Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/sirefef.ez removal


  • This topic is locked This topic is locked
10 replies to this topic

#1 erik123

erik123

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 25 November 2012 - 03:07 AM

Hello I've recently been infected with the win32/sirefef.ez or sometimes .ev trojan and cant remove it with eset security 5. Eset recognizes it but cant remove it. It's also shut down my windows firewall and doesnt allow me to update eset or windows. It also mentions something about desktop.ini please help!! thank you!!

BC AdBot (Login to Remove)

 


#2 erik123

erik123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 25 November 2012 - 03:33 AM

I tried to download dds but no response when i click the downlooad link

#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:28 AM

Posted 25 November 2012 - 03:52 AM

Hello erik123 ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



STEP 1



Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


STEP 2


  • Please download RogueKiller and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.



Regards,
Georgi

Edited by B-boy/StyLe/, 25 November 2012 - 03:52 AM.

cXfZ4wS.png


#4 erik123

erik123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 26 November 2012 - 12:01 AM

23:44:29.0028 3328 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:44:31.0016 3328 ============================================================
23:44:31.0016 3328 Current date / time: 2012/11/25 23:44:31.0016
23:44:31.0016 3328 SystemInfo:
23:44:31.0016 3328
23:44:31.0016 3328 OS Version: 6.0.6002 ServicePack: 2.0
23:44:31.0016 3328 Product type: Workstation
23:44:31.0016 3328 ComputerName: E-MONEY-BAG-PC
23:44:31.0017 3328 UserName: $E-MONEY-BAG$
23:44:31.0017 3328 Windows directory: C:\Windows
23:44:31.0017 3328 System windows directory: C:\Windows
23:44:31.0017 3328 Processor architecture: Intel x86
23:44:31.0017 3328 Number of processors: 2
23:44:31.0017 3328 Page size: 0x1000
23:44:31.0017 3328 Boot type: Normal boot
23:44:31.0017 3328 ============================================================
23:44:31.0820 3328 BG loaded
23:44:32.0569 3328 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:44:32.0569 3328 ============================================================
23:44:32.0569 3328 \Device\Harddisk0\DR0:
23:44:32.0569 3328 MBR partitions:
23:44:32.0569 3328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
23:44:32.0569 3328 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x1B929168
23:44:32.0912 3328 ============================================================
23:44:33.0021 3328 C: <-> \Device\Harddisk0\DR0\Partition2
23:44:33.0271 3328 D: <-> \Device\Harddisk0\DR0\Partition1
23:44:33.0271 3328 ============================================================
23:44:33.0271 3328 Initialize success
23:44:33.0271 3328 ============================================================
23:44:59.0405 3388 ============================================================
23:44:59.0405 3388 Scan started
23:44:59.0405 3388 Mode: Manual; SigCheck; TDLFS;
23:44:59.0405 3388 ============================================================
23:45:01.0917 3388 ================ Scan system memory ========================
23:45:01.0917 3388 System memory - ok
23:45:01.0917 3388 ================ Scan services =============================
23:45:02.0572 3388 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:45:02.0884 3388 ACPI - ok
23:45:03.0118 3388 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:45:03.0133 3388 AdobeARMservice - ok
23:45:03.0321 3388 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:45:03.0352 3388 AdobeFlashPlayerUpdateSvc - ok
23:45:03.0477 3388 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:45:03.0539 3388 adp94xx - ok
23:45:03.0570 3388 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:45:03.0601 3388 adpahci - ok
23:45:03.0664 3388 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:45:03.0679 3388 adpu160m - ok
23:45:03.0711 3388 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:45:03.0742 3388 adpu320 - ok
23:45:03.0867 3388 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:45:29.0341 3388 AeLookupSvc - ok
23:45:29.0404 3388 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\system32\aestsrv.exe
23:45:29.0513 3388 AESTFilters - ok
23:45:29.0607 3388 [ 23F39E28C5ED1D6C8C8360AD204CD8B5 ] AFD C:\Windows\system32\drivers\afd.sys
23:45:29.0607 3388 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 23F39E28C5ED1D6C8C8360AD204CD8B5, Fake md5: 3911B972B55FEA0478476B2E777B29FA
23:45:29.0607 3388 AFD ( Virus.Win32.ZAccess.aml ) - infected
23:45:29.0607 3388 AFD - detected Virus.Win32.ZAccess.aml (0)
23:45:29.0700 3388 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:45:29.0731 3388 agp440 - ok
23:45:29.0903 3388 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:45:29.0950 3388 aic78xx - ok
23:45:29.0981 3388 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:45:30.0293 3388 ALG - ok
23:45:30.0324 3388 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
23:45:30.0355 3388 aliide - ok
23:45:30.0418 3388 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:45:30.0449 3388 amdagp - ok
23:45:30.0480 3388 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
23:45:30.0511 3388 amdide - ok
23:45:30.0543 3388 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:45:30.0652 3388 AmdK7 - ok
23:45:30.0792 3388 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:45:30.0901 3388 AmdK8 - ok
23:45:30.0995 3388 [ A80230BD04F0B8BF05185B369BB1CBB8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
23:45:31.0042 3388 ApfiltrService - ok
23:45:31.0104 3388 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:45:31.0198 3388 Appinfo - ok
23:45:31.0323 3388 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:45:31.0338 3388 Apple Mobile Device - ok
23:45:31.0479 3388 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
23:45:31.0510 3388 arc - ok
23:45:31.0588 3388 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:45:31.0619 3388 arcsas - ok
23:45:31.0713 3388 [ E54E27976E2C5A6465D44C10B1D87AC0 ] ASPI C:\Windows\System32\DRIVERS\ASPI32.sys
23:45:31.0744 3388 ASPI ( UnsignedFile.Multi.Generic ) - warning
23:45:31.0744 3388 ASPI - detected UnsignedFile.Multi.Generic (1)
23:45:31.0775 3388 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:45:31.0837 3388 AsyncMac - ok
23:45:31.0931 3388 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:45:31.0947 3388 atapi - ok
23:45:32.0040 3388 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:45:32.0071 3388 AudioEndpointBuilder - ok
23:45:32.0103 3388 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:45:32.0118 3388 Audiosrv - ok
23:45:32.0212 3388 [ 7BD70AEED0D975285A1B20BD012EBF4E ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
23:45:32.0227 3388 BCM42RLY - ok
23:45:32.0337 3388 [ FA6707A346CD122407F3B0BAD1C47639 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
23:45:32.0461 3388 BCM43XX - ok
23:45:32.0555 3388 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:45:32.0617 3388 Beep - ok
23:45:32.0695 3388 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:45:32.0773 3388 BFE - ok
23:45:32.0883 3388 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:45:32.0992 3388 blbdrive - ok
23:45:33.0117 3388 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:45:33.0148 3388 Bonjour Service - ok
23:45:33.0195 3388 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:45:33.0304 3388 bowser - ok
23:45:33.0382 3388 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:45:33.0444 3388 BrFiltLo - ok
23:45:33.0475 3388 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:45:33.0694 3388 BrFiltUp - ok
23:45:33.0772 3388 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:45:33.0897 3388 Browser - ok
23:45:33.0975 3388 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:45:34.0302 3388 Brserid - ok
23:45:34.0365 3388 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:45:34.0458 3388 BrSerWdm - ok
23:45:34.0521 3388 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:45:34.0614 3388 BrUsbMdm - ok
23:45:34.0630 3388 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:45:34.0708 3388 BrUsbSer - ok
23:45:34.0770 3388 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:45:34.0848 3388 BTHMODEM - ok
23:45:34.0942 3388 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
23:45:34.0989 3388 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
23:45:34.0989 3388 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
23:45:35.0301 3388 catchme - ok
23:45:35.0363 3388 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:45:35.0472 3388 cdfs - ok
23:45:35.0535 3388 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:45:35.0597 3388 cdrom - ok
23:45:35.0659 3388 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:45:35.0737 3388 CertPropSvc - ok
23:45:35.0769 3388 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
23:45:35.0862 3388 circlass - ok
23:45:35.0909 3388 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:45:35.0940 3388 CLFS - ok
23:45:36.0018 3388 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:45:36.0049 3388 clr_optimization_v2.0.50727_32 - ok
23:45:36.0159 3388 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:45:36.0252 3388 clr_optimization_v4.0.30319_32 - ok
23:45:36.0299 3388 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:45:36.0361 3388 CmBatt - ok
23:45:36.0439 3388 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:45:36.0455 3388 cmdide - ok
23:45:36.0486 3388 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:45:36.0502 3388 Compbatt - ok
23:45:36.0549 3388 COMSysApp - ok
23:45:36.0642 3388 cpuz134 - ok
23:45:36.0658 3388 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:45:36.0673 3388 crcdisk - ok
23:45:36.0705 3388 [ 0C629820AAD9C90E456B221C94D640CA ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
23:45:36.0705 3388 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:45:36.0705 3388 Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:45:36.0720 3388 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:45:36.0798 3388 Crusoe - ok
23:45:36.0876 3388 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:45:36.0954 3388 CryptSvc - ok
23:45:37.0017 3388 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:45:37.0110 3388 DcomLaunch - ok
23:45:37.0173 3388 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:45:37.0266 3388 DfsC - ok
23:45:37.0375 3388 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:45:37.0609 3388 DFSR - ok
23:45:37.0703 3388 [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
23:45:37.0719 3388 dg_ssudbus - ok
23:45:37.0781 3388 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:45:37.0828 3388 Dhcp - ok
23:45:37.0921 3388 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:45:37.0937 3388 disk - ok
23:45:37.0984 3388 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:45:38.0062 3388 Dnscache - ok
23:45:38.0109 3388 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:45:38.0171 3388 dot3svc - ok
23:45:38.0218 3388 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:45:38.0311 3388 DPS - ok
23:45:38.0405 3388 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:45:38.0499 3388 drmkaud - ok
23:45:38.0561 3388 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:45:38.0655 3388 DXGKrnl - ok
23:45:38.0748 3388 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
23:45:38.0811 3388 e1express - ok
23:45:38.0842 3388 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:45:38.0935 3388 E1G60 - ok
23:45:39.0013 3388 [ 04238864710460C5682E260207D06192 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
23:45:39.0045 3388 eamonm - ok
23:45:39.0123 3388 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:45:39.0201 3388 EapHost - ok
23:45:39.0279 3388 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:45:39.0325 3388 Ecache - ok
23:45:39.0357 3388 efavdrv - ok
23:45:39.0403 3388 [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
23:45:39.0435 3388 ehdrv - ok
23:45:39.0918 3388 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
23:45:40.0012 3388 ekrn - ok
23:45:40.0105 3388 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:45:40.0168 3388 elxstor - ok
23:45:40.0277 3388 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:45:40.0433 3388 EMDMgmt - ok
23:45:40.0511 3388 [ 5BA193CA0AE31209AAA39939CE6736B2 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
23:45:40.0542 3388 epfw - ok
23:45:40.0901 3388 [ 9CEFD59C8E5EBFB48165AEF54617F539 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
23:45:40.0932 3388 EpfwLWF - ok
23:45:41.0073 3388 [ 7144A06AC105A2A7302944602E415EC1 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
23:45:41.0088 3388 epfwwfp - ok
23:45:41.0151 3388 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:45:41.0275 3388 ErrDev - ok
23:45:41.0385 3388 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:45:41.0494 3388 EventSystem - ok
23:45:41.0572 3388 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:45:41.0650 3388 exfat - ok
23:45:41.0728 3388 [ 8EF8166E412988F210186E2FAE88D083 ] ExterminateIt C:\Windows\system32\drivers\extit.sys
23:45:41.0759 3388 ExterminateIt - ok
23:45:41.0821 3388 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:45:41.0915 3388 fastfat - ok
23:45:42.0024 3388 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:45:42.0102 3388 fdc - ok
23:45:42.0165 3388 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:45:42.0243 3388 fdPHost - ok
23:45:42.0274 3388 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:45:42.0477 3388 FDResPub - ok
23:45:42.0570 3388 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:45:42.0601 3388 FileInfo - ok
23:45:42.0633 3388 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:45:42.0742 3388 Filetrace - ok
23:45:43.0241 3388 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:45:43.0397 3388 flpydisk - ok
23:45:43.0459 3388 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:45:43.0491 3388 FltMgr - ok
23:45:43.0631 3388 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:45:43.0849 3388 FontCache - ok
23:45:43.0943 3388 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:45:43.0974 3388 FontCache3.0.0.0 - ok
23:45:44.0052 3388 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
23:45:44.0083 3388 fssfltr - ok
23:45:44.0239 3388 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:45:44.0442 3388 fsssvc - ok
23:45:44.0473 3388 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:45:44.0583 3388 Fs_Rec - ok
23:45:44.0629 3388 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:45:44.0661 3388 gagp30kx - ok
23:45:44.0739 3388 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:45:44.0770 3388 GEARAspiWDM - ok
23:45:44.0879 3388 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
23:45:44.0895 3388 GoToAssist - ok
23:45:44.0957 3388 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:45:45.0097 3388 gpsvc - ok
23:45:45.0269 3388 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:45:45.0285 3388 gupdate - ok
23:45:45.0316 3388 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:45:45.0347 3388 gupdatem - ok
23:45:45.0456 3388 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:45:45.0565 3388 HDAudBus - ok
23:45:45.0659 3388 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:45:45.0815 3388 HidBth - ok
23:45:45.0877 3388 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:45:45.0924 3388 HidIr - ok
23:45:45.0955 3388 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
23:45:46.0002 3388 hidserv - ok
23:45:46.0033 3388 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:45:46.0080 3388 HidUsb - ok
23:45:46.0111 3388 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:45:46.0143 3388 hkmsvc - ok
23:45:46.0174 3388 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:45:46.0189 3388 HpCISSs - ok
23:45:46.0299 3388 [ 99F85640054BA65190B860D878A7C9AE ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:45:46.0501 3388 HSF_DPV - ok
23:45:46.0564 3388 [ DD1E0A26D0F60A7EA65A1BEEC7D44EAB ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
23:45:46.0579 3388 HssDRV6 - ok
23:45:46.0642 3388 [ CFBC2B81972E298F0E19EE68FA9E73DA ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:45:46.0798 3388 HSXHWAZL - ok
23:45:46.0876 3388 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:45:47.0016 3388 HTTP - ok
23:45:47.0063 3388 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:45:47.0094 3388 i2omp - ok
23:45:47.0141 3388 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:45:47.0219 3388 i8042prt - ok
23:45:47.0313 3388 [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
23:45:47.0328 3388 IAANTMON - ok
23:45:47.0406 3388 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
23:45:47.0422 3388 iaStor - ok
23:45:47.0469 3388 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:45:47.0484 3388 iaStorV - ok
23:45:47.0609 3388 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:45:47.0781 3388 idsvc - ok
23:45:47.0905 3388 [ C134E69CE901422D1F2D7EA8D69098FE ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:45:48.0061 3388 igfx - ok
23:45:48.0093 3388 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:45:48.0124 3388 iirsp - ok
23:45:48.0202 3388 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:45:48.0249 3388 IKEEXT - ok
23:45:48.0280 3388 [ 98D303CCB3415E9202E82043B37D66DC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
23:45:48.0342 3388 IntcHdmiAddService - ok
23:45:48.0358 3388 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:45:48.0389 3388 intelide - ok
23:45:48.0436 3388 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:45:48.0483 3388 intelppm - ok
23:45:48.0561 3388 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:45:48.0623 3388 IPBusEnum - ok
23:45:48.0701 3388 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:45:48.0748 3388 IpFilterDriver - ok
23:45:48.0779 3388 IpInIp - ok
23:45:48.0826 3388 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:45:48.0873 3388 IPMIDRV - ok
23:45:48.0951 3388 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:45:48.0997 3388 IPNAT - ok
23:45:49.0029 3388 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:45:49.0169 3388 iPod Service - ok
23:45:49.0341 3388 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:45:49.0372 3388 IRENUM - ok
23:45:49.0419 3388 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:45:49.0434 3388 isapnp - ok
23:45:49.0465 3388 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:45:49.0497 3388 iScsiPrt - ok
