1\DR2\Partition1 - ok
05:24:32.0359 0948 ================ Scan active images ========================
05:24:32.0359 0948 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
05:24:32.0359 0948 C:\WINDOWS\system32\drivers\intelppm.sys - ok
05:24:32.0359 0948 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
05:24:32.0359 0948 C:\WINDOWS\system32\drivers\videoprt.sys - ok
05:24:32.0375 0948 [ E036D93B0E073650CF6CF826CD9E1FBE ] C:\WINDOWS\system32\drivers\nv4_mini.sys
05:24:32.0375 0948 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
05:24:32.0375 0948 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
05:24:32.0375 0948 C:\WINDOWS\system32\drivers\usbehci.sys - ok
05:24:32.0390 0948 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
05:24:32.0390 0948 C:\WINDOWS\system32\drivers\usbport.sys - ok
05:24:32.0390 0948 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
05:24:32.0390 0948 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
05:24:32.0406 0948 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
05:24:32.0406 0948 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
05:24:32.0406 0948 [ 345D38F298368DD6B0DF5C4F37457A22 ] C:\WINDOWS\system32\drivers\BCMWL5.SYS
05:24:32.0406 0948 C:\WINDOWS\system32\drivers\BCMWL5.SYS - ok
05:24:32.0421 0948 [ D0692F7B8217E3B82D2BFAC535816117 ] C:\WINDOWS\system32\drivers\b57xp32.sys
05:24:32.0421 0948 C:\WINDOWS\system32\drivers\b57xp32.sys - ok
05:24:32.0421 0948 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
05:24:32.0421 0948 C:\WINDOWS\system32\drivers\nic1394.sys - ok
05:24:32.0437 0948 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] C:\WINDOWS\system32\drivers\sdbus.sys
05:24:32.0437 0948 C:\WINDOWS\system32\drivers\sdbus.sys - ok
05:24:32.0437 0948 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
05:24:32.0437 0948 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
05:24:32.0453 0948 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] C:\WINDOWS\system32\drivers\rimmptsk.sys
05:24:32.0453 0948 C:\WINDOWS\system32\drivers\rimmptsk.sys - ok
05:24:32.0453 0948 [ A4216C71DD4F60B26418CCFD99CD0815 ] C:\WINDOWS\system32\drivers\rimsptsk.sys
05:24:32.0453 0948 C:\WINDOWS\system32\drivers\rimsptsk.sys - ok
05:24:32.0468 0948 [ D231B577024AA324AF13A42F3A807D10 ] C:\WINDOWS\system32\drivers\rixdptsk.sys
05:24:32.0468 0948 C:\WINDOWS\system32\drivers\rixdptsk.sys - ok
05:24:32.0468 0948 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
05:24:32.0468 0948 C:\WINDOWS\system32\drivers\usbd.sys - ok
05:24:32.0484 0948 [ DC1E7EE0A6494CD79D624BD8D5DA8BFB ] C:\WINDOWS\system32\drivers\SynTP.sys
05:24:32.0484 0948 C:\WINDOWS\system32\drivers\SynTP.sys - ok
05:24:32.0484 0948 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
05:24:32.0484 0948 C:\WINDOWS\system32\drivers\mouclass.sys - ok
05:24:32.0484 0948 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
05:24:32.0484 0948 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
05:24:32.0484 0948 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
05:24:32.0484 0948 C:\WINDOWS\system32\drivers\imapi.sys - ok
05:24:32.0500 0948 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
05:24:32.0500 0948 C:\WINDOWS\system32\drivers\cdrom.sys - ok
05:24:32.0500 0948 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
05:24:32.0500 0948 C:\WINDOWS\system32\drivers\ks.sys - ok
05:24:32.0500 0948 [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\CmBatt.sys
05:24:32.0500 0948 C:\WINDOWS\system32\drivers\CmBatt.sys - ok
05:24:32.0515 0948 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
05:24:32.0515 0948 C:\WINDOWS\system32\drivers\redbook.sys - ok
05:24:32.0515 0948 [ 4742F0BAD28268AB093ED6F4EA857997 ] C:\WINDOWS\system32\drivers\tosrfcom.sys
05:24:32.0515 0948 C:\WINDOWS\system32\drivers\tosrfcom.sys - ok
05:24:32.0515 0948 [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
05:24:32.0515 0948 C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
05:24:32.0515 0948 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
05:24:32.0515 0948 C:\WINDOWS\system32\drivers\audstub.sys - ok
05:24:32.0531 0948 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
05:24:32.0531 0948 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
05:24:32.0531 0948 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
05:24:32.0531 0948 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
05:24:32.0531 0948 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
05:24:32.0531 0948 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
05:24:32.0546 0948 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
05:24:32.0546 0948 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
05:24:32.0546 0948 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
05:24:32.0546 0948 C:\WINDOWS\system32\drivers\tdi.sys - ok
05:24:32.0546 0948 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
05:24:32.0546 0948 C:\WINDOWS\system32\drivers\msgpc.sys - ok
05:24:32.0546 0948 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
05:24:32.0546 0948 C:\WINDOWS\system32\drivers\psched.sys - ok
05:24:32.0562 0948 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
05:24:32.0562 0948 C:\WINDOWS\system32\drivers\raspptp.sys - ok
05:24:32.0562 0948 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
05:24:32.0562 0948 C:\WINDOWS\system32\drivers\ptilink.sys - ok
05:24:32.0562 0948 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
05:24:32.0562 0948 C:\WINDOWS\system32\drivers\raspti.sys - ok
05:24:32.0578 0948 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
05:24:32.0578 0948 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
05:24:32.0578 0948 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
05:24:32.0578 0948 C:\WINDOWS\system32\drivers\termdd.sys - ok
05:24:32.0578 0948 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
05:24:32.0578 0948 C:\WINDOWS\system32\drivers\swenum.sys - ok
05:24:32.0578 0948 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
05:24:32.0578 0948 C:\WINDOWS\system32\drivers\update.sys - ok
05:24:32.0593 0948 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
05:24:32.0593 0948 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
05:24:32.0593 0948 [ 8D624D3BD1F2D78BD1C01A2D4E954B4E ] C:\WINDOWS\system32\drivers\tosporte.sys
05:24:32.0593 0948 C:\WINDOWS\system32\drivers\tosporte.sys - ok
05:24:32.0593 0948 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
05:24:32.0593 0948 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
05:24:32.0609 0948 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
05:24:32.0609 0948 C:\WINDOWS\system32\drivers\usbhub.sys - ok
05:24:32.0609 0948 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
05:24:32.0609 0948 C:\WINDOWS\system32\drivers\drmk.sys - ok
05:24:32.0609 0948 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
05:24:32.0609 0948 C:\WINDOWS\system32\drivers\portcls.sys - ok
05:24:32.0609 0948 [ 951801DFB54D86F611F0AF47825476F9 ] C:\WINDOWS\system32\drivers\sthda.sys
05:24:32.0609 0948 C:\WINDOWS\system32\drivers\sthda.sys - ok
05:24:32.0625 0948 [ 290CDBB05903742EA06B7203C5A662F5 ] C:\WINDOWS\system32\drivers\HSFHWAZL.sys
05:24:32.0625 0948 C:\WINDOWS\system32\drivers\HSFHWAZL.sys - ok
05:24:32.0625 0948 [ 7AB812355F98858B9ECDD46E6FCC221F ] C:\WINDOWS\system32\drivers\HSF_DPV.sys
05:24:32.0625 0948 C:\WINDOWS\system32\drivers\HSF_DPV.sys - ok
05:24:32.0625 0948 [ A8596CF86D445269A42ECC08B7066A4C ] C:\WINDOWS\system32\drivers\HSF_CNXT.sys
05:24:32.0625 0948 C:\WINDOWS\system32\drivers\HSF_CNXT.sys - ok
05:24:32.0625 0948 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
05:24:32.0640 0948 C:\WINDOWS\system32\drivers\modem.sys - ok
05:24:32.0640 0948 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
05:24:32.0640 0948 C:\WINDOWS\system32\drivers\fdc.sys - ok
05:24:32.0640 0948 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
05:24:32.0640 0948 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
05:24:32.0640 0948 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
05:24:32.0640 0948 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
05:24:32.0656 0948 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
05:24:32.0656 0948 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
05:24:32.0656 0948 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
05:24:32.0656 0948 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
05:24:32.0656 0948 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
05:24:32.0656 0948 C:\WINDOWS\system32\drivers\beep.sys - ok
05:24:32.0671 0948 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
05:24:32.0671 0948 C:\WINDOWS\system32\drivers\null.sys - ok
05:24:32.0671 0948 [ 784FFBA7EE5C5F3A396407E4712F72F0 ] C:\WINDOWS\system32\drivers\FNETURPX.SYS
05:24:32.0671 0948 C:\WINDOWS\system32\drivers\FNETURPX.SYS - ok
05:24:32.0671 0948 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
05:24:32.0671 0948 C:\WINDOWS\system32\drivers\vga.sys - ok
