Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef trojan/malware removal


  • Please log in to reply
18 replies to this topic

#1 iamvorbis

iamvorbis

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 08 September 2012 - 11:06 AM

Currently i am using winodws xp sp3 and am having some trouble removing the sirefef family of viruses... please advise... ive tried everything i can think of, but would appreciate some assitance from more experienced people. i have noticed other people have had the same problems and this forum seems to be the best place to post regarding this topic. if you need any info from my PC let me know and i will post away... thanks in advance

*Moderator Edit: Moved topic from XP to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 08 September 2012 - 11:17 AM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:31 PM

Posted 08 September 2012 - 11:57 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the box next to Loaded modules
  • If you are asked to reboot, then click Yes.

Next

  • Check the boxes next to Loaded modules, Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply.

:step2:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 iamvorbis

iamvorbis
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 09 September 2012 - 11:08 AM

ok... scan completed in about 20 minutes or so... here are the results.

TDSSKiller results:
08:49:23.0109 2684 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
08:49:23.0718 2684 ============================================================
08:49:23.0718 2684 Current date / time: 2012/09/09 08:49:23.0718
08:49:23.0718 2684 SystemInfo:
08:49:23.0718 2684
08:49:23.0718 2684 OS Version: 5.1.2600 ServicePack: 3.0
08:49:23.0718 2684 Product type: Workstation
08:49:23.0718 2684 ComputerName: SATCOM
08:49:23.0718 2684 UserName: Damian
08:49:23.0718 2684 Windows directory: C:\WINDOWS
08:49:23.0718 2684 System windows directory: C:\WINDOWS
08:49:23.0718 2684 Processor architecture: Intel x86
08:49:23.0718 2684 Number of processors: 4
08:49:23.0718 2684 Page size: 0x1000
08:49:23.0718 2684 Boot type: Normal boot
08:49:23.0718 2684 ============================================================
08:49:24.0609 2684 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
08:49:24.0609 2684 ============================================================
08:49:24.0609 2684 \Device\Harddisk0\DR0:
08:49:24.0609 2684 MBR partitions:
08:49:24.0609 2684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
08:49:24.0609 2684 ============================================================
08:49:24.0656 2684 C: <-> \Device\Harddisk0\DR0\Partition1
08:49:24.0656 2684 ============================================================
08:49:24.0656 2684 Initialize success
08:49:24.0656 2684 ============================================================
08:49:54.0687 2680 Deinitialize success