23:45:49.0512 3388 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:45:49.0543 3388 iteatapi - ok
23:45:49.0575 3388 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:45:49.0590 3388 iteraid - ok
23:45:49.0621 3388 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:45:49.0653 3388 kbdclass - ok
23:45:49.0715 3388 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:45:49.0746 3388 kbdhid - ok
23:45:49.0793 3388 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
23:45:49.0887 3388 KeyIso - ok
23:45:49.0949 3388 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:45:50.0027 3388 KSecDD - ok
23:45:50.0105 3388 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:45:50.0214 3388 KtmRm - ok
23:45:50.0292 3388 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
23:45:50.0401 3388 LanmanServer - ok
23:45:50.0448 3388 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:45:50.0542 3388 LanmanWorkstation - ok
23:45:50.0620 3388 [ 05C10E70B437841F31E1BFA8812895BA ] libusb0 C:\Windows\system32\drivers\libusb0.sys
23:45:50.0667 3388 libusb0 - ok
23:45:50.0698 3388 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:45:50.0791 3388 lltdio - ok
23:45:50.0838 3388 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:45:50.0901 3388 lltdsvc - ok
23:45:50.0947 3388 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:45:51.0103 3388 lmhosts - ok
23:45:51.0197 3388 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:45:51.0228 3388 LSI_FC - ok
23:45:51.0306 3388 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:45:51.0337 3388 LSI_SAS - ok
23:45:51.0400 3388 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:45:51.0447 3388 LSI_SCSI - ok
23:45:51.0478 3388 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:45:51.0587 3388 luafv - ok
23:45:51.0618 3388 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:45:51.0743 3388 mdmxsdk - ok
23:45:51.0774 3388 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
23:45:51.0821 3388 megasas - ok
23:45:51.0868 3388 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:45:51.0915 3388 MegaSR - ok
23:45:51.0946 3388 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:45:52.0008 3388 MMCSS - ok
23:45:52.0071 3388 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:45:52.0117 3388 Modem - ok
23:45:52.0149 3388 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:45:52.0195 3388 monitor - ok
23:45:52.0242 3388 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:45:52.0258 3388 mouclass - ok
23:45:52.0289 3388 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:45:52.0336 3388 mouhid - ok
23:45:52.0351 3388 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:45:52.0398 3388 MountMgr - ok
23:45:52.0429 3388 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
23:45:52.0461 3388 mpio - ok
23:45:52.0492 3388 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:45:52.0554 3388 mpsdrv - ok
23:45:52.0663 3388 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:45:52.0726 3388 MpsSvc - ok
23:45:52.0788 3388 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:45:52.0819 3388 Mraid35x - ok
23:45:52.0851 3388 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:45:52.0897 3388 MRxDAV - ok
23:45:52.0975 3388 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:45:53.0116 3388 mrxsmb - ok
23:45:53.0178 3388 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:45:53.0256 3388 mrxsmb10 - ok
23:45:53.0272 3388 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:45:53.0319 3388 mrxsmb20 - ok
23:45:53.0553 3388 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
23:45:53.0693 3388 msahci - ok
23:45:53.0833 3388 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:45:53.0865 3388 msdsm - ok
23:45:54.0005 3388 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:45:54.0099 3388 MSDTC - ok
23:45:54.0255 3388 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:45:54.0286 3388 Msfs - ok
23:45:54.0551 3388 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:45:54.0567 3388 msisadrv - ok
23:45:54.0738 3388 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:45:54.0785 3388 MSiSCSI - ok
23:45:54.0785 3388 msiserver - ok
23:45:54.0847 3388 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:45:54.0910 3388 MSKSSRV - ok
23:45:54.0941 3388 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:45:55.0003 3388 MSPCLOCK - ok
23:45:55.0019 3388 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:45:55.0066 3388 MSPQM - ok
23:45:55.0128 3388 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:45:55.0144 3388 MsRPC - ok
23:45:55.0159 3388 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:45:55.0175 3388 mssmbios - ok
23:45:55.0206 3388 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:45:55.0237 3388 MSTEE - ok
23:45:55.0300 3388 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:45:55.0315 3388 Mup - ok
23:45:55.0362 3388 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:45:55.0378 3388 napagent - ok
23:45:55.0456 3388 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:45:55.0534 3388 NativeWifiP - ok
23:45:55.0565 3388 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:45:55.0596 3388 NDIS - ok
23:45:55.0627 3388 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:45:55.0721 3388 NdisTapi - ok
23:45:55.0752 3388 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:45:55.0799 3388 Ndisuio - ok
23:45:55.0861 3388 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:45:55.0877 3388 NdisWan - ok
23:45:55.0908 3388 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:45:56.0080 3388 NDProxy - ok
23:45:56.0173 3388 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
23:45:56.0205 3388 Netaapl - ok
23:45:56.0220 3388 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:45:56.0283 3388 NetBIOS - ok
23:45:56.0329 3388 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:45:56.0407 3388 netbt - ok
23:45:56.0439 3388 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
23:45:56.0454 3388 Netlogon - ok
23:45:56.0532 3388 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:45:56.0657 3388 Netman - ok
23:45:56.0688 3388 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:45:56.0735 3388 netprofm - ok
23:45:57.0375 3388 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:45:57.0437 3388 NetTcpPortSharing - ok
23:45:57.0468 3388 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:45:57.0499 3388 nfrd960 - ok
23:45:57.0531 3388 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:45:57.0624 3388 NlaSvc - ok
23:45:57.0702 3388 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:45:57.0811 3388 Npfs - ok
23:45:57.0843 3388 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:45:57.0889 3388 nsi - ok
23:45:57.0921 3388 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:45:57.0983 3388 nsiproxy - ok
23:45:58.0061 3388 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:45:58.0217 3388 Ntfs - ok
23:45:58.0264 3388 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:45:58.0342 3388 ntrigdigi - ok
23:45:58.0357 3388 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:45:58.0529 3388 Null - ok
23:45:58.0560 3388 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:45:58.0576 3388 nvraid - ok
23:45:58.0623 3388 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:45:58.0638 3388 nvstor - ok
23:45:58.0669 3388 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:45:58.0685 3388 nv_agp - ok
23:45:58.0685 3388 NwlnkFlt - ok
23:45:58.0701 3388 NwlnkFwd - ok
23:45:58.0763 3388 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:45:58.0810 3388 ohci1394 - ok
23:45:58.0857 3388 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:45:59.0028 3388 p2pimsvc - ok
23:45:59.0122 3388 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:45:59.0247 3388 p2psvc - ok
23:45:59.0278 3388 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
23:45:59.0356 3388 Parport - ok
23:45:59.0418 3388 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:45:59.0434 3388 partmgr - ok
23:45:59.0465 3388 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:45:59.0668 3388 Parvdm - ok
23:45:59.0715 3388 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\Windows\system32\Drivers\PCASp50.sys
23:45:59.0730 3388 PCASp50 - ok
23:45:59.0761 3388 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:45:59.0824 3388 PcaSvc - ok
23:45:59.0855 3388 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:45:59.0871 3388 pci - ok
23:45:59.0933 3388 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
23:45:59.0949 3388 pciide - ok
23:45:59.0995 3388 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:46:00.0011 3388 pcmcia - ok
23:46:00.0027 3388 PCTINDIS5 - ok
23:46:00.0105 3388 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:46:00.0276 3388 PEAUTH - ok
23:46:00.0401 3388 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:46:00.0495 3388 pla - ok
23:46:00.0573 3388 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:46:00.0697 3388 PlugPlay - ok
23:46:00.0744 3388 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:46:00.0916 3388 PNRPAutoReg - ok
23:46:00.0994 3388 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:46:01.0056 3388 PNRPsvc - ok
23:46:01.0134 3388 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:46:01.0509 3388 PolicyAgent - ok
23:46:01.0618 3388 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:46:01.0649 3388 PptpMiniport - ok
23:46:01.0696 3388 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
23:46:01.0727 3388 Processor - ok
23:46:01.0758 3388 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:46:01.0821 3388 ProfSvc - ok
23:46:01.0852 3388 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:46:01.0945 3388 ProtectedStorage - ok
23:46:01.0992 3388 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:46:02.0086 3388 PSched - ok
23:46:02.0133 3388 [ 1DF21F001F3A94EBA4A2950C70CC358F ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
23:46:02.0148 3388 PSI - ok
23:46:02.0226 3388 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:46:02.0257 3388 PxHelp20 - ok
23:46:02.0335 3388 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:46:02.0429 3388 ql2300 - ok
23:46:02.0460 3388 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:46:02.0491 3388 ql40xx - ok
23:46:02.0538 3388 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:46:02.0663 3388 QWAVE - ok
23:46:02.0663 3388 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:46:02.0803 3388 QWAVEdrv - ok
23:46:02.0991 3388 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
23:46:03.0303 3388 R300 - ok
23:46:03.0318 3388 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:46:03.0427 3388 RasAcd - ok
23:46:03.0490 3388 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:46:03.0583 3388 RasAuto - ok
23:46:03.0630 3388 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:46:03.0661 3388 Rasl2tp - ok
23:46:03.0724 3388 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:46:03.0755 3388 RasMan - ok
23:46:03.0786 3388 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:46:03.0864 3388 RasPppoe - ok
23:46:03.0895 3388 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:46:03.0958 3388 RasSstp - ok
23:46:04.0051 3388 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:46:04.0145 3388 rdbss - ok
23:46:04.0192 3388 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:46:04.0270 3388 RDPCDD - ok
23:46:04.0348 3388 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:46:04.0410 3388 rdpdr - ok
23:46:04.0410 3388 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:46:04.0488 3388 RDPENCDD - ok
23:46:04.0597 3388 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:46:04.0675 3388 RDPWD - ok
23:46:04.0753 3388 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:46:04.0816 3388 RemoteAccess - ok
23:46:04.0925 3388 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:46:05.0019 3388 RemoteRegistry - ok
23:46:05.0065 3388 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
23:46:05.0143 3388 rimmptsk - ok
23:46:05.0159 3388 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
23:46:05.0221 3388 rimsptsk - ok
23:46:05.0221 3388 RimUsb - ok
23:46:05.0299 3388 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
23:46:05.0362 3388 RimVSerPort - ok
23:46:05.0362 3388 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
23:46:05.0409 3388 rismxdp - ok
23:46:05.0440 3388 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
23:46:05.0487 3388 ROOTMODEM - ok
23:46:05.0533 3388 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:46:05.0643 3388 RpcLocator - ok
23:46:05.0689 3388 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
23:46:05.0721 3388 RpcSs - ok
23:46:05.0752 3388 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:46:05.0799 3388 rspndr - ok
23:46:05.0830 3388 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
23:46:05.0845 3388 SamSs - ok
23:46:06.0204 3388 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:46:06.0235 3388 sbp2port - ok
23:46:06.0298 3388 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:46:06.0360 3388 SCardSvr - ok
23:46:06.0407 3388 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:46:06.0594 3388 Schedule - ok
23:46:06.0657 3388 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:46:06.0688 3388 SCPolicySvc - ok
23:46:06.0781 3388 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:46:06.0828 3388 sdbus - ok
23:46:06.0922 3388 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:46:07.0000 3388 SDRSVC - ok
23:46:07.0015 3388 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:46:07.0125 3388 secdrv - ok
23:46:07.0171 3388 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:46:07.0249 3388 seclogon - ok
23:46:07.0281 3388 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
23:46:07.0390 3388 SENS - ok
23:46:07.0468 3388 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:46:07.0515 3388 Serenum - ok
23:46:07.0608 3388 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
23:46:07.0671 3388 Serial - ok
23:46:07.0717 3388 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:46:07.0749 3388 sermouse - ok
23:46:07.0842 3388 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:46:07.0920 3388 SessionEnv - ok
23:46:07.0951 3388 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:46:08.0029 3388 sffdisk - ok
23:46:08.0092 3388 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:46:08.0170 3388 sffp_mmc - ok
23:46:08.0201 3388 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:46:08.0232 3388 sffp_sd - ok
23:46:08.0263 3388 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:46:08.0326 3388 sfloppy - ok
23:46:08.0404 3388 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:46:08.0466 3388 SharedAccess - ok
23:46:08.0513 3388 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:46:08.0607 3388 ShellHWDetection - ok
23:46:08.0638 3388 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:46:08.0669 3388 sisagp - ok
23:46:08.0685 3388 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:46:08.0700 3388 SiSRaid2 - ok
23:46:08.0731 3388 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:46:08.0747 3388 SiSRaid4 - ok
23:46:08.0903 3388 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:46:09.0121 3388 slsvc - ok
23:46:09.0168 3388 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:46:09.0184 3388 SLUINotify - ok
23:46:09.0231 3388 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:46:09.0277 3388 Smb - ok
23:46:09.0324 3388 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:46:09.0355 3388 SNMPTRAP - ok
23:46:09.0433 3388 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:46:09.0465 3388 spldr - ok
23:46:09.0496 3388 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:46:09.0589 3388 Spooler - ok
23:46:09.0636 3388 [ D15DA1BA189770D93EEA2D7E18F95AF9 ] sptd C:\Windows\System32\Drivers\sptd.sys
23:46:09.0730 3388 sptd - ok
23:46:09.0933 3388 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:46:10.0026 3388 srv - ok
23:46:10.0120 3388 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:46:10.0167 3388 srv2 - ok
23:46:10.0229 3388 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:46:10.0307 3388 srvnet - ok
23:46:10.0354 3388 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:46:10.0447 3388 SSDPSRV - ok
23:46:10.0510 3388 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:46:10.0557 3388 SstpSvc - ok
23:46:10.0822 3388 [ 8F299012EF58246F1C98DE7B7E48DBF0 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
23:46:10.0853 3388 ssudmdm - ok
23:46:10.0900 3388 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
23:46:10.0978 3388 STacSV - ok
23:46:11.0040 3388 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
23:46:11.0118 3388 STHDA - ok
23:46:11.0165 3388 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:46:11.0259 3388 stisvc - ok
23:46:11.0352 3388 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:46:11.0383 3388 stllssvr - ok
23:46:11.0477 3388 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:46:11.0508 3388 swenum - ok
23:46:11.0539 3388 [ 57BBAEF27DC790160245B43EB6DCD576 ] swmsflt C:\Windows\System32\drivers\swmsflt.sys
23:46:11.0571 3388 swmsflt - ok
23:46:11.0617 3388 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:46:11.0695 3388 swprv - ok
23:46:11.0867 3388 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:46:11.0898 3388 Symc8xx - ok
23:46:11.0914 3388 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:46:11.0929 3388 Sym_hi - ok
23:46:11.0961 3388 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:46:11.0976 3388 Sym_u3 - ok
23:46:12.0023 3388 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:46:12.0132 3388 SysMain - ok
23:46:12.0210 3388 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:46:12.0226 3388 TabletInputService - ok
23:46:12.0319 3388 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
23:46:12.0335 3388 taphss - ok
23:46:12.0382 3388 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:46:12.0429 3388 TapiSrv - ok
23:46:12.0460 3388 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:46:12.0538 3388 TBS - ok
23:46:12.0631 3388 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:46:12.0709 3388 Tcpip - ok
23:46:12.0772 3388 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:46:12.0834 3388 Tcpip6 - ok
23:46:12.0928 3388 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:46:12.0959 3388 tcpipreg - ok
23:46:13.0006 3388 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:46:13.0068 3388 TDPIPE - ok
23:46:13.0099 3388 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:46:13.0162 3388 TDTCP - ok
23:46:13.0193 3388 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:46:13.0255 3388 tdx - ok