05:24:32.0671 0948 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
05:24:32.0671 0948 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
05:24:32.0687 0948 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
05:24:32.0687 0948 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
05:24:32.0687 0948 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
05:24:32.0687 0948 C:\WINDOWS\system32\drivers\msfs.sys - ok
05:24:32.0687 0948 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
05:24:32.0687 0948 C:\WINDOWS\system32\drivers\ipsec.sys - ok
05:24:32.0703 0948 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
05:24:32.0703 0948 C:\WINDOWS\system32\drivers\npfs.sys - ok
05:24:32.0703 0948 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
05:24:32.0703 0948 C:\WINDOWS\system32\drivers\rasacd.sys - ok
05:24:32.0703 0948 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
05:24:32.0703 0948 C:\WINDOWS\system32\drivers\tcpip.sys - ok
05:24:32.0703 0948 [ 6FF544175A9180C5D88534D3D9C9A9F7 ] C:\WINDOWS\system32\drivers\aswTdi.sys
05:24:32.0703 0948 C:\WINDOWS\system32\drivers\aswTdi.sys - ok
05:24:32.0718 0948 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
05:24:32.0718 0948 C:\WINDOWS\system32\drivers\ipnat.sys - ok
05:24:32.0718 0948 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
05:24:32.0718 0948 C:\WINDOWS\system32\drivers\netbt.sys - ok
05:24:32.0718 0948 [ DA12626FD9A67F4E917E2F2FBE1E1764 ] C:\WINDOWS\system32\drivers\aswRdr.sys
05:24:32.0718 0948 C:\WINDOWS\system32\drivers\aswRdr.sys - ok
05:24:32.0734 0948 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
05:24:32.0734 0948 C:\WINDOWS\system32\drivers\afd.sys - ok
05:24:32.0734 0948 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
05:24:32.0734 0948 C:\WINDOWS\system32\drivers\netbios.sys - ok
05:24:32.0734 0948 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
05:24:32.0734 0948 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
05:24:32.0750 0948 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
05:24:32.0750 0948 C:\WINDOWS\system32\drivers\rdbss.sys - ok
05:24:32.0750 0948 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
05:24:32.0750 0948 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
05:24:32.0750 0948 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
05:24:32.0750 0948 C:\WINDOWS\system32\drivers\fips.sys - ok
05:24:32.0750 0948 [ B32873E5A1443C0A1E322266E203BF10 ] C:\WINDOWS\system32\drivers\aswSP.sys
05:24:32.0750 0948 C:\WINDOWS\system32\drivers\aswSP.sys - ok
05:24:32.0765 0948 [ DCB199B967375753B5019EC15F008F53 ] C:\WINDOWS\system32\drivers\aswSnx.sys
05:24:32.0765 0948 C:\WINDOWS\system32\drivers\aswSnx.sys - ok
05:24:32.0765 0948 [ EC94E05B76D033B74394E7B2175103CF ] C:\WINDOWS\system32\drivers\APPDRV.SYS
05:24:32.0765 0948 C:\WINDOWS\system32\drivers\APPDRV.SYS - ok
05:24:32.0765 0948 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
05:24:32.0765 0948 C:\WINDOWS\system32\drivers\usbstor.sys - ok
05:24:32.0781 0948 [ 473F97EDC5A5312F3665AB2921196C0C ] C:\WINDOWS\system32\drivers\aavmker4.sys
05:24:32.0781 0948 C:\WINDOWS\system32\drivers\aavmker4.sys - ok
05:24:32.0781 0948 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
05:24:32.0781 0948 C:\WINDOWS\system32\drivers\wanarp.sys - ok
05:24:32.0781 0948 [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
05:24:32.0781 0948 C:\WINDOWS\system32\drivers\arp1394.sys - ok
05:24:32.0781 0948 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
05:24:32.0781 0948 C:\WINDOWS\system32\smss.exe - ok
05:24:32.0796 0948 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
05:24:32.0796 0948 C:\WINDOWS\system32\ntdll.dll - ok
05:24:32.0796 0948 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
05:24:32.0796 0948 C:\WINDOWS\system32\autochk.exe - ok
05:24:32.0796 0948 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
05:24:32.0796 0948 C:\WINDOWS\system32\sfcfiles.dll - ok
05:24:32.0812 0948 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
05:24:32.0812 0948 C:\WINDOWS\system32\drivers\cdfs.sys - ok
05:24:32.0812 0948 [ 017DAECF0ED3AA731313433601EC40FA ] C:\WINDOWS\system32\drivers\smclib.sys
05:24:32.0812 0948 C:\WINDOWS\system32\drivers\smclib.sys - ok
05:24:32.0812 0948 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] C:\WINDOWS\system32\drivers\oz776.sys
05:24:32.0812 0948 C:\WINDOWS\system32\drivers\oz776.sys - ok
05:24:32.0812 0948 [ 01C90086CD37E7E8D9A827E24167FCB7 ] C:\WINDOWS\system32\drivers\tosrfusb.sys
05:24:32.0812 0948 C:\WINDOWS\system32\drivers\tosrfusb.sys - ok
05:24:32.0828 0948 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
05:24:32.0828 0948 C:\WINDOWS\system32\drivers\wmilib.sys - ok
05:24:32.0828 0948 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
05:24:32.0828 0948 C:\WINDOWS\system32\drivers\atapi.sys - ok
05:24:32.0828 0948 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
05:24:32.0828 0948 C:\WINDOWS\system32\drivers\dxapi.sys - ok
05:24:32.0843 0948 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
05:24:32.0843 0948 C:\WINDOWS\system32\watchdog.sys - ok
05:24:32.0843 0948 [ DFF851C4D8977A26F95B929A0B89BB5D ] C:\WINDOWS\system32\win32k.sys
05:24:32.0843 0948 C:\WINDOWS\system32\win32k.sys - ok
05:24:32.0843 0948 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
05:24:32.0843 0948 C:\WINDOWS\system32\csrsrv.dll - ok
05:24:32.0843 0948 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
05:24:32.0843 0948 C:\WINDOWS\system32\csrss.exe - ok
05:24:32.0859 0948 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
05:24:32.0859 0948 C:\WINDOWS\system32\basesrv.dll - ok
05:24:32.0859 0948 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
05:24:32.0859 0948 C:\WINDOWS\system32\winsrv.dll - ok
05:24:32.0859 0948 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
05:24:32.0859 0948 C:\WINDOWS\system32\gdi32.dll - ok
05:24:32.0859 0948 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
05:24:32.0859 0948 C:\WINDOWS\system32\kernel32.dll - ok
05:24:32.0875 0948 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
05:24:32.0875 0948 C:\WINDOWS\system32\user32.dll - ok
05:24:32.0875 0948 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
05:24:32.0875 0948 C:\WINDOWS\system32\drivers\dxg.sys - ok
05:24:32.0875 0948 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
05:24:32.0875 0948 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
05:24:32.0890 0948 [ 4EE4C8579186A51C5663D50497D23933 ] C:\WINDOWS\system32\nv4_disp.dll
05:24:32.0890 0948 C:\WINDOWS\system32\nv4_disp.dll - ok
05:24:32.0890 0948 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
05:24:32.0890 0948 C:\WINDOWS\system32\vga.dll - ok
05:24:32.0890 0948 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
05:24:32.0890 0948 C:\WINDOWS\system32\winlogon.exe - ok
05:24:32.0890 0948 [ 026C3BD6F2F2FDC676ECED82062C9F47 ] C:\Program Files\AVAST Software\Avast\snxhk.dll
05:24:32.0890 0948 C:\Program Files\AVAST Software\Avast\snxhk.dll - ok
05:24:32.0906 0948 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
05:24:32.0906 0948 C:\WINDOWS\system32\sxs.dll - ok
05:24:32.0906 0948 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
05:24:32.0906 0948 C:\WINDOWS\system32\advapi32.dll - ok
05:24:32.0906 0948 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
05:24:32.0906 0948 C:\WINDOWS\system32\rpcrt4.dll - ok
05:24:32.0921 0948 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
05:24:32.0921 0948 C:\WINDOWS\system32\authz.dll - ok
05:24:32.0921 0948 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
05:24:32.0921 0948 C:\WINDOWS\system32\secur32.dll - ok
05:24:32.0921 0948 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
05:24:32.0921 0948 C:\WINDOWS\system32\msvcrt.dll - ok
05:24:32.0921 0948 [ 64416C6E07606720C1ECE6DD374BDFFD ] C:\WINDOWS\system32\crypt32.dll
05:24:32.0921 0948 C:\WINDOWS\system32\crypt32.dll - ok
05:24:32.0937 0948 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
05:24:32.0937 0948 C:\WINDOWS\system32\msasn1.dll - ok
05:24:32.0937 0948 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
05:24:32.0937 0948 C:\WINDOWS\system32\nddeapi.dll - ok
05:24:32.0937 0948 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
05:24:32.0937 0948 C:\WINDOWS\system32\profmap.dll - ok
05:24:32.0953 0948 [ 318230E845919255EF3C5D5E1E863631 ] C:\WINDOWS\system32\netapi32.dll
05:24:32.0953 0948 C:\WINDOWS\system32\netapi32.dll - ok
05:24:32.0953 0948 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
05:24:32.0953 0948 C:\WINDOWS\system32\userenv.dll - ok
05:24:32.0953 0948 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
05:24:32.0953 0948 C:\WINDOWS\system32\psapi.dll - ok
05:24:32.0953 0948 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
05:24:32.0953 0948 C:\WINDOWS\system32\regapi.dll - ok
05:24:32.0968 0948 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
05:24:32.0968 0948 C:\WINDOWS\system32\setupapi.dll - ok