it ran twice and produce 2 results by the way, here are the second log file results:
08:51:57.0890 1176 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
08:51:58.0531 1176 ============================================================
08:51:58.0531 1176 Current date / time: 2012/09/09 08:51:58.0531
08:51:58.0531 1176 SystemInfo:
08:51:58.0531 1176
08:51:58.0531 1176 OS Version: 5.1.2600 ServicePack: 3.0
08:51:58.0531 1176 Product type: Workstation
08:51:58.0531 1176 ComputerName: SATCOM
08:51:58.0531 1176 UserName: Damian
08:51:58.0531 1176 Windows directory: C:\WINDOWS
08:51:58.0531 1176 System windows directory: C:\WINDOWS
08:51:58.0531 1176 Processor architecture: Intel x86
08:51:58.0531 1176 Number of processors: 4
08:51:58.0531 1176 Page size: 0x1000
08:51:58.0531 1176 Boot type: Normal boot
08:51:58.0531 1176 ============================================================
08:52:24.0187 1176 BG loaded
08:52:27.0171 1176 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
08:52:27.0203 1176 ============================================================
08:52:27.0203 1176 \Device\Harddisk0\DR0:
08:52:27.0234 1176 MBR partitions:
08:52:27.0234 1176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
08:52:27.0234 1176 ============================================================
08:52:27.0578 1176 C: <-> \Device\Harddisk0\DR0\Partition1
08:52:27.0609 1176 ============================================================
08:52:27.0609 1176 Initialize success
08:52:27.0609 1176 ============================================================
08:54:51.0421 3800 ============================================================
08:54:51.0421 3800 Scan started
08:54:51.0421 3800 Mode: Manual; SigCheck; TDLFS;
08:54:51.0421 3800 ============================================================
08:54:51.0500 3800 ================ Scan system memory ========================
08:54:51.0500 3800 System memory - ok
08:54:51.0500 3800 ================ Scan services =============================
08:54:51.0734 3800 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
08:54:51.0890 3800 Aavmker4 - ok
08:54:51.0890 3800 Abiosdsk - ok
08:54:51.0890 3800 abp480n5 - ok
08:54:51.0953 3800 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:54:53.0125 3800 ACPI - ok
08:54:53.0156 3800 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:54:53.0281 3800 ACPIEC - ok
08:54:53.0281 3800 adpu160m - ok
08:54:53.0296 3800 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:54:53.0390 3800 aec - ok
08:54:53.0421 3800 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:54:53.0453 3800 AFD - ok
08:54:53.0453 3800 Aha154x - ok
08:54:53.0468 3800 aic78u2 - ok
08:54:53.0468 3800 aic78xx - ok
08:54:53.0484 3800 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:54:53.0562 3800 Alerter - ok
08:54:53.0578 3800 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:54:53.0687 3800 ALG - ok
08:54:53.0687 3800 AliIde - ok
08:54:53.0734 3800 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
08:54:53.0921 3800 Ambfilt - ok
08:54:53.0921 3800 amsint - ok
08:54:53.0953 3800 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:54:54.0046 3800 AppMgmt - ok
08:54:54.0078 3800 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:54:54.0156 3800 Arp1394 - ok
08:54:54.0156 3800 asc - ok
08:54:54.0156 3800 asc3350p - ok
08:54:54.0156 3800 asc3550 - ok
08:54:54.0281 3800 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:54:54.0296 3800 aspnet_state - ok
08:54:54.0375 3800 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:54:54.0390 3800 aswFsBlk - ok
08:54:54.0421 3800 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
08:54:54.0421 3800 aswMon2 - ok
08:54:54.0484 3800 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
08:54:54.0500 3800 AswRdr - ok
08:54:54.0500 3800 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
08:54:54.0531 3800 aswSnx - ok
08:54:54.0546 3800 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
08:54:54.0562 3800 aswSP - ok
08:54:54.0593 3800 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
08:54:54.0609 3800 aswTdi - ok
08:54:54.0656 3800 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:54:54.0750 3800 AsyncMac - ok
08:54:54.0781 3800 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:54:54.0843 3800 atapi - ok
08:54:54.0859 3800 Atdisk - ok
08:54:54.0890 3800 [ 3C4B9850A2631C2263507400D029057B ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:54:54.0906 3800 atksgt - ok
08:54:54.0921 3800 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:54:55.0015 3800 Atmarpc - ok
08:54:55.0046 3800 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:54:55.0125 3800 AudioSrv - ok
08:54:55.0156 3800 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:54:55.0234 3800 audstub - ok
08:54:55.0312 3800 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Avast AntiVirus\AvastSvc.exe
08:54:55.0312 3800 avast! Antivirus - ok
08:54:55.0359 3800 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:54:55.0453 3800 Beep - ok
08:54:55.0500 3800 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
08:54:55.0562 3800 Browser - ok
08:54:55.0593 3800 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:54:55.0687 3800 cbidf2k - ok
08:54:55.0687 3800 cd20xrnt - ok
08:54:55.0687 3800 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:54:55.0781 3800 Cdaudio - ok
08:54:55.0828 3800 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:54:55.0906 3800 Cdfs - ok
08:54:55.0921 3800 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:54:56.0000 3800 Cdrom - ok
08:54:56.0000 3800 Changer - ok
08:54:56.0031 3800 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:54:56.0109 3800 CiSvc - ok
08:54:56.0125 3800 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:54:56.0218 3800 ClipSrv - ok
08:54:56.0234 3800 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:54:56.0250 3800 clr_optimization_v2.0.50727_32 - ok
08:54:56.0343 3800 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:54:56.0359 3800 clr_optimization_v4.0.30319_32 - ok
08:54:56.0359 3800 CmdIde - ok
08:54:56.0359 3800 COMSysApp - ok
08:54:56.0359 3800 Cpqarray - ok
08:54:56.0484 3800 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
08:54:56.0484 3800 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
08:54:56.0484 3800 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
08:54:56.0484 3800 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:54:56.0578 3800 CryptSvc - ok
08:54:56.0625 3800 [ B9106942EB5DD0E034AB40A9D48D056E ] CT20XUT C:\WINDOWS\system32\drivers\CT20XUT.SYS
08:54:56.0640 3800 CT20XUT - ok
08:54:56.0640 3800 [ B9106942EB5DD0E034AB40A9D48D056E ] CT20XUT.SYS C:\WINDOWS\System32\drivers\CT20XUT.SYS
08:54:56.0656 3800 CT20XUT.SYS - ok
08:54:56.0671 3800 [ F2B1D0A3D21BD0D9F46457CBCEC1A0E9 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
08:54:56.0703 3800 ctac32k - ok
08:54:56.0718 3800 [ 44F60A5E3C3A8A6BBA4C280948EA6095 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
08:54:56.0734 3800 ctaud2k - ok
08:54:56.0812 3800 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
08:54:56.0859 3800 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
08:54:56.0859 3800 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
08:54:56.0890 3800 [ 8CBE82D6BBF206E144F22CB33FAB1F2C ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
08:54:56.0906 3800 ctdvda2k - ok
08:54:56.0968 3800 [ 4AE083D16AC9FC9BDF98498F93426226 ] CTEXFIFX C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
08:54:57.0000 3800 CTEXFIFX - ok
08:54:57.0046 3800 [ 4AE083D16AC9FC9BDF98498F93426226 ] CTEXFIFX.SYS C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
08:54:57.0093 3800 CTEXFIFX.SYS - ok
08:54:57.0125 3800 [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA ] CTHWIUT C:\WINDOWS\system32\drivers\CTHWIUT.SYS
08:54:57.0125 3800 CTHWIUT - ok
08:54:57.0125 3800 [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA ] CTHWIUT.SYS C:\WINDOWS\System32\drivers\CTHWIUT.SYS
08:54:57.0140 3800 CTHWIUT.SYS - ok
08:54:57.0156 3800 [ F0F19A13C948E5289601E354B08E0941 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
08:54:57.0171 3800 ctprxy2k - ok
08:54:57.0187 3800 [ C7B2C36A6203A5F3D0A378FD78C5DDD6 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
08:54:57.0203 3800 ctsfm2k - ok
08:54:57.0203 3800 dac2w2k - ok
08:54:57.0203 3800 dac960nt - ok
08:54:57.0234 3800 [ CA812B19C0E2BC044214AD3F6436E730 ] dc3d C:\WINDOWS\system32\DRIVERS\dc3d.sys
08:54:57.0250 3800 dc3d - ok
08:54:57.0296 3800 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:54:57.0421 3800 DcomLaunch - ok
08:54:57.0484 3800 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:54:57.0593 3800 Dhcp - ok
08:54:57.0609 3800 [ 74C79938AA7B65B17D8E7722BD602095 ] DigiartyVirtualCDBus C:\WINDOWS\system32\drivers\DigiartyVirtualCDBus.sys
08:54:57.0625 3800 DigiartyVirtualCDBus - ok
08:54:57.0640 3800 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:54:57.0734 3800 Disk - ok
08:54:57.0750 3800 dmadmin - ok
08:54:57.0781 3800 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:54:57.0906 3800 dmboot - ok
08:54:57.0937 3800 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:54:58.0031 3800 dmio - ok
08:54:58.0046 3800 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:54:58.0125 3800 dmload - ok
08:54:58.0156 3800 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:54:58.0250 3800 dmserver - ok
08:54:58.0281 3800 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:54:58.0359 3800 DMusic - ok
08:54:58.0390 3800 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:54:58.0437 3800 Dnscache - ok
08:54:58.0484 3800 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:54:58.0562 3800 Dot3svc - ok
08:54:58.0562 3800 dpti2o - ok
08:54:58.0562 3800 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:54:58.0656 3800 drmkaud - ok
08:54:58.0687 3800 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:54:58.0765 3800 EapHost - ok
08:54:58.0796 3800 [ FB2D6D4D14AE801F5267B0368FC0CB0C ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
08:54:58.0796 3800 emupia - ok
08:54:58.0843 3800 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:54:58.0921 3800 ERSvc - ok
08:54:58.0937 3800 esgiguard - ok
08:54:58.0968 3800 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:54:59.0015 3800 Eventlog - ok
08:54:59.0062 3800 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:54:59.0109 3800 EventSystem - ok
08:54:59.0125 3800 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:54:59.0203 3800 Fastfat - ok
08:54:59.0250 3800 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:54:59.0296 3800 FastUserSwitchingCompatibility - ok
08:54:59.0328 3800 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:54:59.0390 3800 Fdc - ok
08:54:59.0406 3800 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:54:59.0500 3800 Fips - ok
08:54:59.0515 3800 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:54:59.0593 3800 Flpydisk - ok
08:54:59.0656 3800 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:54:59.0734 3800 FltMgr - ok
08:54:59.0828 3800 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:54:59.0843 3800 FontCache3.0.0.0 - ok
08:54:59.0843 3800 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:54:59.0921 3800 Fs_Rec - ok
08:54:59.0937 3800 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:55:00.0015 3800 Ftdisk - ok
08:55:00.0046 3800 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:55:00.0125 3800 Gpc - ok
08:55:00.0156 3800 [ 7FF1CED1201C169A783B0E81CC561FBA ] ha20x2k C:\WINDOWS\system32\drivers\ha20x2k.sys
08:55:00.0187 3800 ha20x2k - ok
08:55:00.0250 3800 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:55:00.0312 3800 HDAudBus - ok
08:55:00.0406 3800 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:55:00.0500 3800 helpsvc - ok
08:55:00.0515 3800 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:55:00.0593 3800 HidServ - ok
08:55:00.0625 3800 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:55:00.0703 3800 hidusb - ok
08:55:00.0765 3800 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:55:00.0843 3800 hkmsvc - ok
08:55:00.0843 3800 hpn - ok
08:55:00.0890 3800 [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
08:55:00.0921 3800 HPSLPSVC - ok
08:55:00.0953 3800 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:55:01.0000 3800 HTTP - ok
08:55:01.0031 3800 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:55:01.0125 3800 HTTPFilter - ok
08:55:01.0125 3800 i2omgmt - ok
08:55:01.0125 3800 i2omp - ok
08:55:01.0171 3800 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
08:55:01.0265 3800 i8042prt - ok
08:55:01.0312 3800 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:55:01.0375 3800 idsvc - ok
08:55:01.0406 3800 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:55:01.0500 3800 Imapi - ok
08:55:01.0531 3800 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:55:01.0609 3800 ImapiService - ok
08:55:01.0609 3800 ini910u - ok
08:55:01.0765 3800 [ 3FA02C6E3E9EBE8523A2D4E51D0ECE1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:55:01.0921 3800 IntcAzAudAddService - ok
08:55:01.0921 3800 IntelIde - ok
08:55:02.0000 3800 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:55:02.0093 3800 intelppm - ok
08:55:02.0125 3800 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:55:02.0187 3800 Ip6Fw - ok
08:55:02.0218 3800 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:55:02.0296 3800 IpFilterDriver - ok
08:55:02.0296 3800 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:55:02.0375 3800 IpInIp - ok
08:55:02.0390 3800 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:55:02.0484 3800 IpNat - ok
08:55:02.0500 3800 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:55:02.0578 3800 IPSec - ok
08:55:02.0609 3800 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:55:02.0687 3800 IRENUM - ok
08:55:02.0718 3800 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:55:02.0812 3800 isapnp - ok
08:55:02.0828 3800 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:55:02.0921 3800 Kbdclass - ok
08:55:02.0937 3800 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:55:03.0015 3800 kbdhid - ok
08:55:03.0031 3800 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:55:03.0125 3800 kmixer - ok
08:55:03.0140 3800 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:55:03.0218 3800 KSecDD - ok
08:55:03.0265 3800 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:55:03.0281 3800 lanmanserver - ok
08:55:03.0359 3800 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:55:03.0406 3800 lanmanworkstation - ok
08:55:03.0421 3800 lbrtfdc - ok
08:55:03.0437 3800 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\WINDOWS\system32\drivers\LGBusEnum.sys
08:55:03.0453 3800 LGBusEnum - ok
08:55:03.0500 3800 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\WINDOWS\system32\drivers\LGVirHid.sys
08:55:03.0500 3800 LGVirHid - ok
08:55:03.0546 3800 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
08:55:03.0562 3800 lirsgt - ok
08:55:03.0593 3800 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:55:03.0671 3800 LmHosts - ok
08:55:03.0703 3800 LMIInfo - ok
08:55:03.0734 3800 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
08:55:03.0750 3800 lmimirr - ok
08:55:03.0750 3800 LMIRfsClientNP - ok
08:55:03.0781 3800 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
08:55:03.0781 3800 LMIRfsDriver - ok
08:55:03.0875 3800 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
08:55:03.0890 3800 MDM - ok
08:55:03.0906 3800 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:55:03.0984 3800 Messenger - ok
08:55:04.0031 3800 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:55:04.0125 3800 mnmdd - ok
08:55:04.0156 3800 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:55:04.0234 3800 mnmsrvc - ok
08:55:04.0265 3800 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:55:04.0328 3800 Modem - ok
08:55:04.0375 3800 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
08:55:04.0468 3800 Monfilt - ok
08:55:04.0500 3800 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:55:04.0562 3800 Mouclass - ok
08:55:04.0593 3800 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:55:04.0687 3800 mouhid - ok
08:55:04.0703 3800 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:55:04.0781 3800 MountMgr - ok
08:55:04.0796 3800 mraid35x - ok
08:55:04.0796 3800 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:55:04.0890 3800 MRxDAV - ok
08:55:04.0937 3800 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:55:04.0953 3800 MRxSmb - ok
08:55:05.0000 3800 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:55:05.0078 3800 MSDTC - ok
08:55:05.0078 3800 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:55:05.0156 3800 Msfs - ok
08:55:05.0187 3800 MSIServer - ok
08:55:05.0203 3800 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:55:05.0265 3800 MSKSSRV - ok
08:55:05.0281 3800 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:55:05.0375 3800 MSPCLOCK - ok
08:55:05.0375 3800 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:55:05.0468 3800 MSPQM - ok
08:55:05.0484 3800 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:55:05.0578 3800 mssmbios - ok
08:55:05.0593 3800 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:55:05.0625 3800 Mup - ok
08:55:05.0656 3800 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:55:05.0734 3800 napagent - ok
08:55:05.0781 3800 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:55:05.0859 3800 NDIS - ok
08:55:05.0890 3800 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:55:05.0906 3800 NdisTapi - ok
08:55:05.0968 3800 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:55:06.0031 3800 Ndisuio - ok
08:55:06.0046 3800 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:55:06.0109 3800 NdisWan - ok
08:55:06.0140 3800 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:55:06.0156 3800 NDProxy - ok
08:55:06.0203 3800 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
08:55:06.0203 3800 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:55:06.0203 3800 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:55:06.0265 3800 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:55:06.0359 3800 NetBIOS - ok
08:55:06.0375 3800 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:55:06.0468 3800 NetBT - ok
08:55:06.0484 3800 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:55:06.0578 3800 NetDDE - ok
08:55:06.0593 3800 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:55:06.0671 3800 NetDDEdsdm - ok
08:55:06.0703 3800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:55:06.0781 3800 Netlogon - ok
08:55:06.0796 3800 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:55:06.0890 3800 Netman - ok
08:55:06.0921 3800 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:55:06.0937 3800 NetTcpPortSharing - ok
08:55:06.0953 3800 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:55:07.0046 3800 NIC1394 - ok
08:55:07.0093 3800 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:55:07.0109 3800 Nla - ok
08:55:07.0125 3800 NMIndexingService - ok
08:55:07.0156 3800 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:55:07.0234 3800 Npfs - ok
08:55:07.0250 3800 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:55:07.0343 3800 Ntfs - ok
08:55:07.0359 3800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:55:07.0437 3800 NtLmSsp - ok
08:55:07.0468 3800 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:55:07.0578 3800 NtmsSvc - ok
08:55:07.0625 3800 [ 37BE10FF10A92031FC5A01E8363925CC ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
08:55:07.0625 3800 NuidFltr - ok
08:55:07.0640 3800 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:55:07.0703 3800 Null - ok
08:55:08.0031 3800 [ 7B5A17BD54BB9142843DBE99A1CAAED8 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:55:08.0406 3800 nv - ok
08:55:08.0437 3800 [ 85F2FFE9AA05487C7E48503B0C336D70 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:55:08.0484 3800 NVENETFD - ok
08:55:08.0515 3800 [ 619D8943725402D1179941FD58574CC8 ] nvgts C:\WINDOWS\system32\DRIVERS\nvgts.sys
08:55:08.0531 3800 nvgts - ok
08:55:08.0531 3800 [ 683ED64F70CB63C8EA84657E45A66974 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:55:08.0546 3800 nvnetbus - ok
08:55:08.0593 3800 [ 5150B108EA88831E1C599603D8B89621 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
08:55:08.0609 3800 NVSvc - ok
08:55:08.0640 3800 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:55:08.0718 3800 NwlnkFlt - ok
08:55:08.0734 3800 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:55:08.0812 3800 NwlnkFwd - ok
08:55:08.0812 3800 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:55:08.0890 3800 ohci1394 - ok
08:55:08.0906 3800 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:55:08.0921 3800 ose - ok
08:55:08.0953 3800 [ AC5BF1A610EFFAAE9CFC48CB53483F08 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
08:55:08.0968 3800 ossrv - ok
08:55:09.0000 3800 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
08:55:09.0109 3800 Parport - ok
08:55:09.0109 3800 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:55:09.0203 3800 PartMgr - ok
08:55:09.0234 3800 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:55:09.0328 3800 ParVdm - ok
08:55:09.0328 3800 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:55:09.0390 3800 PCI - ok
08:55:09.0406 3800 PCIDump - ok
08:55:09.0406 3800 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:55:09.0484 3800 PCIIde - ok
08:55:09.0500 3800 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:55:09.0578 3800 Pcmcia - ok
08:55:09.0578 3800 PDCOMP - ok
08:55:09.0578 3800 PDFRAME - ok
08:55:09.0593 3800 PDRELI - ok
08:55:09.0593 3800 PDRFRAME - ok
08:55:09.0593 3800 perc2 - ok
08:55:09.0593 3800 perc2hib - ok
08:55:09.0609 3800 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:55:09.0625 3800 PlugPlay - ok
08:55:09.0656 3800 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
08:55:09.0671 3800 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:55:09.0671 3800 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:55:09.0703 3800 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
08:55:09.0718 3800 Point32 - ok
08:55:09.0734 3800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:55:09.0812 3800 PolicyAgent - ok
08:55:09.0843 3800 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:55:09.0921 3800 PptpMiniport - ok
08:55:09.0937 3800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:55:10.0015 3800 ProtectedStorage - ok
08:55:10.0015 3800 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:55:10.0093 3800 PSched - ok
08:55:10.0109 3800 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:55:10.0187 3800 Ptilink - ok
08:55:10.0187 3800 ql1080 - ok
08:55:10.0187 3800 Ql10wnt - ok
08:55:10.0187 3800 ql12160 - ok
08:55:10.0187 3800 ql1240 - ok
08:55:10.0187 3800 ql1280 - ok
08:55:10.0218 3800 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:55:10.0296 3800 RasAcd - ok
08:55:10.0343 3800 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:55:10.0421 3800 RasAuto - ok
08:55:10.0437 3800 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:55:10.0515 3800 Rasl2tp - ok
08:55:10.0562 3800 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:55:10.0640 3800 RasMan - ok
08:55:10.0640 3800 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:55:10.0718 3800 RasPppoe - ok
08:55:10.0718 3800 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:55:10.0828 3800 Raspti - ok
08:55:10.0906 3800 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:55:10.0968 3800 Rdbss - ok
08:55:10.0984 3800 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:55:11.0078 3800 RDPCDD - ok
08:55:11.0093 3800 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:55:11.0171 3800 rdpdr - ok
08:55:11.0203 3800 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:55:11.0250 3800 RDPWD - ok
08:55:11.0281 3800 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:55:11.0359 3800 RDSessMgr - ok
08:55:11.0375 3800 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:55:11.0468 3800 redbook - ok
08:55:11.0484 3800 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:55:11.0578 3800 RemoteAccess - ok
08:55:11.0593 3800 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:55:11.0671 3800 RemoteRegistry - ok
08:55:11.0687 3800 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:55:11.0765 3800 RpcLocator - ok
08:55:11.0796 3800 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
08:55:11.0812 3800 RpcSs - ok
08:55:11.0859 3800 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:55:11.0937 3800 RSVP - ok
08:55:11.0953 3800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:55:12.0031 3800 SamSs - ok
08:55:12.0046 3800 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:55:12.0125 3800 SCardSvr - ok
08:55:12.0171 3800 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:55:12.0265 3800 Schedule - ok
08:55:12.0312 3800 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:55:12.0406 3800 Secdrv - ok
08:55:12.0421 3800 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:55:12.0500 3800 seclogon - ok
08:55:12.0531 3800 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:55:12.0609 3800 SENS - ok
08:55:12.0640 3800 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
08:55:12.0718 3800 Serial - ok
08:55:12.0765 3800 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:55:12.0859 3800 Sfloppy - ok
08:55:12.0890 3800 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:55:12.0906 3800 ShellHWDetection - ok
08:55:12.0906 3800 Simbad - ok
08:55:12.0906 3800 Sparrow - ok
08:55:12.0937 3800 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:55:13.0031 3800 splitter - ok
08:55:13.0062 3800 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:55:13.0093 3800 Spooler - ok
08:55:13.0109 3800 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:55:13.0187 3800 sr - ok
08:55:13.0218 3800 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:55:13.0296 3800 srservice - ok
08:55:13.0312 3800 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:55:13.0328 3800 Srv - ok
08:55:13.0359 3800 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:55:13.0437 3800 SSDPSRV - ok
08:55:13.0468 3800 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
08:55:13.0546 3800 StillCam - ok
08:55:13.0593 3800 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:55:13.0703 3800 stisvc - ok
08:55:13.0718 3800 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:55:13.0796 3800 swenum - ok
08:55:13.0843 3800 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:55:13.0921 3800 swmidi - ok
08:55:13.0921 3800 SwPrv - ok
08:55:13.0921 3800 symc810 - ok
08:55:13.0937 3800 symc8xx - ok
08:55:13.0937 3800 sym_hi - ok
08:55:13.0937 3800 sym_u3 - ok
08:55:13.0953 3800 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:55:14.0062 3800 sysaudio - ok
08:55:14.0093 3800 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:55:14.0171 3800 SysmonLog - ok
08:55:14.0218 3800 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:55:14.0296 3800 TapiSrv - ok
08:55:14.0343 3800 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:55:14.0359 3800 Tcpip - ok
08:55:14.0390 3800 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:55:14.0484 3800 TDPIPE - ok
08:55:14.0500 3800 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:55:14.0578 3800 TDTCP - ok
08:55:14.0593 3800 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:55:14.0671 3800 TermDD - ok
08:55:14.0718 3800 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:55:14.0812 3800 TermService - ok
08:55:14.0843 3800 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:55:14.0859 3800 Themes - ok
08:55:14.0921 3800 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:55:15.0000 3800 TlntSvr - ok
08:55:15.0000 3800 TosIde - ok
08:55:15.0031 3800 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:55:15.0140 3800 TrkWks - ok
08:55:15.0171 3800 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:55:15.0234 3800 Udfs - ok
08:55:15.0234 3800 ultra - ok
08:55:15.0281 3800 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:55:15.0375 3800 Update - ok
08:55:15.0390 3800 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:55:15.0468 3800 upnphost - ok
08:55:15.0484 3800 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:55:15.0562 3800 UPS - ok
08:55:15.0609 3800 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:55:15.0687 3800 usbaudio - ok
08:55:15.0734 3800 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:55:15.0796 3800 usbccgp - ok
08:55:15.0828 3800 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:55:15.0921 3800 usbehci - ok
08:55:15.0921 3800 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:55:16.0015 3800 usbhub - ok
08:55:16.0046 3800 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:55:16.0125 3800 usbohci - ok
08:55:16.0140 3800 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:55:16.0234 3800 usbprint - ok
08:55:16.0250 3800 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:55:16.0328 3800 usbscan - ok
08:55:16.0343 3800 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:55:16.0437 3800 USBSTOR - ok
08:55:16.0468 3800 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:55:16.0546 3800 VgaSave - ok
08:55:16.0546 3800 ViaIde - ok
08:55:16.0578 3800 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:55:16.0671 3800 VolSnap - ok
08:55:16.0718 3800 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:55:16.0796 3800 VSS - ok
08:55:16.0828 3800 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
08:55:16.0906 3800 W32Time - ok
08:55:16.0937 3800 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:55:17.0031 3800 Wanarp - ok
08:55:17.0078 3800 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
08:55:17.0093 3800 Wdf01000 - ok
08:55:17.0109 3800 WDICA - ok
08:55:17.0109 3800 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:55:17.0234 3800 wdmaud - ok
08:55:17.0265 3800 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:55:17.0343 3800 WebClient - ok
08:55:17.0390 3800 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:55:17.0468 3800 winmgmt - ok
08:55:17.0515 3800 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
08:55:17.0625 3800 WinRM - ok
08:55:17.0671 3800 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:55:17.0718 3800 WmdmPmSN - ok
08:55:17.0765 3800 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:55:17.0796 3800 Wmi - ok
08:55:17.0828 3800 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:55:17.0921 3800 WmiApSrv - ok
08:55:18.0031 3800 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:55:18.0125 3800 WMPNetworkSvc - ok
08:55:18.0218 3800 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:55:18.0250 3800 WPFFontCache_v0400 - ok
08:55:18.0296 3800 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:55:18.0328 3800 WudfPf - ok
08:55:18.0343 3800 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:55:18.0375 3800 WudfRd - ok
08:55:18.0390 3800 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:55:18.0406 3800 WudfSvc - ok
08:55:18.0468 3800 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:55:18.0578 3800 WZCSVC - ok
08:55:18.0593 3800 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:55:18.0687 3800 xmlprov - ok
08:55:18.0687 3800 ================ Scan global ===============================
08:55:18.0718 3800 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:55:18.0765 3800 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:55:18.0781 3800 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:55:18.0828 3800 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:55:18.0828 3800 [Global] - ok
08:55:18.0828 3800 ================ Scan MBR ==================================
08:55:18.0859 3800 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:55:19.0125 3800 \Device\Harddisk0\DR0 - ok
08:55:19.0125 3800 ================ Scan VBR ==================================
08:55:19.0125 3800 [ A1610B9047322B322F5D4990716B1322 ] \Device\Harddisk0\DR0\Partition1
08:55:19.0125 3800 \Device\Harddisk0\DR0\Partition1 - ok
08:55:19.0125 3800 ================ Scan active images ========================
08:55:19.0125 3800 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
08:55:19.0125 3800 C:\WINDOWS\system32\drivers\nic1394.sys - ok
08:55:19.0125 3800 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
08:55:19.0125 3800 C:\WINDOWS\system32\drivers\intelppm.sys - ok
08:55:19.0140 3800 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
08:55:19.0140 3800 C:\WINDOWS\system32\drivers\videoprt.sys - ok
08:55:19.0140 3800 [ 7B5A17BD54BB9142843DBE99A1CAAED8 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
08:55:19.0140 3800 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
08:55:19.0140 3800 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
08:55:19.0140 3800 C:\WINDOWS\system32\drivers\cdrom.sys - ok
08:55:19.0140 3800 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
08:55:19.0140 3800 C:\WINDOWS\system32\drivers\fdc.sys - ok
08:55:19.0140 3800 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
08:55:19.0140 3800 C:\WINDOWS\system32\drivers\imapi.sys - ok
08:55:19.0140 3800 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
08:55:19.0140 3800 C:\WINDOWS\system32\drivers\usbehci.sys - ok
08:55:19.0140 3800 [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
08:55:19.0140 3800 C:\WINDOWS\system32\drivers\usbohci.sys - ok
08:55:19.0140 3800 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
08:55:19.0140 3800 C:\WINDOWS\system32\drivers\usbport.sys - ok
08:55:19.0140 3800 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
08:55:19.0140 3800 C:\WINDOWS\system32\drivers\drmk.sys - ok
08:55:19.0156 3800 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
08:55:19.0156 3800 C:\WINDOWS\system32\drivers\ks.sys - ok
08:55:19.0156 3800 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
08:55:19.0156 3800 C:\WINDOWS\system32\drivers\portcls.sys - ok
08:55:19.0156 3800 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
08:55:19.0156 3800 C:\WINDOWS\system32\drivers\redbook.sys - ok
08:55:19.0156 3800 [ 44F60A5E3C3A8A6BBA4C280948EA6095 ] C:\WINDOWS\system32\drivers\ctaud2k.sys
08:55:19.0156 3800 C:\WINDOWS\system32\drivers\ctaud2k.sys - ok
08:55:19.0156 3800 [ AC5BF1A610EFFAAE9CFC48CB53483F08 ] C:\WINDOWS\system32\drivers\ctoss2k.sys
08:55:19.0156 3800 C:\WINDOWS\system32\drivers\ctoss2k.sys - ok
08:55:19.0156 3800 [ F0F19A13C948E5289601E354B08E0941 ] C:\WINDOWS\system32\drivers\ctprxy2k.sys
08:55:19.0156 3800 C:\WINDOWS\system32\drivers\ctprxy2k.sys - ok
08:55:19.0156 3800 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
08:55:19.0156 3800 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
08:55:19.0156 3800 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] C:\WINDOWS\system32\drivers\lmimirr.sys
08:55:19.0156 3800 C:\WINDOWS\system32\drivers\lmimirr.sys - ok
08:55:19.0156 3800 [ 683ED64F70CB63C8EA84657E45A66974 ] C:\WINDOWS\system32\drivers\nvnetbus.sys
08:55:19.0156 3800 C:\WINDOWS\system32\drivers\nvnetbus.sys - ok
08:55:19.0171 3800 [ A9573045BAA16EAB9B1085205B82F1ED ] C:\WINDOWS\system32\drivers\serscan.sys
08:55:19.0171 3800 C:\WINDOWS\system32\drivers\serscan.sys - ok
08:55:19.0171 3800 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
08:55:19.0171 3800 C:\WINDOWS\system32\drivers\audstub.sys - ok