23:46:13.0302 3388 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:46:13.0318 3388 TermDD - ok
23:46:13.0365 3388 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:46:13.0505 3388 TermService - ok
23:46:13.0552 3388 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:46:13.0583 3388 Themes - ok
23:46:13.0599 3388 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:46:13.0630 3388 THREADORDER - ok
23:46:13.0661 3388 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:46:13.0708 3388 TrkWks - ok
23:46:13.0755 3388 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:46:13.0833 3388 TrustedInstaller - ok
23:46:13.0989 3388 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:46:14.0035 3388 tssecsrv - ok
23:46:14.0067 3388 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:46:14.0129 3388 tunmp - ok
23:46:14.0160 3388 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:46:14.0191 3388 tunnel - ok
23:46:14.0207 3388 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:46:14.0223 3388 uagp35 - ok
23:46:14.0285 3388 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:46:14.0316 3388 udfs - ok
23:46:14.0347 3388 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:46:14.0394 3388 UI0Detect - ok
23:46:14.0425 3388 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:46:14.0441 3388 uliagpkx - ok
23:46:14.0472 3388 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:46:14.0488 3388 uliahci - ok
23:46:14.0519 3388 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:46:14.0550 3388 UlSata - ok
23:46:14.0581 3388 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:46:14.0597 3388 ulsata2 - ok
23:46:14.0613 3388 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:46:14.0659 3388 umbus - ok
23:46:14.0691 3388 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:46:14.0784 3388 upnphost - ok
23:46:14.0815 3388 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:46:14.0862 3388 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
23:46:14.0862 3388 USBAAPL - detected UnsignedFile.Multi.Generic (1)
23:46:14.0893 3388 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:46:14.0956 3388 usbccgp - ok
23:46:15.0003 3388 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:46:15.0112 3388 usbcir - ok
23:46:15.0190 3388 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:46:15.0237 3388 usbehci - ok
23:46:15.0268 3388 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:46:15.0315 3388 usbhub - ok
23:46:15.0346 3388 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:46:15.0393 3388 usbohci - ok
23:46:15.0408 3388 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:46:15.0549 3388 usbprint - ok
23:46:15.0580 3388 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:46:15.0642 3388 USBSTOR - ok
23:46:15.0673 3388 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:46:15.0736 3388 usbuhci - ok
23:46:15.0783 3388 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:46:15.0814 3388 UxSms - ok
23:46:15.0892 3388 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:46:15.0954 3388 vds - ok
23:46:16.0032 3388 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:46:16.0235 3388 vga - ok
23:46:16.0422 3388 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:46:16.0485 3388 VgaSave - ok
23:46:16.0531 3388 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:46:16.0563 3388 viaagp - ok
23:46:16.0719 3388 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:46:16.0812 3388 ViaC7 - ok
23:46:16.0843 3388 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
23:46:16.0875 3388 viaide - ok
23:46:16.0906 3388 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:46:16.0937 3388 volmgr - ok
23:46:17.0015 3388 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:46:17.0062 3388 volmgrx - ok
23:46:17.0093 3388 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:46:17.0140 3388 volsnap - ok
23:46:17.0187 3388 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:46:17.0218 3388 vsmraid - ok
23:46:17.0311 3388 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:46:17.0499 3388 VSS - ok
23:46:17.0592 3388 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:46:17.0639 3388 W32Time - ok
23:46:17.0686 3388 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:46:17.0764 3388 WacomPen - ok
23:46:17.0889 3388 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:46:17.0951 3388 Wanarp - ok
23:46:17.0967 3388 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:46:17.0982 3388 Wanarpv6 - ok
23:46:18.0091 3388 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:46:18.0169 3388 wcncsvc - ok
23:46:18.0294 3388 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:46:18.0419 3388 WcsPlugInService - ok
23:46:18.0559 3388 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
23:46:18.0591 3388 Wd - ok
23:46:18.0637 3388 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:46:18.0887 3388 Wdf01000 - ok
23:46:19.0339 3388 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:46:19.0417 3388 WdiServiceHost - ok
23:46:19.0417 3388 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:46:19.0464 3388 WdiSystemHost - ok
23:46:19.0620 3388 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:46:19.0839 3388 WebClient - ok
23:46:19.0917 3388 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:46:20.0073 3388 Wecsvc - ok
23:46:20.0104 3388 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:46:20.0151 3388 wercplsupport - ok
23:46:20.0197 3388 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:46:20.0244 3388 WerSvc - ok
23:46:20.0338 3388 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:46:20.0400 3388 winachsf - ok
23:46:20.0494 3388 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:46:20.0525 3388 WinDefend - ok
23:46:20.0541 3388 WinHttpAutoProxySvc - ok
23:46:20.0634 3388 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:46:20.0665 3388 Winmgmt - ok
23:46:20.0759 3388 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:46:20.0821 3388 WinRM - ok
23:46:21.0024 3388 [ 676F4B665BDD8053EAA53AC1695B8074 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
23:46:21.0071 3388 WinUSB - ok
23:46:21.0165 3388 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:46:21.0414 3388 Wlansvc - ok
23:46:21.0679 3388 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:46:21.0695 3388 wlcrasvc - ok
23:46:21.0960 3388 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:46:22.0085 3388 wlidsvc - ok
23:46:22.0101 3388 wltrysvc - ok
23:46:22.0179 3388 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:46:22.0194 3388 WmiAcpi - ok
23:46:22.0257 3388 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:46:22.0272 3388 wmiApSrv - ok
23:46:22.0350 3388 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:46:22.0444 3388 WMPNetworkSvc - ok
23:46:22.0459 3388 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:46:22.0491 3388 WPCSvc - ok
23:46:22.0569 3388 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:46:22.0662 3388 WPDBusEnum - ok
23:46:22.0709 3388 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:46:22.0803 3388 WpdUsb - ok
23:46:22.0912 3388 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:46:22.0990 3388 WPFFontCache_v0400 - ok
23:46:23.0068 3388 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:46:23.0099 3388 ws2ifsl - ok
23:46:23.0193 3388 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
23:46:23.0208 3388 wscsvc - ok
23:46:23.0208 3388 WSearch - ok
23:46:23.0333 3388 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:46:23.0458 3388 WudfPf - ok
23:46:23.0520 3388 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:46:23.0598 3388 WUDFRd - ok
23:46:23.0614 3388 [ 2C0206FF8D2C75AC027D1096FA2FAFDA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:46:23.0661 3388 wudfsvc - ok
23:46:23.0692 3388 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
23:46:23.0707 3388 XAudio - ok
23:46:23.0801 3388 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
23:46:23.0863 3388 XAudioService - ok
23:46:23.0910 3388 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
23:46:24.0019 3388 yukonwlh - ok
23:46:24.0097 3388 ================ Scan global ===============================
23:46:24.0144 3388 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:46:24.0207 3388 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:46:24.0238 3388 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:46:24.0394 3388 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:46:24.0394 3388 [Global] - ok
23:46:24.0394 3388 ================ Scan MBR ==================================
23:46:24.0409 3388 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
23:46:24.0784 3388 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:46:24.0784 3388 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:46:24.0784 3388 ================ Scan VBR ==================================
23:46:24.0815 3388 [ 1C87BB41B794AA77B498067DE1159056 ] \Device\Harddisk0\DR0\Partition1
23:46:24.0815 3388 \Device\Harddisk0\DR0\Partition1 - ok
23:46:24.0846 3388 [ F805FA144E726CEAA4CF9A250587B283 ] \Device\Harddisk0\DR0\Partition2
23:46:24.0846 3388 \Device\Harddisk0\DR0\Partition2 - ok
23:46:24.0846 3388 ================ Scan active images ========================
23:46:24.0846 3388 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys
23:46:24.0846 3388 C:\Windows\System32\drivers\crashdmp.sys - ok
23:46:24.0862 3388 [ 997E8F5939F2D12CD9F2E6B395724C16 ] C:\Windows\System32\drivers\iaStor.sys
23:46:24.0862 3388 C:\Windows\System32\drivers\iaStor.sys - ok
23:46:24.0862 3388 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS
23:46:24.0862 3388 C:\Windows\System32\drivers\TUNMP.SYS - ok
23:46:24.0877 3388 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys
23:46:24.0877 3388 C:\Windows\System32\drivers\tunnel.sys - ok
23:46:24.0877 3388 [ 224191001E78C89DFA78924C3EA595FF ] C:\Windows\System32\drivers\intelppm.sys
23:46:24.0877 3388 C:\Windows\System32\drivers\intelppm.sys - ok
23:46:24.0893 3388 [ C134E69CE901422D1F2D7EA8D69098FE ] C:\Windows\System32\drivers\igdkmd32.sys
23:46:24.0893 3388 C:\Windows\System32\drivers\igdkmd32.sys - ok
23:46:24.0893 3388 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys
23:46:24.0893 3388 C:\Windows\System32\drivers\dxgkrnl.sys - ok
23:46:24.0909 3388 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys
23:46:24.0909 3388 C:\Windows\System32\drivers\watchdog.sys - ok
23:46:24.0909 3388 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys
23:46:24.0909 3388 C:\Windows\System32\drivers\usbport.sys - ok
23:46:24.0924 3388 [ 814D653EFC4D48BE3B04A307ECEFF56F ] C:\Windows\System32\drivers\usbuhci.sys
23:46:24.0924 3388 C:\Windows\System32\drivers\usbuhci.sys - ok
23:46:24.0924 3388 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys
23:46:24.0924 3388 C:\Windows\System32\drivers\usbehci.sys - ok
23:46:24.0940 3388 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys
23:46:24.0940 3388 C:\Windows\System32\drivers\hdaudbus.sys - ok
23:46:24.0940 3388 [ 04E268ADFC81964C49DC0C082D520F7E ] C:\Windows\System32\drivers\yk60x86.sys
23:46:24.0940 3388 C:\Windows\System32\drivers\yk60x86.sys - ok
23:46:24.0955 3388 [ FA6707A346CD122407F3B0BAD1C47639 ] C:\Windows\System32\drivers\BCMWL6.SYS
23:46:24.0955 3388 C:\Windows\System32\drivers\BCMWL6.SYS - ok
23:46:24.0955 3388 [ 0349BE02F329F4F48F1D48097FD65974 ] C:\Windows\System32\drivers\1394bus.sys
23:46:24.0955 3388 C:\Windows\System32\drivers\1394bus.sys - ok
23:46:24.0971 3388 [ 6F310E890D46E246E0E261A63D9B36B4 ] C:\Windows\System32\drivers\ohci1394.sys
23:46:24.0971 3388 C:\Windows\System32\drivers\ohci1394.sys - ok
23:46:24.0971 3388 [ 8F36B54688C31EED4580129040C6A3D3 ] C:\Windows\System32\drivers\sdbus.sys
23:46:24.0971 3388 C:\Windows\System32\drivers\sdbus.sys - ok
23:46:24.0987 3388 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] C:\Windows\System32\drivers\rimmptsk.sys
23:46:24.0987 3388 C:\Windows\System32\drivers\rimmptsk.sys - ok
23:46:24.0987 3388 [ A4216C71DD4F60B26418CCFD99CD0815 ] C:\Windows\System32\drivers\rimsptsk.sys
23:46:24.0987 3388 C:\Windows\System32\drivers\rimsptsk.sys - ok
23:46:25.0002 3388 [ D231B577024AA324AF13A42F3A807D10 ] C:\Windows\System32\drivers\rixdptsk.sys
23:46:25.0002 3388 C:\Windows\System32\drivers\rixdptsk.sys - ok
23:46:25.0018 3388 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] C:\Windows\System32\drivers\i8042prt.sys
23:46:25.0018 3388 C:\Windows\System32\drivers\i8042prt.sys - ok
23:46:25.0018 3388 [ A80230BD04F0B8BF05185B369BB1CBB8 ] C:\Windows\System32\drivers\Apfiltr.sys
23:46:25.0018 3388 C:\Windows\System32\drivers\Apfiltr.sys - ok
23:46:25.0033 3388 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys
23:46:25.0033 3388 C:\Windows\System32\drivers\mouclass.sys - ok
23:46:25.0049 3388 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys
23:46:25.0049 3388 C:\Windows\System32\drivers\kbdclass.sys - ok
23:46:25.0049 3388 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys
23:46:25.0049 3388 C:\Windows\System32\drivers\cdrom.sys - ok
23:46:25.0065 3388 [ 185ADA973B5020655CEE342059A86CBB ] C:\Windows\System32\drivers\GEARAspiWDM.sys
23:46:25.0065 3388 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
23:46:25.0065 3388 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] C:\Windows\System32\drivers\CmBatt.sys
23:46:25.0065 3388 C:\Windows\System32\drivers\CmBatt.sys - ok
23:46:25.0080 3388 [ 2E7255D172DF0B8283CDFB7B433B864E ] C:\Windows\System32\drivers\wmiacpi.sys
23:46:25.0080 3388 C:\Windows\System32\drivers\wmiacpi.sys - ok
23:46:25.0080 3388 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys
23:46:25.0080 3388 C:\Windows\System32\drivers\msiscsi.sys - ok
23:46:25.0096 3388 [ 47E55AFE1ED1D5AFF09690DB226F4A7A ] C:\Windows\System32\drivers\Storport.sys
23:46:25.0096 3388 C:\Windows\System32\drivers\Storport.sys - ok
23:46:25.0096 3388 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys
23:46:25.0096 3388 C:\Windows\System32\drivers\tdi.sys - ok
23:46:25.0111 3388 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys
23:46:25.0111 3388 C:\Windows\System32\drivers\rasl2tp.sys - ok
23:46:25.0111 3388 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers\ndistapi.sys
23:46:25.0111 3388 C:\Windows\System32\drivers\ndistapi.sys - ok
23:46:25.0127 3388 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers\ndiswan.sys
23:46:25.0127 3388 C:\Windows\System32\drivers\ndiswan.sys - ok
23:46:25.0127 3388 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys
23:46:25.0127 3388 C:\Windows\System32\drivers\raspppoe.sys - ok
23:46:25.0143 3388 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys
23:46:25.0143 3388 C:\Windows\System32\drivers\raspptp.sys - ok
23:46:25.0143 3388 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys
23:46:25.0143 3388 C:\Windows\System32\drivers\rassstp.sys - ok
23:46:25.0158 3388 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys
23:46:25.0158 3388 C:\Windows\System32\drivers\termdd.sys - ok
23:46:25.0158 3388 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys
23:46:25.0158 3388 C:\Windows\System32\drivers\ks.sys - ok
23:46:25.0174 3388 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys
23:46:25.0174 3388 C:\Windows\System32\drivers\mssmbios.sys - ok
23:46:25.0174 3388 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys
23:46:25.0174 3388 C:\Windows\System32\drivers\swenum.sys - ok
23:46:25.0189 3388 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys
23:46:25.0189 3388 C:\Windows\System32\drivers\umbus.sys - ok
23:46:25.0189 3388 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys
23:46:25.0205 3388 C:\Windows\System32\drivers\usbhub.sys - ok
23:46:25.0205 3388 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers\ndproxy.sys
23:46:25.0205 3388 C:\Windows\System32\drivers\ndproxy.sys - ok
23:46:25.0221 3388 [ CFBC2B81972E298F0E19EE68FA9E73DA ] C:\Windows\System32\drivers\HSXHWAZL.sys
23:46:25.0221 3388 C:\Windows\System32\drivers\HSXHWAZL.sys - ok
23:46:25.0221 3388 [ 99F85640054BA65190B860D878A7C9AE ] C:\Windows\System32\drivers\HSX_DPV.sys
23:46:25.0221 3388 C:\Windows\System32\drivers\HSX_DPV.sys - ok
23:46:25.0236 3388 [ 72CC6A8CA7891031D6380DB5025C773C ] C:\Windows\System32\drivers\HSX_CNXT.sys
23:46:25.0236 3388 C:\Windows\System32\drivers\HSX_CNXT.sys - ok
23:46:25.0236 3388 [ E13B5EA0F51BA5B1512EC671393D09BA ] C:\Windows\System32\drivers\modem.sys
23:46:25.0236 3388 C:\Windows\System32\drivers\modem.sys - ok
23:46:25.0252 3388 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys
23:46:25.0252 3388 C:\Windows\System32\drivers\drmk.sys - ok
23:46:25.0252 3388 [ 98D303CCB3415E9202E82043B37D66DC ] C:\Windows\System32\drivers\IntcHdmi.sys
23:46:25.0252 3388 C:\Windows\System32\drivers\IntcHdmi.sys - ok
23:46:25.0267 3388 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys
23:46:25.0267 3388 C:\Windows\System32\drivers\portcls.sys - ok
23:46:25.0267 3388 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] C:\Windows\System32\drivers\stwrt.sys
23:46:25.0267 3388 C:\Windows\System32\drivers\stwrt.sys - ok
23:46:25.0283 3388 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys
23:46:25.0283 3388 C:\Windows\System32\drivers\fs_rec.sys - ok
23:46:25.0283 3388 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys
23:46:25.0283 3388 C:\Windows\System32\drivers\beep.sys - ok
23:46:25.0299 3388 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers\null.sys
23:46:25.0299 3388 C:\Windows\System32\drivers\null.sys - ok
23:46:25.0299 3388 [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] C:\Windows\System32\drivers\ehdrv.sys
23:46:25.0299 3388 C:\Windows\System32\drivers\ehdrv.sys - ok
23:46:25.0314 3388 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys
23:46:25.0314 3388 C:\Windows\System32\drivers\videoprt.sys - ok
23:46:25.0314 3388 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys
23:46:25.0314 3388 C:\Windows\System32\drivers\vga.sys - ok
23:46:25.0330 3388 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys
23:46:25.0330 3388 C:\Windows\System32\drivers\RDPCDD.sys - ok
23:46:25.0330 3388 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys
23:46:25.0330 3388 C:\Windows\System32\drivers\RDPENCDD.sys - ok
23:46:25.0345 3388 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys
23:46:25.0345 3388 C:\Windows\System32\drivers\msfs.sys - ok
23:46:25.0345 3388 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers\npfs.sys
23:46:25.0345 3388 C:\Windows\System32\drivers\npfs.sys - ok
23:46:25.0361 3388 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys
23:46:25.0361 3388 C:\Windows\System32\drivers\rasacd.sys - ok