05:24:32.0968 0948 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
05:24:32.0968 0948 C:\WINDOWS\system32\version.dll - ok
05:24:32.0968 0948 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
05:24:32.0968 0948 C:\WINDOWS\system32\winsta.dll - ok
05:24:32.0984 0948 [ 95F5C420E9BDD4C3569602911420A774 ] C:\WINDOWS\system32\wintrust.dll
05:24:32.0984 0948 C:\WINDOWS\system32\wintrust.dll - ok
05:24:32.0984 0948 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
05:24:32.0984 0948 C:\WINDOWS\system32\imagehlp.dll - ok
05:24:32.0984 0948 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
05:24:32.0984 0948 C:\WINDOWS\system32\ws2_32.dll - ok
05:24:32.0984 0948 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
05:24:32.0984 0948 C:\WINDOWS\system32\imm32.dll - ok
05:24:33.0000 0948 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
05:24:33.0000 0948 C:\WINDOWS\system32\ws2help.dll - ok
05:24:33.0000 0948 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
05:24:33.0000 0948 C:\WINDOWS\system32\kbdus.dll - ok
05:24:33.0000 0948 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
05:24:33.0000 0948 C:\WINDOWS\system32\msgina.dll - ok
05:24:33.0015 0948 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
05:24:33.0015 0948 C:\WINDOWS\system32\comctl32.dll - ok
05:24:33.0015 0948 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
05:24:33.0015 0948 C:\WINDOWS\system32\odbc32.dll - ok
05:24:33.0015 0948 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
05:24:33.0015 0948 C:\WINDOWS\system32\comdlg32.dll - ok
05:24:33.0015 0948 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
05:24:33.0015 0948 C:\WINDOWS\system32\shell32.dll - ok
05:24:33.0031 0948 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
05:24:33.0031 0948 C:\WINDOWS\system32\shlwapi.dll - ok
05:24:33.0031 0948 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
05:24:33.0031 0948 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
05:24:33.0031 0948 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
05:24:33.0031 0948 C:\WINDOWS\system32\odbcint.dll - ok
05:24:33.0046 0948 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
05:24:33.0046 0948 C:\WINDOWS\system32\shsvcs.dll - ok
05:24:33.0046 0948 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
05:24:33.0046 0948 C:\WINDOWS\system32\sfc.dll - ok
05:24:33.0046 0948 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
05:24:33.0046 0948 C:\WINDOWS\system32\sfc_os.dll - ok
05:24:33.0062 0948 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
05:24:33.0062 0948 C:\WINDOWS\system32\ole32.dll - ok
05:24:33.0062 0948 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
05:24:33.0062 0948 C:\WINDOWS\system32\apphelp.dll - ok
05:24:33.0062 0948 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
05:24:33.0062 0948 C:\WINDOWS\system32\lsass.exe - ok
05:24:33.0062 0948 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
05:24:33.0062 0948 C:\WINDOWS\system32\services.exe - ok
05:24:33.0078 0948 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
05:24:33.0078 0948 C:\WINDOWS\system32\lsasrv.dll - ok
05:24:33.0078 0948 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
05:24:33.0078 0948 C:\WINDOWS\system32\ncobjapi.dll - ok
05:24:33.0078 0948 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
05:24:33.0078 0948 C:\WINDOWS\system32\msvcp60.dll - ok
05:24:33.0093 0948 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
05:24:33.0093 0948 C:\WINDOWS\system32\mpr.dll - ok
05:24:33.0093 0948 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
05:24:33.0093 0948 C:\WINDOWS\system32\dnsapi.dll - ok
05:24:33.0093 0948 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
05:24:33.0093 0948 C:\WINDOWS\system32\ntdsapi.dll - ok
05:24:33.0093 0948 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
05:24:33.0093 0948 C:\WINDOWS\system32\scesrv.dll - ok
05:24:33.0109 0948 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
05:24:33.0109 0948 C:\WINDOWS\system32\umpnpmgr.dll - ok
05:24:33.0109 0948 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
05:24:33.0109 0948 C:\WINDOWS\system32\wldap32.dll - ok
05:24:33.0109 0948 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
05:24:33.0109 0948 C:\WINDOWS\system32\samlib.dll - ok
05:24:33.0125 0948 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
05:24:33.0125 0948 C:\WINDOWS\system32\shimeng.dll - ok
05:24:33.0125 0948 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
05:24:33.0125 0948 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
05:24:33.0125 0948 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
05:24:33.0125 0948 C:\WINDOWS\system32\samsrv.dll - ok
05:24:33.0125 0948 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
05:24:33.0125 0948 C:\WINDOWS\system32\cryptdll.dll - ok
05:24:33.0140 0948 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
05:24:33.0140 0948 C:\WINDOWS\AppPatch\AcGenral.dll - ok
05:24:33.0140 0948 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
05:24:33.0140 0948 C:\WINDOWS\system32\winmm.dll - ok
05:24:33.0140 0948 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
05:24:33.0140 0948 C:\WINDOWS\system32\oleaut32.dll - ok
05:24:33.0156 0948 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
05:24:33.0156 0948 C:\WINDOWS\system32\msacm32.dll - ok
05:24:33.0156 0948 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
05:24:33.0156 0948 C:\WINDOWS\system32\uxtheme.dll - ok
05:24:33.0156 0948 [ 83A083A42F97BCF3F8E016820178DDE2 ] C:\WINDOWS\system32\vct3216.acm
05:24:33.0156 0948 C:\WINDOWS\system32\vct3216.acm - ok
05:24:33.0156 0948 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
05:24:33.0156 0948 C:\WINDOWS\system32\msapsspc.dll - ok
05:24:33.0171 0948 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
05:24:33.0171 0948 C:\WINDOWS\system32\msvcrt40.dll - ok
05:24:33.0171 0948 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
05:24:33.0171 0948 C:\WINDOWS\system32\schannel.dll - ok
05:24:33.0171 0948 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
05:24:33.0171 0948 C:\WINDOWS\system32\digest.dll - ok
05:24:33.0187 0948 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
05:24:33.0187 0948 C:\WINDOWS\system32\msnsspc.dll - ok
05:24:33.0187 0948 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
05:24:33.0187 0948 C:\WINDOWS\system32\kerberos.dll - ok
05:24:33.0187 0948 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\MSCTFIME.IME
05:24:33.0187 0948 C:\WINDOWS\system32\MSCTFIME.IME - ok
05:24:33.0187 0948 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
05:24:33.0187 0948 C:\WINDOWS\system32\msprivs.dll - ok
05:24:33.0203 0948 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
05:24:33.0203 0948 C:\WINDOWS\system32\atmfd.dll - ok
05:24:33.0203 0948 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
05:24:33.0203 0948 C:\WINDOWS\system32\iphlpapi.dll - ok
05:24:33.0203 0948 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
05:24:33.0203 0948 C:\WINDOWS\system32\msv1_0.dll - ok
05:24:33.0218 0948 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
05:24:33.0218 0948 C:\WINDOWS\system32\netlogon.dll - ok
05:24:33.0218 0948 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
05:24:33.0218 0948 C:\WINDOWS\system32\w32time.dll - ok
05:24:33.0265 0948 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
05:24:33.0265 0948 C:\WINDOWS\system32\wdigest.dll - ok
05:24:33.0281 0948 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
05:24:33.0281 0948 C:\WINDOWS\system32\rsaenh.dll - ok
05:24:33.0281 0948 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
05:24:33.0281 0948 C:\WINDOWS\system32\winscard.dll - ok
05:24:33.0281 0948 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
05:24:33.0281 0948 C:\WINDOWS\system32\wtsapi32.dll - ok
05:24:33.0281 0948 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
05:24:33.0281 0948 C:\WINDOWS\system32\scecli.dll - ok
05:24:33.0296 0948 [ 0AE43C6C411254049279C2EE55630F95 ] C:\WINDOWS\system32\drivers\aswFsBlk.sys
05:24:33.0296 0948 C:\WINDOWS\system32\drivers\aswFsBlk.sys - ok
05:24:33.0296 0948 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
05:24:33.0296 0948 C:\WINDOWS\system32\svchost.exe - ok
05:24:33.0296 0948 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
05:24:33.0296 0948 C:\WINDOWS\system32\ntmarta.dll - ok
05:24:33.0296 0948 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
05:24:33.0296 0948 C:\WINDOWS\system32\rpcss.dll - ok
05:24:33.0296 0948 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
05:24:33.0296 0948 C:\WINDOWS\system32\xpsp2res.dll - ok
05:24:33.0312 0948 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
05:24:33.0312 0948 C:\WINDOWS\system32\eventlog.dll - ok
05:24:33.0312 0948 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
05:24:33.0312 0948 C:\WINDOWS\system32\dhcpcsvc.dll - ok
05:24:33.0312 0948 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