08:55:19.0171 3800 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
08:55:19.0171 3800 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
08:55:19.0171 3800 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
08:55:19.0171 3800 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
08:55:19.0171 3800 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
08:55:19.0171 3800 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
08:55:19.0171 3800 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
08:55:19.0171 3800 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
08:55:19.0171 3800 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
08:55:19.0171 3800 C:\WINDOWS\system32\drivers\tdi.sys - ok
08:55:19.0187 3800 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
08:55:19.0187 3800 C:\WINDOWS\system32\drivers\msgpc.sys - ok
08:55:19.0187 3800 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
08:55:19.0187 3800 C:\WINDOWS\system32\drivers\psched.sys - ok
08:55:19.0187 3800 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
08:55:19.0187 3800 C:\WINDOWS\system32\drivers\ptilink.sys - ok
08:55:19.0187 3800 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
08:55:19.0187 3800 C:\WINDOWS\system32\drivers\raspptp.sys - ok
08:55:19.0187 3800 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
08:55:19.0187 3800 C:\WINDOWS\system32\drivers\raspti.sys - ok
08:55:19.0187 3800 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
08:55:19.0187 3800 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
08:55:19.0187 3800 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
08:55:19.0187 3800 C:\WINDOWS\system32\drivers\mouclass.sys - ok
08:55:19.0187 3800 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
08:55:19.0187 3800 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
08:55:19.0187 3800 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
08:55:19.0187 3800 C:\WINDOWS\system32\drivers\swenum.sys - ok
08:55:19.0203 3800 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
08:55:19.0203 3800 C:\WINDOWS\system32\drivers\termdd.sys - ok
08:55:19.0203 3800 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
08:55:19.0203 3800 C:\WINDOWS\system32\drivers\update.sys - ok
08:55:19.0203 3800 [ 170E7093A77AD586F3A012A3DB651D94 ] C:\WINDOWS\system32\drivers\LGBusEnum.sys
08:55:19.0203 3800 C:\WINDOWS\system32\drivers\LGBusEnum.sys - ok
08:55:19.0203 3800 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
08:55:19.0203 3800 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
08:55:19.0203 3800 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
08:55:19.0203 3800 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
08:55:19.0203 3800 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
08:55:19.0203 3800 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
08:55:19.0203 3800 [ 85F2FFE9AA05487C7E48503B0C336D70 ] C:\WINDOWS\system32\drivers\NVENETFD.sys
08:55:19.0203 3800 C:\WINDOWS\system32\drivers\NVENETFD.sys - ok
08:55:19.0203 3800 [ 8F1BF5D8F9E843F9341FA22E416E15FA ] C:\WINDOWS\system32\drivers\nvnrm.sys
08:55:19.0203 3800 C:\WINDOWS\system32\drivers\nvnrm.sys - ok
08:55:19.0203 3800 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
08:55:19.0203 3800 C:\WINDOWS\system32\drivers\usbd.sys - ok
08:55:19.0218 3800 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
08:55:19.0218 3800 C:\WINDOWS\system32\drivers\usbhub.sys - ok
08:55:19.0218 3800 [ 3FA02C6E3E9EBE8523A2D4E51D0ECE1F ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:55:19.0218 3800 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
08:55:19.0218 3800 [ FB2D6D4D14AE801F5267B0368FC0CB0C ] C:\WINDOWS\system32\drivers\emupia2k.sys
08:55:19.0218 3800 C:\WINDOWS\system32\drivers\emupia2k.sys - ok
08:55:19.0218 3800 [ 7FF1CED1201C169A783B0E81CC561FBA ] C:\WINDOWS\system32\drivers\ha20x2k.sys
08:55:19.0218 3800 C:\WINDOWS\system32\drivers\ha20x2k.sys - ok
08:55:19.0218 3800 [ F2B1D0A3D21BD0D9F46457CBCEC1A0E9 ] C:\WINDOWS\system32\drivers\ctac32k.sys
08:55:19.0218 3800 C:\WINDOWS\system32\drivers\ctac32k.sys - ok
08:55:19.0218 3800 [ C7B2C36A6203A5F3D0A378FD78C5DDD6 ] C:\WINDOWS\system32\drivers\ctsfm2k.sys
08:55:19.0218 3800 C:\WINDOWS\system32\drivers\ctsfm2k.sys - ok
08:55:19.0218 3800 [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA ] C:\WINDOWS\system32\drivers\CTHWIUT.sys
08:55:19.0218 3800 C:\WINDOWS\system32\drivers\CTHWIUT.sys - ok
08:55:19.0218 3800 [ B9106942EB5DD0E034AB40A9D48D056E ] C:\WINDOWS\system32\drivers\CT20XUT.sys
08:55:19.0218 3800 C:\WINDOWS\system32\drivers\CT20XUT.sys - ok
08:55:19.0218 3800 [ 4AE083D16AC9FC9BDF98498F93426226 ] C:\WINDOWS\system32\drivers\CTEXFIFX.sys
08:55:19.0218 3800 C:\WINDOWS\system32\drivers\CTEXFIFX.sys - ok
08:55:19.0234 3800 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
08:55:19.0234 3800 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
08:55:19.0234 3800 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
08:55:19.0234 3800 C:\WINDOWS\system32\drivers\beep.sys - ok
08:55:19.0234 3800 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
08:55:19.0234 3800 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
08:55:19.0234 3800 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
08:55:19.0234 3800 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
08:55:19.0234 3800 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
08:55:19.0234 3800 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
08:55:19.0234 3800 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
08:55:19.0234 3800 C:\WINDOWS\system32\drivers\null.sys - ok
08:55:19.0234 3800 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
08:55:19.0234 3800 C:\WINDOWS\system32\drivers\hidparse.sys - ok
08:55:19.0234 3800 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
08:55:19.0234 3800 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
08:55:19.0234 3800 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
08:55:19.0234 3800 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
08:55:19.0250 3800 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
08:55:19.0250 3800 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
08:55:19.0250 3800 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
08:55:19.0250 3800 C:\WINDOWS\system32\drivers\vga.sys - ok
08:55:19.0250 3800 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
08:55:19.0250 3800 C:\WINDOWS\system32\drivers\ipsec.sys - ok
08:55:19.0250 3800 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
08:55:19.0250 3800 C:\WINDOWS\system32\drivers\msfs.sys - ok
08:55:19.0250 3800 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
08:55:19.0250 3800 C:\WINDOWS\system32\drivers\npfs.sys - ok
08:55:19.0250 3800 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
08:55:19.0250 3800 C:\WINDOWS\system32\drivers\rasacd.sys - ok
08:55:19.0250 3800 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] C:\WINDOWS\system32\drivers\aswTdi.sys
08:55:19.0250 3800 C:\WINDOWS\system32\drivers\aswTdi.sys - ok
08:55:19.0250 3800 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
08:55:19.0250 3800 C:\WINDOWS\system32\drivers\netbt.sys - ok
08:55:19.0250 3800 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
08:55:19.0250 3800 C:\WINDOWS\system32\drivers\tcpip.sys - ok
08:55:19.0265 3800 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
08:55:19.0265 3800 C:\WINDOWS\system32\drivers\afd.sys - ok
08:55:19.0265 3800 [ B7D5E4486BA658ED08624D8084ABB830 ] C:\WINDOWS\system32\drivers\aswRdr.sys
08:55:19.0265 3800 C:\WINDOWS\system32\drivers\aswRdr.sys - ok
08:55:19.0265 3800 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
08:55:19.0265 3800 C:\WINDOWS\system32\drivers\netbios.sys - ok
08:55:19.0265 3800 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
08:55:19.0265 3800 C:\WINDOWS\system32\drivers\rdbss.sys - ok
08:55:19.0265 3800 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
08:55:19.0265 3800 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
08:55:19.0265 3800 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] C:\WINDOWS\system32\drivers\aswSP.sys
08:55:19.0265 3800 C:\WINDOWS\system32\drivers\aswSP.sys - ok
08:55:19.0265 3800 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
08:55:19.0265 3800 C:\WINDOWS\system32\drivers\fips.sys - ok
08:55:19.0265 3800 [ 30E45AF8B4D83176CA850FC9699E860B ] C:\WINDOWS\system32\drivers\aswSnx.sys
08:55:19.0265 3800 C:\WINDOWS\system32\drivers\aswSnx.sys - ok
08:55:19.0265 3800 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] C:\WINDOWS\system32\drivers\aavmker4.sys
08:55:19.0265 3800 C:\WINDOWS\system32\drivers\aavmker4.sys - ok
08:55:19.0281 3800 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
08:55:19.0281 3800 C:\WINDOWS\system32\ntdll.dll - ok
08:55:19.0281 3800 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
08:55:19.0281 3800 C:\WINDOWS\system32\smss.exe - ok
08:55:19.0281 3800 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
08:55:19.0281 3800 C:\WINDOWS\system32\autochk.exe - ok
08:55:19.0281 3800 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
08:55:19.0281 3800 C:\WINDOWS\system32\sfcfiles.dll - ok
08:55:19.0281 3800 [ CA812B19C0E2BC044214AD3F6436E730 ] C:\WINDOWS\system32\drivers\dc3d.sys
08:55:19.0281 3800 C:\WINDOWS\system32\drivers\dc3d.sys - ok
08:55:19.0281 3800 [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
08:55:19.0281 3800 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
08:55:19.0281 3800 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
08:55:19.0281 3800 C:\WINDOWS\system32\drivers\hidclass.sys - ok
08:55:19.0281 3800 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
08:55:19.0281 3800 C:\WINDOWS\system32\drivers\hidusb.sys - ok
08:55:19.0281 3800 [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
08:55:19.0281 3800 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
08:55:19.0296 3800 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
08:55:19.0296 3800 C:\WINDOWS\system32\drivers\mouhid.sys - ok
08:55:19.0296 3800 [ 37BE10FF10A92031FC5A01E8363925CC ] C:\WINDOWS\system32\drivers\nuidfltr.sys
08:55:19.0296 3800 C:\WINDOWS\system32\drivers\nuidfltr.sys - ok
08:55:19.0296 3800 [ 896D916DE06F5502D301E8C4DC442AE8 ] C:\WINDOWS\system32\drivers\point32.sys
08:55:19.0296 3800 C:\WINDOWS\system32\drivers\point32.sys - ok
08:55:19.0296 3800 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] C:\WINDOWS\system32\drivers\udfs.sys
08:55:19.0296 3800 C:\WINDOWS\system32\drivers\udfs.sys - ok
08:55:19.0296 3800 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
08:55:19.0296 3800 C:\WINDOWS\system32\drivers\wanarp.sys - ok
08:55:19.0296 3800 [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
08:55:19.0296 3800 C:\WINDOWS\system32\drivers\arp1394.sys - ok
08:55:19.0296 3800 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
08:55:19.0296 3800 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
08:55:19.0296 3800 [ E65E2353A5D74EA89971CB918EEEB2F6 ] C:\WINDOWS\system32\drivers\diskdump.sys
08:55:19.0296 3800 C:\WINDOWS\system32\drivers\diskdump.sys - ok
08:55:19.0312 3800 [ 619D8943725402D1179941FD58574CC8 ] C:\WINDOWS\system32\drivers\nvgts.sys
08:55:19.0312 3800 C:\WINDOWS\system32\drivers\nvgts.sys - ok
08:55:19.0312 3800 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
08:55:19.0312 3800 C:\WINDOWS\system32\drivers\dxapi.sys - ok
08:55:19.0312 3800 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
08:55:19.0312 3800 C:\WINDOWS\system32\watchdog.sys - ok
08:55:19.0312 3800 [ DD2D2198857A2140EFCE4171CA0635F1 ] C:\WINDOWS\system32\win32k.sys
08:55:19.0312 3800 C:\WINDOWS\system32\win32k.sys - ok
08:55:19.0312 3800 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
08:55:19.0312 3800 C:\WINDOWS\system32\csrss.exe - ok
08:55:19.0312 3800 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:55:19.0312 3800 C:\WINDOWS\system32\basesrv.dll - ok
08:55:19.0312 3800 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
08:55:19.0312 3800 C:\WINDOWS\system32\csrsrv.dll - ok
08:55:19.0312 3800 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:55:19.0312 3800 C:\WINDOWS\system32\winsrv.dll - ok
08:55:19.0312 3800 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
08:55:19.0312 3800 C:\WINDOWS\system32\gdi32.dll - ok
08:55:19.0328 3800 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
08:55:19.0328 3800 C:\WINDOWS\system32\kernel32.dll - ok
08:55:19.0328 3800 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
08:55:19.0328 3800 C:\WINDOWS\system32\user32.dll - ok
08:55:19.0328 3800 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
08:55:19.0328 3800 C:\WINDOWS\system32\drivers\dxg.sys - ok
08:55:19.0328 3800 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
08:55:19.0328 3800 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
08:55:19.0328 3800 [ B3427B458A0AC705FB48A2562F52922A ] C:\WINDOWS\system32\nv4_disp.dll
08:55:19.0328 3800 C:\WINDOWS\system32\nv4_disp.dll - ok
08:55:19.0328 3800 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
08:55:19.0328 3800 C:\WINDOWS\system32\vga.dll - ok
08:55:19.0328 3800 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
08:55:19.0328 3800 C:\WINDOWS\system32\winlogon.exe - ok
08:55:19.0328 3800 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
08:55:19.0328 3800 C:\WINDOWS\system32\advapi32.dll - ok
08:55:19.0328 3800 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
08:55:19.0328 3800 C:\WINDOWS\system32\rpcrt4.dll - ok
08:55:19.0343 3800 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
08:55:19.0343 3800 C:\WINDOWS\system32\secur32.dll - ok
08:55:19.0343 3800 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
08:55:19.0343 3800 C:\WINDOWS\system32\authz.dll - ok
08:55:19.0343 3800 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
08:55:19.0343 3800 C:\WINDOWS\system32\msvcrt.dll - ok
08:55:19.0343 3800 [ A90E118F12D355F9946DFB30A8F94609 ] C:\WINDOWS\system32\crypt32.dll
08:55:19.0343 3800 C:\WINDOWS\system32\crypt32.dll - ok
08:55:19.0343 3800 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
08:55:19.0343 3800 C:\WINDOWS\system32\msasn1.dll - ok
08:55:19.0343 3800 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
08:55:19.0343 3800 C:\WINDOWS\system32\nddeapi.dll - ok
08:55:19.0343 3800 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
08:55:19.0343 3800 C:\WINDOWS\system32\profmap.dll - ok
08:55:19.0343 3800 [ 318230E845919255EF3C5D5E1E863631 ] C:\WINDOWS\system32\netapi32.dll
08:55:19.0343 3800 C:\WINDOWS\system32\netapi32.dll - ok
08:55:19.0343 3800 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
08:55:19.0343 3800 C:\WINDOWS\system32\userenv.dll - ok
08:55:19.0343 3800 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
08:55:19.0343 3800 C:\WINDOWS\system32\psapi.dll - ok
08:55:19.0359 3800 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
08:55:19.0359 3800 C:\WINDOWS\system32\regapi.dll - ok
08:55:19.0359 3800 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
08:55:19.0359 3800 C:\WINDOWS\system32\setupapi.dll - ok
08:55:19.0359 3800 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
08:55:19.0359 3800 C:\WINDOWS\system32\version.dll - ok
08:55:19.0359 3800 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
08:55:19.0359 3800 C:\WINDOWS\system32\winsta.dll - ok
08:55:19.0359 3800 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
08:55:19.0359 3800 C:\WINDOWS\system32\imagehlp.dll - ok
08:55:19.0359 3800 [ 95F5C420E9BDD4C3569602911420A774 ] C:\WINDOWS\system32\wintrust.dll
08:55:19.0359 3800 C:\WINDOWS\system32\wintrust.dll - ok
08:55:19.0359 3800 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
08:55:19.0359 3800 C:\WINDOWS\system32\ws2help.dll - ok
08:55:19.0359 3800 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
08:55:19.0359 3800 C:\WINDOWS\system32\ws2_32.dll - ok
08:55:19.0359 3800 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
08:55:19.0359 3800 C:\WINDOWS\system32\imm32.dll - ok
08:55:19.0375 3800 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
08:55:19.0375 3800 C:\WINDOWS\system32\kbdus.dll - ok
08:55:19.0375 3800 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
08:55:19.0375 3800 C:\WINDOWS\system32\msgina.dll - ok
08:55:19.0375 3800 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
08:55:19.0375 3800 C:\WINDOWS\system32\comctl32.dll - ok
08:55:19.0375 3800 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
08:55:19.0375 3800 C:\WINDOWS\system32\odbc32.dll - ok
08:55:19.0375 3800 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
08:55:19.0375 3800 C:\WINDOWS\system32\comdlg32.dll - ok
08:55:19.0375 3800 [ E86423AA9AA8C382AF02B94A058DC2AA ] C:\WINDOWS\system32\shell32.dll
08:55:19.0375 3800 C:\WINDOWS\system32\shell32.dll - ok
08:55:19.0375 3800 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
08:55:19.0375 3800 C:\WINDOWS\system32\shlwapi.dll - ok
08:55:19.0375 3800 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
08:55:19.0375 3800 C:\WINDOWS\system32\sxs.dll - ok
08:55:19.0375 3800 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
08:55:19.0375 3800 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
08:55:19.0390 3800 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
08:55:19.0390 3800 C:\WINDOWS\system32\odbcint.dll - ok
08:55:19.0390 3800 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
08:55:19.0390 3800 C:\WINDOWS\system32\shsvcs.dll - ok
08:55:19.0390 3800 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
08:55:19.0390 3800 C:\WINDOWS\system32\ole32.dll - ok
08:55:19.0390 3800 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
08:55:19.0390 3800 C:\WINDOWS\system32\sfc.dll - ok
08:55:19.0390 3800 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
08:55:19.0390 3800 C:\WINDOWS\system32\sfc_os.dll - ok
08:55:19.0390 3800 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
08:55:19.0390 3800 C:\WINDOWS\system32\apphelp.dll - ok
08:55:19.0390 3800 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
08:55:19.0390 3800 C:\WINDOWS\system32\lsass.exe - ok
08:55:19.0390 3800 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:55:19.0390 3800 C:\WINDOWS\system32\services.exe - ok
08:55:19.0390 3800 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
08:55:19.0390 3800 C:\WINDOWS\system32\lsasrv.dll - ok
08:55:19.0406 3800 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
08:55:19.0406 3800 C:\WINDOWS\system32\ncobjapi.dll - ok
08:55:19.0406 3800 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
08:55:19.0406 3800 C:\WINDOWS\system32\msvcp60.dll - ok
08:55:19.0406 3800 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
08:55:19.0406 3800 C:\WINDOWS\system32\scesrv.dll - ok
08:55:19.0406 3800 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
08:55:19.0406 3800 C:\WINDOWS\system32\mpr.dll - ok
08:55:19.0406 3800 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
08:55:19.0406 3800 C:\WINDOWS\system32\ntdsapi.dll - ok
08:55:19.0406 3800 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
08:55:19.0406 3800 C:\WINDOWS\system32\dnsapi.dll - ok
08:55:19.0406 3800 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
08:55:19.0406 3800 C:\WINDOWS\system32\umpnpmgr.dll - ok
08:55:19.0406 3800 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
08:55:19.0406 3800 C:\WINDOWS\system32\wldap32.dll - ok
08:55:19.0406 3800 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
08:55:19.0406 3800 C:\WINDOWS\system32\samlib.dll - ok
08:55:19.0421 3800 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
08:55:19.0421 3800 C:\WINDOWS\system32\shimeng.dll - ok
08:55:19.0421 3800 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
08:55:19.0421 3800 C:\WINDOWS\AppPatch\acadproc.dll - ok
08:55:19.0421 3800 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
08:55:19.0421 3800 C:\WINDOWS\system32\samsrv.dll - ok
08:55:19.0421 3800 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
08:55:19.0421 3800 C:\WINDOWS\AppPatch\acgenral.dll - ok
08:55:19.0421 3800 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
08:55:19.0421 3800 C:\WINDOWS\system32\cryptdll.dll - ok
08:55:19.0421 3800 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
08:55:19.0421 3800 C:\WINDOWS\system32\oleaut32.dll - ok
08:55:19.0421 3800 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
08:55:19.0421 3800 C:\WINDOWS\system32\winmm.dll - ok
08:55:19.0421 3800 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
08:55:19.0421 3800 C:\WINDOWS\system32\msacm32.dll - ok
08:55:19.0421 3800 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
08:55:19.0421 3800 C:\WINDOWS\system32\uxtheme.dll - ok
08:55:19.0437 3800 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
08:55:19.0437 3800 C:\WINDOWS\system32\msapsspc.dll - ok
08:55:19.0437 3800 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
08:55:19.0437 3800 C:\WINDOWS\system32\msvcrt40.dll - ok
08:55:19.0437 3800 [ A645A78FCDABAD67067324D7E6CD9F79 ] C:\WINDOWS\system32\schannel.dll
08:55:19.0437 3800 C:\WINDOWS\system32\schannel.dll - ok
08:55:19.0437 3800 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
08:55:19.0437 3800 C:\WINDOWS\system32\digest.dll - ok
08:55:19.0437 3800 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
08:55:19.0437 3800 C:\WINDOWS\system32\msnsspc.dll - ok
08:55:19.0437 3800 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
08:55:19.0437 3800 C:\WINDOWS\system32\kerberos.dll - ok
08:55:19.0437 3800 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
08:55:19.0437 3800 C:\WINDOWS\system32\msctfime.ime - ok
08:55:19.0437 3800 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
08:55:19.0437 3800 C:\WINDOWS\system32\msprivs.dll - ok
08:55:19.0437 3800 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
08:55:19.0437 3800 C:\WINDOWS\system32\atmfd.dll - ok
08:55:19.0453 3800 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
08:55:19.0453 3800 C:\WINDOWS\system32\msv1_0.dll - ok
08:55:19.0453 3800 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
08:55:19.0453 3800 C:\WINDOWS\system32\iphlpapi.dll - ok
08:55:19.0453 3800 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
08:55:19.0453 3800 C:\WINDOWS\system32\netlogon.dll - ok
08:55:19.0453 3800 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
08:55:19.0453 3800 C:\WINDOWS\system32\w32time.dll - ok
08:55:19.0453 3800 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
08:55:19.0453 3800 C:\WINDOWS\system32\wdigest.dll - ok
08:55:19.0453 3800 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
08:55:19.0453 3800 C:\WINDOWS\system32\rsaenh.dll - ok
08:55:19.0453 3800 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
08:55:19.0453 3800 C:\WINDOWS\system32\winscard.dll - ok
08:55:19.0453 3800 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
08:55:19.0453 3800 C:\WINDOWS\system32\wtsapi32.dll - ok
08:55:19.0453 3800 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
08:55:19.0453 3800 C:\WINDOWS\system32\scecli.dll - ok
08:55:19.0468 3800 [ F5DC168BF77572D51BE28BA261B30CB4 ] C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:55:19.0468 3800 C:\WINDOWS\system32\drivers\aswFsBlk.sys - ok
08:55:19.0468 3800 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
08:55:19.0468 3800 C:\WINDOWS\system32\svchost.exe - ok
08:55:19.0468 3800 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
08:55:19.0468 3800 C:\WINDOWS\system32\ntmarta.dll - ok
08:55:19.0468 3800 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
08:55:19.0468 3800 C:\WINDOWS\system32\rpcss.dll - ok
08:55:19.0468 3800 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
08:55:19.0468 3800 C:\WINDOWS\system32\xpsp2res.dll - ok
08:55:19.0468 3800 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
08:55:19.0468 3800 C:\WINDOWS\system32\eventlog.dll - ok
08:55:19.0468 3800 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
08:55:19.0468 3800 C:\WINDOWS\system32\mswsock.dll - ok
08:55:19.0468 3800 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
08:55:19.0468 3800 C:\WINDOWS\system32\hnetcfg.dll - ok
08:55:19.0468 3800 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
08:55:19.0468 3800 C:\WINDOWS\system32\wshtcpip.dll - ok
08:55:19.0484 3800 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
08:55:19.0484 3800 C:\WINDOWS\system32\rasadhlp.dll - ok
08:55:19.0484 3800 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
08:55:19.0484 3800 C:\WINDOWS\system32\winrnr.dll - ok
08:55:19.0484 3800 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
08:55:19.0484 3800 C:\WINDOWS\system32\dhcpcsvc.dll - ok
08:55:19.0484 3800 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
08:55:19.0484 3800 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
08:55:19.0484 3800 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
08:55:19.0484 3800 C:\WINDOWS\system32\dnsrslvr.dll - ok
08:55:19.0484 3800 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
08:55:19.0484 3800 C:\WINDOWS\system32\lmhsvc.dll - ok
08:55:19.0484 3800 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
08:55:19.0484 3800 C:\WINDOWS\system32\wzcsvc.dll - ok
08:55:19.0484 3800 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
08:55:19.0484 3800 C:\WINDOWS\system32\atl.dll - ok
08:55:19.0484 3800 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
08:55:19.0484 3800 C:\WINDOWS\system32\eapolqec.dll - ok
08:55:19.0500 3800 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
08:55:19.0500 3800 C:\WINDOWS\system32\rtutils.dll - ok
08:55:19.0500 3800 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
08:55:19.0500 3800 C:\WINDOWS\system32\wmi.dll - ok
08:55:19.0500 3800 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
08:55:19.0500 3800 C:\WINDOWS\system32\dot3api.dll - ok
08:55:19.0500 3800 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
08:55:19.0500 3800 C:\WINDOWS\system32\esent.dll - ok
08:55:19.0500 3800 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
08:55:19.0500 3800 C:\WINDOWS\system32\qutil.dll - ok
08:55:19.0500 3800 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
08:55:19.0500 3800 C:\WINDOWS\system32\clbcatq.dll - ok
08:55:19.0500 3800 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
08:55:19.0500 3800 C:\WINDOWS\system32\comres.dll - ok
08:55:19.0500 3800 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
08:55:19.0500 3800 C:\WINDOWS\system32\cscdll.dll - ok
08:55:19.0500 3800 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] C:\WINDOWS\system32\drivers\aswmon2.sys
08:55:19.0500 3800 C:\WINDOWS\system32\drivers\aswmon2.sys - ok
08:55:19.0500 3800 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
08:55:19.0500 3800 C:\WINDOWS\system32\rastls.dll - ok
08:55:19.0515 3800 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
08:55:19.0515 3800 C:\WINDOWS\system32\dimsntfy.dll - ok
08:55:19.0515 3800 [ FBD81418203548E5ACC79423CC7189AF ] C:\WINDOWS\system32\LMIinit.dll
08:55:19.0515 3800 C:\WINDOWS\system32\LMIinit.dll - ok
08:55:19.0515 3800 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
08:55:19.0515 3800 C:\WINDOWS\system32\cryptui.dll - ok
08:55:19.0515 3800 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
08:55:19.0515 3800 C:\WINDOWS\system32\wlnotify.dll - ok
08:55:19.0515 3800 [ 009E7B4C284F080608D7286484015EE5 ] C:\WINDOWS\system32\wininet.dll
08:55:19.0515 3800 C:\WINDOWS\system32\wininet.dll - ok
08:55:19.0515 3800 [ 04AC21E821F259845BD7367CEE057290 ] C:\Avast AntiVirus\AvastSvc.exe
08:55:19.0515 3800 C:\Avast AntiVirus\AvastSvc.exe - ok
08:55:19.0515 3800 [ 46856447F0EBF2F7B2473660B056B419 ] C:\Avast AntiVirus\aswCmnBS.dll
08:55:19.0515 3800 C:\Avast AntiVirus\aswCmnBS.dll - ok
08:55:19.0515 3800 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
08:55:19.0515 3800 C:\WINDOWS\system32\winspool.drv - ok
08:55:19.0531 3800 [ 3C1EE2FFFCBEF877934EFDF3A5C3BCB1 ] C:\Avast AntiVirus\aswCmnOS.dll
08:55:19.0531 3800 C:\Avast AntiVirus\aswCmnOS.dll - ok
08:55:19.0531 3800 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
08:55:19.0531 3800 C:\WINDOWS\system32\normaliz.dll - ok
08:55:19.0531 3800 [ 22C7E8410FC990759533E70B5250CB24 ] C:\WINDOWS\system32\urlmon.dll
08:55:19.0531 3800 C:\WINDOWS\system32\urlmon.dll - ok
08:55:19.0531 3800 [ 061E11A56CDCAB73188E216280C05D66 ] C:\Avast AntiVirus\aswCmnIS.dll
08:55:19.0531 3800 C:\Avast AntiVirus\aswCmnIS.dll - ok
08:55:19.0531 3800 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
08:55:19.0531 3800 C:\WINDOWS\system32\WgaLogon.dll - ok
08:55:19.0531 3800 [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
08:55:19.0531 3800 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll - ok
08:55:19.0531 3800 [ 0AD792A78419867BF5D750853D80FA11 ] C:\WINDOWS\system32\msxml3.dll
08:55:19.0531 3800 C:\WINDOWS\system32\msxml3.dll - ok
08:55:19.0531 3800 [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
08:55:19.0531 3800 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll - ok
08:55:19.0531 3800 [ D5F7CEB91FA9D4D364DD522988DAC618 ] C:\WINDOWS\system32\iertutil.dll
08:55:19.0531 3800 C:\WINDOWS\system32\iertutil.dll - ok
08:55:19.0531 3800 [ 1D716EB7BCC07F5B1EF442B13A5FDDFE ] C:\Avast AntiVirus\ashBase.dll
08:55:19.0531 3800 C:\Avast AntiVirus\ashBase.dll - ok
08:55:19.0546 3800 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
08:55:19.0546 3800 C:\WINDOWS\system32\wsock32.dll - ok
08:55:19.0546 3800 [ 42A6DC8B861EF5BD6AF8DC2CBD7DF321 ] C:\Avast AntiVirus\aswEngLdr.dll
08:55:19.0546 3800 C:\Avast AntiVirus\aswEngLdr.dll - ok
08:55:19.0546 3800 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
08:55:19.0546 3800 C:\WINDOWS\system32\mprapi.dll - ok
08:55:19.0546 3800 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
08:55:19.0546 3800 C:\WINDOWS\system32\activeds.dll - ok
08:55:19.0546 3800 [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe
08:55:19.0546 3800 C:\WINDOWS\system32\mpnotify.exe - ok
08:55:19.0546 3800 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
08:55:19.0546 3800 C:\WINDOWS\system32\dbghelp.dll - ok
08:55:19.0546 3800 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
08:55:19.0546 3800 C:\WINDOWS\system32\adsldpc.dll - ok
08:55:19.0546 3800 [ 35182A8E54FC0A1E73B9C031D7F9A137 ] C:\WINDOWS\system32\LMIRfsClientNP.dll
08:55:19.0546 3800 C:\WINDOWS\system32\LMIRfsClientNP.dll - ok
08:55:19.0546 3800 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
08:55:19.0546 3800 C:\WINDOWS\system32\rasapi32.dll - ok
08:55:19.0562 3800 [ 4CC47E4FEA86625FD5419D864E6A16D1 ] C:\Avast AntiVirus\1033\Base.dll
08:55:19.0562 3800 C:\Avast AntiVirus\1033\Base.dll - ok
08:55:19.0562 3800 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
08:55:19.0562 3800 C:\WINDOWS\system32\rasman.dll - ok
08:55:19.0562 3800 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
08:55:19.0562 3800 C:\WINDOWS\system32\tapi32.dll - ok
08:55:19.0562 3800 [ 7E118D66ECACCF3299F732ED0F3CE467 ] C:\Avast AntiVirus\ashServ.dll
08:55:19.0562 3800 C:\Avast AntiVirus\ashServ.dll - ok
08:55:19.0562 3800 [ 3C1513365EFF8D185C5BB2BDEBBE5D3A ] C:\Avast AntiVirus\aswAux.dll
08:55:19.0562 3800 C:\Avast AntiVirus\aswAux.dll - ok
08:55:19.0562 3800 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
08:55:19.0562 3800 C:\WINDOWS\system32\riched20.dll - ok
08:55:19.0562 3800 [ DEA2847BFCD2BCCE777C27DB47A69EB8 ] C:\Avast AntiVirus\ashTask.dll
08:55:19.0562 3800 C:\Avast AntiVirus\ashTask.dll - ok
08:55:19.0562 3800 [ 2566C94919F8F46215E38F3357011EBF ] C:\Avast AntiVirus\ashTaskEx.dll
08:55:19.0562 3800 C:\Avast AntiVirus\ashTaskEx.dll - ok
08:55:19.0562 3800 [ 3079F9345ED39D0E9DA1D5E8CC407235 ] C:\Avast AntiVirus\aswLog.dll
08:55:19.0562 3800 C:\Avast AntiVirus\aswLog.dll - ok
08:55:19.0578 3800 [ 1D445E0FD43BE0F81C07DFFBF6AB92EC ] C:\Avast AntiVirus\aswSqLt.dll
08:55:19.0578 3800 C:\Avast AntiVirus\aswSqLt.dll - ok
08:55:19.0578 3800 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
08:55:19.0578 3800 C:\WINDOWS\system32\cscui.dll - ok
08:55:19.0578 3800 [ 662E62F776A508CA4C997F7DA8007769 ] C:\Avast AntiVirus\aswProperty.dll
08:55:19.0578 3800 C:\Avast AntiVirus\aswProperty.dll - ok
08:55:19.0578 3800 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
08:55:19.0578 3800 C:\WINDOWS\system32\raschap.dll - ok
08:55:19.0578 3800 [ 3A2CF698443EAD2C14CF528B4F2A51A0 ] C:\Avast AntiVirus\Aavm4h.dll
08:55:19.0578 3800 C:\Avast AntiVirus\Aavm4h.dll - ok
08:55:19.0578 3800 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
08:55:19.0578 3800 C:\WINDOWS\system32\netman.dll - ok
08:55:19.0578 3800 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
08:55:19.0578 3800 C:\WINDOWS\system32\powrprof.dll - ok
08:55:19.0578 3800 [ C5DBD35CF4EB0CB8E72A7B6DA2EDEA51 ] C:\Avast AntiVirus\AavmRpch.dll
08:55:19.0578 3800 C:\Avast AntiVirus\AavmRpch.dll - ok
08:55:19.0578 3800 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
08:55:19.0578 3800 C:\WINDOWS\system32\dpcdll.dll - ok
08:55:19.0593 3800 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
08:55:19.0593 3800 C:\WINDOWS\system32\netshell.dll - ok
08:55:19.0593 3800 [ 0F84219E9FC89D4FEC963F78E4983E0B ] C:\Avast AntiVirus\aswDld.dll
08:55:19.0593 3800 C:\Avast AntiVirus\aswDld.dll - ok
08:55:19.0593 3800 [ 35BD2AABE21E86D760D4FB93225D8BB4 ] C:\Avast AntiVirus\aswIdle.dll
08:55:19.0593 3800 C:\Avast AntiVirus\aswIdle.dll - ok
08:55:19.0593 3800 [ 3B3AD17FAAA838CC0368F0947B5D43DB ] C:\Avast AntiVirus\aswStrm.dll
08:55:19.0593 3800 C:\Avast AntiVirus\aswStrm.dll - ok
08:55:19.0593 3800 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
08:55:19.0593 3800 C:\WINDOWS\system32\credui.dll - ok
08:55:19.0593 3800 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
08:55:19.0593 3800 C:\WINDOWS\system32\userinit.exe - ok
08:55:19.0593 3800 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
08:55:19.0593 3800 C:\WINDOWS\system32\dot3dlg.dll - ok
08:55:19.0593 3800 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
08:55:19.0593 3800 C:\WINDOWS\explorer.exe - ok
08:55:19.0593 3800 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
08:55:19.0593 3800 C:\WINDOWS\system32\onex.dll - ok
08:55:19.0609 3800 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
08:55:19.0609 3800 C:\WINDOWS\system32\WgaTray.exe - ok
08:55:19.0609 3800 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
08:55:19.0609 3800 C:\WINDOWS\system32\eappcfg.dll - ok
08:55:19.0609 3800 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
08:55:19.0609 3800 C:\WINDOWS\system32\eappprxy.dll - ok
08:55:19.0609 3800 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
08:55:19.0609 3800 C:\WINDOWS\system32\wzcsapi.dll - ok
08:55:19.0609 3800 [ 13A6FDC857280D2FEC165F4689AA6857 ] C:\WINDOWS\system32\browseui.dll
08:55:19.0609 3800 C:\WINDOWS\system32\browseui.dll - ok
08:55:19.0609 3800 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
08:55:19.0609 3800 C:\WINDOWS\system32\schedsvc.dll - ok
08:55:19.0609 3800 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
08:55:19.0609 3800 C:\WINDOWS\system32\msidle.dll - ok
08:55:19.0609 3800 [ 5D9CBC9997994C1A9AD07EEED3E9342B ] C:\WINDOWS\system32\shdocvw.dll
08:55:19.0609 3800 C:\WINDOWS\system32\shdocvw.dll - ok
08:55:19.0609 3800 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
08:55:19.0609 3800 C:\WINDOWS\system32\spoolsv.exe - ok
08:55:19.0625 3800 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
08:55:19.0625 3800 C:\WINDOWS\system32\audiosrv.dll - ok