23:46:25.0361 3388 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys
23:46:25.0361 3388 C:\Windows\System32\drivers\tdx.sys - ok
23:46:25.0377 3388 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys
23:46:25.0377 3388 C:\Windows\System32\drivers\smb.sys - ok
23:46:25.0377 3388 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers\netbt.sys
23:46:25.0377 3388 C:\Windows\System32\drivers\netbt.sys - ok
23:46:25.0392 3388 [ 23F39E28C5ED1D6C8C8360AD204CD8B5 ] C:\Windows\System32\drivers\afd.sys
23:46:25.0392 3388 C:\Windows\System32\drivers\afd.sys - ok
23:46:25.0392 3388 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\`
23:46:25.0392 3388 C:\Windows\System32\drivers\` - ok
23:46:25.0408 3388 [ E3A3CB253C0EC2494D4A61F5E43A389C ] C:\Windows\System32\drivers\ws2ifsl.sys
23:46:25.0408 3388 C:\Windows\System32\drivers\ws2ifsl.sys - ok
23:46:25.0408 3388 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys
23:46:25.0408 3388 C:\Windows\System32\drivers\pacer.sys - ok
23:46:25.0423 3388 [ 9CEFD59C8E5EBFB48165AEF54617F539 ] C:\Windows\System32\drivers\EpfwLWF.sys
23:46:25.0423 3388 C:\Windows\System32\drivers\EpfwLWF.sys - ok
23:46:25.0423 3388 [ DD1E0A26D0F60A7EA65A1BEEC7D44EAB ] C:\Windows\System32\drivers\hssdrv6.sys
23:46:25.0423 3388 C:\Windows\System32\drivers\hssdrv6.sys - ok
23:46:25.0439 3388 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers\netbios.sys
23:46:25.0439 3388 C:\Windows\System32\drivers\netbios.sys - ok
23:46:25.0439 3388 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys
23:46:25.0439 3388 C:\Windows\System32\drivers\wanarp.sys - ok
23:46:25.0455 3388 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys
23:46:25.0455 3388 C:\Windows\System32\drivers\rdbss.sys - ok
23:46:25.0455 3388 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers\nsiproxy.sys
23:46:25.0455 3388 C:\Windows\System32\drivers\nsiproxy.sys - ok
23:46:25.0470 3388 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys
23:46:25.0470 3388 C:\Windows\System32\drivers\dfsc.sys - ok
23:46:25.0470 3388 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32\ntdll.dll
23:46:25.0470 3388 C:\Windows\System32\ntdll.dll - ok
23:46:25.0486 3388 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe
23:46:25.0486 3388 C:\Windows\System32\smss.exe - ok
23:46:25.0486 3388 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe
23:46:25.0486 3388 C:\Windows\System32\autochk.exe - ok
23:46:25.0501 3388 [ 9FAC0F6D5F3D922DB294E30CD3F62369 ] C:\Windows\System32\urlmon.dll
23:46:25.0501 3388 C:\Windows\System32\urlmon.dll - ok
23:46:25.0501 3388 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\System32\shlwapi.dll
23:46:25.0501 3388 C:\Windows\System32\shlwapi.dll - ok
23:46:25.0517 3388 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll
23:46:25.0517 3388 C:\Windows\System32\Wldap32.dll - ok
23:46:25.0517 3388 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll
23:46:25.0517 3388 C:\Windows\System32\shell32.dll - ok
23:46:25.0533 3388 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll
23:46:25.0533 3388 C:\Windows\System32\rpcrt4.dll - ok
23:46:25.0533 3388 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll
23:46:25.0533 3388 C:\Windows\System32\setupapi.dll - ok
23:46:25.0548 3388 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll
23:46:25.0548 3388 C:\Windows\System32\clbcatq.dll - ok
23:46:25.0548 3388 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll
23:46:25.0548 3388 C:\Windows\System32\imm32.dll - ok
23:46:25.0564 3388 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll
23:46:25.0564 3388 C:\Windows\System32\ole32.dll - ok
23:46:25.0579 3388 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32\nsi.dll
23:46:25.0579 3388 C:\Windows\System32\nsi.dll - ok
23:46:25.0579 3388 [ 5553611E2F9EA6F613079177F1233068 ] C:\Windows\System32\wininet.dll
23:46:25.0579 3388 C:\Windows\System32\wininet.dll - ok
23:46:25.0595 3388 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll
23:46:25.0595 3388 C:\Windows\System32\user32.dll - ok
23:46:25.0595 3388 [ 574B473FACAA0E91702B86578440B525 ] C:\Windows\System32\kernel32.dll
23:46:25.0595 3388 C:\Windows\System32\kernel32.dll - ok
23:46:25.0595 3388 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll
23:46:25.0595 3388 C:\Windows\System32\msvcrt.dll - ok
23:46:25.0611 3388 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll
23:46:25.0611 3388 C:\Windows\System32\lpk.dll - ok
23:46:25.0611 3388 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll
23:46:25.0611 3388 C:\Windows\System32\usp10.dll - ok
23:46:25.0626 3388 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll
23:46:25.0626 3388 C:\Windows\System32\msctf.dll - ok
23:46:25.0626 3388 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll
23:46:25.0626 3388 C:\Windows\System32\advapi32.dll - ok
23:46:25.0642 3388 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll
23:46:25.0642 3388 C:\Windows\System32\imagehlp.dll - ok
23:46:25.0657 3388 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll
23:46:25.0657 3388 C:\Windows\System32\ws2_32.dll - ok
23:46:25.0657 3388 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll
23:46:25.0657 3388 C:\Windows\System32\oleaut32.dll - ok
23:46:25.0673 3388 [ EB8A00E8E9931A7EC04F920B09D880D8 ] C:\Windows\System32\iertutil.dll
23:46:25.0673 3388 C:\Windows\System32\iertutil.dll - ok
23:46:25.0673 3388 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll
23:46:25.0673 3388 C:\Windows\System32\gdi32.dll - ok
23:46:25.0689 3388 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll
23:46:25.0689 3388 C:\Windows\System32\comdlg32.dll - ok
23:46:25.0689 3388 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32\normaliz.dll
23:46:25.0689 3388 C:\Windows\System32\normaliz.dll - ok
23:46:25.0704 3388 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll
23:46:25.0704 3388 C:\Windows\System32\comctl32.dll - ok
23:46:25.0704 3388 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll
23:46:25.0704 3388 C:\Windows\System32\psapi.dll - ok
23:46:25.0720 3388 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys
23:46:25.0720 3388 C:\Windows\System32\drivers\dxapi.sys - ok
23:46:25.0720 3388 [ 92D85E8A4129FE44A3266266AC8D151D ] C:\Windows\System32\win32k.sys
23:46:25.0720 3388 C:\Windows\System32\win32k.sys - ok
23:46:25.0735 3388 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll
23:46:25.0735 3388 C:\Windows\System32\csrsrv.dll - ok
23:46:25.0735 3388 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe
23:46:25.0735 3388 C:\Windows\System32\csrss.exe - ok
23:46:25.0751 3388 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll
23:46:25.0751 3388 C:\Windows\System32\basesrv.dll - ok
23:46:25.0751 3388 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll
23:46:25.0751 3388 C:\Windows\System32\winsrv.dll - ok
23:46:25.0767 3388 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys
23:46:25.0767 3388 C:\Windows\System32\drivers\monitor.sys - ok
23:46:25.0767 3388 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll
23:46:25.0767 3388 C:\Windows\System32\tsddd.dll - ok
23:46:25.0782 3388 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll
23:46:25.0782 3388 C:\Windows\System32\userenv.dll - ok
23:46:25.0782 3388 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe
23:46:25.0782 3388 C:\Windows\System32\wininit.exe - ok
23:46:25.0798 3388 [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL
23:46:25.0798 3388 C:\Windows\System32\KBDUS.DLL - ok
23:46:25.0798 3388 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll
23:46:25.0798 3388 C:\Windows\System32\secur32.dll - ok
23:46:25.0813 3388 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll
23:46:25.0813 3388 C:\Windows\System32\WlS0WndH.dll - ok
23:46:25.0813 3388 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll
23:46:25.0813 3388 C:\Windows\System32\apphelp.dll - ok
23:46:25.0829 3388 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe
23:46:25.0829 3388 C:\Windows\System32\services.exe - ok
23:46:25.0829 3388 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll
23:46:25.0829 3388 C:\Windows\System32\sxs.dll - ok
23:46:25.0845 3388 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll
23:46:25.0845 3388 C:\Windows\System32\cdd.dll - ok
23:46:25.0845 3388 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe
23:46:25.0845 3388 C:\Windows\System32\lsass.exe - ok
23:46:25.0860 3388 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe
23:46:25.0860 3388 C:\Windows\System32\winlogon.exe - ok
23:46:25.0860 3388 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe
23:46:25.0860 3388 C:\Windows\System32\lsm.exe - ok
23:46:25.0876 3388 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll
23:46:25.0876 3388 C:\Windows\System32\scesrv.dll - ok
23:46:25.0876 3388 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll
23:46:25.0876 3388 C:\Windows\System32\winsta.dll - ok
23:46:25.0891 3388 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll
23:46:25.0891 3388 C:\Windows\System32\lsasrv.dll - ok
23:46:25.0891 3388 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll
23:46:25.0891 3388 C:\Windows\System32\sysntfy.dll - ok
23:46:25.0907 3388 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll
23:46:25.0907 3388 C:\Windows\System32\wmsgapi.dll - ok
23:46:25.0907 3388 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll
23:46:25.0907 3388 C:\Windows\System32\authz.dll - ok
23:46:25.0923 3388 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32\netapi32.dll
23:46:25.0923 3388 C:\Windows\System32\netapi32.dll - ok
23:46:25.0923 3388 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32\ncobjapi.dll
23:46:25.0923 3388 C:\Windows\System32\ncobjapi.dll - ok
23:46:25.0938 3388 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] C:\Windows\System32\aelupsvc.dll
23:46:25.0938 3388 C:\Windows\System32\aelupsvc.dll - ok
23:46:25.0938 3388 [ A1545B731579895D8CC44FC0481C1192 ] C:\Windows\System32\alg.exe
23:46:25.0938 3388 C:\Windows\System32\alg.exe - ok
23:46:25.0954 3388 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\Windows\System32\appinfo.dll
23:46:25.0954 3388 C:\Windows\System32\appinfo.dll - ok
23:46:25.0954 3388 [ 68E2A1A0407A66CF50DA0300852424AB ] C:\Windows\System32\audiosrv.dll
23:46:25.0954 3388 C:\Windows\System32\audiosrv.dll - ok
23:46:25.0969 3388 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll
23:46:25.0969 3388 C:\Windows\System32\rascfg.dll - ok
23:46:25.0969 3388 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll
23:46:25.0969 3388 C:\Windows\System32\samsrv.dll - ok
23:46:25.0985 3388 [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\Windows\System32\BFE.DLL
23:46:25.0985 3388 C:\Windows\System32\BFE.DLL - ok
23:46:25.0985 3388 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\Windows\System32\browser.dll
23:46:25.0985 3388 C:\Windows\System32\browser.dll - ok
23:46:26.0001 3388 [ 312EC3E37A0A1F2006534913E37B4423 ] C:\Windows\System32\certprop.dll
23:46:26.0001 3388 C:\Windows\System32\certprop.dll - ok
23:46:26.0001 3388 [ 4211249955AF9133E2E357CC92B54DFD ] C:\Windows\System32\comres.dll
23:46:26.0001 3388 C:\Windows\System32\comres.dll - ok
23:46:26.0016 3388 [ F1E8C34892336D33EDDCDFE44E474F64 ] C:\Windows\System32\cryptsvc.dll
23:46:26.0016 3388 C:\Windows\System32\cryptsvc.dll - ok
23:46:26.0016 3388 [ 74F380C8EC8813626C670D46E8A714D1 ] C:\Windows\System32\dfsrres.dll
23:46:26.0016 3388 C:\Windows\System32\dfsrres.dll - ok
23:46:26.0032 3388 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll
23:46:26.0032 3388 C:\Windows\System32\dhcpcsvc.dll - ok
23:46:26.0032 3388 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll
23:46:26.0032 3388 C:\Windows\System32\oleres.dll - ok
23:46:26.0047 3388 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll
23:46:26.0047 3388 C:\Windows\System32\cryptdll.dll - ok
23:46:26.0047 3388 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll
23:46:26.0047 3388 C:\Windows\System32\dnsapi.dll - ok
23:46:26.0063 3388 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll
23:46:26.0063 3388 C:\Windows\System32\feclient.dll - ok
23:46:26.0063 3388 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll
23:46:26.0063 3388 C:\Windows\System32\mpr.dll - ok
23:46:26.0079 3388 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll
23:46:26.0079 3388 C:\Windows\System32\msasn1.dll - ok
23:46:26.0079 3388 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32\ntdsapi.dll
23:46:26.0079 3388 C:\Windows\System32\ntdsapi.dll - ok
23:46:26.0094 3388 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll
23:46:26.0094 3388 C:\Windows\System32\samlib.dll - ok
23:46:26.0094 3388 [ B0F9073BE86C6D4EDD4EBA674251E699 ] C:\Windows\System32\crypt32.dll
23:46:26.0094 3388 C:\Windows\System32\crypt32.dll - ok
23:46:26.0110 3388 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll
23:46:26.0110 3388 C:\Windows\System32\SLC.dll - ok
23:46:26.0110 3388 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\Windows\System32\dot3svc.dll
23:46:26.0110 3388 C:\Windows\System32\dot3svc.dll - ok
23:46:26.0125 3388 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll
23:46:26.0125 3388 C:\Windows\System32\wevtapi.dll - ok
23:46:26.0125 3388 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\Windows\System32\dps.dll
23:46:26.0125 3388 C:\Windows\System32\dps.dll - ok
23:46:26.0141 3388 [ C0B95E40D85CD807D614E264248A45B9 ] C:\Windows\System32\eapsvc.dll
23:46:26.0141 3388 C:\Windows\System32\eapsvc.dll - ok
23:46:26.0141 3388 [ 4E6B23DFC917EA39306B529B773950F4 ] C:\Windows\System32\emdmgmt.dll
23:46:26.0141 3388 C:\Windows\System32\emdmgmt.dll - ok
23:46:26.0157 3388 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll
23:46:26.0157 3388 C:\Windows\System32\dhcpcsvc6.dll - ok
23:46:26.0157 3388 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL
23:46:26.0157 3388 C:\Windows\System32\IPHLPAPI.DLL - ok
23:46:26.0172 3388 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll
23:46:26.0172 3388 C:\Windows\System32\winnsi.dll - ok
23:46:26.0172 3388 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll
23:46:26.0172 3388 C:\Windows\System32\cngaudit.dll - ok
23:46:26.0188 3388 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\Windows\System32\ncrypt.dll
23:46:26.0188 3388 C:\Windows\System32\ncrypt.dll - ok
23:46:26.0203 3388 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll
23:46:26.0203 3388 C:\Windows\System32\wevtsvc.dll - ok
23:46:26.0203 3388 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll
23:46:26.0203 3388 C:\Windows\System32\bcrypt.dll - ok
23:46:26.0219 3388 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] C:\Windows\System32\fdPHost.dll
23:46:26.0219 3388 C:\Windows\System32\fdPHost.dll - ok
23:46:26.0219 3388 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] C:\Windows\System32\FDResPub.dll
23:46:26.0219 3388 C:\Windows\System32\FDResPub.dll - ok
23:46:26.0235 3388 [ 8CE364388C8ECA59B14B539179276D44 ] C:\Windows\System32\FntCache.dll
23:46:26.0235 3388 C:\Windows\System32\FntCache.dll - ok
23:46:26.0235 3388 [ 302964DCAC79D618CC7B72C778DA9FD2 ] C:\Windows\System32\PresentationHost.exe
23:46:26.0235 3388 C:\Windows\System32\PresentationHost.exe - ok
23:46:26.0250 3388 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll
23:46:26.0250 3388 C:\Windows\System32\gpapi.dll - ok
23:46:26.0250 3388 [ 84067081F3318162797385E11A8F0582 ] C:\Windows\System32\hidserv.dll
23:46:26.0250 3388 C:\Windows\System32\hidserv.dll - ok
23:46:26.0266 3388 [ D8AD255B37DA92434C26E4876DB7D418 ] C:\Windows\System32\KMSVC.DLL
23:46:26.0266 3388 C:\Windows\System32\KMSVC.DLL - ok
23:46:26.0266 3388 [ 05586F5438AB0DA4F5149159E0E5FD4B ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
23:46:26.0266 3388 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
23:46:26.0281 3388 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll
23:46:26.0281 3388 C:\Windows\System32\credssp.dll - ok
23:46:26.0281 3388 [ 9908D8A397B76CD8D31D0D383C5773C9 ] C:\Windows\System32\IKEEXT.DLL
23:46:26.0281 3388 C:\Windows\System32\IKEEXT.DLL - ok
23:46:26.0297 3388 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll
23:46:26.0297 3388 C:\Windows\System32\kerberos.dll - ok
23:46:26.0297 3388 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll
23:46:26.0297 3388 C:\Windows\System32\msprivs.dll - ok
23:46:26.0313 3388 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll
23:46:26.0313 3388 C:\Windows\System32\IPBusEnum.dll - ok
23:46:26.0313 3388 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll
23:46:26.0313 3388 C:\Windows\System32\NapiNSP.dll - ok
23:46:26.0328 3388 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32\nlasvc.dll
23:46:26.0328 3388 C:\Windows\System32\nlasvc.dll - ok
23:46:26.0328 3388 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll
23:46:26.0328 3388 C:\Windows\System32\mswsock.dll - ok
23:46:26.0344 3388 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll
23:46:26.0344 3388 C:\Windows\System32\pnrpnsp.dll - ok
23:46:26.0344 3388 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL
23:46:26.0344 3388 C:\Windows\System32\WSHTCPIP.DLL - ok
23:46:26.0359 3388 [ A99871BA522CB2539AE275AC18CACC8F ] C:\Windows\System32\cabinet.dll
23:46:26.0359 3388 C:\Windows\System32\cabinet.dll - ok
23:46:26.0359 3388 [ 74C2F29CC612B2B34231BEBD824D2FB2 ] C:\Windows\System32\keyiso.dll
23:46:26.0359 3388 C:\Windows\System32\keyiso.dll - ok
23:46:26.0375 3388 [ 1BF5EEBFD518DD7298434D8C862F825D ] C:\Windows\System32\srvsvc.dll
23:46:26.0375 3388 C:\Windows\System32\srvsvc.dll - ok
23:46:26.0375 3388 [ 1DB69705B695B987082C8BAEC0C6B34F ] C:\Windows\System32\wkssvc.dll
23:46:26.0375 3388 C:\Windows\System32\wkssvc.dll - ok
23:46:26.0391 3388 [ FA0593D936C9B95FB6FAA32AD1595D49 ] C:\Windows\System32\lltdres.dll
23:46:26.0391 3388 C:\Windows\System32\lltdres.dll - ok
23:46:26.0406 3388 [ 35D40113E4A5B961B6CE5C5857702518 ] C:\Windows\System32\lmhsvc.dll
23:46:26.0406 3388 C:\Windows\System32\lmhsvc.dll - ok
23:46:26.0406 3388 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll
23:46:26.0406 3388 C:\Windows\System32\oleacc.dll - ok
23:46:26.0422 3388 [ B2E569EF26DAC9D6994A2AFF4F601B7A ] C:\Windows\System32\wintrust.dll
23:46:26.0422 3388 C:\Windows\System32\wintrust.dll - ok
23:46:26.0422 3388 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] C:\Windows\System32\mmcss.dll
23:46:26.0422 3388 C:\Windows\System32\mmcss.dll - ok
23:46:26.0437 3388 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll
23:46:26.0437 3388 C:\Windows\System32\FirewallAPI.dll - ok
23:46:26.0437 3388 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