05:24:33.0312 0948 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
05:24:33.0312 0948 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
05:24:33.0312 0948 C:\WINDOWS\system32\dnsrslvr.dll - ok
05:24:33.0328 0948 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
05:24:33.0328 0948 C:\WINDOWS\system32\lmhsvc.dll - ok
05:24:33.0328 0948 [ 753443E1D2B8AD095420D48E76B5CA1C ] C:\WINDOWS\system32\WLTRYSVC.EXE
05:24:33.0328 0948 C:\WINDOWS\system32\WLTRYSVC.EXE - ok
05:24:33.0328 0948 [ 1169436EE42F860C7DB37A4692B38F0E ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
05:24:33.0328 0948 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll - ok
05:24:33.0328 0948 [ 244E13F78BA0F5A4C8495BD1481591B1 ] C:\WINDOWS\system32\BCMWLTRY.EXE
05:24:33.0328 0948 C:\WINDOWS\system32\BCMWLTRY.EXE - ok
05:24:33.0343 0948 [ 86D007E7A654B9A71D1D7D856B104353 ] C:\WINDOWS\system32\scardsvr.exe
05:24:33.0343 0948 C:\WINDOWS\system32\scardsvr.exe - ok
05:24:33.0343 0948 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
05:24:33.0343 0948 C:\WINDOWS\system32\logonui.exe - ok
05:24:33.0343 0948 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
05:24:33.0343 0948 C:\WINDOWS\system32\cscdll.dll - ok
05:24:33.0343 0948 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
05:24:33.0343 0948 C:\WINDOWS\system32\wkssvc.dll - ok
05:24:33.0359 0948 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
05:24:33.0359 0948 C:\WINDOWS\system32\dimsntfy.dll - ok
05:24:33.0359 0948 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
05:24:33.0359 0948 C:\WINDOWS\system32\cfgmgr32.dll - ok
05:24:33.0359 0948 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
05:24:33.0359 0948 C:\WINDOWS\system32\wlnotify.dll - ok
05:24:33.0359 0948 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
05:24:33.0359 0948 C:\WINDOWS\system32\powrprof.dll - ok
05:24:33.0359 0948 [ 6603C6C36A34B51D6AEA5F334CF83627 ] C:\WINDOWS\system32\bcm1xsup.dll
05:24:33.0359 0948 C:\WINDOWS\system32\bcm1xsup.dll - ok
05:24:33.0375 0948 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
05:24:33.0375 0948 C:\WINDOWS\system32\winspool.drv - ok
05:24:33.0375 0948 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
05:24:33.0375 0948 C:\WINDOWS\system32\duser.dll - ok
05:24:33.0375 0948 [ 4DF537A09034434EA9481B88AB1D3C25 ] C:\WINDOWS\system32\bcmwlpkt.dll
05:24:33.0375 0948 C:\WINDOWS\system32\bcmwlpkt.dll - ok
05:24:33.0375 0948 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
05:24:33.0375 0948 C:\WINDOWS\system32\msimg32.dll - ok
05:24:33.0390 0948 [ 4928AB3A304DDF05C354DE3807A4A66B ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
05:24:33.0390 0948 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll - ok
05:24:33.0390 0948 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
05:24:33.0390 0948 C:\WINDOWS\system32\oleacc.dll - ok
05:24:33.0390 0948 [ 8C53CCD787C381CD535D8DCCA12584D8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
05:24:33.0390 0948 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll - ok
05:24:33.0390 0948 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
05:24:33.0390 0948 C:\WINDOWS\system32\clbcatq.dll - ok
05:24:33.0406 0948 [ 6B1774334E2975AA60596E54F5EA1430 ] C:\WINDOWS\system32\wininet.dll
05:24:33.0406 0948 C:\WINDOWS\system32\wininet.dll - ok
05:24:33.0406 0948 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
05:24:33.0406 0948 C:\WINDOWS\system32\wsock32.dll - ok
05:24:33.0406 0948 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
05:24:33.0406 0948 C:\WINDOWS\system32\comres.dll - ok
05:24:33.0406 0948 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
05:24:33.0406 0948 C:\WINDOWS\system32\normaliz.dll - ok
05:24:33.0406 0948 [ FDF44991CB9A33C901FFCBDF19CE95BE ] C:\WINDOWS\system32\urlmon.dll
05:24:33.0406 0948 C:\WINDOWS\system32\urlmon.dll - ok
05:24:33.0421 0948 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
05:24:33.0421 0948 C:\WINDOWS\system32\shgina.dll - ok
05:24:33.0421 0948 [ A56BE9F4E95F0F34349D3D7B8D1B0D04 ] C:\WINDOWS\system32\BCMLogon.dll
05:24:33.0421 0948 C:\WINDOWS\system32\BCMLogon.dll - ok
05:24:33.0421 0948 [ AD850C33A8AC45CF66574E62D1645272 ] C:\WINDOWS\system32\iertutil.dll
05:24:33.0421 0948 C:\WINDOWS\system32\iertutil.dll - ok
05:24:33.0421 0948 [ D8584C7FB9A1BA8480F9000C1CA1B415 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
05:24:33.0421 0948 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll - ok
05:24:33.0437 0948 [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe
05:24:33.0437 0948 C:\WINDOWS\system32\mpnotify.exe - ok
05:24:33.0437 0948 [ E44C9BA6D0FBFE6431265ABCDE67FF60 ] C:\WINDOWS\system32\wltrynt.dll
05:24:33.0437 0948 C:\WINDOWS\system32\wltrynt.dll - ok
05:24:33.0437 0948 [ 3E9A33113D663D8BD5ED38858E669652 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
05:24:33.0437 0948 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll - ok
05:24:33.0437 0948 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
05:24:33.0437 0948 C:\WINDOWS\system32\es.dll - ok
05:24:33.0453 0948 [ 6FC7C2503F3D43B8F493DDA15AA1BC50 ] C:\WINDOWS\system32\kbdcan.dll
05:24:33.0453 0948 C:\WINDOWS\system32\kbdcan.dll - ok
05:24:33.0453 0948 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
05:24:33.0453 0948 C:\WINDOWS\system32\cscui.dll - ok
05:24:33.0453 0948 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
05:24:33.0453 0948 C:\WINDOWS\system32\dpcdll.dll - ok
05:24:33.0453 0948 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
05:24:33.0453 0948 C:\WINDOWS\system32\activeds.dll - ok
05:24:33.0453 0948 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
05:24:33.0453 0948 C:\WINDOWS\system32\mprapi.dll - ok
05:24:33.0468 0948 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
05:24:33.0468 0948 C:\WINDOWS\system32\adsldpc.dll - ok
05:24:33.0468 0948 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
05:24:33.0468 0948 C:\WINDOWS\system32\atl.dll - ok
05:24:33.0468 0948 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
05:24:33.0468 0948 C:\WINDOWS\system32\rtutils.dll - ok
05:24:33.0468 0948 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
05:24:33.0468 0948 C:\WINDOWS\system32\userinit.exe - ok
05:24:33.0484 0948 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
05:24:33.0484 0948 C:\WINDOWS\explorer.exe - ok
05:24:33.0484 0948 [ 7304984C4F875860BC99658D2FFC4805 ] C:\WINDOWS\system32\browseui.dll
05:24:33.0484 0948 C:\WINDOWS\system32\browseui.dll - ok
05:24:33.0484 0948 [ A824FB0907738A39680B0609671F4740 ] C:\WINDOWS\system32\shdocvw.dll
05:24:33.0484 0948 C:\WINDOWS\system32\shdocvw.dll - ok
05:24:33.0484 0948 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
05:24:33.0484 0948 C:\WINDOWS\system32\cryptui.dll - ok
05:24:33.0500 0948 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
05:24:33.0500 0948 C:\WINDOWS\system32\riched20.dll - ok
05:24:33.0500 0948 [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
05:24:33.0500 0948 C:\WINDOWS\system32\drivers\fastfat.sys - ok
05:24:33.0500 0948 [ 751C5383F3995F6D6B3FA24EF89C9446 ] C:\Program Files\AVAST Software\Avast\ashShell.dll
05:24:33.0500 0948 C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
05:24:33.0500 0948 [ 53F02D0B63C0581CC75B59FEB8727868 ] C:\Program Files\AVAST Software\Avast\1033\Base.dll
05:24:33.0500 0948 C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok
05:24:33.0515 0948 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
05:24:33.0515 0948 C:\WINDOWS\system32\msi.dll - ok
05:24:33.0515 0948 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
05:24:33.0515 0948 C:\WINDOWS\system32\desk.cpl - ok
05:24:33.0515 0948 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
05:24:33.0515 0948 C:\WINDOWS\system32\themeui.dll - ok
05:24:33.0515 0948 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
05:24:33.0515 0948 C:\WINDOWS\system32\cmd.exe - ok
05:24:33.0515 0948 [ 3618313F7DFB605571A48FCF55D7868F ] C:\WINDOWS\system32\ieframe.dll
05:24:33.0515 0948 C:\WINDOWS\system32\ieframe.dll - ok
05:24:33.0531 0948 [ AD6B1A69B0CCCF27A792F4C00740D24D ] C:\DOCUME~1\USER~1.USE\LOCALS~1\temp\F484D2BD-F153-4CE1-9CB0-3BE85348A5B0.exe
05:24:33.0531 0948 C:\DOCUME~1\USER~1.USE\LOCALS~1\temp\F484D2BD-F153-4CE1-9CB0-3BE85348A5B0.exe - ok
05:24:33.0531 0948 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
05:24:33.0531 0948 C:\WINDOWS\system32\msutb.dll - ok
05:24:33.0531 0948 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\MSCTF.dll
05:24:33.0531 0948 C:\WINDOWS\system32\MSCTF.dll - ok
05:24:33.0531 0948 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
05:24:33.0531 0948 C:\WINDOWS\system32\winhttp.dll - ok
05:24:33.0546 0948 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
05:24:33.0546 0948 C:\WINDOWS\system32\ntshrui.dll - ok
05:24:33.0546 0948 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
05:24:33.0546 0948 C:\WINDOWS\system32\mswsock.dll - ok
05:24:33.0546 0948 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