08:55:19.0625 3800 [ 07BA6D17E66879018B30B6C3F976EBED ] C:\Program Files\Creative\Shared Files\CTAudSvc.exe
08:55:19.0625 3800 C:\Program Files\Creative\Shared Files\CTAudSvc.exe - ok
08:55:19.0625 3800 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
08:55:19.0625 3800 C:\WINDOWS\system32\cryptnet.dll - ok
08:55:19.0625 3800 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
08:55:19.0625 3800 C:\WINDOWS\system32\dsound.dll - ok
08:55:19.0625 3800 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
08:55:19.0625 3800 C:\WINDOWS\system32\sensapi.dll - ok
08:55:19.0625 3800 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
08:55:19.0625 3800 C:\WINDOWS\system32\winhttp.dll - ok
08:55:19.0625 3800 [ 415BC86420772D887186BC3ADD58DE28 ] C:\Avast AntiVirus\defs\12090900\aswEngin.dll
08:55:19.0625 3800 C:\Avast AntiVirus\defs\12090900\aswEngin.dll - ok
08:55:19.0625 3800 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
08:55:19.0625 3800 C:\WINDOWS\system32\oleacc.dll - ok
08:55:19.0625 3800 [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
08:55:19.0625 3800 C:\WINDOWS\system32\LegitCheckControl.dll - ok
08:55:19.0625 3800 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
08:55:19.0625 3800 C:\WINDOWS\system32\wkssvc.dll - ok
08:55:19.0640 3800 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
08:55:19.0640 3800 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
08:55:19.0640 3800 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
08:55:19.0640 3800 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
08:55:19.0640 3800 [ C98FAC19A0FFA2A65F2BD73FA2D9D693 ] C:\Avast AntiVirus\ashShell.dll
08:55:19.0640 3800 C:\Avast AntiVirus\ashShell.dll - ok
08:55:19.0640 3800 [ 8C22083ED515DC94D575438662F0BE6A ] C:\WINDOWS\system32\msi.dll
08:55:19.0640 3800 C:\WINDOWS\system32\msi.dll - ok
08:55:19.0640 3800 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
08:55:19.0640 3800 C:\WINDOWS\system32\wdmaud.drv - ok
08:55:19.0640 3800 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
08:55:19.0640 3800 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
08:55:19.0640 3800 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
08:55:19.0640 3800 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
08:55:19.0640 3800 [ B174DE0DE6C9AA8AFFD3B926653E625F ] C:\Avast AntiVirus\AvastEmUpdate.exe
08:55:19.0640 3800 C:\Avast AntiVirus\AvastEmUpdate.exe - ok
08:55:19.0640 3800 [ 9B1B3C9FC4011CB5A6C6423ABEEB3793 ] C:\Avast AntiVirus\Setup\setiface.dll
08:55:19.0640 3800 C:\Avast AntiVirus\Setup\setiface.dll - ok
08:55:19.0656 3800 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
08:55:19.0656 3800 C:\WINDOWS\system32\drivers\splitter.sys - ok
08:55:19.0656 3800 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
08:55:19.0656 3800 C:\WINDOWS\system32\drivers\aec.sys - ok
08:55:19.0656 3800 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
08:55:19.0656 3800 C:\WINDOWS\system32\drivers\swmidi.sys - ok
08:55:19.0656 3800 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
08:55:19.0656 3800 C:\WINDOWS\system32\drivers\dmusic.sys - ok
08:55:19.0656 3800 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
08:55:19.0656 3800 C:\WINDOWS\system32\drivers\kmixer.sys - ok
08:55:19.0656 3800 [ C1374A6B8C2F16B72A6F7C34111DB904 ] C:\Avast AntiVirus\defs\12090900\aswCmnOS.dll
08:55:19.0656 3800 C:\Avast AntiVirus\defs\12090900\aswCmnOS.dll - ok
08:55:19.0656 3800 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
08:55:19.0656 3800 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
08:55:19.0656 3800 [ 2935740E9E6B71C6D28CDA78E2ECDABD ] C:\Avast AntiVirus\defs\12090900\aswCmnIS.dll
08:55:19.0656 3800 C:\Avast AntiVirus\defs\12090900\aswCmnIS.dll - ok
08:55:19.0656 3800 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
08:55:19.0656 3800 C:\WINDOWS\system32\msacm32.drv - ok
08:55:19.0671 3800 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
08:55:19.0671 3800 C:\WINDOWS\system32\midimap.dll - ok
08:55:19.0671 3800 [ BAA6A071C57F9F2451C6F078781750FC ] C:\Avast AntiVirus\defs\12090900\aswCmnBS.dll
08:55:19.0671 3800 C:\Avast AntiVirus\defs\12090900\aswCmnBS.dll - ok
08:55:19.0671 3800 [ 2B612ED9A81D28636CF0E2461252DCED ] C:\Avast AntiVirus\defs\12090900\aswScan.dll
08:55:19.0671 3800 C:\Avast AntiVirus\defs\12090900\aswScan.dll - ok
08:55:19.0671 3800 [ E2D37F405E21BE2534FF4A84F5032ECA ] C:\Avast AntiVirus\defs\12090900\aswRep.dll
08:55:19.0671 3800 C:\Avast AntiVirus\defs\12090900\aswRep.dll - ok
08:55:19.0671 3800 [ ACEADB9CE3FD47F59B2CAED6619A9A6F ] C:\Avast AntiVirus\defs\12090900\aswFiDb.dll
08:55:19.0671 3800 C:\Avast AntiVirus\defs\12090900\aswFiDb.dll - ok
08:55:19.0671 3800 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
08:55:19.0671 3800 C:\WINDOWS\system32\desk.cpl - ok
08:55:19.0671 3800 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
08:55:19.0671 3800 C:\WINDOWS\system32\themeui.dll - ok
08:55:19.0671 3800 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
08:55:19.0671 3800 C:\WINDOWS\system32\msimg32.dll - ok
08:55:19.0687 3800 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
08:55:19.0687 3800 C:\WINDOWS\system32\actxprxy.dll - ok
08:55:19.0687 3800 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
08:55:19.0687 3800 C:\WINDOWS\system32\cmd.exe - ok
08:55:19.0687 3800 [ 119224478F77BEBDC36368E346D39B0C ] C:\WINDOWS\system32\ieframe.dll
08:55:19.0687 3800 C:\WINDOWS\system32\ieframe.dll - ok
08:55:19.0687 3800 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
08:55:19.0687 3800 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
08:55:19.0687 3800 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
08:55:19.0687 3800 C:\WINDOWS\system32\webclnt.dll - ok
08:55:19.0687 3800 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
08:55:19.0687 3800 C:\WINDOWS\system32\drivers\parport.sys - ok
08:55:19.0687 3800 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
08:55:19.0687 3800 C:\WINDOWS\system32\drivers\serial.sys - ok
08:55:19.0687 3800 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:55:19.0687 3800 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
08:55:19.0687 3800 [ 3C4B9850A2631C2263507400D029057B ] C:\WINDOWS\system32\drivers\atksgt.sys
08:55:19.0687 3800 C:\WINDOWS\system32\drivers\atksgt.sys - ok
08:55:19.0687 3800 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
08:55:19.0687 3800 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
08:55:19.0703 3800 [ 128DD9AF8640DBCC711940903C8B554F ] C:\WINDOWS\system32\mscoree.dll
08:55:19.0703 3800 C:\WINDOWS\system32\mscoree.dll - ok
08:55:19.0703 3800 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
08:55:19.0703 3800 C:\WINDOWS\system32\cryptsvc.dll - ok
08:55:19.0703 3800 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
08:55:19.0703 3800 C:\WINDOWS\system32\certcli.dll - ok
08:55:19.0703 3800 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
08:55:19.0703 3800 C:\WINDOWS\system32\dmserver.dll - ok
08:55:19.0703 3800 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
08:55:19.0703 3800 C:\WINDOWS\system32\es.dll - ok
08:55:19.0703 3800 [ 56FC98F1014EA8DC51B92839C32759EC ] C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
08:55:19.0703 3800 C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL - ok
08:55:19.0703 3800 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
08:55:19.0703 3800 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
08:55:19.0703 3800 [ 4127E8B6DDB4090E815C1F8852C277D3 ] C:\WINDOWS\system32\drivers\lirsgt.sys
08:55:19.0703 3800 C:\WINDOWS\system32\drivers\lirsgt.sys - ok
08:55:19.0703 3800 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
08:55:19.0703 3800 C:\WINDOWS\system32\hidserv.dll - ok
08:55:19.0718 3800 [ 3FAA563DDF853320F90259D455A01D79 ] C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
08:55:19.0718 3800 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys - ok
08:55:19.0718 3800 [ 69C503C004F49AEE8B8E3067CC047BA7 ] C:\WINDOWS\system32\HPZinw12.dll
08:55:19.0718 3800 C:\WINDOWS\system32\HPZinw12.dll - ok
08:55:19.0718 3800 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
08:55:19.0718 3800 C:\WINDOWS\system32\hid.dll - ok
08:55:19.0718 3800 [ 5150B108EA88831E1C599603D8B89621 ] C:\WINDOWS\system32\nvsvc32.exe
08:55:19.0718 3800 C:\WINDOWS\system32\nvsvc32.exe - ok
08:55:19.0718 3800 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
08:55:19.0718 3800 C:\WINDOWS\system32\srvsvc.dll - ok
08:55:19.0718 3800 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
08:55:19.0718 3800 C:\WINDOWS\system32\netmsg.dll - ok
08:55:19.0718 3800 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
08:55:19.0718 3800 C:\WINDOWS\system32\spoolss.dll - ok
08:55:19.0718 3800 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
08:55:19.0718 3800 C:\WINDOWS\system32\drivers\srv.sys - ok
08:55:19.0718 3800 [ 12B4549D515CB26BB8D375038017CA65 ] C:\WINDOWS\system32\HPZipm12.dll
08:55:19.0718 3800 C:\WINDOWS\system32\HPZipm12.dll - ok
08:55:19.0734 3800 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
08:55:19.0734 3800 C:\WINDOWS\system32\ipsecsvc.dll - ok
08:55:19.0734 3800 [ AA897735D5AB916297A6823A9B2D61B1 ] C:\WINDOWS\system32\localspl.dll
08:55:19.0734 3800 C:\WINDOWS\system32\localspl.dll - ok
08:55:19.0734 3800 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
08:55:19.0734 3800 C:\WINDOWS\system32\oakley.dll - ok
08:55:19.0734 3800 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
08:55:19.0734 3800 C:\WINDOWS\system32\sens.dll - ok
08:55:19.0734 3800 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
08:55:19.0734 3800 C:\WINDOWS\system32\wiaservc.dll - ok
08:55:19.0734 3800 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
08:55:19.0734 3800 C:\WINDOWS\system32\srsvc.dll - ok
08:55:19.0734 3800 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
08:55:19.0734 3800 C:\WINDOWS\system32\cnbjmon.dll - ok
08:55:19.0734 3800 [ 2B382D3C2728612DA5F1A276A22ADB39 ] C:\WINDOWS\system32\LMIport.dll
08:55:19.0734 3800 C:\WINDOWS\system32\LMIport.dll - ok
08:55:19.0750 3800 [ 15A9294B81D0FF0E4AC75276C13FD04B ] C:\WINDOWS\system32\mdimon.dll
08:55:19.0750 3800 C:\WINDOWS\system32\mdimon.dll - ok
08:55:19.0750 3800 [ 8AB1CF6FACFEC31E869B16E15C01ADB1 ] C:\WINDOWS\system32\hpz3l58a.dll
08:55:19.0750 3800 C:\WINDOWS\system32\hpz3l58a.dll - ok
08:55:19.0750 3800 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
08:55:19.0750 3800 C:\WINDOWS\system32\winipsec.dll - ok
08:55:19.0750 3800 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
08:55:19.0750 3800 C:\WINDOWS\system32\cfgmgr32.dll - ok
08:55:19.0750 3800 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
08:55:19.0750 3800 C:\WINDOWS\system32\trkwks.dll - ok
08:55:19.0750 3800 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
08:55:19.0750 3800 C:\WINDOWS\system32\mscms.dll - ok
08:55:19.0750 3800 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
08:55:19.0750 3800 C:\WINDOWS\system32\pjlmon.dll - ok
08:55:19.0750 3800 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
08:55:19.0750 3800 C:\WINDOWS\system32\pstorsvc.dll - ok
08:55:19.0750 3800 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
08:55:19.0750 3800 C:\WINDOWS\system32\tcpmon.dll - ok
08:55:19.0750 3800 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
08:55:19.0750 3800 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
08:55:19.0765 3800 [ 8357809E111E09393633039769D96281 ] C:\WINDOWS\system32\tcpmib.dll
08:55:19.0765 3800 C:\WINDOWS\system32\tcpmib.dll - ok
08:55:19.0765 3800 [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll
08:55:19.0765 3800 C:\WINDOWS\system32\mgmtapi.dll - ok
08:55:19.0765 3800 [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
08:55:19.0765 3800 C:\WINDOWS\system32\snmpapi.dll - ok
08:55:19.0765 3800 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
08:55:19.0765 3800 C:\WINDOWS\system32\vssapi.dll - ok
08:55:19.0765 3800 [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll
08:55:19.0765 3800 C:\WINDOWS\system32\wsnmp32.dll - ok
08:55:19.0765 3800 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
08:55:19.0765 3800 C:\WINDOWS\system32\usbmon.dll - ok
08:55:19.0765 3800 [ 253FC59ADE0525A9FD42070B309EC235 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp58a.dll
08:55:19.0765 3800 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp58a.dll - ok
08:55:19.0765 3800 [ A06CE3399D16DB864F55FAEB1F1927A9 ] C:\WINDOWS\system32\browser.dll
08:55:19.0765 3800 C:\WINDOWS\system32\browser.dll - ok
08:55:19.0781 3800 [ 0135A85A2C94AF101608383C3C79FD46 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
08:55:19.0781 3800 C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll - ok
08:55:19.0781 3800 [ 063457262374B224226710D8DB74C37C ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
08:55:19.0781 3800 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
08:55:19.0781 3800 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
08:55:19.0781 3800 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
08:55:19.0781 3800 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
08:55:19.0781 3800 C:\WINDOWS\system32\win32spl.dll - ok
08:55:19.0781 3800 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
08:55:19.0781 3800 C:\WINDOWS\system32\netrap.dll - ok
08:55:19.0781 3800 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
08:55:19.0781 3800 C:\WINDOWS\system32\inetpp.dll - ok
08:55:19.0781 3800 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
08:55:19.0781 3800 C:\WINDOWS\system32\psbase.dll - ok
08:55:19.0781 3800 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
08:55:19.0781 3800 C:\WINDOWS\system32\comsvcs.dll - ok
08:55:19.0781 3800 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
08:55:19.0781 3800 C:\WINDOWS\system32\dssenh.dll - ok
08:55:19.0796 3800 [ F00AA02110EDBCC52A3303E0EDC0147C ] C:\WINDOWS\system32\hpwwiax2.dll
08:55:19.0796 3800 C:\WINDOWS\system32\hpwwiax2.dll - ok
08:55:19.0796 3800 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
08:55:19.0796 3800 C:\WINDOWS\system32\colbact.dll - ok
08:55:19.0796 3800 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
08:55:19.0796 3800 C:\WINDOWS\system32\mtxclu.dll - ok
08:55:19.0796 3800 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
08:55:19.0796 3800 C:\WINDOWS\system32\clusapi.dll - ok
08:55:19.0796 3800 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
08:55:19.0796 3800 C:\WINDOWS\system32\resutils.dll - ok
08:55:19.0796 3800 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
08:55:19.0796 3800 C:\WINDOWS\system32\cabinet.dll - ok
08:55:19.0796 3800 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
08:55:19.0796 3800 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
08:55:19.0796 3800 [ 3EA6F91F02FB4845A9372BA56F0E7B88 ] C:\WINDOWS\system32\nvapi.dll
08:55:19.0796 3800 C:\WINDOWS\system32\nvapi.dll - ok
08:55:19.0796 3800 [ AD6B1A69B0CCCF27A792F4C00740D24D ] C:\DOCUME~1\Damian\LOCALS~1\Temp\9745FFCF-637E-4888-B801-37F8AEC9E7C1.exe
08:55:19.0796 3800 C:\DOCUME~1\Damian\LOCALS~1\Temp\9745FFCF-637E-4888-B801-37F8AEC9E7C1.exe - ok
08:55:19.0812 3800 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
08:55:19.0812 3800 C:\WINDOWS\system32\linkinfo.dll - ok
08:55:19.0812 3800 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
08:55:19.0812 3800 C:\WINDOWS\system32\ntshrui.dll - ok
08:55:19.0812 3800 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
08:55:19.0812 3800 C:\WINDOWS\system32\verclsid.exe - ok
08:55:19.0812 3800 [ 43376CB16B7A927B396DE89F0DA65B7B ] C:\WINDOWS\RTHDCPL.EXE
08:55:19.0812 3800 C:\WINDOWS\RTHDCPL.EXE - ok
08:55:19.0812 3800 [ E774F875819DEE4A312A921A88F779FE ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
08:55:19.0812 3800 C:\Program Files\Microsoft IntelliPoint\ipoint.exe - ok
08:55:19.0812 3800 [ D15D7DCB64E24F4D96CF7DD7C9DCDC14 ] C:\WINDOWS\system32\Ctxfihlp.exe
08:55:19.0812 3800 C:\WINDOWS\system32\Ctxfihlp.exe - ok
08:55:19.0812 3800 [ FBAFC1D9EDAF771707C6250A146F4911 ] C:\Program Files\Logitech Gaming Software\LCore.exe
08:55:19.0812 3800 C:\Program Files\Logitech Gaming Software\LCore.exe - ok
08:55:19.0812 3800 [ A81135541C9D4EBCE43EFA8AD31395B4 ] C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
08:55:19.0812 3800 C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe - ok
08:55:19.0812 3800 [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
08:55:19.0812 3800 C:\WINDOWS\system32\mfc42.dll - ok
08:55:19.0828 3800 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
08:55:19.0828 3800 C:\WINDOWS\system32\rundll32.exe - ok
08:55:19.0828 3800 [ 3F5E05178C67DC2E9A90D5FA98CDF295 ] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
08:55:19.0828 3800 C:\Program Files\NVIDIA Corporation\nview\nwiz.exe - ok
08:55:19.0828 3800 [ F6F2BFC17069EB335ACCEEF7595F9302 ] C:\WINDOWS\system32\mfc42u.dll
08:55:19.0828 3800 C:\WINDOWS\system32\mfc42u.dll - ok
08:55:19.0828 3800 [ 8A96FF6C6F5996A323954E2AE6DECA79 ] C:\WINDOWS\system32\nvmctray.dll
08:55:19.0828 3800 C:\WINDOWS\system32\nvmctray.dll - ok
08:55:19.0828 3800 [ B57B1EB2583AB15F3217E33EDD974C42 ] C:\WINDOWS\system32\nvcpl.dll
08:55:19.0828 3800 C:\WINDOWS\system32\nvcpl.dll - ok
08:55:19.0828 3800 [ BAD0D303EF0A519409C625738F3E10A3 ] C:\Avast AntiVirus\AvastUI.exe
08:55:19.0828 3800 C:\Avast AntiVirus\AvastUI.exe - ok
08:55:19.0828 3800 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
08:55:19.0828 3800 C:\WINDOWS\system32\ctfmon.exe - ok
08:55:19.0828 3800 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
08:55:19.0828 3800 C:\WINDOWS\system32\msctf.dll - ok
08:55:19.0828 3800 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
08:55:19.0828 3800 C:\WINDOWS\system32\msutb.dll - ok
08:55:19.0828 3800 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
08:55:19.0828 3800 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
08:55:19.0843 3800 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
08:55:19.0843 3800 C:\WINDOWS\ime\sptip.dll - ok
08:55:19.0843 3800 [ 98E53CA00D3C0A2E9FAA4E59C101AEBA ] C:\WINDOWS\system32\mslbui.dll
08:55:19.0843 3800 C:\WINDOWS\system32\mslbui.dll - ok
08:55:19.0843 3800 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
08:55:19.0843 3800 C:\WINDOWS\system32\wbem\esscli.dll - ok
08:55:19.0843 3800 [ 01F057F7B09C7BCCC64CBF22A07C5E83 ] C:\Program Files\NVIDIA Corporation\nview\nView.dll
08:55:19.0843 3800 C:\Program Files\NVIDIA Corporation\nview\nView.dll - ok
08:55:19.0843 3800 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll
08:55:19.0843 3800 C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll - ok
08:55:19.0843 3800 [ 6619FBECBF8AD8148AD0B9EAA6B939B2 ] C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
08:55:19.0843 3800 C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll - ok
08:55:19.0843 3800 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
08:55:19.0843 3800 C:\WINDOWS\system32\wbem\fastprox.dll - ok
08:55:19.0843 3800 [ E97BC7718923E0B9EF6C10984D4E759A ] C:\Program Files\Microsoft IntelliPoint\ipres.dll
08:55:19.0843 3800 C:\Program Files\Microsoft IntelliPoint\ipres.dll - ok
08:55:19.0843 3800 [ 23754E13C135B321D39A6F66A4032D11 ] C:\Program Files\Microsoft IntelliPoint\srres.dll
08:55:19.0843 3800 C:\Program Files\Microsoft IntelliPoint\srres.dll - ok
08:55:19.0859 3800 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
08:55:19.0859 3800 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
08:55:19.0859 3800 [ D44E050059BE638F887F467FF675D47B ] C:\WINDOWS\system32\nvwddi.dll
08:55:19.0859 3800 C:\WINDOWS\system32\nvwddi.dll - ok
08:55:19.0859 3800 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
08:55:19.0859 3800 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
08:55:19.0859 3800 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
08:55:19.0859 3800 C:\WINDOWS\system32\webcheck.dll - ok
08:55:19.0859 3800 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
08:55:19.0859 3800 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
08:55:19.0859 3800 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
08:55:19.0859 3800 C:\WINDOWS\system32\mlang.dll - ok
08:55:19.0859 3800 [ 45236AC7BD6D978F8536CB69642CCDB7 ] C:\Program Files\Logitech Gaming Software\QtCore4.dll
08:55:19.0859 3800 C:\Program Files\Logitech Gaming Software\QtCore4.dll - ok
08:55:19.0859 3800 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
08:55:19.0859 3800 C:\WINDOWS\system32\stobject.dll - ok
08:55:19.0859 3800 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
08:55:19.0859 3800 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
08:55:19.0875 3800 [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
08:55:19.0875 3800 C:\WINDOWS\system32\hhctrl.ocx - ok
08:55:19.0875 3800 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
08:55:19.0875 3800 C:\WINDOWS\system32\batmeter.dll - ok
08:55:19.0875 3800 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
08:55:19.0875 3800 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
08:55:19.0875 3800 [ 226E86BACE85893A00AE26F317D4BBD1 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll
08:55:19.0875 3800 C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok
08:55:19.0875 3800 [ 28F9344A4ADFE21D1BE8D05B2529DF4A ] C:\Avast AntiVirus\aswUtil.dll
08:55:19.0875 3800 C:\Avast AntiVirus\aswUtil.dll - ok
08:55:19.0875 3800 [ 423069307FB726E51E2A66F1C3F738FE ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
08:55:19.0875 3800 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll - ok
08:55:19.0875 3800 [ 1B3B381E1AAB46F7B321A46150D890CB ] C:\WINDOWS\system32\xpsp3res.dll
08:55:19.0875 3800 C:\WINDOWS\system32\xpsp3res.dll - ok
08:55:19.0875 3800 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
08:55:19.0875 3800 C:\WINDOWS\system32\mydocs.dll - ok
08:55:19.0875 3800 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
08:55:19.0875 3800 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
08:55:19.0890 3800 [ BF8650D4FEFB972A4A6A5FFC1F41C38C ] C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
08:55:19.0890 3800 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe - ok
08:55:19.0890 3800 [ 7469B9D06F0299273769C3E5365F5469 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
08:55:19.0890 3800 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL - ok
08:55:19.0890 3800 [ 2FA8B03CB4C0BE92BF43C5EDE8B17846 ] C:\WINDOWS\system32\msxml6.dll
08:55:19.0890 3800 C:\WINDOWS\system32\msxml6.dll - ok
08:55:19.0890 3800 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
08:55:19.0890 3800 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
08:55:19.0890 3800 [ 8C57AFC33BFC40069FF2E0340D1A202D ] C:\Program Files\Logitech Gaming Software\QtGui4.dll
08:55:19.0890 3800 C:\Program Files\Logitech Gaming Software\QtGui4.dll - ok
08:55:19.0890 3800 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
08:55:19.0890 3800 C:\WINDOWS\system32\ksuser.dll - ok
08:55:19.0890 3800 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
08:55:19.0890 3800 C:\WINDOWS\system32\wbem\wbemess.dll - ok
08:55:19.0890 3800 [ 2F81B31CF7D109CE9BA7A0EA0E3DEF4E ] C:\Avast AntiVirus\defs\12090900\algo.dll
08:55:19.0890 3800 C:\Avast AntiVirus\defs\12090900\algo.dll - ok
08:55:19.0890 3800 [ A6DB138D8E6278A90E16D5299AC8B3FC ] C:\Program Files\Logitech Gaming Software\QtXml4.dll
08:55:19.0890 3800 C:\Program Files\Logitech Gaming Software\QtXml4.dll - ok
08:55:19.0906 3800 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
08:55:19.0906 3800 C:\WINDOWS\system32\termsrv.dll - ok
08:55:19.0906 3800 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
08:55:19.0906 3800 C:\WINDOWS\system32\tapisrv.dll - ok
08:55:19.0906 3800 [ 2A632A95433E9719F37AE06BA00543AC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
08:55:19.0906 3800 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll - ok
08:55:19.0906 3800 [ 3EE34ACF2920C0F37FE10E39945CE248 ] C:\Program Files\Logitech Gaming Software\QtNetwork4.dll
08:55:19.0906 3800 C:\Program Files\Logitech Gaming Software\QtNetwork4.dll - ok
08:55:19.0906 3800 [ D77B93504CAFE32D9051A241BDC21B33 ] C:\Avast AntiVirus\aswAra.dll
08:55:19.0906 3800 C:\Avast AntiVirus\aswAra.dll - ok
08:55:19.0906 3800 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
08:55:19.0906 3800 C:\WINDOWS\system32\icaapi.dll - ok
08:55:19.0906 3800 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
08:55:19.0906 3800 C:\WINDOWS\system32\mstlsapi.dll - ok
08:55:19.0906 3800 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
08:55:19.0906 3800 C:\WINDOWS\system32\rasmans.dll - ok
08:55:19.0906 3800 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\79265489.sys
08:55:19.0906 3800 C:\WINDOWS\system32\drivers\79265489.sys - ok
08:55:19.0906 3800 [ 7E4774FA6D6C25762965D4D3CEF35F05 ] C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll
08:55:19.0906 3800 C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll - ok
08:55:19.0921 3800 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
08:55:19.0921 3800 C:\WINDOWS\system32\netcfgx.dll - ok
08:55:19.0921 3800 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
08:55:19.0921 3800 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
08:55:19.0921 3800 [ 28D933CFEEB443CA9A5E9996B028A13A ] C:\Program Files\Logitech Gaming Software\QtScript4.dll
08:55:19.0921 3800 C:\Program Files\Logitech Gaming Software\QtScript4.dll - ok
08:55:19.0921 3800 [ BC3BA0DF92A1EDD2A3DA98FFFD9E7F7B ] C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll
08:55:19.0921 3800 C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll - ok
08:55:19.0921 3800 [ 47F464C5B39C374467DF69F3572D1121 ] C:\Program Files\Logitech Gaming Software\QtHelp4.dll
08:55:19.0921 3800 C:\Program Files\Logitech Gaming Software\QtHelp4.dll - ok
08:55:19.0921 3800 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
08:55:19.0921 3800 C:\WINDOWS\system32\upnp.dll - ok
08:55:19.0921 3800 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
08:55:19.0921 3800 C:\WINDOWS\system32\ssdpapi.dll - ok
08:55:19.0921 3800 [ 80AA4214C5BC0A355151BD115017313F ] C:\WINDOWS\system32\bthprops.cpl
08:55:19.0921 3800 C:\WINDOWS\system32\bthprops.cpl - ok
08:55:19.0921 3800 [ B1762156256B0238C21BAA4C06CEF727 ] C:\WINDOWS\system32\devmgr.dll
08:55:19.0921 3800 C:\WINDOWS\system32\devmgr.dll - ok
08:55:19.0937 3800 [ 62BEF11D8A16C2986DC9E2846655CB41 ] C:\Program Files\Logitech Gaming Software\QtSql4.dll
08:55:19.0937 3800 C:\Program Files\Logitech Gaming Software\QtSql4.dll - ok
08:55:19.0937 3800 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
08:55:19.0937 3800 C:\WINDOWS\system32\rastapi.dll - ok
08:55:19.0937 3800 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
08:55:19.0937 3800 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
08:55:19.0937 3800 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
08:55:19.0937 3800 C:\WINDOWS\system32\unimdm.tsp - ok
08:55:19.0937 3800 [ 1D433535F4720261D68FC6A48E3E6AA3 ] C:\Program Files\Logitech Gaming Software\QtCLucene4.dll
08:55:19.0937 3800 C:\Program Files\Logitech Gaming Software\QtCLucene4.dll - ok
08:55:19.0937 3800 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
08:55:19.0937 3800 C:\WINDOWS\system32\uniplat.dll - ok
08:55:19.0937 3800 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
08:55:19.0937 3800 C:\WINDOWS\system32\kmddsp.tsp - ok
08:55:19.0937 3800 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
08:55:19.0937 3800 C:\WINDOWS\system32\ndptsp.tsp - ok
08:55:19.0937 3800 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
08:55:19.0937 3800 C:\WINDOWS\system32\wbem\framedyn.dll - ok
08:55:19.0953 3800 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
08:55:19.0953 3800 C:\WINDOWS\system32\ipconf.tsp - ok
08:55:19.0953 3800 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
08:55:19.0953 3800 C:\WINDOWS\system32\h323.tsp - ok
08:55:19.0953 3800 [ 34FFB6ABA2DA398BB33422E1E9275BA9 ] C:\WINDOWS\system32\quartz.dll
08:55:19.0953 3800 C:\WINDOWS\system32\quartz.dll - ok
08:55:19.0953 3800 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
08:55:19.0953 3800 C:\WINDOWS\system32\hidphone.tsp - ok
08:55:19.0953 3800 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
08:55:19.0953 3800 C:\WINDOWS\system32\rasppp.dll - ok
08:55:19.0953 3800 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
08:55:19.0953 3800 C:\WINDOWS\system32\licwmi.dll - ok
08:55:19.0953 3800 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
08:55:19.0953 3800 C:\WINDOWS\system32\licdll.dll - ok
08:55:19.0953 3800 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
08:55:19.0953 3800 C:\WINDOWS\system32\ntlsapi.dll - ok
08:55:19.0953 3800 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
08:55:19.0953 3800 C:\WINDOWS\system32\rasqec.dll - ok
08:55:19.0953 3800 [ 57FDA4B9055A4530C99AF62A76E1ED5E ] C:\WINDOWS\system32\CTxfispi.exe
08:55:19.0953 3800 C:\WINDOWS\system32\CTxfispi.exe - ok
08:55:19.0968 3800 [ 2ED7AA9E25E7BE4E4320BC8FBCD2F8EC ] C:\Program Files\Logitech Gaming Software\imageformats\qjpeg4.dll
08:55:19.0968 3800 C:\Program Files\Logitech Gaming Software\imageformats\qjpeg4.dll - ok
08:55:19.0968 3800 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] C:\WINDOWS\system32\drivers\LGVirHid.sys
08:55:19.0968 3800 C:\WINDOWS\system32\drivers\LGVirHid.sys - ok
08:55:19.0968 3800 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
08:55:19.0968 3800 C:\WINDOWS\system32\rasdlg.dll - ok
08:55:19.0968 3800 [ 3AB88F3E2E26E19460EADC9697C5BC95 ] C:\WINDOWS\system32\ctosuser.dll
08:55:19.0968 3800 C:\WINDOWS\system32\ctosuser.dll - ok
08:55:19.0968 3800 [ F6B13DB8DCCC715060729EC6B3D22C68 ] C:\WINDOWS\system32\ctdproxy.dll
08:55:19.0968 3800 C:\WINDOWS\system32\ctdproxy.dll - ok
08:55:19.0968 3800 [ 9409F1C0E7B8B576FEF39B0D60F09E7B ] C:\WINDOWS\system32\cttele32.dll
08:55:19.0968 3800 C:\WINDOWS\system32\cttele32.dll - ok
08:55:19.0968 3800 [ BCE493BF2E3D29D29CEAA48B19945953 ] C:\WINDOWS\system32\piaproxy.dll
08:55:19.0968 3800 C:\WINDOWS\system32\piaproxy.dll - ok
08:55:19.0968 3800 [ A6A202E55EBA45A6FD71EE6E5A5C72D9 ] C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
08:55:19.0968 3800 C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe - ok
08:55:19.0968 3800 [ C46CD7EDFE87391C52D39FF512D1B700 ] C:\WINDOWS\system32\CTxfiSpk.dll
08:55:19.0968 3800 C:\WINDOWS\system32\CTxfiSpk.dll - ok
08:55:19.0984 3800 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
08:55:19.0984 3800 C:\WINDOWS\system32\oledlg.dll - ok
08:55:19.0984 3800 [ 545DE96D552AEDCDE95D1C86BDC9B95B ] C:\Avast AntiVirus\AhResBhv.dll
08:55:19.0984 3800 C:\Avast AntiVirus\AhResBhv.dll - ok
08:55:19.0984 3800 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
08:55:19.0984 3800 C:\WINDOWS\system32\fltlib.dll - ok
08:55:19.0984 3800 [ D7BF4E050440CF0B7B2A2596F0F370F3 ] C:\Avast AntiVirus\AhResJs.dll
08:55:19.0984 3800 C:\Avast AntiVirus\AhResJs.dll - ok
08:55:19.0984 3800 [ 37DAD7CA011038616E067C8F62029FD0 ] C:\Avast AntiVirus\AhResMai.dll
08:55:19.0984 3800 C:\Avast AntiVirus\AhResMai.dll - ok
08:55:19.0984 3800 [ 532A5FDEC9938EB069FD0881D9243223 ] C:\WINDOWS\system32\CTxfiBtn.dll
08:55:19.0984 3800 C:\WINDOWS\system32\CTxfiBtn.dll - ok
08:55:19.0984 3800 [ 8122EE05F327EF470670E2CDDFFEB929 ] C:\Avast AntiVirus\AhResMes.dll
08:55:19.0984 3800 C:\Avast AntiVirus\AhResMes.dll - ok
08:55:19.0984 3800 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
08:55:19.0984 3800 C:\WINDOWS\system32\drprov.dll - ok
08:55:19.0984 3800 [ EFFA04908678EF527EA32B2E2EE6EC93 ] C:\Avast AntiVirus\AhResNS.dll
08:55:19.0984 3800 C:\Avast AntiVirus\AhResNS.dll - ok
08:55:20.0000 3800 [ A5905C582C88AE8D56834CE4A3627FD1 ] C:\Avast AntiVirus\AhResP2P.dll
08:55:20.0000 3800 C:\Avast AntiVirus\AhResP2P.dll - ok
08:55:20.0000 3800 [ CF72CD6216E9E8CA5226F90EDA8ADD76 ] C:\WINDOWS\CTXFIRES.DLL
08:55:20.0000 3800 C:\WINDOWS\CTXFIRES.DLL - ok
08:55:20.0000 3800 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
08:55:20.0000 3800 C:\WINDOWS\system32\davclnt.dll - ok
08:55:20.0000 3800 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
08:55:20.0000 3800 C:\WINDOWS\system32\netui0.dll - ok
08:55:20.0000 3800 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
08:55:20.0000 3800 C:\WINDOWS\system32\netui1.dll - ok
08:55:20.0000 3800 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
08:55:20.0000 3800 C:\WINDOWS\system32\ntlanman.dll - ok
08:55:20.0000 3800 [ 9207F1A1440EAF18BE0D0C1D487E4F02 ] C:\Avast AntiVirus\AhResStd.dll
08:55:20.0000 3800 C:\Avast AntiVirus\AhResStd.dll - ok
08:55:20.0000 3800 [ 4509D54DF9276534AC433F80E8392206 ] C:\Avast AntiVirus\AhResWS.dll
08:55:20.0000 3800 C:\Avast AntiVirus\AhResWS.dll - ok
08:55:20.0000 3800 [ A4865DD58110A6455921D9B4F2D6D991 ] C:\Avast AntiVirus\aswData.dll
08:55:20.0000 3800 C:\Avast AntiVirus\aswData.dll - ok
08:55:20.0015 3800 [ 6DBFCD6270BC91EAEE1CCDFCB02E4378 ] C:\Avast AntiVirus\1033\uiLangRes.dll
08:55:20.0015 3800 C:\Avast AntiVirus\1033\uiLangRes.dll - ok
08:55:20.0015 3800 [ 87F664BF0B8728382D03B2126127DC98 ] C:\Avast AntiVirus\defs\12090900\aswAR.dll
08:55:20.0015 3800 C:\Avast AntiVirus\defs\12090900\aswAR.dll - ok
08:55:20.0015 3800 [ C678F64DC988A4AACECDDB459FDB7A25 ] C:\Avast AntiVirus\CommonRes.dll
08:55:20.0015 3800 C:\Avast AntiVirus\CommonRes.dll - ok
08:55:20.0015 3800 [ 70862FB65B7B6F51FFC6C5D3D63D6B4F ] C:\Program Files\Logitech Gaming Software\LcdApi\x86\LgLcdApi.dll
08:55:20.0015 3800 C:\Program Files\Logitech Gaming Software\LcdApi\x86\LgLcdApi.dll - ok
08:55:20.0015 3800 [ 0D0FA4434A9434641AB0A6332AC5560A ] C:\Avast AntiVirus\defs\12090900\aswRawFS.dll
08:55:20.0015 3800 C:\Avast AntiVirus\defs\12090900\aswRawFS.dll - ok
08:55:20.0015 3800 [ B47BC7138241E1B836384D5211AE34C8 ] C:\Avast AntiVirus\Setup\avast.setup
08:55:20.0015 3800 C:\Avast AntiVirus\Setup\avast.setup - ok
08:55:20.0015 3800 [ C1AC05BBF42ADF50CD9F2A8710DC6AD0 ] C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_268.ocx
08:55:20.0015 3800 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_268.ocx - ok
08:55:20.0015 3800 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
08:55:20.0015 3800 C:\WINDOWS\system32\wbem\ncprov.dll - ok
08:55:20.0015 3800 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
08:55:20.0015 3800 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
08:55:20.0015 3800 [ CF8A5B99BA9124273F99D8F68C3D541E ] C:\Avast AntiVirus\defs\12090900\uiext.dll
08:55:20.0015 3800 C:\Avast AntiVirus\defs\12090900\uiext.dll - ok
08:55:20.0031 3800 ============================================================
08:55:20.0031 3800 Scan finished
08:55:20.0031 3800 ============================================================
08:55:20.0140 3792 Detected object count: 4
08:55:20.0140 3792 Actual detected object count: 4
08:56:57.0578 3792 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:56:57.0578 3792 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:56:57.0578 3792 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
08:56:57.0578 3792 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:56:57.0578 3792 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:56:57.0578 3792 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:56:57.0578 3792 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:56:57.0578 3792 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:22.0015 1520 Deinitialize success