23:46:26.0437 3388 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
23:46:26.0453 3388 [ EA822412BBBA9B7D2B1A3748AD50EFB8 ] C:\Windows\System32\iscsidsc.dll
23:46:26.0453 3388 C:\Windows\System32\iscsidsc.dll - ok
23:46:26.0453 3388 [ ED21401F1E2F6BC2F54C462BB66D0D6B ] C:\Windows\System32\msimsg.dll
23:46:26.0453 3388 C:\Windows\System32\msimsg.dll - ok
23:46:26.0469 3388 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] C:\Windows\System32\QAGENTRT.DLL
23:46:26.0469 3388 C:\Windows\System32\QAGENTRT.DLL - ok
23:46:26.0469 3388 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32\netlogon.dll
23:46:26.0469 3388 C:\Windows\System32\netlogon.dll - ok
23:46:26.0484 3388 [ C8052711DAECC48B982434C5116CA401 ] C:\Windows\System32\netman.dll
23:46:26.0484 3388 C:\Windows\System32\netman.dll - ok
23:46:26.0484 3388 [ ED640F4CE585058119B824CC76591D9C ] C:\Windows\System32\netprof.dll
23:46:26.0484 3388 C:\Windows\System32\netprof.dll - ok
23:46:26.0500 3388 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] C:\Windows\System32\nsisvc.dll
23:46:26.0500 3388 C:\Windows\System32\nsisvc.dll - ok
23:46:26.0500 3388 [ 0C8E8E61AD1EB0B250B846712C917506 ] C:\Windows\System32\p2psvc.dll
23:46:26.0500 3388 C:\Windows\System32\p2psvc.dll - ok
23:46:26.0515 3388 [ C6276AD11F4BB49B58AA1ED88537F14A ] C:\Windows\System32\pcasvc.dll
23:46:26.0515 3388 C:\Windows\System32\pcasvc.dll - ok
23:46:26.0515 3388 [ B1689DF169143F57053F795390C99DB3 ] C:\Windows\System32\pla.dll
23:46:26.0515 3388 C:\Windows\System32\pla.dll - ok
23:46:26.0531 3388 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll
23:46:26.0531 3388 C:\Windows\System32\umpnpmgr.dll - ok
23:46:26.0531 3388 [ 64B28D672B5B6A01E87B0C3096B1E047 ] C:\Windows\System32\polstore.dll
23:46:26.0531 3388 C:\Windows\System32\polstore.dll - ok
23:46:26.0547 3388 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll
23:46:26.0547 3388 C:\Windows\System32\profsvc.dll - ok
23:46:26.0547 3388 [ 08F9134A2215B7ED985409A4DF60AC60 ] C:\Windows\System32\psbase.dll
23:46:26.0547 3388 C:\Windows\System32\psbase.dll - ok
23:46:26.0562 3388 [ E9ECAE663F47E6CB43962D18AB18890F ] C:\Windows\System32\qwave.dll
23:46:26.0562 3388 C:\Windows\System32\qwave.dll - ok
23:46:26.0562 3388 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys
23:46:26.0562 3388 C:\Windows\System32\drivers\qwavedrv.sys - ok
23:46:26.0578 3388 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] C:\Windows\System32\rasauto.dll
23:46:26.0578 3388 C:\Windows\System32\rasauto.dll - ok
23:46:26.0578 3388 [ 75D47445D70CA6F9F894B032FBC64FCF ] C:\Windows\System32\rasmans.dll
23:46:26.0578 3388 C:\Windows\System32\rasmans.dll - ok
23:46:26.0593 3388 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll
23:46:26.0593 3388 C:\Windows\System32\sstpsvc.dll - ok
23:46:26.0593 3388 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] C:\Windows\System32\mprdim.dll
23:46:26.0593 3388 C:\Windows\System32\mprdim.dll - ok
23:46:26.0609 3388 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] C:\Windows\System32\regsvc.dll
23:46:26.0609 3388 C:\Windows\System32\regsvc.dll - ok
23:46:26.0609 3388 [ 5123F83CBC4349D065534EEB6BBDC42B ] C:\Windows\System32\Locator.exe
23:46:26.0609 3388 C:\Windows\System32\Locator.exe - ok
23:46:26.0625 3388 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] C:\Windows\System32\SCardSvr.dll
23:46:26.0625 3388 C:\Windows\System32\SCardSvr.dll - ok
23:46:26.0625 3388 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll
23:46:26.0625 3388 C:\Windows\System32\schedsvc.dll - ok
23:46:26.0640 3388 [ 716313D9F6B0529D03F726D5AAF6F191 ] C:\Windows\System32\sdrsvc.dll
23:46:26.0640 3388 C:\Windows\System32\sdrsvc.dll - ok
23:46:26.0640 3388 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] C:\Windows\System32\seclogon.dll
23:46:26.0640 3388 C:\Windows\System32\seclogon.dll - ok
23:46:26.0656 3388 [ A9BBAB5759771E523F55563D6CBE140F ] C:\Windows\System32\Sens.dll
23:46:26.0656 3388 C:\Windows\System32\Sens.dll - ok
23:46:26.0656 3388 [ D2193326F729B163125610DBF3E17D57 ] C:\Windows\System32\SessEnv.dll
23:46:26.0656 3388 C:\Windows\System32\SessEnv.dll - ok
23:46:26.0671 3388 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] C:\Windows\System32\ipnathlp.dll
23:46:26.0671 3388 C:\Windows\System32\ipnathlp.dll - ok
23:46:26.0671 3388 [ C7230FBEE14437716701C15BE02C27B8 ] C:\Windows\System32\shsvcs.dll
23:46:26.0671 3388 C:\Windows\System32\shsvcs.dll - ok
23:46:26.0687 3388 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe
23:46:26.0687 3388 C:\Windows\System32\SLsvc.exe - ok
23:46:26.0687 3388 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] C:\Windows\System32\SLUINotify.dll
23:46:26.0687 3388 C:\Windows\System32\SLUINotify.dll - ok
23:46:26.0703 3388 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll
23:46:26.0703 3388 C:\Windows\System32\tcpipcfg.dll - ok
23:46:26.0703 3388 [ 2A146A055B4401C16EE62D18B8E2A032 ] C:\Windows\System32\snmptrap.exe
23:46:26.0703 3388 C:\Windows\System32\snmptrap.exe - ok
23:46:26.0718 3388 [ 8554097E5136C3BF9F69FE578A1B35F4 ] C:\Windows\System32\spoolsv.exe
23:46:26.0718 3388 C:\Windows\System32\spoolsv.exe - ok
23:46:26.0718 3388 [ 03D50B37234967433A5EA5BA72BC0B62 ] C:\Windows\System32\ssdpsrv.dll
23:46:26.0718 3388 C:\Windows\System32\ssdpsrv.dll - ok
23:46:26.0734 3388 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] C:\Windows\System32\wiaservc.dll
23:46:26.0734 3388 C:\Windows\System32\wiaservc.dll - ok
23:46:26.0734 3388 [ F21FD248040681CCA1FB6C9A03AAA93D ] C:\Windows\System32\swprv.dll
23:46:26.0734 3388 C:\Windows\System32\swprv.dll - ok
23:46:26.0749 3388 [ 9A51B04E9886AA4EE90093586B0BA88D ] C:\Windows\System32\sysmain.dll
23:46:26.0749 3388 C:\Windows\System32\sysmain.dll - ok
23:46:26.0749 3388 [ 2DCA225EAE15F42C0933E998EE0231C3 ] C:\Windows\System32\TabSvc.dll
23:46:26.0749 3388 C:\Windows\System32\TabSvc.dll - ok
23:46:26.0765 3388 [ D7673E4B38CE21EE54C59EEEB65E2483 ] C:\Windows\System32\tapisrv.dll
23:46:26.0765 3388 C:\Windows\System32\tapisrv.dll - ok
23:46:26.0765 3388 [ CB05822CD9CC6C688168E113C603DBE7 ] C:\Windows\System32\tbssvc.dll
23:46:26.0765 3388 C:\Windows\System32\tbssvc.dll - ok
23:46:26.0781 3388 [ BB95DA09BEF6E7A131BFF3BA5032090D ] C:\Windows\System32\termsrv.dll
23:46:26.0781 3388 C:\Windows\System32\termsrv.dll - ok
23:46:26.0781 3388 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] C:\Windows\servicing\TrustedInstaller.exe
23:46:26.0781 3388 C:\Windows\servicing\TrustedInstaller.exe - ok
23:46:26.0796 3388 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] C:\Windows\System32\trkwks.dll
23:46:26.0796 3388 C:\Windows\System32\trkwks.dll - ok
23:46:26.0796 3388 [ ECEF404F62863755951E09C802C94AD5 ] C:\Windows\System32\UI0Detect.exe
23:46:26.0796 3388 C:\Windows\System32\UI0Detect.exe - ok
23:46:26.0812 3388 [ 68308183F4AE0BE7BF8ECD07CB297999 ] C:\Windows\System32\upnphost.dll
23:46:26.0812 3388 C:\Windows\System32\upnphost.dll - ok
23:46:26.0812 3388 [ 01DD1004181FD46ECDC3628228EB269D ] C:\Windows\System32\dwm.exe
23:46:26.0812 3388 C:\Windows\System32\dwm.exe - ok
23:46:26.0827 3388 [ CD88D1B7776DC17A119049742EC07EB4 ] C:\Windows\System32\vds.exe
23:46:26.0827 3388 C:\Windows\System32\vds.exe - ok
23:46:26.0843 3388 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] C:\Windows\System32\VSSVC.exe
23:46:26.0843 3388 C:\Windows\System32\VSSVC.exe - ok
23:46:26.0843 3388 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] C:\Windows\System32\w32time.dll
23:46:26.0843 3388 C:\Windows\System32\w32time.dll - ok
23:46:26.0859 3388 [ A3CD60FD826381B49F03832590E069AF ] C:\Windows\System32\wcncsvc.dll
23:46:26.0859 3388 C:\Windows\System32\wcncsvc.dll - ok
23:46:26.0859 3388 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] C:\Windows\System32\WcsPlugInService.dll
23:46:26.0859 3388 C:\Windows\System32\WcsPlugInService.dll - ok
23:46:26.0874 3388 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] C:\Windows\System32\wdi.dll
23:46:26.0874 3388 C:\Windows\System32\wdi.dll - ok
23:46:26.0874 3388 [ 04C37D8107320312FBAE09926103D5E2 ] C:\Windows\System32\WebClnt.dll
23:46:26.0874 3388 C:\Windows\System32\WebClnt.dll - ok
23:46:26.0890 3388 [ AE3736E7E8892241C23E4EBBB7453B60 ] C:\Windows\System32\wecsvc.dll
23:46:26.0890 3388 C:\Windows\System32\wecsvc.dll - ok
23:46:26.0890 3388 [ 670FF720071ED741206D69BD995EA453 ] C:\Windows\System32\wercplsupport.dll
23:46:26.0890 3388 C:\Windows\System32\wercplsupport.dll - ok
23:46:26.0905 3388 [ 32B88481D3B326DA6DEB07B1D03481E7 ] C:\Windows\System32\wersvc.dll
23:46:26.0905 3388 C:\Windows\System32\wersvc.dll - ok
23:46:26.0905 3388 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\Windows\System32\winhttp.dll
23:46:26.0905 3388 C:\Windows\System32\winhttp.dll - ok
23:46:26.0921 3388 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] C:\Windows\System32\wbem\WMIsvc.dll
23:46:26.0921 3388 C:\Windows\System32\wbem\WMIsvc.dll - ok
23:46:26.0921 3388 [ 7CFE68BDC065E55AA5E8421607037511 ] C:\Windows\System32\WsmSvc.dll
23:46:26.0921 3388 C:\Windows\System32\WsmSvc.dll - ok
23:46:26.0937 3388 [ C008405E4FEEB069E30DA1D823910234 ] C:\Windows\System32\wlansvc.dll
23:46:26.0937 3388 C:\Windows\System32\wlansvc.dll - ok
23:46:26.0937 3388 [ 43BE3875207DCB62A85C8C49970B66CC ] C:\Windows\System32\wbem\WmiApSrv.exe
23:46:26.0937 3388 C:\Windows\System32\wbem\WmiApSrv.exe - ok
23:46:26.0952 3388 [ 3978704576A121A9204F8CC49A301A9B ] C:\Program Files\Windows Media Player\wmpnetwk.exe
23:46:26.0952 3388 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
23:46:26.0952 3388 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] C:\Windows\System32\wpcsvc.dll
23:46:26.0952 3388 C:\Windows\System32\wpcsvc.dll - ok
23:46:26.0968 3388 [ 801FBDB89D472B3C467EB112A0FC9246 ] C:\Windows\System32\wpdbusenum.dll
23:46:26.0968 3388 C:\Windows\System32\wpdbusenum.dll - ok
23:46:26.0968 3388 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:46:26.0968 3388 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
23:46:26.0983 3388 [ 1CA6C40261DDC0425987980D0CD2AAAB ] C:\Windows\System32\wscsvc.dll
23:46:26.0983 3388 C:\Windows\System32\wscsvc.dll - ok
23:46:26.0983 3388 [ AED0DFF80C6B3914769407E78D7AB21A ] C:\Windows\System32\SearchIndexer.exe
23:46:26.0983 3388 C:\Windows\System32\SearchIndexer.exe - ok
23:46:26.0999 3388 [ 2C0206FF8D2C75AC027D1096FA2FAFDA ] C:\Windows\System32\WUDFSvc.dll
23:46:26.0999 3388 C:\Windows\System32\WUDFSvc.dll - ok
23:46:26.0999 3388 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll
23:46:26.0999 3388 C:\Windows\System32\msv1_0.dll - ok
23:46:27.0015 3388 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll
23:46:27.0015 3388 C:\Windows\System32\wship6.dll - ok
23:46:27.0015 3388 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll
23:46:27.0015 3388 C:\Windows\System32\winbrand.dll - ok
23:46:27.0030 3388 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll
23:46:27.0030 3388 C:\Windows\System32\schannel.dll - ok
23:46:27.0030 3388 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll
23:46:27.0030 3388 C:\Windows\System32\wdigest.dll - ok
23:46:27.0046 3388 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll
23:46:27.0046 3388 C:\Windows\System32\rsaenh.dll - ok
23:46:27.0046 3388 [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll
23:46:27.0046 3388 C:\Windows\System32\TSpkg.dll - ok
23:46:27.0061 3388 [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll
23:46:27.0061 3388 C:\Windows\System32\scecli.dll - ok
23:46:27.0061 3388 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32\ntmarta.dll
23:46:27.0061 3388 C:\Windows\System32\ntmarta.dll - ok
23:46:27.0077 3388 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe
23:46:27.0077 3388 C:\Windows\System32\svchost.exe - ok
23:46:27.0077 3388 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll
23:46:27.0077 3388 C:\Windows\System32\powrprof.dll - ok
23:46:27.0093 3388 [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys
23:46:27.0093 3388 C:\Windows\System32\drivers\luafv.sys - ok
23:46:27.0108 3388 [ 04238864710460C5682E260207D06192 ] C:\Windows\System32\drivers\eamonm.sys
23:46:27.0108 3388 C:\Windows\System32\drivers\eamonm.sys - ok
23:46:27.0108 3388 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] C:\Windows\System32\drivers\WUDFPf.sys
23:46:27.0108 3388 C:\Windows\System32\drivers\WUDFPf.sys - ok
23:46:27.0124 3388 [ 5BA193CA0AE31209AAA39939CE6736B2 ] C:\Windows\System32\drivers\epfw.sys
23:46:27.0124 3388 C:\Windows\System32\drivers\epfw.sys - ok
23:46:27.0124 3388 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll
23:46:27.0124 3388 C:\Windows\System32\rpcss.dll - ok
23:46:27.0139 3388 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll
23:46:27.0139 3388 C:\Windows\System32\version.dll - ok
23:46:27.0139 3388 [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe
23:46:27.0139 3388 C:\Windows\System32\LogonUI.exe - ok
23:46:27.0155 3388 [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll
23:46:27.0155 3388 C:\Windows\System32\authui.dll - ok
23:46:27.0155 3388 [ 56B5914070B2C243DFB3D186070DA89D ] C:\Windows\System32\MMDevAPI.dll
23:46:27.0155 3388 C:\Windows\System32\MMDevAPI.dll - ok
23:46:27.0171 3388 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll
23:46:27.0171 3388 C:\Windows\System32\wtsapi32.dll - ok
23:46:27.0171 3388 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll
23:46:27.0171 3388 C:\Windows\System32\msimg32.dll - ok
23:46:27.0186 3388 [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll
23:46:27.0186 3388 C:\Windows\System32\uxtheme.dll - ok
23:46:27.0186 3388 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
23:46:27.0186 3388 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok
23:46:27.0202 3388 [ EC43D9CC95C3BB5FEFDBCF22D375E1F5 ] C:\Windows\System32\adtschema.dll
23:46:27.0202 3388 C:\Windows\System32\adtschema.dll - ok
23:46:27.0202 3388 [ C9244BCAC83B259B920BBEE18A97BFE1 ] C:\Windows\System32\avrt.dll
23:46:27.0202 3388 C:\Windows\System32\avrt.dll - ok
23:46:27.0217 3388 [ 83E354791CF2A6A74F077F79D2A2E40E ] C:\Windows\System32\WUDFPlatform.dll
23:46:27.0217 3388 C:\Windows\System32\WUDFPlatform.dll - ok
23:46:27.0217 3388 [ 3437B9E218A2E4586BEF4F7A3BD00777 ] C:\Windows\System32\audiodg.exe
23:46:27.0217 3388 C:\Windows\System32\audiodg.exe - ok
23:46:27.0233 3388 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] C:\Windows\System32\drivers\fltMgr.sys
23:46:27.0233 3388 C:\Windows\System32\drivers\fltMgr.sys - ok
23:46:27.0233 3388 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll
23:46:27.0233 3388 C:\Windows\System32\duser.dll - ok