05:24:33.0546 0948 C:\WINDOWS\system32\hnetcfg.dll - ok
05:24:33.0546 0948 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
05:24:33.0546 0948 C:\WINDOWS\system32\wshtcpip.dll - ok
05:24:33.0562 0948 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
05:24:33.0562 0948 C:\WINDOWS\system32\rasadhlp.dll - ok
05:24:33.0562 0948 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
05:24:33.0562 0948 C:\WINDOWS\system32\verclsid.exe - ok
05:24:33.0562 0948 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\74953009.sys
05:24:33.0562 0948 C:\WINDOWS\system32\drivers\74953009.sys - ok
05:24:33.0562 0948 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
05:24:33.0562 0948 C:\WINDOWS\system32\linkinfo.dll - ok
05:24:33.0578 0948 [ E6447F271E5519D5E20064E002447BD6 ] C:\Program Files\UsbBoost\TurboHddUsb.exe
05:24:33.0578 0948 C:\Program Files\UsbBoost\TurboHddUsb.exe - ok
05:24:33.0578 0948 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
05:24:33.0578 0948 C:\WINDOWS\system32\netshell.dll - ok
05:24:33.0578 0948 [ 19FC40297C9E3D52079BDAFBC5EB37A3 ] C:\WINDOWS\system32\unicows.dll
05:24:33.0578 0948 C:\WINDOWS\system32\unicows.dll - ok
05:24:33.0578 0948 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
05:24:33.0578 0948 C:\WINDOWS\system32\credui.dll - ok
05:24:33.0578 0948 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
05:24:33.0578 0948 C:\WINDOWS\system32\oledlg.dll - ok
05:24:33.0593 0948 [ 01CFA88F8DEE91EC9F8E0988F49D106E ] C:\WINDOWS\system32\avicap32.dll
05:24:33.0593 0948 C:\WINDOWS\system32\avicap32.dll - ok
05:24:33.0593 0948 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
05:24:33.0593 0948 C:\WINDOWS\system32\dot3api.dll - ok
05:24:33.0593 0948 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
05:24:33.0593 0948 C:\WINDOWS\system32\dot3dlg.dll - ok
05:24:33.0593 0948 [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll
05:24:33.0593 0948 C:\WINDOWS\system32\msvfw32.dll - ok
05:24:33.0609 0948 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
05:24:33.0609 0948 C:\WINDOWS\system32\onex.dll - ok
05:24:33.0609 0948 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
05:24:33.0609 0948 C:\WINDOWS\system32\eappcfg.dll - ok
05:24:33.0609 0948 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
05:24:33.0609 0948 C:\WINDOWS\system32\shfolder.dll - ok
05:24:33.0609 0948 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
05:24:33.0609 0948 C:\WINDOWS\system32\eappprxy.dll - ok
05:24:33.0625 0948 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
05:24:33.0625 0948 C:\WINDOWS\system32\hid.dll - ok
05:24:33.0625 0948 [ C5C4E695E5EB733849FD43C75631C097 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
05:24:33.0625 0948 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
05:24:33.0625 0948 [ 2E5212A0BFB98FE0167C92C76C87AFE3 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
05:24:33.0625 0948 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
05:24:33.0625 0948 [ 1A43049D8316814EAC578953D6D52F42 ] C:\WINDOWS\system32\SynCOM.dll
05:24:33.0625 0948 C:\WINDOWS\system32\SynCOM.dll - ok
05:24:33.0625 0948 [ 69CDB74BCCC9064C5ED76AB968EDE833 ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
05:24:33.0625 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe - ok
05:24:33.0640 0948 [ 6D8C6CB4B43C180528C0A55CD60244BC ] C:\WINDOWS\system32\ico.exe
05:24:33.0640 0948 C:\WINDOWS\system32\ico.exe - ok
05:24:33.0640 0948 [ 6804F21614462E4651998D530E8E4445 ] C:\WINDOWS\system32\SynTPAPI.dll
05:24:33.0640 0948 C:\WINDOWS\system32\SynTPAPI.dll - ok
05:24:33.0640 0948 [ 3D51F8D38A5FE3EC219F33E83607BCDE ] C:\WINDOWS\system32\nwiz.exe
05:24:33.0640 0948 C:\WINDOWS\system32\nwiz.exe - ok
05:24:33.0640 0948 [ 6100E5D3BF5D587B450AA481693EF30B ] C:\Program Files\Synaptics\SynTP\DellTpad.exe
05:24:33.0640 0948 C:\Program Files\Synaptics\SynTP\DellTpad.exe - ok
05:24:33.0656 0948 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
05:24:33.0656 0948 C:\WINDOWS\system32\rundll32.exe - ok
05:24:33.0656 0948 [ 2BF492D8BA3B74BC92A0264D4CEAA724 ] C:\WINDOWS\system32\nview.dll
05:24:33.0656 0948 C:\WINDOWS\system32\nview.dll - ok
05:24:33.0656 0948 [ 5335512D063A28C72C89B959264129A7 ] C:\WINDOWS\system32\nvwddi.dll
05:24:33.0656 0948 C:\WINDOWS\system32\nvwddi.dll - ok
05:24:33.0656 0948 [ F543AE2667843495CC8F8C9711541850 ] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
05:24:33.0656 0948 C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe - ok
05:24:33.0671 0948 [ E774F875819DEE4A312A921A88F779FE ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
05:24:33.0671 0948 C:\Program Files\Microsoft IntelliPoint\ipoint.exe - ok
05:24:33.0671 0948 [ 4F2B6D05AFC4F680DFC2392EDA749493 ] C:\Program Files\Freecorder\FLVSrvc.exe
05:24:33.0671 0948 C:\Program Files\Freecorder\FLVSrvc.exe - ok
05:24:33.0671 0948 [ D94FCEA536366E79F9700FC73828B116 ] C:\Program Files\Dell\QuickSet\quickset.exe
05:24:33.0671 0948 C:\Program Files\Dell\QuickSet\quickset.exe - ok
05:24:33.0671 0948 [ C0ABE88531055F7BD706F4EE782181C7 ] C:\WINDOWS\system32\nvhotkey.dll
05:24:33.0671 0948 C:\WINDOWS\system32\nvhotkey.dll - ok
05:24:33.0671 0948 [ A43BF2D628B419B9661FFF7F46553B64 ] C:\WINDOWS\system32\nvcpl.dll
05:24:33.0687 0948 C:\WINDOWS\system32\nvcpl.dll - ok
05:24:33.0687 0948 [ 459AC8E1633F6E7BE79741770651589C ] C:\WINDOWS\system32\nvmctray.dll
05:24:33.0687 0948 C:\WINDOWS\system32\nvmctray.dll - ok
05:24:33.0687 0948 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll
05:24:33.0687 0948 C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll - ok
05:24:33.0687 0948 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
05:24:33.0687 0948 C:\WINDOWS\system32\rasapi32.dll - ok
05:24:33.0687 0948 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
05:24:33.0687 0948 C:\WINDOWS\system32\webcheck.dll - ok
05:24:33.0703 0948 [ 77769105225468813FA5E88106AC8474 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4967_x-ww_d88828d3\msvcr90.dll
05:24:33.0703 0948 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4967_x-ww_d88828d3\msvcr90.dll - ok
05:24:33.0703 0948 [ 6619FBECBF8AD8148AD0B9EAA6B939B2 ] C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
05:24:33.0703 0948 C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll - ok
05:24:33.0703 0948 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
05:24:33.0703 0948 C:\WINDOWS\system32\rasman.dll - ok
05:24:33.0703 0948 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
05:24:33.0703 0948 C:\WINDOWS\system32\mlang.dll - ok
05:24:33.0718 0948 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
05:24:33.0718 0948 C:\WINDOWS\system32\tapi32.dll - ok
05:24:33.0718 0948 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
05:24:33.0718 0948 C:\WINDOWS\system32\rasdlg.dll - ok
05:24:33.0718 0948 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
05:24:33.0718 0948 C:\WINDOWS\system32\stobject.dll - ok
05:24:33.0718 0948 [ 99630E3A852B5D86470B21FC983580FA ] C:\WINDOWS\system32\WLTRAY.EXE
05:24:33.0718 0948 C:\WINDOWS\system32\WLTRAY.EXE - ok
05:24:33.0734 0948 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
05:24:33.0734 0948 C:\WINDOWS\system32\batmeter.dll - ok
05:24:33.0734 0948 [ 0A4A55D3D545A238BB0821D1E012F177 ] C:\WINDOWS\system32\preflib.dll
05:24:33.0734 0948 C:\WINDOWS\system32\preflib.dll - ok
05:24:33.0734 0948 [ E97BC7718923E0B9EF6C10984D4E759A ] C:\Program Files\Microsoft IntelliPoint\ipres.dll
05:24:33.0734 0948 C:\Program Files\Microsoft IntelliPoint\ipres.dll - ok
05:24:33.0734 0948 [ A17F8762CC2D9B4808148E35E4B137CE ] C:\Program Files\Dell\QuickSet\IWH10.dll
05:24:33.0734 0948 C:\Program Files\Dell\QuickSet\IWH10.dll - ok
05:24:33.0734 0948 [ 79B460BFF1345DDB7BB70E47F6E8AC03 ] C:\Program Files\Dell\QuickSet\IWH9.dll
05:24:33.0734 0948 C:\Program Files\Dell\QuickSet\IWH9.dll - ok
05:24:33.0750 0948 [ 99425F30D4D46B78DC7F613D5DCDB4B8 ] C:\WINDOWS\system32\WPDShServiceObj.dll
05:24:33.0750 0948 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
05:24:33.0750 0948 [ E257B143362C79130B28E0A9A5904B4A ] C:\Documents and Settings\user.USER-BD6F34B85D\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
05:24:33.0750 0948 C:\Documents and Settings\user.USER-BD6F34B85D\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll - ok
05:24:33.0750 0948 [ 23754E13C135B321D39A6F66A4032D11 ] C:\Program Files\Microsoft IntelliPoint\srres.dll
05:24:33.0750 0948 C:\Program Files\Microsoft IntelliPoint\srres.dll - ok
05:24:33.0750 0948 [ 66D4456C920E21BD2188F8CC33680DF5 ] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
05:24:33.0750 0948 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe - ok
05:24:33.0765 0948 [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
05:24:33.0765 0948 C:\WINDOWS\system32\riched32.dll - ok
05:24:33.0765 0948 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
05:24:33.0765 0948 C:\WINDOWS\system32\mydocs.dll - ok