Security Check produced the following results:
Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus 2012
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of Date!
Adobe Reader X 10.1.1 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AvastSvc.exe
avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````

Farbar Service Scanner log:
Farbar Service Scanner Version: 06-08-2012
Ran by Damian (administrator) on 09-09-2012 at 08:59:55
Running from "C:\ZZa Bleeping Computer Removal Process"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Minitool Box results:
MiniToolBox by Farbar Version: 23-07-2012
Ran by Damian (administrator) on 09-09-2012 at 09:01:36
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection 4 (Connected)
NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : satcom Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet Physical Address. . . . . . . . . : 00-04-4B-05-55-65Ethernet adapter Local Area Connection 4: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet #2 Physical Address. . . . . . . . . : 00-04-4B-05-55-64 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 209.18.47.61 209.18.47.62 Lease Obtained. . . . . . . . . . : Sunday, September 09, 2012 8:51:17 AM Lease Expires . . . . . . . . . . : Sunday, September 09, 2012 9:51:17 AMServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.239.2, 74.125.239.3, 74.125.239.4, 74.125.239.5
74.125.239.6, 74.125.239.7, 74.125.239.8, 74.125.239.9, 74.125.239.14
74.125.239.0, 74.125.239.1

Pinging google.com [74.125.224.201] with 32 bytes of data:Reply from 74.125.224.201: bytes=32 time=14ms TTL=55Reply from 74.125.224.201: bytes=32 time=15ms TTL=55Ping statistics for 74.125.224.201: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 14ms, Maximum = 15ms, Average = 14msServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=59ms TTL=50Reply from 98.138.253.109: bytes=32 time=101ms TTL=49Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 59ms, Maximum = 101ms, Average = 80msServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 4b 05 55 65 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x10004 ...00 04 4b 05 55 64 ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3 10
192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3 10
224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3 10
255.255.255.255 255.255.255.255 192.168.0.3 2 1
255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/03/2012 02:49:59 PM) (Source: Application Error) (User: )
Description: Faulting application camelot.bin, version 1.0.6.4, faulting module patchui.dll, version 1.0.8.7, fault address 0x00007bf0.
Processing media-specific event for [camelot.bin!ws!]