23:46:27.0249 3388 [ 22F73612087430A94DBE912AB58E0C79 ] C:\Windows\System32\ci.dll
23:46:27.0249 3388 C:\Windows\System32\ci.dll - ok
23:46:27.0249 3388 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll
23:46:27.0249 3388 C:\Windows\System32\xmllite.dll - ok
23:46:27.0264 3388 [ 57418956DDAE128D1023C508E7D07071 ] C:\Windows\System32\PSHED.DLL
23:46:27.0264 3388 C:\Windows\System32\PSHED.DLL - ok
23:46:27.0264 3388 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] C:\Windows\System32\gpsvc.dll
23:46:27.0264 3388 C:\Windows\System32\gpsvc.dll - ok
23:46:27.0280 3388 [ 409F36C8BD06FCE184631EB4142B009A ] C:\Windows\System32\atl.dll
23:46:27.0280 3388 C:\Windows\System32\atl.dll - ok
23:46:27.0280 3388 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\System32\nlaapi.dll
23:46:27.0280 3388 C:\Windows\System32\nlaapi.dll - ok
23:46:27.0295 3388 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll
23:46:27.0295 3388 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
23:46:27.0295 3388 [ A7F8BAD9590ADDC425B4003E94780DFA ] C:\Windows\System32\drivers\spsys.sys
23:46:27.0295 3388 C:\Windows\System32\drivers\spsys.sys - ok
23:46:27.0311 3388 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll
23:46:27.0311 3388 C:\Windows\System32\rasplap.dll - ok
23:46:27.0311 3388 [ 67058C46504BC12D821F38CF99B7B28F ] C:\Windows\System32\es.dll
23:46:27.0311 3388 C:\Windows\System32\es.dll - ok
23:46:27.0327 3388 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll
23:46:27.0327 3388 C:\Windows\System32\rasapi32.dll - ok
23:46:27.0327 3388 [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\Windows\System32\propsys.dll
23:46:27.0327 3388 C:\Windows\System32\propsys.dll - ok
23:46:27.0342 3388 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll
23:46:27.0342 3388 C:\Windows\System32\rasman.dll - ok
23:46:27.0342 3388 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll
23:46:27.0342 3388 C:\Windows\System32\tapi32.dll - ok
23:46:27.0358 3388 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll
23:46:27.0358 3388 C:\Windows\System32\rtutils.dll - ok
23:46:27.0358 3388 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll
23:46:27.0358 3388 C:\Windows\System32\winmm.dll - ok
23:46:27.0373 3388 [ 627920CFF5DFCF8CF54CF2D592D61307 ] C:\Windows\System32\WinSCard.dll
23:46:27.0373 3388 C:\Windows\System32\WinSCard.dll - ok
23:46:27.0373 3388 [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA ] C:\Windows\System32\shgina.dll
23:46:27.0373 3388 C:\Windows\System32\shgina.dll - ok
23:46:27.0389 3388 [ 70932D6C3D59B416CBD2BE5A3B3D4BE6 ] C:\Windows\System32\shacct.dll
23:46:27.0389 3388 C:\Windows\System32\shacct.dll - ok
23:46:27.0389 3388 [ 919CC2A0476D5A6A4C935D4B88E29912 ] C:\Windows\System32\ksuser.dll
23:46:27.0389 3388 C:\Windows\System32\ksuser.dll - ok
23:46:27.0405 3388 [ 4DF066ECEE5A7B20BF8B39EF4D646600 ] C:\Windows\System32\wdmaud.drv
23:46:27.0405 3388 C:\Windows\System32\wdmaud.drv - ok
23:46:27.0405 3388 [ DB7F4AB85298F3FE522C5512B8B0F56D ] C:\Windows\System32\AudioEng.dll
23:46:27.0405 3388 C:\Windows\System32\AudioEng.dll - ok
23:46:27.0420 3388 [ 7258434974EA735725FD2D4A65C5E821 ] C:\Windows\System32\AudioSes.dll
23:46:27.0420 3388 C:\Windows\System32\AudioSes.dll - ok
23:46:27.0420 3388 [ 6836D001FC733F205ACB80A7986CB6C9 ] C:\Windows\System32\WindowsCodecs.dll
23:46:27.0420 3388 C:\Windows\System32\WindowsCodecs.dll - ok
23:46:27.0436 3388 [ 1509E705F3AC1D474C92454A5C2DD81F ] C:\Windows\System32\uxsms.dll
23:46:27.0436 3388 C:\Windows\System32\uxsms.dll - ok
23:46:27.0436 3388 [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\Windows\System32\hid.dll
23:46:27.0436 3388 C:\Windows\System32\hid.dll - ok
23:46:27.0451 3388 [ 166F004D73EA2CF4AC61800CA469458D ] C:\Windows\System32\msacm32.drv
23:46:27.0451 3388 C:\Windows\System32\msacm32.drv - ok
23:46:27.0451 3388 [ 83199EF88D691E730B80666E29F90D58 ] C:\Windows\System32\midimap.dll
23:46:27.0451 3388 C:\Windows\System32\midimap.dll - ok
23:46:27.0467 3388 [ BDBB449425991154135E5ED1559927E6 ] C:\Windows\System32\msacm32.dll
23:46:27.0467 3388 C:\Windows\System32\msacm32.dll - ok
23:46:27.0467 3388 [ 296937202E4D930AAE98085B99D744D8 ] C:\Windows\System32\AUDIOKSE.dll
23:46:27.0467 3388 C:\Windows\System32\AUDIOKSE.dll - ok
23:46:27.0483 3388 [ D1C5883087A0C3F1344D9D55A44901F6 ] C:\Windows\System32\drivers\lltdio.sys
23:46:27.0483 3388 C:\Windows\System32\drivers\lltdio.sys - ok
23:46:27.0483 3388 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] C:\Windows\System32\drivers\nwifi.sys
23:46:27.0483 3388 C:\Windows\System32\drivers\nwifi.sys - ok
23:46:27.0498 3388 [ D6973AA34C4D5D76C0430B181C3CD389 ] C:\Windows\System32\drivers\ndisuio.sys
23:46:27.0498 3388 C:\Windows\System32\drivers\ndisuio.sys - ok
23:46:27.0498 3388 [ 9C508F4074A39E8B4B31D27198146FAD ] C:\Windows\System32\drivers\rspndr.sys
23:46:27.0498 3388 C:\Windows\System32\drivers\rspndr.sys - ok
23:46:27.0514 3388 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] C:\Windows\System32\dnsrslvr.dll
23:46:27.0514 3388 C:\Windows\System32\dnsrslvr.dll - ok
23:46:27.0514 3388 [ 3AB4023CBD406AC33AB8CDFF6C8079A0 ] C:\Windows\System32\eapphost.dll
23:46:27.0514 3388 C:\Windows\System32\eapphost.dll - ok
23:46:27.0529 3388 [ F3F940C6F1EDC2EF2B96BC05F1F8CE8E ] C:\Windows\System32\stapo.dll
23:46:27.0529 3388 C:\Windows\System32\stapo.dll - ok
23:46:27.0529 3388 [ 6CDB3406B41B5851F788DE287D7EF6E3 ] C:\Program Files\Cisco\Cisco LEAP Module\CiscoEapLeap.dll
23:46:27.0529 3388 C:\Program Files\Cisco\Cisco LEAP Module\CiscoEapLeap.dll - ok
23:46:27.0545 3388 [ 5EF35DBD3B14B1E595712C92949C349E ] C:\Windows\System32\ctapo32.dll
23:46:27.0545 3388 C:\Windows\System32\ctapo32.dll - ok
23:46:27.0545 3388 [ D0D93E9CAFCFF7C0AFF51638544B0A3E ] C:\Program Files\Cisco\Cisco PEAP Module\CiscoEapPeap.dll
23:46:27.0545 3388 C:\Program Files\Cisco\Cisco PEAP Module\CiscoEapPeap.dll - ok
23:46:27.0561 3388 [ 075CABC503A9B9078E2F36855CD6B1D7 ] C:\Program Files\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll
23:46:27.0561 3388 C:\Program Files\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll - ok
23:46:27.0576 3388 [ 3B0489DE8CC3058B48471660C60A7B75 ] C:\Windows\System32\rastls.dll
23:46:27.0576 3388 C:\Windows\System32\rastls.dll - ok
23:46:27.0576 3388 [ 0727200F10320A6BA7E59433094FBBA7 ] C:\Windows\System32\WMALFXGFXDSP.dll
23:46:27.0576 3388 C:\Windows\System32\WMALFXGFXDSP.dll - ok
23:46:27.0592 3388 [ BF142D4F8C61ED3629A9CDD7BA867900 ] C:\Windows\System32\mfplat.dll
23:46:27.0592 3388 C:\Windows\System32\mfplat.dll - ok
23:46:27.0592 3388 [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A ] C:\Windows\System32\raschap.dll
23:46:27.0592 3388 C:\Windows\System32\raschap.dll - ok
23:46:27.0607 3388 [ AB4BC1F10FF8273D4B54DAC4DE4B7AA4 ] C:\Windows\System32\aestaren.dll
23:46:27.0607 3388 C:\Windows\System32\aestaren.dll - ok
23:46:27.0607 3388 [ E45051C374F845EDF3DB02A35BA13193 ] C:\Windows\System32\umb.dll
23:46:27.0607 3388 C:\Windows\System32\umb.dll - ok
23:46:27.0623 3388 [ 3727F8B85E24BBDD325BFF75F029DDE3 ] C:\Windows\System32\wlanmsm.dll
23:46:27.0623 3388 C:\Windows\System32\wlanmsm.dll - ok
23:46:27.0623 3388 [ 4662AF853DFAD5648CE3814E7D9EF3D6 ] C:\Windows\System32\wlansec.dll
23:46:27.0623 3388 C:\Windows\System32\wlansec.dll - ok
23:46:27.0639 3388 [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\Windows\System32\onex.dll
23:46:27.0639 3388 C:\Windows\System32\onex.dll - ok
23:46:27.0639 3388 [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\Windows\System32\eappprxy.dll
23:46:27.0639 3388 C:\Windows\System32\eappprxy.dll - ok
23:46:27.0654 3388 [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\Windows\System32\eappcfg.dll
23:46:27.0654 3388 C:\Windows\System32\eappcfg.dll - ok
23:46:27.0654 3388 [ 91D995A67D9447592A1BF21CBC15C628 ] C:\Windows\System32\wlgpclnt.dll
23:46:27.0654 3388 C:\Windows\System32\wlgpclnt.dll - ok
23:46:27.0670 3388 [ 19FFAD68A02AF1BF0BC336EE26CD6767 ] C:\Windows\System32\l2gpstore.dll
23:46:27.0670 3388 C:\Windows\System32\l2gpstore.dll - ok
23:46:27.0670 3388 [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\Windows\System32\wlanutil.dll
23:46:27.0670 3388 C:\Windows\System32\wlanutil.dll - ok
23:46:27.0685 3388 [ 024528E25BBE8768536861EA09BE1672 ] C:\Windows\System32\msxml6.dll
23:46:27.0685 3388 C:\Windows\System32\msxml6.dll - ok
23:46:27.0685 3388 [ 62D6E365585A821ADE2DDD3DBB672392 ] C:\Windows\System32\WLTRYSVC.EXE
23:46:27.0685 3388 C:\Windows\System32\WLTRYSVC.EXE - ok
23:46:27.0701 3388 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
23:46:27.0701 3388 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
23:46:27.0701 3388 [ F5FCAC08245A116A1306A3DA8283119D ] C:\Windows\System32\BCMWLTRY.EXE
23:46:27.0701 3388 C:\Windows\System32\BCMWLTRY.EXE - ok
23:46:27.0717 3388 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\System32\mscoree.dll
23:46:27.0717 3388 C:\Windows\System32\mscoree.dll - ok
23:46:27.0717 3388 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
23:46:27.0717 3388 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok
23:46:27.0732 3388 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
23:46:27.0732 3388 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
23:46:27.0732 3388 [ 23C3A0680042C0D1DE1F360F8B62BC57 ] C:\Windows\System32\wlanext.exe
23:46:27.0732 3388 C:\Windows\System32\wlanext.exe - ok
23:46:27.0748 3388 [ CA0B849566776A17F35F0339BE17DFD9 ] C:\Windows\System32\ktmw32.dll
23:46:27.0748 3388 C:\Windows\System32\ktmw32.dll - ok
23:46:27.0748 3388 [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\Windows\System32\wlanapi.dll
23:46:27.0748 3388 C:\Windows\System32\wlanapi.dll - ok
23:46:27.0763 3388 [ 1D109ED0D660654EA7FF1574558031C4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll
23:46:27.0763 3388 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll - ok
23:46:27.0763 3388 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
23:46:27.0763 3388 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
23:46:27.0779 3388 [ E582816A4855914DEFFC212E12B3B744 ] C:\Windows\System32\wsock32.dll
23:46:27.0779 3388 C:\Windows\System32\wsock32.dll - ok
23:46:27.0779 3388 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
23:46:27.0779 3388 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
23:46:27.0795 3388 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
23:46:27.0795 3388 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
23:46:27.0795 3388 [ BA2DDBC002414FE8845717CBF300B11C ] C:\Windows\System32\bcmihvsrv.dll
23:46:27.0810 3388 C:\Windows\System32\bcmihvsrv.dll - ok
23:46:27.0810 3388 [ C42AE64F5DB6BC5E947B7E3E1B1E633E ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
23:46:27.0810 3388 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
23:46:27.0826 3388 [ 2A6A2C09ECC2CB495628E45F1379ECE8 ] C:\Windows\System32\taskcomp.dll
23:46:27.0826 3388 C:\Windows\System32\taskcomp.dll - ok
23:46:27.0826 3388 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] C:\Windows\System32\drivers\http.sys
23:46:27.0826 3388 C:\Windows\System32\drivers\http.sys - ok
23:46:27.0841 3388 [ 015A9D857726C083144CA352A273378A ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
23:46:27.0841 3388 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll - ok
23:46:27.0841 3388 [ 73FE2E5FA55088A241AA2732F5D387D6 ] C:\Windows\System32\wiarpc.dll
23:46:27.0841 3388 C:\Windows\System32\wiarpc.dll - ok
23:46:27.0857 3388 [ E79FDA8D320147FDC347C504B3487F87 ] C:\Windows\System32\spoolss.dll
23:46:27.0857 3388 C:\Windows\System32\spoolss.dll - ok
23:46:27.0857 3388 [ 3787A4BC97CE6C630F4B581425223D96 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
23:46:27.0857 3388 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
23:46:27.0873 3388 [ 7605C0E1D01A08F3ECD743F38B834A44 ] C:\Windows\System32\drivers\srvnet.sys
23:46:27.0873 3388 C:\Windows\System32\drivers\srvnet.sys - ok
23:46:27.0873 3388 [ B0D12F4344EB2AE96E487D2DF6F74413 ] C:\Windows\System32\FWPUCLNT.DLL
23:46:27.0873 3388 C:\Windows\System32\FWPUCLNT.DLL - ok
23:46:27.0888 3388 [ E0B9C31C8407AE4511DE13B12C31AFE2 ] C:\Windows\System32\bcmwlrmt.dll
23:46:27.0888 3388 C:\Windows\System32\bcmwlrmt.dll - ok
23:46:27.0888 3388 [ 021A29B7587D0050FD17B267961F4AF9 ] C:\Windows\System32\wltrynt.dll
23:46:27.0888 3388 C:\Windows\System32\wltrynt.dll - ok
23:46:27.0904 3388 [ D5E459BED3DB9CF7FC6CC1455F177D2D ] C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll
23:46:27.0904 3388 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll - ok
23:46:27.0904 3388 [ 35F376253F687BDE63976CCB3F2108CA ] C:\Windows\System32\drivers\bowser.sys
23:46:27.0904 3388 C:\Windows\System32\drivers\bowser.sys - ok
23:46:27.0919 3388 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] C:\Windows\System32\drivers\mpsdrv.sys
23:46:27.0919 3388 C:\Windows\System32\drivers\mpsdrv.sys - ok
23:46:27.0919 3388 [ 82CEA0395524AACFEB58BA1448E8325C ] C:\Windows\System32\drivers\mrxdav.sys
23:46:27.0919 3388 C:\Windows\System32\drivers\mrxdav.sys - ok
23:46:27.0935 3388 [ 5DE62C6E9108F14F6794060A9BDECAEC ] C:\Windows\System32\MPSSVC.dll
23:46:27.0935 3388 C:\Windows\System32\MPSSVC.dll - ok
23:46:27.0935 3388 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] C:\Windows\System32\drivers\mrxsmb.sys
23:46:27.0935 3388 C:\Windows\System32\drivers\mrxsmb.sys - ok
23:46:27.0951 3388 [ 4FCCB34D793B116423209C0F8B7A3B03 ] C:\Windows\System32\drivers\mrxsmb10.sys
23:46:27.0951 3388 C:\Windows\System32\drivers\mrxsmb10.sys - ok
23:46:27.0951 3388 [ 1E03BABB4D6CA5C27BD2C822F7F95788 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
23:46:27.0951 3388 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll - ok
23:46:27.0966 3388 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] C:\Windows\System32\drivers\mrxsmb20.sys
23:46:27.0966 3388 C:\Windows\System32\drivers\mrxsmb20.sys - ok
23:46:27.0966 3388 [ FF33AFF99564B1AA534F58868CBE41EF ] C:\Windows\System32\drivers\srv2.sys
23:46:27.0966 3388 C:\Windows\System32\drivers\srv2.sys - ok
23:46:27.0982 3388 [ 6BC5FCEF351E4CB5A269C1E84B5A06DA ] C:\Windows\System32\netcfgx.dll
23:46:27.0982 3388 C:\Windows\System32\netcfgx.dll - ok
23:46:27.0982 3388 [ 41987F9FC0E61ADF54F581E15029AD91 ] C:\Windows\System32\drivers\srv.sys
23:46:27.0982 3388 C:\Windows\System32\drivers\srv.sys - ok
23:46:27.0997 3388 [ A324D72A06C110152E7607745F39BFA1 ] C:\Windows\System32\netmsg.dll
23:46:27.0997 3388 C:\Windows\System32\netmsg.dll - ok
23:46:27.0997 3388 [ 0745D6EAD386710110817FBEC03F5161 ] C:\Windows\System32\wfapigp.dll
23:46:27.0997 3388 C:\Windows\System32\wfapigp.dll - ok