05:24:33.0765 0948 [ F7D6537B64A5527C1E7F5A70526F1B54 ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
05:24:33.0765 0948 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe - ok
05:24:33.0765 0948 [ E5792F83FE0A2AB0A9CA5BB397EECFA2 ] C:\Program Files\Dell\QuickSet\preflibcl.dll
05:24:33.0765 0948 C:\Program Files\Dell\QuickSet\preflibcl.dll - ok
05:24:33.0781 0948 [ 8564B995E22F5354E6EA52A2BF1137FE ] C:\WINDOWS\system32\PortableDeviceTypes.dll
05:24:33.0781 0948 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
05:24:33.0781 0948 [ 0EC18F61E86F87C0ADE782920B403D9A ] C:\Program Files\Real\RealPlayer\Update\realsched.exe
05:24:33.0781 0948 C:\Program Files\Real\RealPlayer\Update\realsched.exe - ok
05:24:33.0781 0948 [ 465A44B0BEA469EFAEC998964964CA97 ] C:\WINDOWS\system32\PortableDeviceApi.dll
05:24:33.0781 0948 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
05:24:33.0781 0948 [ 1CC64E70E710C3FE2FCDB621A5C0FECF ] C:\Program Files\Dell\QuickSet\dadkeyb.dll
05:24:33.0781 0948 C:\Program Files\Dell\QuickSet\dadkeyb.dll - ok
05:24:33.0796 0948 [ 782FEF655DBF8653C9F2722BEBF7A8A6 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
05:24:33.0796 0948 C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok
05:24:33.0796 0948 [ 9E3FD20F4BA675F5ACBEF9C63E186088 ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
05:24:33.0796 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe - ok
05:24:33.0796 0948 [ 0136B48DF70D14F36ABCD9A81129E813 ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlyUICtl2.dll
05:24:33.0796 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlyUICtl2.dll - ok
05:24:33.0796 0948 [ F77BDB7467F79F47252B34FE3B756865 ] C:\WINDOWS\system32\nvapi.dll
05:24:33.0796 0948 C:\WINDOWS\system32\nvapi.dll - ok
05:24:33.0812 0948 [ CE4D8EC32F28C44D850E5DA8F083D97E ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlylwApi2.dll
05:24:33.0812 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlylwApi2.dll - ok
05:24:33.0812 0948 [ 686B224B4987C22B153FBB545FEE9657 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
05:24:33.0812 0948 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll - ok
05:24:33.0812 0948 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
05:24:33.0812 0948 C:\WINDOWS\system32\msisip.dll - ok
05:24:33.0812 0948 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
05:24:33.0812 0948 C:\WINDOWS\system32\wshext.dll - ok
05:24:33.0812 0948 [ 6CB635902C90A17668B82020E1DAEFD6 ] C:\WINDOWS\system32\nvdisps.dll
05:24:33.0812 0948 C:\WINDOWS\system32\nvdisps.dll - ok
05:24:33.0828 0948 [ E7540F17691410CC5DD673E212CC83B7 ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
05:24:33.0828 0948 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe - ok
05:24:33.0828 0948 [ BF8650D4FEFB972A4A6A5FFC1F41C38C ] C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
05:24:33.0828 0948 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe - ok
05:24:33.0828 0948 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
05:24:33.0828 0948 C:\WINDOWS\system32\msxml3.dll - ok
05:24:33.0828 0948 [ C6AAF2C353F1F90CA05A88CD9FAC8494 ] C:\Program Files\SetPoint\SetPoint.exe
05:24:33.0828 0948 C:\Program Files\SetPoint\SetPoint.exe - ok
05:24:33.0843 0948 [ 74B9C7085FE3524413573686C38870C1 ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\olyuiskindrw.dll
05:24:33.0843 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\olyuiskindrw.dll - ok
05:24:33.0843 0948 [ BC581EB3FDD6EC91DB7A0D2AEBF84EDC ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\olycms.dll
05:24:33.0843 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\olycms.dll - ok
05:24:33.0843 0948 [ 5E07612023B66C662A9B7C7879E2C224 ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlySkinMgr.dll
05:24:33.0843 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlySkinMgr.dll - ok
05:24:33.0843 0948 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
05:24:33.0843 0948 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
05:24:33.0859 0948 [ 0DB949D42FC8B02CEE4FD2A32F9B0910 ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
05:24:33.0859 0948 C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
05:24:33.0859 0948 [ 23F655904EDBE354CACEC16148073D1C ] C:\Program Files\AVAST Software\Avast\ashBase.dll
05:24:33.0859 0948 C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
05:24:33.0859 0948 [ A55EC42A6D7740F5C68AB9EB38B88BD9 ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlyCamDetect.dll
05:24:33.0859 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlyCamDetect.dll - ok
05:24:33.0859 0948 [ E7851DCC106C4CDF5CB8163862FE7460 ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\glossary.dll
05:24:33.0859 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\glossary.dll - ok
05:24:33.0875 0948 [ C0C17AB13EFE021D09E278E127560944 ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
05:24:33.0875 0948 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
05:24:33.0875 0948 [ D07F23592281202D8F0BED99DFAF3DB2 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
05:24:33.0875 0948 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
05:24:33.0875 0948 [ A1862FECF44798168B9D9B0842D7EEC1 ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlAPCEvent.dll
05:24:33.0875 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlAPCEvent.dll - ok
05:24:33.0875 0948 [ BC46BB6CAA84CE174D5274C310442B5A ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll
05:24:33.0875 0948 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll - ok
05:24:33.0875 0948 [ 24933EC2EC4D1E1D04B5DB16ECF2337B ] C:\WINDOWS\system32\pmxmiced.exe
05:24:33.0875 0948 C:\WINDOWS\system32\pmxmiced.exe - ok
05:24:33.0890 0948 [ E16A486409F6B0604C7470FB079A0298 ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngHelp.dll
05:24:33.0890 0948 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngHelp.dll - ok
05:24:33.0890 0948 [ E80BC0A16914D4F23EA786E094F37063 ] C:\WINDOWS\system32\KemUtil.dll
05:24:33.0890 0948 C:\WINDOWS\system32\KemUtil.dll - ok
05:24:33.0890 0948 [ C1101C9F70C136106C80C7DE073A7801 ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
05:24:33.0890 0948 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
05:24:33.0890 0948 [ 39AB5647C7F9C57CDA42AFA15256169E ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlILEvent.dll
05:24:33.0890 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlILEvent.dll - ok
05:24:33.0906 0948 [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
05:24:33.0906 0948 C:\WINDOWS\system32\hhctrl.ocx - ok
05:24:33.0906 0948 [ AEBBF6441B5BEA6595196886133D41FA ] C:\Program Files\SetPoint\SetPointCOM.DLL
05:24:33.0906 0948 C:\Program Files\SetPoint\SetPointCOM.DLL - ok
05:24:33.0906 0948 [ 73B1B2194F8D97E37ECE9115CA713770 ] C:\WINDOWS\system32\kemutb.dll
05:24:33.0906 0948 C:\WINDOWS\system32\kemutb.dll - ok
05:24:33.0906 0948 [ 36967AEAD4BB1DDED824E59B63A207F5 ] C:\WINDOWS\system32\pmxutil.dll
05:24:33.0906 0948 C:\WINDOWS\system32\pmxutil.dll - ok
05:24:33.0921 0948 [ 6D41C90D06017E188273DB084C4146D4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4967_x-ww_d88828d3\msvcp90.dll
05:24:33.0921 0948 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4967_x-ww_d88828d3\msvcp90.dll - ok
05:24:33.0921 0948 [ 6A8A953F7EAB8A2D0603B029190C3609 ] C:\WINDOWS\system32\TosAvAPI.dll
05:24:33.0921 0948 C:\WINDOWS\system32\TosAvAPI.dll - ok
05:24:33.0921 0948 [ AA6677900A55BD6A72ABB0B30912A55B ] C:\WINDOWS\system32\TosBtSDDB.dll
05:24:33.0921 0948 C:\WINDOWS\system32\TosBtSDDB.dll - ok
05:24:33.0921 0948 [ FEFA614B9AA8D3191B4539B2C8A8454D ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngLang.dll
05:24:33.0921 0948 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngLang.dll - ok
05:24:33.0937 0948 [ CC89BE25415D7E7213ED9515DCB5CF19 ] C:\WINDOWS\system32\KemWnd.dll
05:24:33.0937 0948 C:\WINDOWS\system32\KemWnd.dll - ok
05:24:33.0937 0948 [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
05:24:33.0937 0948 C:\WINDOWS\system32\mfc42.dll - ok
05:24:33.0937 0948 [ 21F453C020A4AC88B4AEAF8ACCEB2498 ] C:\WINDOWS\system32\pmxcomm.dll
05:24:33.0937 0948 C:\WINDOWS\system32\pmxcomm.dll - ok
05:24:33.0937 0948 [ A0AE7F043497C9971E9D7FE291099D40 ] C:\WINDOWS\system32\msxml6.dll
05:24:33.0937 0948 C:\WINDOWS\system32\msxml6.dll - ok
05:24:33.0937 0948 [ 6AF68F8C0B2AEC681EC1EFB54A658029 ] C:\WINDOWS\system32\KemXML.dll
05:24:33.0937 0948 C:\WINDOWS\system32\KemXML.dll - ok
05:24:33.0953 0948 [ 153C55E9F84BF079A276C0D350806DC5 ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
05:24:33.0953 0948 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
05:24:33.0953 0948 [ 21C715A371D4CAE813FDC2571BDD8C0C ] C:\Program Files\SetPoint\lgscroll.dll
05:24:33.0953 0948 C:\Program Files\SetPoint\lgscroll.dll - ok
05:24:33.0953 0948 [ 309391D362FA6036F92919CDA11957F7 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
05:24:33.0953 0948 C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
05:24:33.0953 0948 [ 37CA5D8B73B51EB2C0F44A5E37F07DCC ] C:\WINDOWS\system32\TosBdAPI.dll