Error: (09/03/2012 09:59:14 AM) (Source: MsiInstaller) (User: SATCOM)SATCOM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)

Error: (08/31/2012 08:12:00 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller-2848.exe, version 1.0.3.159, faulting module uninstaller-2848.exe, version 1.0.3.159, fault address 0x0002da8f.
Processing media-specific event for [uninstaller-2848.exe!ws!]

Error: (08/31/2012 08:04:45 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller.exe, version 1.0.3.159, faulting module uninstaller.exe, version 1.0.3.159, fault address 0x0002da8f.
Processing media-specific event for [uninstaller.exe!ws!]

Error: (08/31/2012 08:04:40 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller.exe, version 1.0.3.159, faulting module uninstaller.exe, version 1.0.3.159, fault address 0x0002da8f.
Processing media-specific event for [uninstaller.exe!ws!]

Error: (08/26/2012 11:06:45 AM) (Source: Application Error) (User: )
Description: Faulting application warpatch.bin, version 1.0.5.9, faulting module patchui.dll, version 1.0.8.6, fault address 0x00007c50.
Processing media-specific event for [warpatch.bin!ws!]

Error: (07/29/2012 11:10:59 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe, version 1.0.0.0, fault address 0x0003f0e2.
Processing media-specific event for [bioshock.exe!ws!]

Error: (07/29/2012 11:01:50 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe, version 1.0.0.0, fault address 0x0003f222.
Processing media-specific event for [bioshock.exe!ws!]

Error: (07/29/2012 10:59:55 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe, version 1.0.0.0, fault address 0x0003f222.
Processing media-specific event for [bioshock.exe!ws!]

Error: (07/29/2012 10:59:32 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe, version 1.0.0.0, fault address 0x0003f222.
Processing media-specific event for [bioshock.exe!ws!]


System errors:
=============
Error: (09/09/2012 08:53:55 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/09/2012 08:53:55 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/09/2012 08:53:51 AM) (Source: 0) (User: )
Description: \Device\Scsi\nvgts1

Error: (09/09/2012 08:53:51 AM) (Source: 0) (User: )
Description: \Device\Scsi\nvgts1

Error: (09/09/2012 08:45:42 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/09/2012 08:45:42 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/09/2012 08:45:36 AM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/09/2012 08:45:05 AM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/08/2012 03:56:41 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/08/2012 03:56:40 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}


Microsoft Office Sessions:
=========================
Error: (09/03/2012 02:49:59 PM) (Source: Application Error)(User: )
Description: camelot.bin1.0.6.4patchui.dll1.0.8.700007bf0

Error: (09/03/2012 09:59:14 AM) (Source: MsiInstaller)(User: SATCOM)SATCOM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)

Error: (08/31/2012 08:12:00 AM) (Source: Application Error)(User: )
Description: uninstaller-2848.exe1.0.3.159uninstaller-2848.exe1.0.3.1590002da8f

Error: (08/31/2012 08:04:45 AM) (Source: Application Error)(User: )
Description: uninstaller.exe1.0.3.159uninstaller.exe1.0.3.1590002da8f

Error: (08/31/2012 08:04:40 AM) (Source: Application Error)(User: )
Description: uninstaller.exe1.0.3.159uninstaller.exe1.0.3.1590002da8f

Error: (08/26/2012 11:06:45 AM) (Source: Application Error)(User: )
Description: warpatch.bin1.0.5.9patchui.dll1.0.8.600007c50

Error: (07/29/2012 11:10:59 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f0e2

Error: (07/29/2012 11:01:50 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f222

Error: (07/29/2012 10:59:55 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f222

Error: (07/29/2012 10:59:32 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f222


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.2)
7500_7600_7700_Help1 (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
avast! Free Antivirus (Version: 7.0.1466.0)
BDlot DVD ISO Master 3.0.2
BioShock (Version: 2.5.0000)
BlackArmor Discovery (Version: 1.40.1041.002)
bpd_scan_Carrier (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
Company of Heroes (Version: 1.0.0.78)
Creative Audio Control Panel (Version: 2.00)
Dark Age of Camelot (Version: )
Google Update Helper (Version: 1.3.21.111)
HP OfficeJet L7300/L7500/7600/7700 (Version: 14.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
L7000_Basic (Version: 140.0.000.000)
Logitech Gaming Software (Version: 8.20.74)
Logitech Gaming Software 8.20 (Version: 8.20.74)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Small Business Edition 2003 (Version: 11.0.7969.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
neroxml (Version: 1.0.0)
Network (Version: 140.0.215.000)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Drivers (Version: 1.5)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
OpenAL
Pixel Mine Launcher 1.00
Realtek High Definition Audio Driver (Version: 5.10.0.5928)
RuneScape Launcher 1.2 (Version: 1.2.0)
Scan (Version: 140.0.167.000)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.6)
swMSM (Version: 12.0.0.1)
The Lord of the Rings Online™ v03.04.04.8012 (Version: 03.04.04.8012)
The Witcher (Version: 1.00.0000)
Toolbox (Version: 140.0.428.000)
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Ventrilo Client (Version: 3.0.8)
VLC media player 2.0.0 (Version: 2.0.0)
Warhammer Online - Age of Reckoning (Version: )
Warhammer Online - Wrath of Heroes (Version: )
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.213.017)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
WinZip 16.0 (Version: 16.0.9691)

========================= Devices: ================================

Name: Officejet Pro L7700
Description: Officejet Pro L7700
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 2558.48 MB
Available physical RAM: 2078.63 MB
Total Pagefile: 6238.56 MB
Available Pagefile: 5920.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.7 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:360.88 GB) NTFS
3 Drive d: (BIOSHOCK) (CDROM) (Total:6.04 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\SATCOM

Administrator ASPNET Damian
Guest HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini050412-01.dmp
C:\WINDOWS\Minidump\Mini050512-01.dmp
C:\WINDOWS\Minidump\Mini070112-01.dmp
C:\WINDOWS\Minidump\Mini112911-01.dmp
C:\WINDOWS\Minidump\Mini113011-01.dmp
C:\WINDOWS\Minidump\Mini113011-02.dmp
C:\WINDOWS\Minidump\Mini120111-01.dmp
========================= Restore Points ==================================

12-06-2012 04:16:16 System Checkpoint
15-06-2012 17:07:28 System Checkpoint
17-06-2012 18:01:22 System Checkpoint
18-06-2012 18:56:19 System Checkpoint
19-06-2012 19:01:33 System Checkpoint
20-06-2012 01:25:31 Installed Ventrilo Client
21-06-2012 01:42:31 System Checkpoint
22-06-2012 19:48:41 System Checkpoint
25-06-2012 14:47:16 System Checkpoint
26-06-2012 21:57:37 System Checkpoint
27-06-2012 22:46:46 System Checkpoint
28-06-2012 22:55:57 System Checkpoint
30-06-2012 15:45:05 System Checkpoint
01-07-2012 16:20:41 System Checkpoint
02-07-2012 20:50:42 System Checkpoint
03-07-2012 22:41:18 System Checkpoint
06-07-2012 03:57:48 System Checkpoint
07-07-2012 15:56:43 System Checkpoint
08-07-2012 16:53:04 System Checkpoint
09-07-2012 16:54:12 System Checkpoint
12-07-2012 03:22:50 System Checkpoint
13-07-2012 03:45:29 System Checkpoint
14-07-2012 22:49:30 System Checkpoint
15-07-2012 23:23:19 System Checkpoint
17-07-2012 20:35:13 System Checkpoint
18-07-2012 22:00:08 System Checkpoint
19-07-2012 22:35:28 System Checkpoint
22-07-2012 14:50:01 System Checkpoint
23-07-2012 18:50:51 System Checkpoint
24-07-2012 20:59:40 System Checkpoint
25-07-2012 21:07:42 System Checkpoint
26-07-2012 21:58:43 System Checkpoint
27-07-2012 23:04:44 System Checkpoint
28-07-2012 23:28:10 System Checkpoint
29-07-2012 00:27:58 Installed BioShock
29-07-2012 00:36:41 Installed DirectX
30-07-2012 15:38:02 System Checkpoint
31-07-2012 17:07:29 System Checkpoint
01-08-2012 18:18:58 System Checkpoint
02-08-2012 19:03:41 System Checkpoint
03-08-2012 19:19:01 System Checkpoint
04-08-2012 20:22:55 System Checkpoint
05-08-2012 21:42:37 System Checkpoint
06-08-2012 22:05:59 System Checkpoint
07-08-2012 22:57:32 System Checkpoint
08-08-2012 23:33:00 System Checkpoint
09-08-2012 23:33:48 System Checkpoint
11-08-2012 00:12:16 System Checkpoint
12-08-2012 01:49:23 System Checkpoint
13-08-2012 03:12:55 System Checkpoint
14-08-2012 03:50:54 System Checkpoint
15-08-2012 05:54:34 System Checkpoint
16-08-2012 06:24:18 System Checkpoint
17-08-2012 07:24:17 System Checkpoint
18-08-2012 07:36:14 System Checkpoint
19-08-2012 07:52:26 System Checkpoint
20-08-2012 08:04:26 System Checkpoint
21-08-2012 08:13:44 System Checkpoint
22-08-2012 08:52:27 System Checkpoint
23-08-2012 09:04:27 System Checkpoint
24-08-2012 09:15:31 System Checkpoint
25-08-2012 09:27:31 System Checkpoint
26-08-2012 20:34:25 System Checkpoint
27-08-2012 21:00:33 System Checkpoint
28-08-2012 21:38:04 System Checkpoint
30-08-2012 00:19:56 System Checkpoint
31-08-2012 01:57:46 System Checkpoint
01-09-2012 02:05:14 System Checkpoint
02-09-2012 02:08:27 System Checkpoint
03-09-2012 03:08:02 System Checkpoint
03-09-2012 17:01:55 avast! Free Antivirus Setup
04-09-2012 21:10:18 System Checkpoint
05-09-2012 22:36:06 System Checkpoint
06-09-2012 23:19:23 System Checkpoint
07-09-2012 19:39:18 Installed SpyHunter
07-09-2012 20:00:03 Removed SpyHunter
08-09-2012 20:32:38 System Checkpoint

**** End of log ****

Thank you for your speedy response... the only thing i notice so far is that when i type this post the keystrokes are very delayed. I am eager to hear from you soon ... Thanks again for your professionalism and prompt response.