23:46:28.0013 3388 [ 5F1DEC3824E566457F53F24F493FEF08 ] C:\Windows\System32\mscms.dll
23:46:28.0013 3388 C:\Windows\System32\mscms.dll - ok
23:46:28.0013 3388 [ 452341E471D2D961229DFE0842957272 ] C:\Windows\System32\sscore.dll
23:46:28.0013 3388 C:\Windows\System32\sscore.dll - ok
23:46:28.0029 3388 [ D333058925CE305E39DE8D5AD2B52A46 ] C:\Windows\System32\clusapi.dll
23:46:28.0029 3388 C:\Windows\System32\clusapi.dll - ok
23:46:28.0029 3388 [ 5CAD3395A4720BF735836D125297229A ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
23:46:28.0029 3388 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll - ok
23:46:28.0044 3388 [ 1311171CF8F6D2954441EF2A42693035 ] C:\Windows\System32\WsmRes.dll
23:46:28.0044 3388 C:\Windows\System32\WsmRes.dll - ok
23:46:28.0044 3388 [ 6468C3FF6D0C7874FA8C619AF3E23B22 ] C:\Windows\System32\activeds.dll
23:46:28.0044 3388 C:\Windows\System32\activeds.dll - ok
23:46:28.0060 3388 [ E9B9C1B98C8D6D48407E1C1203EAC659 ] C:\Windows\System32\adsldpc.dll
23:46:28.0060 3388 C:\Windows\System32\adsldpc.dll - ok
23:46:28.0060 3388 [ E230F3776F373F4C5E788794B53101E4 ] C:\Windows\System32\plasrv.exe
23:46:28.0060 3388 C:\Windows\System32\plasrv.exe - ok
23:46:28.0075 3388 [ 93E317D7AD783D8EAEE2E3500BFE889D ] C:\Windows\System32\credui.dll
23:46:28.0075 3388 C:\Windows\System32\credui.dll - ok
23:46:28.0075 3388 [ B9F3FF52B84FD9E3CAFB29B8EE385E5B ] C:\Windows\System32\resutils.dll
23:46:28.0075 3388 C:\Windows\System32\resutils.dll - ok
23:46:28.0091 3388 [ 5A6BFE723CF0E6E39021CDC01CA57EED ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
23:46:28.0091 3388 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll - ok
23:46:28.0091 3388 [ 0FA9B5055484649D63C303FE404E5F4D ] C:\Windows\System32\drivers\parport.sys
23:46:28.0107 3388 C:\Windows\System32\drivers\parport.sys - ok
23:46:28.0107 3388 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:46:28.0107 3388 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
23:46:28.0122 3388 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
23:46:28.0122 3388 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
23:46:28.0122 3388 [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\Windows\System32\shimeng.dll
23:46:28.0122 3388 C:\Windows\System32\shimeng.dll - ok
23:46:28.0138 3388 [ EF1142512BEC12F1C2C87735DA1755BE ] C:\Windows\System32\AEstSrv.exe
23:46:28.0138 3388 C:\Windows\System32\AEstSrv.exe - ok
23:46:28.0138 3388 [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:46:28.0138 3388 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
23:46:28.0153 3388 [ 60C079CB2150760263D1FE5FF6218961 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
23:46:28.0153 3388 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
23:46:28.0153 3388 [ D339D7F6E52AECCA9C0898CB547B2902 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
23:46:28.0153 3388 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
23:46:28.0169 3388 [ 5F3347EBA403EE64780980A5BAF10304 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
23:46:28.0169 3388 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
23:46:28.0169 3388 [ DF1C1CD0C7EE95CC00D71E9E415E7BCD ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
23:46:28.0169 3388 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
23:46:28.0185 3388 [ 32D78DCABFB942275E01363D5232C77D ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
23:46:28.0185 3388 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
23:46:28.0185 3388 [ 09B7E7CD6F202247B3CF2306108589C2 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
23:46:28.0185 3388 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
23:46:28.0200 3388 [ FD86C605FD7AD4A41C01EC7A4A1E1C5D ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
23:46:28.0200 3388 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
23:46:28.0216 3388 [ A3609397EF273B03295DBB10274BE12C ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
23:46:28.0216 3388 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
23:46:28.0216 3388 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
23:46:28.0216 3388 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
23:46:28.0231 3388 [ BA02F01BE7ED88E8974C798ACB3075F5 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
23:46:28.0231 3388 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
23:46:28.0231 3388 [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
23:46:28.0231 3388 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
23:46:28.0247 3388 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\System32\dnssd.dll
23:46:28.0247 3388 C:\Windows\System32\dnssd.dll - ok
23:46:28.0247 3388 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
23:46:28.0247 3388 C:\Program Files\Bonjour\mDNSResponder.exe - ok
23:46:28.0263 3388 [ 0C629820AAD9C90E456B221C94D640CA ] C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
23:46:28.0263 3388 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe - ok
23:46:28.0263 3388 [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
23:46:28.0263 3388 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
23:46:28.0278 3388 [ 52E129522C1775DBB8CC252E7A0655C7 ] C:\Windows\System32\taskschd.dll
23:46:28.0278 3388 C:\Windows\System32\taskschd.dll - ok
23:46:28.0278 3388 [ A56CCBBFCCEDCE2FD9C69FED24E035E3 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
23:46:28.0278 3388 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
23:46:28.0294 3388 [ 17FC3EDA0162F513E858B8C8FA7FA6E0 ] C:\Windows\System32\vssapi.dll
23:46:28.0294 3388 C:\Windows\System32\vssapi.dll - ok
23:46:28.0294 3388 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] C:\Program Files\ESET\ESET Smart Security\ekrn.exe
23:46:28.0294 3388 C:\Program Files\ESET\ESET Smart Security\ekrn.exe - ok
23:46:28.0309 3388 [ DC3AE9F1554DCD97F90983DDBDACD83D ] C:\Windows\System32\vsstrace.dll
23:46:28.0309 3388 C:\Windows\System32\vsstrace.dll - ok
23:46:28.0309 3388 [ 09469B8EDD2755143FDA06867AAD7E73 ] C:\Windows\System32\cryptnet.dll
23:46:28.0309 3388 C:\Windows\System32\cryptnet.dll - ok
23:46:28.0325 3388 [ EC760B0B76A4353DE49D66520EB2141F ] C:\Windows\System32\SensApi.dll
23:46:28.0325 3388 C:\Windows\System32\SensApi.dll - ok
23:46:28.0325 3388 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
23:46:28.0325 3388 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
23:46:28.0341 3388 [ C8DBFEF835FF54467425C8F3ABCF7046 ] C:\Windows\System32\dssenh.dll
23:46:28.0341 3388 C:\Windows\System32\dssenh.dll - ok
23:46:28.0341 3388 [ C28FD3B37B6F18751C99E6022A2A9782 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
23:46:28.0341 3388 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
23:46:28.0356 3388 [ 517F8CE7F9CB2A840E9B3F12C50A4F7B ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
23:46:28.0356 3388 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
23:46:28.0356 3388 [ AD48183027CAFCEBC322CB9CAC60F9B8 ] C:\Windows\System32\WSDApi.dll
23:46:28.0356 3388 C:\Windows\System32\WSDApi.dll - ok
23:46:28.0372 3388 [ AE38A12F79A4980DDB88F36514F8A1DA ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
23:46:28.0372 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe - ok
23:46:28.0372 3388 [ 4EDA94333BDB75B1BC0A7610BED34F00 ] C:\Windows\System32\fundisc.dll
23:46:28.0372 3388 C:\Windows\System32\fundisc.dll - ok
23:46:28.0387 3388 [ D9011D2091C6B037A5075C27A470188C ] C:\Windows\System32\httpapi.dll
23:46:28.0387 3388 C:\Windows\System32\httpapi.dll - ok
23:46:28.0403 3388 [ 0BA3F31E2B4D8D99DF8DD19E81155374 ] C:\Windows\System32\ieframe.dll
23:46:28.0403 3388 C:\Windows\System32\ieframe.dll - ok
23:46:28.0403 3388 [ E7D0F91E44D9D3B2116FA549BDCDB756 ] C:\Windows\System32\wdscore.dll
23:46:28.0403 3388 C:\Windows\System32\wdscore.dll - ok
23:46:28.0419 3388 [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\Windows\System32\winspool.drv
23:46:28.0419 3388 C:\Windows\System32\winspool.drv - ok
23:46:28.0419 3388 [ 6ABD253226770EAE1292B4C945ED4B4B ] C:\Windows\System32\msxml3.dll
23:46:28.0419 3388 C:\Windows\System32\msxml3.dll - ok
23:46:28.0434 3388 [ 248A1F31ABB58DDDDC01490EF0BDC777 ] C:\Windows\System32\cryptui.dll
23:46:28.0434 3388 C:\Windows\System32\cryptui.dll - ok
23:46:28.0434 3388 [ A800036D0E071CBE08C144E110A71A35 ] C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
23:46:28.0434 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll - ok
23:46:28.0450 3388 [ 140A9D67F1BAFE14B798C71139DE5601 ] C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll
23:46:28.0450 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll - ok
23:46:28.0450 3388 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\Windows\System32\drivers\mdmxsdk.sys
23:46:28.0450 3388 C:\Windows\System32\drivers\mdmxsdk.sys - ok
23:46:28.0465 3388 [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B ] C:\Windows\System32\ncsi.dll
23:46:28.0465 3388 C:\Windows\System32\ncsi.dll - ok
23:46:28.0465 3388 [ 6349F6ED9C623B44B52EA3C63C831A92 ] C:\Windows\System32\drivers\PEAuth.sys
23:46:28.0465 3388 C:\Windows\System32\drivers\PEAuth.sys - ok
23:46:28.0481 3388 [ 30F0DC266B46118E9FBCF5B2A30EB1DB ] C:\Windows\System32\wbem\wbemprox.dll
23:46:28.0481 3388 C:\Windows\System32\wbem\wbemprox.dll - ok
23:46:28.0481 3388 [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\Windows\System32\cfgmgr32.dll
23:46:28.0481 3388 C:\Windows\System32\cfgmgr32.dll - ok
23:46:28.0497 3388 [ 74B8C2EA72D43727142D12397D5A49F9 ] C:\Windows\System32\wbemcomn.dll
23:46:28.0497 3388 C:\Windows\System32\wbemcomn.dll - ok
23:46:28.0497 3388 [ 8BE000F9A0B0FF7194AAEFB02C9BDE99 ] C:\Windows\System32\wer.dll
23:46:28.0497 3388 C:\Windows\System32\wer.dll - ok
23:46:28.0512 3388 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
23:46:28.0512 3388 C:\Windows\System32\drivers\secdrv.sys - ok
23:46:28.0512 3388 [ D0494460421A03CD5225CCA0059AA146 ] C:\Windows\System32\IPSECSVC.DLL
23:46:28.0512 3388 C:\Windows\System32\IPSECSVC.DLL - ok
23:46:28.0528 3388 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] C:\Windows\System32\stacsv.exe
23:46:28.0528 3388 C:\Windows\System32\stacsv.exe - ok
23:46:28.0528 3388 [ 84B8827562B005C118CADBA0F25DB2C6 ] C:\Windows\System32\dsound.dll
23:46:28.0528 3388 C:\Windows\System32\dsound.dll - ok
23:46:28.0543 3388 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\System32\msi.dll
23:46:28.0543 3388 C:\Windows\System32\msi.dll - ok
23:46:28.0543 3388 [ 01BCD91CC2B0EFDA4890F547010750BD ] C:\Windows\System32\ssdpapi.dll
23:46:28.0543 3388 C:\Windows\System32\ssdpapi.dll - ok
23:46:28.0559 3388 [ 42608AE9AF2641EE473A1797C25CFFC2 ] C:\Windows\System32\FwRemoteSvr.dll
23:46:28.0559 3388 C:\Windows\System32\FwRemoteSvr.dll - ok
23:46:28.0559 3388 [ 1E9B9A70D332103C52995E957DC09EF8 ] C:\Windows\System32\drivers\fastfat.sys
23:46:28.0559 3388 C:\Windows\System32\drivers\fastfat.sys - ok
23:46:28.0575 3388 [ 9225F181166C0FD8A4763611045D3C30 ] C:\Windows\System32\stapi32.dll
23:46:28.0575 3388 C:\Windows\System32\stapi32.dll - ok
23:46:28.0575 3388 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] C:\Windows\System32\drivers\tcpipreg.sys
23:46:28.0575 3388 C:\Windows\System32\drivers\tcpipreg.sys - ok
23:46:28.0590 3388 [ 428FF21418ADCD6FAD6189CD9520A67B ] C:\Windows\System32\wiatrace.dll
23:46:28.0590 3388 C:\Windows\System32\wiatrace.dll - ok
23:46:28.0590 3388 [ 0C84B6AFFA7486422235584110D7176F ] C:\Windows\System32\icaapi.dll
23:46:28.0590 3388 C:\Windows\System32\icaapi.dll - ok
23:46:28.0606 3388 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
23:46:28.0606 3388 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE - ok
23:46:28.0606 3388 [ 4DBA143F06BAD1DF935CB9603140CF2A ] C:\Windows\System32\wsdchngr.dll
23:46:28.0606 3388 C:\Windows\System32\wsdchngr.dll - ok
23:46:28.0621 3388 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL
23:46:28.0621 3388 C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL - ok
23:46:28.0637 3388 [ 1F18B9EA1BBFF033413414C3BEA13AD6 ] C:\Windows\System32\wbem\WinMgmtR.dll
23:46:28.0637 3388 C:\Windows\System32\wbem\WinMgmtR.dll - ok
23:46:28.0637 3388 [ 2205A220A264E8C8B86492BF3D112907 ] C:\Windows\System32\PortableDeviceApi.dll
23:46:28.0637 3388 C:\Windows\System32\PortableDeviceApi.dll - ok
23:46:28.0653 3388 [ DEB9D08750423069647C3A066CEC7A1B ] C:\Windows\System32\tquery.dll
23:46:28.0653 3388 C:\Windows\System32\tquery.dll - ok
23:46:28.0653 3388 [ 218B73EA8341EA9FDF018D43052E790A ] C:\Windows\System32\mssrch.dll
23:46:28.0653 3388 C:\Windows\System32\mssrch.dll - ok
23:46:28.0668 3388 [ B53BD9E63867CD9FD853F666CA172713 ] C:\Windows\System32\PortableDeviceConnectApi.dll
23:46:28.0668 3388 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
23:46:28.0668 3388 [ 4934241CD20AC87D78121352E3BA8318 ] C:\Windows\System32\dbghelp.dll
23:46:28.0668 3388 C:\Windows\System32\dbghelp.dll - ok
23:46:28.0684 3388 [ C649F293B8B047A2694F3C615D09BF17 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
23:46:28.0684 3388 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE - ok
23:46:28.0684 3388 [ DAB33CFA9DD24251AAA389FF36B64D4B ] C:\Windows\System32\drivers\XAudio.sys
23:46:28.0684 3388 C:\Windows\System32\drivers\XAudio.sys - ok
23:46:28.0699 3388 [ AAB5FEAABF4CB6F76D794203831C8D94 ] C:\Windows\System32\msidle.dll
23:46:28.0699 3388 C:\Windows\System32\msidle.dll - ok
23:46:28.0699 3388 [ CD5F291A1161F15896D1A4D63DAFF5DF ] C:\Windows\System32\drivers\XAudio.exe
23:46:28.0699 3388 C:\Windows\System32\drivers\XAudio.exe - ok
23:46:28.0715 3388 [ B458B58F7BB97C48D01AC3CF5805AAAC ] C:\Windows\System32\Query.dll
23:46:28.0715 3388 C:\Windows\System32\Query.dll - ok
23:46:28.0715 3388 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] C:\Windows\System32\netprofm.dll
23:46:28.0715 3388 C:\Windows\System32\netprofm.dll - ok
23:46:28.0731 3388 [ FEA6D21F78922D641A0C9346D885133B ] C:\Windows\System32\mssprxy.dll
23:46:28.0731 3388 C:\Windows\System32\mssprxy.dll - ok
23:46:28.0731 3388 [ DFCAB29E8FD38F95650CC1E203E8D318 ] C:\Windows\System32\npmproxy.dll
23:46:28.0731 3388 C:\Windows\System32\npmproxy.dll - ok
23:46:28.0746 3388 [ B8A21907FE2F1A113F3487D9AB60BEF9 ] C:\Windows\System32\en-US\tquery.dll.mui
23:46:28.0746 3388 C:\Windows\System32\en-US\tquery.dll.mui - ok
23:46:28.0746 3388 [ 22DC784B32BEE306A99F50D6DC2460BC ] C:\Windows\System32\esent.dll
23:46:28.0746 3388 C:\Windows\System32\esent.dll - ok
23:46:28.0762 3388 [ F85134BF76CB335A39F8D7BC4173D4FB ] C:\Windows\System32\msscb.dll
23:46:28.0762 3388 C:\Windows\System32\msscb.dll - ok
23:46:28.0762 3388 [ 77784A2BD5912A4EC6284255865526BC ] C:\Windows\System32\Faultrep.dll
23:46:28.0762 3388 C:\Windows\System32\Faultrep.dll - ok