05:24:33.0953 0948 C:\WINDOWS\system32\TosBdAPI.dll - ok
05:24:33.0968 0948 [ C427D04A9741B9E479E084AA1855F9F6 ] C:\WINDOWS\system32\TosCommAPI.dll
05:24:33.0968 0948 C:\WINDOWS\system32\TosCommAPI.dll - ok
05:24:33.0968 0948 [ 9E165D07BF6C08CCEEE41CBC2D22427D ] C:\WINDOWS\system32\TosLaneAPI.dll
05:24:33.0968 0948 C:\WINDOWS\system32\TosLaneAPI.dll - ok
05:24:33.0968 0948 [ EDDB832EF942CBF91C44172736FB1723 ] C:\WINDOWS\system32\LCWizard.dll
05:24:33.0968 0948 C:\WINDOWS\system32\LCWizard.dll - ok
05:24:33.0968 0948 [ 8609C08E3987089D6DBDA2A5C0DB0F9B ] C:\WINDOWS\system32\TosBtAPI.dll
05:24:33.0968 0948 C:\WINDOWS\system32\TosBtAPI.dll - ok
05:24:33.0984 0948 [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\WINDOWS\system32\msxml4.dll
05:24:33.0984 0948 C:\WINDOWS\system32\msxml4.dll - ok
05:24:33.0984 0948 [ DA03501B373CA6E2FCF766731713C089 ] C:\WINDOWS\system32\pmxhooks.dll
05:24:33.0984 0948 C:\WINDOWS\system32\pmxhooks.dll - ok
05:24:33.0984 0948 [ 0B8C72A9BE02F1F1C6D2876B78F270AD ] C:\Program Files\AVAST Software\Avast\aswAux.dll
05:24:33.0984 0948 C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
05:24:33.0984 0948 [ 506BCEEC7A9E287C3085451908FA44B5 ] C:\WINDOWS\system32\pmxscrll.dll
05:24:33.0984 0948 C:\WINDOWS\system32\pmxscrll.dll - ok
05:24:34.0000 0948 [ A31D75246BA79A89141316F31EB17B23 ] C:\WINDOWS\system32\TosHidAPI.dll
05:24:34.0000 0948 C:\WINDOWS\system32\TosHidAPI.dll - ok
05:24:34.0000 0948 [ 865292EE1BCA080D86ED973A52C0D04F ] C:\WINDOWS\system32\TosGnsAPI.dll
05:24:34.0000 0948 C:\WINDOWS\system32\TosGnsAPI.dll - ok
05:24:34.0000 0948 [ 0BF206E2EAC174E9B607FB90930C2477 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
05:24:34.0000 0948 C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
05:24:34.0000 0948 [ A218DC737865366494DF73601A7B4626 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
05:24:34.0000 0948 C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
05:24:34.0000 0948 [ 378185E643E2CB5C55C141408060241B ] C:\Program Files\SetPoint\Macros\MacroCore.dll
05:24:34.0000 0948 C:\Program Files\SetPoint\Macros\MacroCore.dll - ok
05:24:34.0015 0948 [ B4D8D59E648F43222442AC887779AEC9 ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\OemBtAcpiAPI.dll
05:24:34.0015 0948 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\OemBtAcpiAPI.dll - ok
05:24:34.0015 0948 [ A21F1D4883777C8F2B918B9A33988F52 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
05:24:34.0015 0948 C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
05:24:34.0015 0948 [ E71DC296497C1AEE95F859BE49D78032 ] C:\Program Files\SetPoint\WebBrowserSupport.dll
05:24:34.0015 0948 C:\Program Files\SetPoint\WebBrowserSupport.dll - ok
05:24:34.0015 0948 [ BBF432DD4A64734C19ACD478F42DBC58 ] C:\Program Files\SetPoint\IMHook.dll
05:24:34.0015 0948 C:\Program Files\SetPoint\IMHook.dll - ok
05:24:34.0031 0948 [ B678403BB3864B7288676764D9F3BD05 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
05:24:34.0031 0948 C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
05:24:34.0031 0948 [ 85088E71935F26AAF188357D2AD4C107 ] C:\Program Files\Common Files\Logitech\khalshared\KHALAPI.DLL
05:24:34.0031 0948 C:\Program Files\Common Files\Logitech\khalshared\KHALAPI.DLL - ok
05:24:34.0031 0948 [ B9E17FE9E7CF8A08D84714DF466A6E1E ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4967_x-ww_a96e9bd8\mfc90u.dll
05:24:34.0031 0948 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4967_x-ww_a96e9bd8\mfc90u.dll - ok
05:24:34.0031 0948 [ E4BB0288A98D2AD4AFB844A3B0AA3D7C ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll
05:24:34.0031 0948 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll - ok
05:24:34.0046 0948 [ 101495E2863382E534EFC0C5D6251B0F ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
05:24:34.0046 0948 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe - ok
05:24:34.0046 0948 [ 39E27294343BA18828499C620CEA879A ] C:\Program Files\SetPoint\kgame.dll
05:24:34.0046 0948 C:\Program Files\SetPoint\kgame.dll - ok
05:24:34.0046 0948 [ 9C6699C3CAD513D8A5D5F00E2BC8BE89 ] C:\Program Files\SetPoint\gamehook.dll
05:24:34.0046 0948 C:\Program Files\SetPoint\gamehook.dll - ok
05:24:34.0046 0948 [ 383130E6A4EBFE8E03A784A721A96999 ] C:\Program Files\Common Files\Logitech\khalshared\KHALITCH.dll
05:24:34.0046 0948 C:\Program Files\Common Files\Logitech\khalshared\KHALITCH.dll - ok
05:24:34.0062 0948 [ 558C7FE3994FD6269A9170B51D9AB985 ] C:\WINDOWS\system32\TosBtECCAPI.dll
05:24:34.0062 0948 C:\WINDOWS\system32\TosBtECCAPI.dll - ok
05:24:34.0062 0948 [ 4D3F719141C21E9F4B030B7376CE5234 ] C:\WINDOWS\system32\TosAvdtAPI.dll
05:24:34.0062 0948 C:\WINDOWS\system32\TosAvdtAPI.dll - ok
05:24:34.0062 0948 [ C8AC778A4C285CCC72EA9CED0F79F9CB ] C:\Program Files\Common Files\Logitech\khalshared\KHALMW.dll
05:24:34.0062 0948 C:\Program Files\Common Files\Logitech\khalshared\KHALMW.dll - ok
05:24:34.0062 0948 [ E910EBBB4CC16E950E7F99A075663EE7 ] C:\WINDOWS\system32\TosSndAPI.dll
05:24:34.0062 0948 C:\WINDOWS\system32\TosSndAPI.dll - ok
05:24:34.0078 0948 [ 21BE6C134D4A78C1A584768BA8DBC810 ] C:\WINDOWS\system32\TosSndPlug.dll
05:24:34.0078 0948 C:\WINDOWS\system32\TosSndPlug.dll - ok
05:24:34.0078 0948 [ 51F0F2D7FEC925A32BE975816E0D6445 ] C:\Program Files\Common Files\Logitech\khalshared\KHALHPP.dll
05:24:34.0078 0948 C:\Program Files\Common Files\Logitech\khalshared\KHALHPP.dll - ok
05:24:34.0078 0948 [ 2C92B17E820094F37037B6CE114BEB69 ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
05:24:34.0078 0948 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe - ok
05:24:34.0078 0948 [ C03F866D991A03996CC8D86BB07A1DDE ] C:\Program Files\Common Files\Logitech\khalshared\KHALMOU.dll
05:24:34.0078 0948 C:\Program Files\Common Files\Logitech\khalshared\KHALMOU.dll - ok
05:24:34.0093 0948 [ 8C35DB52F07A78E8DF230D76F141FD29 ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
05:24:34.0093 0948 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe - ok
05:24:34.0093 0948 [ 1E8A0F103109C638C7FA8A38426967B5 ] C:\Program Files\Common Files\Logitech\khalshared\KHALHID.dll
05:24:34.0093 0948 C:\Program Files\Common Files\Logitech\khalshared\KHALHID.dll - ok
05:24:34.0093 0948 [ C1C8C08C67C200AAA7E2EFC0838247C3 ] C:\Program Files\Common Files\Logitech\khalshared\KHALUSB.dll
05:24:34.0093 0948 C:\Program Files\Common Files\Logitech\khalshared\KHALUSB.dll - ok
05:24:34.0093 0948 [ FBDB9D0935B9907B809B381FDDF1627F ] C:\WINDOWS\system32\regsvr32.exe
05:24:34.0093 0948 C:\WINDOWS\system32\regsvr32.exe - ok
05:24:34.0093 0948 [ 89FAB2DC1F960BD3009C288E1B0D75DF ] C:\Program Files\SetPoint\SetPointCOMWMP9.dll
05:24:34.0093 0948 C:\Program Files\SetPoint\SetPointCOMWMP9.dll - ok
05:24:34.0109 0948 [ 5AB488BB3800A83C0E27E4F7BC8AE6C5 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4967_x-ww_19ef0f98\mfc90enu.dll
05:24:34.0109 0948 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4967_x-ww_19ef0f98\mfc90enu.dll - ok
05:24:34.0109 0948 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
05:24:34.0109 0948 C:\WINDOWS\system32\dbghelp.dll - ok
05:24:34.0109 0948 [ 67463FDE7235252D0CE9072E44A67B86 ] C:\Program Files\SetPoint\SetPointCOMMM9.dll
05:24:34.0109 0948 C:\Program Files\SetPoint\SetPointCOMMM9.dll - ok
05:24:34.0109 0948 [ 90111518C52523789635E09D80C53584 ] C:\Program Files\AVAST Software\Avast\aswAra.dll
05:24:34.0109 0948 C:\Program Files\AVAST Software\Avast\aswAra.dll - ok
05:24:34.0125 0948 [ E37DD08CA363E989626E871E312D0820 ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlyRum.dll
05:24:34.0125 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\OlyRum.dll - ok
05:24:34.0125 0948 [ 0D7A568E6979EEE866940A4C9626B5F8 ] C:\Program Files\OLYMPUS\OLYMPUS Master 2\PTP-IL.dll
05:24:34.0125 0948 C:\Program Files\OLYMPUS\OLYMPUS Master 2\PTP-IL.dll - ok
05:24:34.0125 0948 [ 7E4774FA6D6C25762965D4D3CEF35F05 ] C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll
05:24:34.0125 0948 C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll - ok
05:24:34.0125 0948 [ BC3BA0DF92A1EDD2A3DA98FFFD9E7F7B ] C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll
05:24:34.0125 0948 C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll - ok
05:24:34.0140 0948 [ 80AA4214C5BC0A355151BD115017313F ] C:\WINDOWS\system32\bthprops.cpl
05:24:34.0140 0948 C:\WINDOWS\system32\bthprops.cpl - ok
05:24:34.0140 0948 [ B1762156256B0238C21BAA4C06CEF727 ] C:\WINDOWS\system32\devmgr.dll
05:24:34.0140 0948 C:\WINDOWS\system32\devmgr.dll - ok
05:24:34.0140 0948 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
05:24:34.0140 0948 C:\WINDOWS\system32\wmi.dll - ok
05:24:34.0140 0948 ============================================================
05:24:34.0140 0948 Scan finished
05:24:34.0140 0948 ============================================================
05:24:34.0156 0944 Detected object count: 0
05:24:34.0156 0944 Actual detected object count: 0
05:26:55.0687 1868 Deinitialize success