#4 iamvorbis

iamvorbis
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 09 September 2012 - 11:19 AM

i forgot to mention that i typically use my machine with the Microsoft Windows Installer Service disabled. However, i turned it back on to install the tools, left it on to during the scans and have not disabled it since. I do not use automatic updates generally, because i use my machine so frequently that i typically update daily when possible. You might also notice that i have some specific services turned off using the sytem configuration utility. please advise if you want to me to turn on all the disabled services and rescan the system... this is a normal operating environment for me however using the msconfig platform daily.

#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:31 PM

Posted 10 September 2012 - 03:40 PM

Hi

We'll try and repair a few services first:

:step1:

Backup Your Registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

  • Open Erunt.exe (use the shortcut on your desktop if you used the installer).
  • If you get a message box with the title "Welcome", click on "OK"
  • Follow the subsequent prompts, leaving the values at default, and click on "OK"
  • If you get asked whether to create a folder please click "Yes".


:step2:

  • Download the following file: SharedAccess.reg
  • Save the file to your desktop
  • Double click the file to merge it into the registry. If window appears asking you whether to run this click "Run".
  • Repeat for the following files:
    wscsvc.reg
    wuauserv.reg
    BITS.reg


:step3:

Restart the computer


:step4:

Run Farbars Service Scanner (FSS) on your desktop.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


:step5:

Please run MiniToolBox on your desktop.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


:step6:

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 iamvorbis

iamvorbis
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 10 September 2012 - 05:02 PM

FSS results are as follows (please note i changed the file name of the *.txt file to FSS2.txt so i could find it in the directory easier):
Farbar Service Scanner Version: 06-08-2012
Ran by Damian (administrator) on 10-09-2012 at 14:51:58
Running from "C:\ZZa Bleeping Computer Removal Process"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

MiniTool Box results are as follows (again i changed the name of the text file to results2.txt for easier finding in the directory):
MiniToolBox by Farbar Version: 23-07-2012
Ran by Damian (administrator) on 10-09-2012 at 14:54:34
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection 4 (Connected)
NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : satcom Primary Dns

Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing

Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local

Area Connection 4: Connection-specific DNS Suffix . : Description . . . . . . .

. . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet #2 Physical Address. . . . . . . . . :

00-04-4B-05-55-64 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration

Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask

. . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . :

209.18.47.61 209.18.47.62 Lease Obtained. . .

. . . . . . . : Monday, September 10, 2012 2:50:10 PM Lease Expires . . . . . . . . . .

: Monday, September 10, 2012 3:50:10 PMEthernet adapter Local Area Connection 2: Media

State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . :

NVIDIA nForce 10/100/1000 Mbps Ethernet Physical Address. . . . . . . . . :

00-04-4B-05-55-65Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.239.8, 74.125.239.9, 74.125.239.14, 74.125.239.0
74.125.239.1, 74.125.239.2, 74.125.239.3, 74.125.239.4, 74.125.239.5
74.125.239.6, 74.125.239.7

Pinging google.com [74.125.239.5] with 32 bytes of data:Reply from 74.125.239.5: bytes=32

time=15ms TTL=55Reply from 74.125.239.5: bytes=32 time=14ms TTL=55Ping statistics for

74.125.239.5: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip

times in milli-seconds: Minimum = 14ms, Maximum = 15ms, Average = 14msServer:

dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32

time=71ms TTL=50Reply from 98.138.253.109: bytes=32 time=177ms TTL=50Ping statistics for

98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip

times in milli-seconds: Minimum = 71ms, Maximum = 177ms, Average = 124msServer:

dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2:

Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping

statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate

round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging

127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from

127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2,

Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum =

0ms, Maximum = 0ms, Average =

0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 4b 05 55 64 ......

NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
0x3 ...00 04 4b 05 55 65

...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3 10
192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3 10
224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3 10
255.255.255.255 255.255.255.255 192.168.0.3 3 1
255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/03/2012 02:49:59 PM) (Source: Application Error) (User: )
Description: Faulting application camelot.bin, version 1.0.6.4, faulting module patchui.dll,

version 1.0.8.7, fault address 0x00007bf0.
Processing media-specific event for [camelot.bin!ws!]

Error: (09/03/2012 09:59:14 AM) (Source: MsiInstaller) (User: SATCOM)SATCOM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719.

SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed.

This can occur if you are running Windows in safe mode, or if the Windows Installer is not

correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)

Error: (08/31/2012 08:12:00 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller-2848.exe, version 1.0.3.159, faulting module

uninstaller-2848.exe, version 1.0.3.159, fault address 0x0002da8f.
Processing media-specific event for [uninstaller-2848.exe!ws!]

Error: (08/31/2012 08:04:45 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller.exe, version 1.0.3.159, faulting module

uninstaller.exe, version 1.0.3.159, fault address 0x0002da8f.
Processing media-specific event for [uninstaller.exe!ws!]

Error: (08/31/2012 08:04:40 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller.exe, version 1.0.3.159, faulting module

uninstaller.exe, version 1.0.3.159, fault address 0x0002da8f.
Processing media-specific event for [uninstaller.exe!ws!]

Error: (08/26/2012 11:06:45 AM) (Source: Application Error) (User: )
Description: Faulting application warpatch.bin, version 1.0.5.9, faulting module patchui.dll,

version 1.0.8.6, fault address 0x00007c50.
Processing media-specific event for [warpatch.bin!ws!]

Error: (07/29/2012 11:10:59 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe,

version 1.0.0.0, fault address 0x0003f0e2.
Processing media-specific event for [bioshock.exe!ws!]

Error: (07/29/2012 11:01:50 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe,

version 1.0.0.0, fault address 0x0003f222.
Processing media-specific event for [bioshock.exe!ws!]

Error: (07/29/2012 10:59:55 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe,

version 1.0.0.0, fault address 0x0003f222.
Processing media-specific event for [bioshock.exe!ws!]

Error: (07/29/2012 10:59:32 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe,

version 1.0.0.0, fault address 0x0003f222.
Processing media-specific event for [bioshock.exe!ws!]


System errors:
=============
Error: (09/10/2012 02:51:34 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the

following error:
%%3

Error: (09/10/2012 02:48:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/10/2012 09:27:32 AM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/10/2012 09:27:31 AM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/10/2012 08:18:37 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/10/2012 08:18:37 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the

following error:
%%3

Error: (09/09/2012 11:05:02 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/09/2012 11:05:01 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/09/2012 07:51:37 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/09/2012 07:51:35 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}


Microsoft Office Sessions:
=========================
Error: (09/03/2012 02:49:59 PM) (Source: Application Error)(User: )
Description: camelot.bin1.0.6.4patchui.dll1.0.8.700007bf0

Error: (09/03/2012 09:59:14 AM) (Source: MsiInstaller)(User: SATCOM)SATCOM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719.

SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed.

This can occur if you are running Windows in safe mode, or if the Windows Installer is not

correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)

Error: (08/31/2012 08:12:00 AM) (Source: Application Error)(User: )
Description: uninstaller-2848.exe1.0.3.159uninstaller-2848.exe1.0.3.1590002da8f

Error: (08/31/2012 08:04:45 AM) (Source: Application Error)(User: )
Description: uninstaller.exe1.0.3.159uninstaller.exe1.0.3.1590002da8f

Error: (08/31/2012 08:04:40 AM) (Source: Application Error)(User: )
Description: uninstaller.exe1.0.3.159uninstaller.exe1.0.3.1590002da8f

Error: (08/26/2012 11:06:45 AM) (Source: Application Error)(User: )
Description: warpatch.bin1.0.5.9patchui.dll1.0.8.600007c50

Error: (07/29/2012 11:10:59 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f0e2

Error: (07/29/2012 11:01:50 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f222

Error: (07/29/2012 10:59:55 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f222

Error: (07/29/2012 10:59:32 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f222


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.2)
7500_7600_7700_Help1 (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
avast! Free Antivirus (Version: 7.0.1466.0)
BDlot DVD ISO Master 3.0.2
BioShock (Version: 2.5.0000)
BlackArmor Discovery (Version: 1.40.1041.002)
bpd_scan_Carrier (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
Company of Heroes (Version: 1.0.0.78)
Creative Audio Control Panel (Version: 2.00)
Dark Age of Camelot (Version: )
Google Update Helper (Version: 1.3.21.111)
HP OfficeJet L7300/L7500/7600/7700 (Version: 14.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
L7000_Basic (Version: 140.0.000.000)
Logitech Gaming Software (Version: 8.20.74)
Logitech Gaming Software 8.20 (Version: 8.20.74)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Small Business Edition 2003 (Version: 11.0.7969.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
neroxml (Version: 1.0.0)
Network (Version: 140.0.215.000)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Drivers (Version: 1.5)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
OpenAL
Pixel Mine Launcher 1.00
Realtek High Definition Audio Driver (Version: 5.10.0.5928)
RuneScape Launcher 1.2 (Version: 1.2.0)
Scan (Version: 140.0.167.000)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.6)
swMSM (Version: 12.0.0.1)
The Lord of the Rings Online™ v03.04.04.8012 (Version: 03.04.04.8012)
The Witcher (Version: 1.00.0000)
Toolbox (Version: 140.0.428.000)
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Ventrilo Client (Version: 3.0.8)
VLC media player 2.0.0 (Version: 2.0.0)
Warhammer Online - Age of Reckoning (Version: )
Warhammer Online - Wrath of Heroes (Version: )
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.213.017)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
WinZip 16.0 (Version: 16.0.9691)

========================= Devices: ================================

Name: Officejet Pro L7700
Description: Officejet Pro L7700
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the

Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 2558.48 MB
Available physical RAM: 2069.71 MB
Total Pagefile: 6238.72 MB
Available Pagefile: 5918.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.7 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:360.62 GB) NTFS
3 Drive d: (BIOSHOCK) (CDROM) (Total:6.04 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\SATCOM

Administrator ASPNET Damian
Guest HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini050412-01.dmp
C:\WINDOWS\Minidump\Mini050512-01.dmp
C:\WINDOWS\Minidump\Mini070112-01.dmp
C:\WINDOWS\Minidump\Mini112911-01.dmp
C:\WINDOWS\Minidump\Mini113011-01.dmp
C:\WINDOWS\Minidump\Mini113011-02.dmp
C:\WINDOWS\Minidump\Mini120111-01.dmp
========================= Restore Points ==================================

15-06-2012 17:07:28 System Checkpoint
17-06-2012 18:01:22 System Checkpoint
18-06-2012 18:56:19 System Checkpoint
19-06-2012 19:01:33 System Checkpoint
20-06-2012 01:25:31 Installed Ventrilo Client
21-06-2012 01:42:31 System Checkpoint
22-06-2012 19:48:41 System Checkpoint
25-06-2012 14:47:16 System Checkpoint
26-06-2012 21:57:37 System Checkpoint
27-06-2012 22:46:46 System Checkpoint
28-06-2012 22:55:57 System Checkpoint
30-06-2012 15:45:05 System Checkpoint
01-07-2012 16:20:41 System Checkpoint
02-07-2012 20:50:42 System Checkpoint
03-07-2012 22:41:18 System Checkpoint
06-07-2012 03:57:48 System Checkpoint
07-07-2012 15:56:43 System Checkpoint
08-07-2012 16:53:04 System Checkpoint
09-07-2012 16:54:12 System Checkpoint
12-07-2012 03:22:50 System Checkpoint
13-07-2012 03:45:29 System Checkpoint
14-07-2012 22:49:30 System Checkpoint
15-07-2012 23:23:19 System Checkpoint
17-07-2012 20:35:13 System Checkpoint
18-07-2012 22:00:08 System Checkpoint
19-07-2012 22:35:28 System Checkpoint
22-07-2012 14:50:01 System Checkpoint
23-07-2012 18:50:51 System Checkpoint
24-07-2012 20:59:40 System Checkpoint
25-07-2012 21:07:42 System Checkpoint
26-07-2012 21:58:43 System Checkpoint
27-07-2012 23:04:44 System Checkpoint
28-07-2012 23:28:10 System Checkpoint
29-07-2012 00:27:58 Installed BioShock
29-07-2012 00:36:41 Installed DirectX
30-07-2012 15:38:02 System Checkpoint
31-07-2012 17:07:29 System Checkpoint
01-08-2012 18:18:58 System Checkpoint
02-08-2012 19:03:41 System Checkpoint
03-08-2012 19:19:01 System Checkpoint
04-08-2012 20:22:55 System Checkpoint
05-08-2012 21:42:37 System Checkpoint
06-08-2012 22:05:59 System Checkpoint
07-08-2012 22:57:32 System Checkpoint
08-08-2012 23:33:00 System Checkpoint
09-08-2012 23:33:48 System Checkpoint
11-08-2012 00:12:16 System Checkpoint
12-08-2012 01:49:23 System Checkpoint
13-08-2012 03:12:55 System Checkpoint
14-08-2012 03:50:54 System Checkpoint
15-08-2012 05:54:34 System Checkpoint
16-08-2012 06:24:18 System Checkpoint
17-08-2012 07:24:17 System Checkpoint
18-08-2012 07:36:14 System Checkpoint
19-08-2012 07:52:26 System Checkpoint
20-08-2012 08:04:26 System Checkpoint
21-08-2012 08:13:44 System Checkpoint
22-08-2012 08:52:27 System Checkpoint
23-08-2012 09:04:27 System Checkpoint
24-08-2012 09:15:31 System Checkpoint
25-08-2012 09:27:31 System Checkpoint
26-08-2012 20:34:25 System Checkpoint
27-08-2012 21:00:33 System Checkpoint
28-08-2012 21:38:04 System Checkpoint
30-08-2012 00:19:56 System Checkpoint
31-08-2012 01:57:46 System Checkpoint
01-09-2012 02:05:14 System Checkpoint
02-09-2012 02:08:27 System Checkpoint
03-09-2012 03:08:02 System Checkpoint
03-09-2012 17:01:55 avast! Free Antivirus Setup
04-09-2012 21:10:18 System Checkpoint
05-09-2012 22:36:06 System Checkpoint
06-09-2012 23:19:23 System Checkpoint
07-09-2012 19:39:18 Installed SpyHunter
07-09-2012 20:00:03 Removed SpyHunter
08-09-2012 20:32:38 System Checkpoint
09-09-2012 21:01:04 System Checkpoint
10-09-2012 21:21:04 System Checkpoint

**** End of log ****

For the most part the computer seems to be working normally. But, it seemed working normally before i used the tools, and was only alerted that i might possibly be infected with the sirefef.* family of viruses/malware/trojan-horses after using a free copy of avast antivirus software. i have not run the anit-virus software since pending furthing instructions from you. thanks in advance.

P.S. note that my definition of working normally is not seeing executables/*.com's/services/applications that are not normally running on my machine. i have a minimum ammount of services/application running on my machine and generally only open up files/applications on an as needed basis; i do not like applications auto-loading on start-up, running silently or performing auto-matic updates as i tend to perform these on my own daily. yes, i really do sit in front of my computer that much and check for updates that often.

#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:31 PM

Posted 11 September 2012 - 02:12 PM

Hi

wscsvc.reg
wuauserv.reg
BITS.reg


Did you download and merge these files in step 2 in my previous post?
- If no please do so then rerun minitoolbox & FSS again, and post the logs in your next reply.
- If yes, then let me know - as you may need to be refered to the "Virus, Trojan, Spyware, and Malware Removal Logs" subforum.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 iamvorbis

iamvorbis
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 11 September 2012 - 04:14 PM

sorry for the confusion.... i missed the wscvc.reg wuauserv.reg and bits.reg entries in your previous post.
here are the new results

FSS results
Farbar Service Scanner Version: 06-08-2012
Ran by Damian (administrator) on 11-09-2012 at 14:10:21
Running from "C:\ZZa Bleeping Computer Removal Process"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox Results :
MiniToolBox by Farbar Version: 23-07-2012
Ran by Damian (administrator) on 11-09-2012 at 14:11:22
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection 4 (Connected)
NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : satcom Primary Dns

Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing

Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local

Area Connection 2: Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet Physical

Address. . . . . . . . . : 00-04-4B-05-55-65Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce

10/100/1000 Mbps Ethernet #2 Physical Address. . . . . . . . . : 00-04-4B-05-55-64

Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . :

255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . .

. . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62 Lease Obtained. . . . . . . . . . : Tuesday,

September 11, 2012 2:08:50 PM Lease Expires . . . . . . . . . . : Tuesday, September 11,

2012 3:08:50 PMServer: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.239.7, 74.125.239.8, 74.125.239.9, 74.125.239.14
74.125.239.0, 74.125.239.1, 74.125.239.2, 74.125.239.3, 74.125.239.4
74.125.239.5, 74.125.239.6

Pinging google.com [74.125.224.164] with 32 bytes of data:Reply from 74.125.224.164: bytes=32

time=15ms TTL=55Reply from 74.125.224.164: bytes=32 time=16ms TTL=55Ping statistics for

74.125.224.164: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip

times in milli-seconds: Minimum = 15ms, Maximum = 16ms, Average = 15msServer:

dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32

time=60ms TTL=50Reply from 98.138.253.109: bytes=32 time=106ms TTL=49Ping statistics for

98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip

times in milli-seconds: Minimum = 60ms, Maximum = 106ms, Average = 83msServer:

dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2:

Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping

statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate

round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging

127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from

127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2,

Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum =

0ms, Maximum = 0ms, Average =

0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 4b 05 55 65 ......

NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x10004 ...00 04 4b 05 55 64

...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3 10
192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3 10
224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3 10
255.255.255.255 255.255.255.255 192.168.0.3 2 1
255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/03/2012 02:49:59 PM) (Source: Application Error) (User: )
Description: Faulting application camelot.bin, version 1.0.6.4, faulting module patchui.dll,

version 1.0.8.7, fault address 0x00007bf0.
Processing media-specific event for [camelot.bin!ws!]

Error: (09/03/2012 09:59:14 AM) (Source: MsiInstaller) (User: SATCOM)SATCOM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719.

SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed.

This can occur if you are running Windows in safe mode, or if the Windows Installer is not

correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)

Error: (08/31/2012 08:12:00 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller-2848.exe, version 1.0.3.159, faulting module

uninstaller-2848.exe, version 1.0.3.159, fault address 0x0002da8f.
Processing media-specific event for [uninstaller-2848.exe!ws!]