can i do a reinstall from a USB key

Yes you can.

i know that i cannot get everything done in just 3 days

Noted. I will give you 7 days after which I will bump the topic. Keep me informed as much as you can.

is it possible to do this with an another computer connected to mine?

Yes but we will avoid that if we can.

So what should i do about the solution you gave me above with the CD reader system ?

We will try and fix this without using options which involve CDs. An external CD drive is a possibility but, again, we don't want this to cost you money if we can help it.


We need to try and gain some info from this machine. On the clean machine download Combofix (your copy is now out of date)

Please download ComboFix from one of these locations:
Transfer this to your USB drive

Now do the same with OTL

Please download OTL


Then please download aswMBR ( 511KB )to the clean computer and transfer that onto the USB


Plug the USB into the infected machine and run aswMBR
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Now try Combofix
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.


If neither of these tools work then boot to safe mode and try again. Let me know how those instructions go.

Attached Files


Edited by Explore100, 27 August 2012 - 03:21 PM.


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:35 PM

Posted 27 August 2012 - 06:59 PM

Don't forget to do the Combofix step.

My advice to you is to keep the other system and the hard drive off this network while we try to clean this one otherwise we will be reinfecting over and over.
Posted Image
m0le is a proud member of UNITE

#12 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 29 August 2012 - 06:54 PM

Don't forget to do the Combofix step.

My advice to you is to keep the other system and the hard drive off this network while we try to clean this one otherwise we will be reinfecting over and over.



I ran both the aswMRB and the COMBOFIX scans, there was no difference between the scans in normal mode and in safe mode, when i ran COMBOFIX my machine said:

This machine does not have the Microsoft Recovery Console installed (as it always did during my previous attempts). I have no idea how to install it or where to find it. It says without it, Combofix shall not attempt the fixing of some serious infections. I clicked YES to install it and because my machine cannot connect to the internet anymore it of course said ``You do not appear to be connected``, so it failed. Then it continued with a scan up to step 50 or so and ''attacked'' (deleted) my TEMP files again as it had the previous time when it had removed some 5 Gigs of data out of there. It didn't look anywhere else where the virus might be.



I decided to try something and I ran KillZA on both my machine and the one of my wife. It did not detect ZeroAccess on either machines, but after running it twice on my wife's computer and logging off twice as indicated by the KillZA method, i ran a 2 hours deep scan of Malwarebyte on her machine and it came up with two viruses ! I quarantined and deleted them. I kept copies of the scans i did on her machine (too bad i cannot do the same scan on mine as my own Malwarebyte is blocked and does not allow reinstall). I also ran both aswMBR and Combofix on her machine the same way i did on mine, although it did not say anything about if she have the Microsoft Recovery Console or not, Combofix did not look like it did anything more than it did on my machine and it did not come up with anything.



I am going to try the complete KillZA, Hitman Pro and D7 routine on her machine to see if i can get any kind of different results from mine, and i will run your methods on my machine.



I found left-overs of the spots where Sirefef used to be on my machine, i made some screen save of that, i think the virus might be gone but what is left and what is still blocking my softwares and services are corrupted files. I have looked at the exact spots where the viruses are quarantined on my machine, in the Qoobox, there are a whole bunch in there that were caught during the first Combofix run a few weeks ago, they look like typical Sirefef files as seen in the Britec Youtube videos on Sirefef removal, with a single letter to the files or a @, but the original place where they were found are now empty.

After i ran both KillZA and Malwarebyte on my wife`s machine i got the videos to work again (without sound), a few of them just jam a couple seconds into the video, but most now work but those that work now suffer from some defects, artifacts that reduce the quality of the images (making tutorial videos hard to read), not like it was before. Don't know it it is the video files themselves that have been damaged by Sirefef or if it is the softwares used to read them or some of the paths. Her internet connection also briefly came back when i opened her machine the 2nd day, but after running the anti-malware operations it now went back to dissabled again.



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:35 PM

Posted 29 August 2012 - 07:59 PM

there was no difference between the scans in normal mode and in safe mode


More importantly than that, Combofix ran in normal mode.

If there are still elements of Sirefef remaining then either Combofix, TDSSKiller or aswMBR would have seen them.

I would like you to run this tool for me - fixTDSS

Download it to your desktop and start the program

Follow the prompts and OK any security prompts

When it is complete it will say the infection was cleared or no infection was found - let me know what it says
Posted Image
m0le is a proud member of UNITE

#14 Explore100

Explore100
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 31 August 2012 - 06:24 PM

Hi MOle,

Sorry about my belated answer, i am just back to the internet today, i was not able to upload my logs the last time (our rented computer time ran out just seconds after we attempted to upload them here).
Well, you won't believe this:


BINGO !! I have repaired my wife's computer ! The computer now boot up normally (no need to go through Safe Mode), no more black screen. The internet connection is back, the sound of videos is back, Mozilla Firefox is back and all i had to do to bring it back (after studying very carefully a lot of files and functions of the new tool i uploaded) was to use the D7 tool and replace the Permissions (about a third of them failed but in the end it didn't seem to influence the final result because it seems to be back to normal (with the exception of Avast which is still disabled and still refuses to repair itself, i will try a reinstall online later on).

It was a bit scary because this tool is quite powerful and i was very circumspect about using it or deleting anything by fear to damage something, the only thing that seemed safe to do was to work on the Permissions, and it paid off immediately. Only thing i deleted were a few video games that were expired and Temp files.

One thing that is not like before though is if i try to organize documents by the date they were last modified, including saved webpages, i get a whole jumble of all the individual tiny components of the saved webpages, totally unsearchable, but if i try to organize them by name they come out fine. It's a bit bothersome, though on my wife's computer it is manageable because she usually keeps only a few documents and webpages, but on mine it would Really be a problem because i have tons of saved webpages and i usually search them by the order they were last modified.

I know the exact same method i have used on her computer won't give the same results on mine because she have Windows 7 and i have XP (they use a disk to remove Sirefef virus on XP machines, and i am not willing to take the risk just yet to make things worse on my computer if i do something wrong (their method for XP is a lot more involved than the one for Windows 7 and i am not knowledgeable enough to start deleting file without knowing if they are legit system files or not, so i will go with your method hod for now.

About my external hard drive, do you think i should connect it to my wife's computer and attempt to clean it with the same KillZA, HitmanPro and in particular D7 method i used to clean her computer ? I am afraid to reinfect her machine (though i seem to have found the cure if ever her Windows 7 machine gets infected again) but i don't know if my external hard disk is infected or not, and it's got all the backed-up files of my own computer... since her machine is the only one right now that have functional anti-virus and anti-malware plus i was able to restart her firewall, do you think i should try to scan it from her computer ?

I'd like to do the same with my USB key also because i will still need to upload softwares on it like the one you listed above (i have downloaded it on her computer but did not transfer it to the USB key yet).



there was no difference between the scans in normal mode and in safe mode


More importantly than that, Combofix ran in normal mode.

If there are still elements of Sirefef remaining then either Combofix, TDSSKiller or aswMBR would have seen them.

I would like you to run this tool for me - fixTDSS

Download it to your desktop and start the program

Follow the prompts and OK any security prompts

When it is complete it will say the infection was cleared or no infection was found - let me know what it says


Edited by Explore100, 31 August 2012 - 06:39 PM.


#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:35 PM

Posted 31 August 2012 - 11:03 PM

I know the exact same method i have used on her computer won't give the same results on mine because she have Windows 7 and i have XP


You're right about that.


About my external hard drive, do you think i should connect it to my wife's computer and attempt to clean it with the same KillZA, HitmanPro and in particular D7 method i used to clean her computer ? I am afraid to reinfect her machine


That's a definite risk at this stage.


The D7 method would only work if the Sirefef infection has been removed so I am reluctant to let you go as reinfection could get you back to square one.

However, with an external hard drive you have to plug it in to a machine at some point so I suggest that you plug it in and run Combofix to clean it. When you've done that you can run your D7 method on it.

Let me know how that goes and if you encounter any problems.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users