Error: (08/31/2012 08:04:45 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller.exe, version 1.0.3.159, faulting module

uninstaller.exe, version 1.0.3.159, fault address 0x0002da8f.
Processing media-specific event for [uninstaller.exe!ws!]

Error: (08/31/2012 08:04:40 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller.exe, version 1.0.3.159, faulting module

uninstaller.exe, version 1.0.3.159, fault address 0x0002da8f.
Processing media-specific event for [uninstaller.exe!ws!]

Error: (08/26/2012 11:06:45 AM) (Source: Application Error) (User: )
Description: Faulting application warpatch.bin, version 1.0.5.9, faulting module patchui.dll,

version 1.0.8.6, fault address 0x00007c50.
Processing media-specific event for [warpatch.bin!ws!]

Error: (07/29/2012 11:10:59 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe,

version 1.0.0.0, fault address 0x0003f0e2.
Processing media-specific event for [bioshock.exe!ws!]

Error: (07/29/2012 11:01:50 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe,

version 1.0.0.0, fault address 0x0003f222.
Processing media-specific event for [bioshock.exe!ws!]

Error: (07/29/2012 10:59:55 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe,

version 1.0.0.0, fault address 0x0003f222.
Processing media-specific event for [bioshock.exe!ws!]

Error: (07/29/2012 10:59:32 AM) (Source: Application Error) (User: )
Description: Faulting application bioshock.exe, version 1.0.0.0, faulting module bioshock.exe,

version 1.0.0.0, fault address 0x0003f222.
Processing media-specific event for [bioshock.exe!ws!]


System errors:
=============
Error: (09/11/2012 02:09:18 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the

following error:
%%3

Error: (09/11/2012 08:22:14 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the

following error:
%%3

Error: (09/10/2012 11:02:22 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/10/2012 11:02:21 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/10/2012 03:08:26 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/10/2012 03:08:25 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/10/2012 03:06:50 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/10/2012 03:06:40 PM) (Source: DCOM) (User: SATCOM)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (09/10/2012 02:51:34 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the

following error:
%%3

Error: (09/10/2012 02:48:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (09/03/2012 02:49:59 PM) (Source: Application Error)(User: )
Description: camelot.bin1.0.6.4patchui.dll1.0.8.700007bf0

Error: (09/03/2012 09:59:14 AM) (Source: MsiInstaller)(User: SATCOM)SATCOM
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1719.

SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed.

This can occur if you are running Windows in safe mode, or if the Windows Installer is not

correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)

Error: (08/31/2012 08:12:00 AM) (Source: Application Error)(User: )
Description: uninstaller-2848.exe1.0.3.159uninstaller-2848.exe1.0.3.1590002da8f

Error: (08/31/2012 08:04:45 AM) (Source: Application Error)(User: )
Description: uninstaller.exe1.0.3.159uninstaller.exe1.0.3.1590002da8f

Error: (08/31/2012 08:04:40 AM) (Source: Application Error)(User: )
Description: uninstaller.exe1.0.3.159uninstaller.exe1.0.3.1590002da8f

Error: (08/26/2012 11:06:45 AM) (Source: Application Error)(User: )
Description: warpatch.bin1.0.5.9patchui.dll1.0.8.600007c50

Error: (07/29/2012 11:10:59 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f0e2

Error: (07/29/2012 11:01:50 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f222

Error: (07/29/2012 10:59:55 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f222

Error: (07/29/2012 10:59:32 AM) (Source: Application Error)(User: )
Description: bioshock.exe1.0.0.0bioshock.exe1.0.0.00003f222


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.2)
7500_7600_7700_Help1 (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
avast! Free Antivirus (Version: 7.0.1466.0)
BDlot DVD ISO Master 3.0.2
BioShock (Version: 2.5.0000)
BlackArmor Discovery (Version: 1.40.1041.002)
bpd_scan_Carrier (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
Company of Heroes (Version: 1.0.0.78)
Creative Audio Control Panel (Version: 2.00)
Dark Age of Camelot (Version: )
Google Update Helper (Version: 1.3.21.111)
HP OfficeJet L7300/L7500/7600/7700 (Version: 14.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
L7000_Basic (Version: 140.0.000.000)
Logitech Gaming Software (Version: 8.20.74)
Logitech Gaming Software 8.20 (Version: 8.20.74)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Small Business Edition 2003 (Version: 11.0.7969.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
neroxml (Version: 1.0.0)
Network (Version: 140.0.215.000)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Drivers (Version: 1.5)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
OpenAL
Pixel Mine Launcher 1.00
Realtek High Definition Audio Driver (Version: 5.10.0.5928)
RuneScape Launcher 1.2 (Version: 1.2.0)
Scan (Version: 140.0.167.000)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.6)
swMSM (Version: 12.0.0.1)
The Lord of the Rings Online™ v03.04.04.8012 (Version: 03.04.04.8012)
The Witcher (Version: 1.00.0000)
Toolbox (Version: 140.0.428.000)
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Ventrilo Client (Version: 3.0.8)
VLC media player 2.0.0 (Version: 2.0.0)
Warhammer Online - Age of Reckoning (Version: )
Warhammer Online - Wrath of Heroes (Version: )
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.213.017)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
WinZip 16.0 (Version: 16.0.9691)

========================= Devices: ================================

Name: Officejet Pro L7700
Description: Officejet Pro L7700
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the

Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 2558.48 MB
Available physical RAM: 2071.13 MB
Total Pagefile: 6238.72 MB
Available Pagefile: 5892.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.7 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:360.59 GB) NTFS
3 Drive d: (BIOSHOCK) (CDROM) (Total:6.04 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\SATCOM

Administrator ASPNET Damian
Guest HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini050412-01.dmp
C:\WINDOWS\Minidump\Mini050512-01.dmp
C:\WINDOWS\Minidump\Mini070112-01.dmp
C:\WINDOWS\Minidump\Mini112911-01.dmp
C:\WINDOWS\Minidump\Mini113011-01.dmp
C:\WINDOWS\Minidump\Mini113011-02.dmp
C:\WINDOWS\Minidump\Mini120111-01.dmp
========================= Restore Points ==================================

15-06-2012 17:07:28 System Checkpoint
17-06-2012 18:01:22 System Checkpoint
18-06-2012 18:56:19 System Checkpoint
19-06-2012 19:01:33 System Checkpoint
20-06-2012 01:25:31 Installed Ventrilo Client
21-06-2012 01:42:31 System Checkpoint
22-06-2012 19:48:41 System Checkpoint
25-06-2012 14:47:16 System Checkpoint
26-06-2012 21:57:37 System Checkpoint
27-06-2012 22:46:46 System Checkpoint
28-06-2012 22:55:57 System Checkpoint
30-06-2012 15:45:05 System Checkpoint
01-07-2012 16:20:41 System Checkpoint
02-07-2012 20:50:42 System Checkpoint
03-07-2012 22:41:18 System Checkpoint
06-07-2012 03:57:48 System Checkpoint
07-07-2012 15:56:43 System Checkpoint
08-07-2012 16:53:04 System Checkpoint
09-07-2012 16:54:12 System Checkpoint
12-07-2012 03:22:50 System Checkpoint
13-07-2012 03:45:29 System Checkpoint
14-07-2012 22:49:30 System Checkpoint
15-07-2012 23:23:19 System Checkpoint
17-07-2012 20:35:13 System Checkpoint
18-07-2012 22:00:08 System Checkpoint
19-07-2012 22:35:28 System Checkpoint
22-07-2012 14:50:01 System Checkpoint
23-07-2012 18:50:51 System Checkpoint
24-07-2012 20:59:40 System Checkpoint
25-07-2012 21:07:42 System Checkpoint
26-07-2012 21:58:43 System Checkpoint
27-07-2012 23:04:44 System Checkpoint
28-07-2012 23:28:10 System Checkpoint
29-07-2012 00:27:58 Installed BioShock
29-07-2012 00:36:41 Installed DirectX
30-07-2012 15:38:02 System Checkpoint
31-07-2012 17:07:29 System Checkpoint
01-08-2012 18:18:58 System Checkpoint
02-08-2012 19:03:41 System Checkpoint
03-08-2012 19:19:01 System Checkpoint
04-08-2012 20:22:55 System Checkpoint
05-08-2012 21:42:37 System Checkpoint
06-08-2012 22:05:59 System Checkpoint
07-08-2012 22:57:32 System Checkpoint
08-08-2012 23:33:00 System Checkpoint
09-08-2012 23:33:48 System Checkpoint
11-08-2012 00:12:16 System Checkpoint
12-08-2012 01:49:23 System Checkpoint
13-08-2012 03:12:55 System Checkpoint
14-08-2012 03:50:54 System Checkpoint
15-08-2012 05:54:34 System Checkpoint
16-08-2012 06:24:18 System Checkpoint
17-08-2012 07:24:17 System Checkpoint
18-08-2012 07:36:14 System Checkpoint
19-08-2012 07:52:26 System Checkpoint
20-08-2012 08:04:26 System Checkpoint
21-08-2012 08:13:44 System Checkpoint
22-08-2012 08:52:27 System Checkpoint
23-08-2012 09:04:27 System Checkpoint
24-08-2012 09:15:31 System Checkpoint
25-08-2012 09:27:31 System Checkpoint
26-08-2012 20:34:25 System Checkpoint
27-08-2012 21:00:33 System Checkpoint
28-08-2012 21:38:04 System Checkpoint
30-08-2012 00:19:56 System Checkpoint
31-08-2012 01:57:46 System Checkpoint
01-09-2012 02:05:14 System Checkpoint
02-09-2012 02:08:27 System Checkpoint
03-09-2012 03:08:02 System Checkpoint
03-09-2012 17:01:55 avast! Free Antivirus Setup
04-09-2012 21:10:18 System Checkpoint
05-09-2012 22:36:06 System Checkpoint
06-09-2012 23:19:23 System Checkpoint
07-09-2012 19:39:18 Installed SpyHunter
07-09-2012 20:00:03 Removed SpyHunter
08-09-2012 20:32:38 System Checkpoint
09-09-2012 21:01:04 System Checkpoint
10-09-2012 21:21:04 System Checkpoint

**** End of log ****


thanks in advance for your support and prompt responses.

#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:31 PM

Posted 11 September 2012 - 05:32 PM

Ok that's looking better

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 iamvorbis

iamvorbis
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 11 September 2012 - 06:04 PM

smoothly, but i havnt run any anti-virus scans since i ran all of the tools you reccomended. and im noticing fewer spikes in memory usage and cpu processes... thanks for all your help! very much appreciated. let me know if i need to do anything else or should look for anything else funny going on.

#11 iamvorbis

iamvorbis
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 14 September 2012 - 09:46 AM

i went to use my computer today and noticed in the msconfig startup logs a line listed as uipor.dll running... when i try to disable it, another copy of the file propogates in the list, then i close msconfig, reopen msconfig and low and behold uipor.dll is back again with a check box next to it.... please advise

#12 iamvorbis

iamvorbis
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 14 September 2012 - 10:50 AM

the other thing i am noticing is that when i click on known trusted sites to me, such as noaa.gov i am being redirected to unwanted web pages... :angry: very frustrating... please note that when i looked at the uipor.dll file it listed its program name as windowsgate (language: polish; a language i do not speak or install applications in), what i am familiar with as being a method of logging into account/policy information in windows environments without the use of a password.

#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:31 PM

Posted 14 September 2012 - 04:13 PM

Hi

when i click on known trusted sites to me, such as noaa.gov i am being redirected to unwanted web pages...

Ok. Please do the following next:

:step1:

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam-download.php to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

If requested by MBAM, restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step2:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step3:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main text field:

    :filefind 
    *uipor.dll*
    *windowsgate*
    
    :folderfind 
    *uipor*
    *windowsgate*
    
    :regfind 
    uipor.dll
    windowsgate
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


:step4:

We need some more information:
  • Open Internet Explorer > Tools > Manage add-ons
  • Please note down the name, publisher, and status of each addon under Toolbars and Extensions.
  • Please note down the name and status of each addon under Search providers.
  • Please note down the name, address, category, and status of each addon under Accelerators.
  • Provide us with a list of each in you next reply


:step5:

How is the computer running now?

Edited by dev00790, 15 September 2012 - 03:50 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 iamvorbis

iamvorbis
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 14 September 2012 - 08:28 PM

results from mbam:
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.14.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Damian :: SATCOM [administrator]

Protection: Enabled

9/14/2012 2:49:04 PM
mbam-log-2012-09-14 (14-49-04).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255624
Time elapsed: 41 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Intel (Trojan.Agent) -> Data: C:\Documents and Settings\Damian\Application Data\829343.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 4
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-18\$5d3285f6a9d5b0c29dda26f041b7df38\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\RECYCLER\S-1-5-21-1275210071-343818398-725345543-1003\$5d3285f6a9d5b0c29dda26f041b7df38\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\VideoCodecs\instacodecs_1290.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$5d3285f6a9d5b0c29dda26f041b7df38\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.

(end)
results from ESET:
C:\Documents and Settings\Damian\Application Data\uipor.dll a variant of Win32/Medfos.DM trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Damian\Application Data\Sun\Java\Deployment\cache\6.0\51\3c3f2273-101803e3 Java/Exploit.CVE-2012-4681.W trojan deleted - quarantined
C:\Documents and Settings\Damian\Local Settings\Temp\NODEE5.tmp a variant of Win32/Medfos.DM trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Damian\Local Settings\Temporary Internet Files\Content.IE5\H7KO9T74\PCMAX_AF_ErrorsFix_Setup[1].exe a variant of Win32/RegistryNuke application cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\54\36c870f6-6324e351 Java/Exploit.CVE-2012-4681.Y trojan deleted - quarantined
C:\Microsoft Malicious Software Removal Tool\PCMAX_AF_ErrorsFix_Setup.exe a variant of Win32/RegistryNuke application cleaned by deleting - quarantined
C:\WINDOWS\Temp\V.class probably a variant of Java/Exploit.CVE-2011-3544.BQ trojan cleaned by deleting - quarantined

results from System Look:
SystemLook 30.07.11 by jpshortstuff
Log created at 18:13 on 14/09/2012 by Damian
Administrator - Elevation successful

========== filefind ==========

Searching for "*uipor.dll*"
No files found.

Searching for "*windowsgate*"
C:\Documents and Settings\Damian\Local Settings\Temporary Internet

Files\Content.IE5\NRNDXIDW\WindowsGate.exe[1].htm --a---- 13910 bytes [14:38

14/09/2012] [14:38 14/09/2012] 7BBB043E6FE667C7A7EF3A760B84ADCC
C:\Documents and Settings\Damian\Local Settings\Temporary Internet

Files\Content.IE5\ZLAH9TS1\windowsgate-exe-error-fix-guide[1].html --a---- 22205 bytes

[14:38 14/09/2012] [14:38 14/09/2012] A675AFBDF5B5314FF268A4EFE30633AD

========== folderfind ==========

Searching for "*uipor*"
No folders found.

Searching for "*windowsgate*"
No folders found.

========== regfind ==========

Searching for "uipor.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uipor]
"command"=""C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Damian\Application

Data\uipor.dll",vGetOptions"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uipor"=""C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Damian\Application

Data\uipor.dll",vGetOptions"

Searching for "windowsgate"
No data found.

-= EOF =-

Results from Internex Explorer/Manage Add-ons list:
Name: OnlineScanner Control
Publisher: ESET, spol. s r.o.
Type: ActiveX Control
Version: 1.0.0.6583
File date:
Date last accessed: Today, September 14, 2012, 2 hours ago
Class ID: {7530BFB8-7293-4D34-9923-61A11451AFC5}
Use count: 1
Block count: 0
File: OnlineScanner.ocx
Folder: C:\Program Files\ESET\ESET Online Scanner

Name: Shockwave Flash Object
Publisher: Adobe Systems Incorporated
Type: ActiveX Control
Version: 11.3.300.268
File date:
Date last accessed: Today, September 14, 2012, 2 hours ago
Class ID: {D27CDB6E-AE6D-11CF-96B8-444553540000}
Use count: 148154
Block count: 125
File: Flash32_11_3_300_268.ocx
Folder: C:\WINDOWS\system32\Macromed\Flash

Name: avast! WebRep
Publisher: AVAST Software
Type: Toolbar
Version: 7.0.1466.549
File date:
Date last accessed: Today, September 14, 2012, 11 minutes ago
Class ID: {8E5E2654-AD2D-48BF-AC2D-D17F00898D06}
Use count: 1347
Block count: 0
File: aswWebRepIE.dll
Folder: C:\Avast AntiVirus

Name: avast! WebRep
Publisher: AVAST Software
Type: Browser Helper Object
Version: 7.0.1466.549
File date:
Date last accessed: Today, September 14, 2012, 11 minutes ago
Class ID: {8E5E2654-AD2D-48BF-AC2D-D17F00898D06}
Use count: 1347
Block count: 0
File: aswWebRepIE.dll
Folder: C:\Avast AntiVirus

Name: Adobe PDF Link Helper
Publisher: Adobe Systems, Incorporated
Type: Browser Helper Object
Version: 10.1.1.33
File date:
Date last accessed: Today, September 14, 2012, 12 minutes ago
Class ID: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Use count: 8086
Block count: 0
File: AcroIEHelperShim.dll
Folder: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX

Name: Java™ Plug-In 2 SSV Helper
Publisher: Sun Microsystems, Inc.
Type: Browser Helper Object
Version: 6.0.290.11
File date:
Date last accessed: Today, September 14, 2012, 12 minutes ago
Class ID: {DBC80044-A445-435B-BC74-9C25C1C588A9}
Use count: 8785
Block count: 0
File: jp2ssv.dll
Folder: C:\Program Files\Java\jre6\bin

Name: Research
Publisher: Not Available
Type: Browser Extension
Version: Not available
File date:
Date last accessed: Today, September 14, 2012, 34 minutes ago
Class ID: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
Use count: 178
Block count: 1972
File: Not available
Folder: Not available

Name: Diagnose Connection Problems...
Publisher: Not Available
Type: Browser Extension
Version: Not available
File date:
Date last accessed: Today, September 14, 2012, 34 minutes ago
Class ID: {E2E2DD38-D088-4134-82B7-F2BA38496583}
Use count: 263
Block count: 1974
File: Not available
Folder: Not available

Name: Windows Messenger
Publisher: Not Available
Type: Browser Extension
Version: Not available
File date:
Date last accessed: Today, September 14, 2012, 35 minutes ago
Class ID: {FB5F1910-F110-11D2-BB9E-00C04F795683}
Use count: 82
Block count: 2328
File: Not available
Folder: Not available

Name: Discuss
Publisher: Not Available
Type: Explorer Bar
Version: 6.0.2900.6148
File date:
Date last accessed: Monday, November 29, 1999, 5:00 PM
Class ID: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F}
Use count: 0
Block count: 0
File: shdocvw.dll
Folder:

Name: Research
Publisher: Microsoft Corporation
Type: Explorer Bar
Version: 11.0.5510.0
File date:
Date last accessed: Monday, November 29, 1999, 5:00 PM
Class ID: {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Use count: 0
Block count: 0
File: REFIEBAR.DLL
Folder: C:\Program Files\Microsoft Office\OFFICE11

Search provider :
Google Status: default Listing order: 1 Search Suggestions : disabled

Accelerators: none listed


thanks in advance for your prompt responses. :thumbup2:

#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:31 PM

Posted 16 September 2012 - 07:22 AM

Hi

Since the following were found by ESET and MBAM:

C:\RECYCLER\S-1-5-18\$5d3285f6a9d5b0c29dda26f041b7df38\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\Documents and Settings\Damian\Application Data\Sun\Java\Deployment\cache\6.0\51\3c3f2273-101803e3 Java/Exploit.CVE-2012-4681.W trojan deleted - quarantined
C:\Documents and Settings\Damian\Application Data\uipor.dll a variant of Win32/Medfos.DM trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\54\36c870f6-6324e351 Java/Exploit.CVE-2012-4681.Y trojan deleted - quarantined
C:\WINDOWS\Temp\V.class probably a variant of Java/Exploit.CVE-2011-3544.BQ trojan cleaned by deleting - quarantined


IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes.
They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms.
This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.
Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities.
You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say:

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Help: I Got Hacked. Now What Do I Do?.

We will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what information can be accessed from it.

Knowing the above, do you wish to proceed with cleaning the malware from the computer?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users