23:46:28.0777 3388 [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\Windows\System32\sfc.dll
23:46:28.0777 3388 C:\Windows\System32\sfc.dll - ok
23:46:28.0777 3388 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\Windows\System32\sfc_os.dll
23:46:28.0777 3388 C:\Windows\System32\sfc_os.dll - ok
23:46:28.0793 3388 [ 46DD33E12D12A03CABF009FBB3F3D0E4 ] C:\Windows\System32\mpnotify.exe
23:46:28.0793 3388 C:\Windows\System32\mpnotify.exe - ok
23:46:28.0793 3388 [ 3D50C4B10352367D5CB20ED1F50F8DA2 ] C:\Windows\System32\taskeng.exe
23:46:28.0793 3388 C:\Windows\System32\taskeng.exe - ok
23:46:28.0809 3388 [ 70C6489D56008D75DEDF73226FA63C11 ] C:\Windows\System32\dimsjob.dll
23:46:28.0809 3388 C:\Windows\System32\dimsjob.dll - ok
23:46:28.0809 3388 [ B11FDCA4410D6252964EF97F9A47DE74 ] C:\Windows\System32\TSChannel.dll
23:46:28.0809 3388 C:\Windows\System32\TSChannel.dll - ok
23:46:28.0824 3388 [ 98638A4CA187245C469DA0DEC4F04A45 ] C:\Windows\System32\pautoenr.dll
23:46:28.0824 3388 C:\Windows\System32\pautoenr.dll - ok
23:46:28.0824 3388 [ AC48FD62E22C4425879FCA5A63F50497 ] C:\Windows\System32\certcli.dll
23:46:28.0824 3388 C:\Windows\System32\certcli.dll - ok
23:46:28.0840 3388 [ 0053319C4438CDE659AA75C19BBD22F1 ] C:\Windows\System32\CertEnroll.dll
23:46:28.0840 3388 C:\Windows\System32\CertEnroll.dll - ok
23:46:28.0840 3388 [ D23BBC0827B1D8730C8C1CFA1D82CCD5 ] C:\Program Files\ESET\ESET Smart Security\ekrnHips.dll
23:46:28.0840 3388 C:\Program Files\ESET\ESET Smart Security\ekrnHips.dll - ok
23:46:28.0855 3388 [ AA7F66B5D4B20A8BF4D0607ECFA0D274 ] C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll
23:46:28.0855 3388 C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll - ok
23:46:28.0855 3388 [ 2E70A8B199AED648B2568BBABC7CA9D0 ] C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll
23:46:28.0855 3388 C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll - ok
23:46:28.0871 3388 [ 56A494AF81A76498E93ED0091F9557E4 ] C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll
23:46:28.0871 3388 C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll - ok
23:46:28.0871 3388 [ 3629D654B61C49EE199B6C7822D5645D ] C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll
23:46:28.0871 3388 C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll - ok
23:46:28.0887 3388 [ 3AD81066DE62D6D639E6231CDDC56261 ] C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll
23:46:28.0887 3388 C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll - ok
23:46:28.0887 3388 [ 6348797E6564E03BF59F68C6B814521E ] C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll
23:46:28.0887 3388 C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll - ok
23:46:28.0902 3388 [ 8BD055A8EB90193B72F5175FA8506156 ] C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll
23:46:28.0902 3388 C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll - ok
23:46:28.0902 3388 [ F26102500A90E72FA73E9AB40C1DFB81 ] C:\Program Files\ESET\ESET Smart Security\updater.dll
23:46:28.0902 3388 C:\Program Files\ESET\ESET Smart Security\updater.dll - ok
23:46:28.0918 3388 [ 225B0DFB3490FD7860B0C12A8103031A ] C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll
23:46:28.0918 3388 C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll - ok
23:46:28.0918 3388 [ 95F2FFF7D717BAAAC04847ACE77D4400 ] C:\Windows\System32\BCMLogon.dll
23:46:28.0933 3388 C:\Windows\System32\BCMLogon.dll - ok
23:46:28.0933 3388 [ 4C99F8DCF76C69F754C2D086D14390F3 ] C:\Program Files\ESET\ESET Smart Security\ekrnParental.dll
23:46:28.0933 3388 C:\Program Files\ESET\ESET Smart Security\ekrnParental.dll - ok
23:46:28.0933 3388 [ DB9003592DB92B0D59C78A638715DE23 ] C:\Program Files\ESET\ESET Smart Security\eplgOE.dll
23:46:28.0933 3388 C:\Program Files\ESET\ESET Smart Security\eplgOE.dll - ok
23:46:28.0949 3388 [ A952D0DED445F26AEFCF593A935AB300 ] C:\Windows\System32\hnetcfg.dll
23:46:28.0949 3388 C:\Windows\System32\hnetcfg.dll - ok
23:46:28.0949 3388 [ FC1EEE57EB9CD57279D70BA2A9131C38 ] C:\Windows\System32\wbem\wbemcore.dll
23:46:28.0949 3388 C:\Windows\System32\wbem\wbemcore.dll - ok
23:46:28.0965 3388 [ 1DFC366D2154EF2B381A7F2CB165C7F4 ] C:\Windows\System32\diagperf.dll
23:46:28.0965 3388 C:\Windows\System32\diagperf.dll - ok
23:46:28.0965 3388 [ A0F4852A5DB9754BEC06F84B400AE743 ] C:\Windows\System32\wscapi.dll
23:46:28.0965 3388 C:\Windows\System32\wscapi.dll - ok
23:46:28.0980 3388 [ D0A95E567224B4C347CBDD6541E5D928 ] C:\Windows\System32\wscisvif.dll
23:46:28.0980 3388 C:\Windows\System32\wscisvif.dll - ok
23:46:28.0980 3388 [ 7BD70AEED0D975285A1B20BD012EBF4E ] C:\Windows\System32\drivers\bcm42rly.sys
23:46:28.0980 3388 C:\Windows\System32\drivers\bcm42rly.sys - ok
23:46:28.0996 3388 [ C10E13721B0AAEBEB5EBA914F1D18181 ] C:\Windows\System32\wbem\esscli.dll
23:46:28.0996 3388 C:\Windows\System32\wbem\esscli.dll - ok
23:46:28.0996 3388 [ F0062778F50838145AC46B384FFB4FA3 ] C:\Windows\System32\pcadm.dll
23:46:29.0011 3388 C:\Windows\System32\pcadm.dll - ok
23:46:29.0011 3388 [ 21322832C99E8DE85BD047689A2A69DB ] C:\Windows\System32\pnpts.dll
23:46:29.0011 3388 C:\Windows\System32\pnpts.dll - ok
23:46:29.0027 3388 [ BC5A34B6A14C93BF04E3F4E8EA57090A ] C:\Windows\System32\wbem\fastprox.dll
23:46:29.0027 3388 C:\Windows\System32\wbem\fastprox.dll - ok
23:46:29.0027 3388 [ DB0F37DBA4C245C61E5936DDBDE62438 ] C:\Windows\System32\wbem\wbemsvc.dll
23:46:29.0027 3388 C:\Windows\System32\wbem\wbemsvc.dll - ok
23:46:29.0027 3388 [ BE01E566D1F569AAB32D0335613E1EEA ] C:\Windows\System32\dllhost.exe
23:46:29.0027 3388 C:\Windows\System32\dllhost.exe - ok
23:46:29.0043 3388 [ 2C3B09E586BDA2CC49A292BE7BADC589 ] C:\Windows\System32\wbem\wmiutils.dll
23:46:29.0043 3388 C:\Windows\System32\wbem\wmiutils.dll - ok
23:46:29.0043 3388 [ 834933F16EA839AC5AC7CBF88638DF27 ] C:\Windows\System32\wbem\repdrvfs.dll
23:46:29.0043 3388 C:\Windows\System32\wbem\repdrvfs.dll - ok
23:46:29.0058 3388 [ C2C6C014B96581EC8BF0C8604DE1743E ] C:\Windows\System32\wbem\WmiPrvSD.dll
23:46:29.0058 3388 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
23:46:29.0058 3388 [ 3CD1B69551236977918E60F9543C89A2 ] C:\Windows\System32\AtBroker.exe
23:46:29.0058 3388 C:\Windows\System32\AtBroker.exe - ok
23:46:29.0074 3388 [ A609A192E98934A8D352704C99AB8577 ] C:\Windows\System32\wbem\wbemess.dll
23:46:29.0074 3388 C:\Windows\System32\wbem\wbemess.dll - ok
23:46:29.0074 3388 [ B4AF3DC7830EFEA4E50847CF225BB7DB ] C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID.pin
23:46:29.0089 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID.pin - ok
23:46:29.0089 3388 [ 46828F2E7B4D68B706BFEBC1964A7D1A ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizM.dll
23:46:29.0089 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizM.dll - ok
23:46:29.0105 3388 [ 09C6750143ED0C22A5083FC5C1C90999 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizD.dll
23:46:29.0105 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizD.dll - ok
23:46:29.0105 3388 [ 6AA1422C89E2C4ADACFD5B826C5E1044 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll
23:46:29.0105 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll - ok
23:46:29.0121 3388 [ B7A75960A62C52495C0F2F9846C48353 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll
23:46:29.0121 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll - ok
23:46:29.0121 3388 [ 66E323AA1E41CF0F67723928B250202F ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizC.dll
23:46:29.0121 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizC.dll - ok
23:46:29.0136 3388 [ 01DAAF5B3C8627B158C3FB8D6AC01EB3 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll
23:46:29.0136 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll - ok
23:46:29.0136 3388 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
23:46:29.0136 3388 C:\Program Files\Bonjour\mdnsNSP.dll - ok
23:46:29.0152 3388 [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\System32\winrnr.dll
23:46:29.0152 3388 C:\Windows\System32\winrnr.dll - ok
23:46:29.0152 3388 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\System32\rasadhlp.dll
23:46:29.0152 3388 C:\Windows\System32\rasadhlp.dll - ok
23:46:29.0167 3388 [ 5CAAE5333EF36DB4A8D294418AB37E80 ] C:\Windows\System32\p2pcollab.dll
23:46:29.0167 3388 C:\Windows\System32\p2pcollab.dll - ok
23:46:29.0167 3388 [ F371C6DF9A810EF2E6E4FA60ACBB5C33 ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
23:46:29.0167 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe - ok
23:46:29.0183 3388 [ 7BEDD051B53821B040EAD42DB0724848 ] C:\Windows\System32\WerFault.exe
23:46:29.0183 3388 C:\Windows\System32\WerFault.exe - ok
23:46:29.0183 3388 [ 0E135526E9785D085BCD9AEDE6FBCBF9 ] C:\Windows\System32\userinit.exe
23:46:29.0183 3388 C:\Windows\System32\userinit.exe - ok
23:46:29.0199 3388 [ 447983959A8CF49C4CC3B65DED69AF28 ] C:\Windows\System32\dbgeng.dll
23:46:29.0199 3388 C:\Windows\System32\dbgeng.dll - ok
23:46:29.0199 3388 [ F5A61C20212D96766F05D0554EBAD789 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
23:46:29.0199 3388 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll - ok
23:46:29.0214 3388 [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\Windows\System32\dwmapi.dll
23:46:29.0214 3388 C:\Windows\System32\dwmapi.dll - ok
23:46:29.0214 3388 [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC ] C:\Windows\System32\shfolder.dll
23:46:29.0214 3388 C:\Windows\System32\shfolder.dll - ok
23:46:29.0230 3388 [ D80C6539C00CB4F5D59066865479C308 ] C:\Windows\System32\dwmredir.dll
23:46:29.0230 3388 C:\Windows\System32\dwmredir.dll - ok
23:46:29.0230 3388 [ C99403A5B641520DAED0021DDA06F272 ] C:\Windows\System32\milcore.dll
23:46:29.0230 3388 C:\Windows\System32\milcore.dll - ok
23:46:29.0245 3388 [ 8AAEEE8E59A70F37579993D118A34EE0 ] C:\Windows\System32\d3d9.dll
23:46:29.0245 3388 C:\Windows\System32\d3d9.dll - ok
23:46:29.0245 3388 [ CD6DA5770CAE9D5E6E86722E17B442E0 ] C:\Windows\System32\d3d8thk.dll
23:46:29.0245 3388 C:\Windows\System32\d3d8thk.dll - ok
23:46:29.0261 3388 [ C9FC759D903B3ED249ACEC90678FB015 ] C:\Windows\System32\igdumd32.dll
23:46:29.0261 3388 C:\Windows\System32\igdumd32.dll - ok
23:46:29.0261 3388 [ D922592AB65C5D9B88B30B4510A3464E ] C:\Windows\System32\cscapi.dll
23:46:29.0261 3388 C:\Windows\System32\cscapi.dll - ok
23:46:29.0277 3388 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
23:46:29.0277 3388 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
23:46:29.0277 3388 [ 7A623F6B4C51F6F2BC1A31D5787FC0A7 ] C:\Windows\System32\uDWM.dll
23:46:29.0277 3388 C:\Windows\System32\uDWM.dll - ok
23:46:29.0292 3388 [ 57125869A7B9638A5D11DD685AA65EB4 ] C:\Windows\System32\PlaySndSrv.dll
23:46:29.0292 3388 C:\Windows\System32\PlaySndSrv.dll - ok
23:46:29.0292 3388 [ 782C8019C89920A77B1907AD3B4C8FF9 ] C:\Windows\System32\HotStartUserAgent.dll
23:46:29.0292 3388 C:\Windows\System32\HotStartUserAgent.dll - ok
23:46:29.0308 3388 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
23:46:29.0308 3388 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
23:46:29.0308 3388 [ 43E1054C713C48D252A1826C5E14AACA ] C:\Windows\System32\MsCtfMonitor.dll
23:46:29.0308 3388 C:\Windows\System32\MsCtfMonitor.dll - ok
23:46:29.0323 3388 [ C6DA42ADA0C5FC8CB05744229D632B47 ] C:\Windows\System32\msutb.dll
23:46:29.0323 3388 C:\Windows\System32\msutb.dll - ok
23:46:29.0323 3388 [ 293C5CCD99D332ECC94637FEDA38D1F2 ] C:\Windows\System32\TMM.dll
23:46:29.0323 3388 C:\Windows\System32\TMM.dll - ok
23:46:29.0339 3388 [ D07D4C3038F3578FFCE1C0237F2A1253 ] C:\Windows\explorer.exe
23:46:29.0339 3388 C:\Windows\explorer.exe - ok
23:46:29.0339 3388 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
23:46:29.0339 3388 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
23:46:29.0355 3388 [ 73FD66B14D3C4252F7A524B8836A4359 ] C:\Windows\System32\mstask.dll
23:46:29.0355 3388 C:\Windows\System32\mstask.dll - ok
23:46:29.0355 3388 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\System32\shdocvw.dll
23:46:29.0355 3388 C:\Windows\System32\shdocvw.dll - ok
23:46:29.0370 3388 [ 4504819D18FAC09B6108D8728467E5B2 ] C:\Windows\System32\browseui.dll
23:46:29.0370 3388 C:\Windows\System32\browseui.dll - ok
23:46:29.0370 3388 [ 66397A699206CF9A5F9C66A79B978125 ] C:\Windows\System32\igfxTMM.dll
23:46:29.0370 3388 C:\Windows\System32\igfxTMM.dll - ok
23:46:29.0386 3388 [ 9961680F5A50607A07898646EE23245C ] C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
23:46:29.0386 3388 C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll - ok
23:46:29.0386 3388 [ BDE89AB6F15F0093A2A7861D1FC413ED ] C:\Windows\System32\QAGENT.DLL
23:46:29.0386 3388 C:\Windows\System32\QAGENT.DLL - ok
23:46:29.0401 3388 [ 8F58544719E1C435BC36A8B207096581 ] C:\Windows\System32\verclsid.exe
23:46:29.0401 3388 C:\Windows\System32\verclsid.exe - ok
23:46:29.0401 3388 [ 14E4470BF8ACA69A85D741BA99F75F96 ] C:\Windows\System32\EhStorShell.dll
23:46:29.0401 3388 C:\Windows\System32\EhStorShell.dll - ok
23:46:29.0417 3388 [ 769D027B977CED05658C85E698D3C5B1 ] C:\Windows\System32\QUTIL.DLL
23:46:29.0417 3388 C:\Windows\System32\QUTIL.DLL - ok
23:46:29.0417 3388 [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\Windows\System32\imageres.dll
23:46:29.0417 3388 C:\Windows\System32\imageres.dll - ok
23:46:29.0433 3388 [ 08578F3CA5365F896D90CE2BF97FD000 ] C:\Windows\System32\IconCodecService.dll
23:46:29.0433 3388 C:\Windows\System32\IconCodecService.dll - ok
23:46:29.0433 3388 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\System32\runonce.exe
23:46:29.0433 3388 C:\Windows\System32\runonce.exe - ok
23:46:29.0448 3388 [ 74F26FC01B180D4A99A168ED69C30A53 ] C:\Windows\System32\cmd.exe
23:46:29.0448 3388 C:\Windows\System32\cmd.exe - ok
23:46:29.0448 3388 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\$E-MONEY-BAG$\AppData\Local\Temp\EF3FE4A2-F548-4E58-B7AD-7DEC6B9B76CF.exe
23:46:29.0448 3388 C:\Users\$E-MONEY-BAG$\AppData\Local\Temp\EF3FE4A2-F548-4E58-B7AD-7DEC6B9B76CF.exe - ok
23:46:29.0464 3388 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
23:46:29.0464 3388 C:\Windows\System32\ie4uinit.exe - ok
23:46:29.0464 3388 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
23:46:29.0464 3388 C:\Windows\System32\iedkcs32.dll - ok
23:46:29.0479 3388 [ 4B19A9A4191353007E9819A832B81186 ] C:\Windows\System32\timedate.cpl
23:46:29.0479 3388 C:\Windows\System32\timedate.cpl - ok
23:46:29.0479 3388 [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\Windows\System32\actxprxy.dll
23:46:29.0479 3388 C:\Windows\System32\actxprxy.dll - ok
23:46:29.0495 3388 [ FF41E1AC301F51E16F61AD7C0F45467C ] C:\Windows\System32\msshsq.dll
23:46:29.0495 3388 C:\Windows\System32\msshsq.dll - ok
23:46:29.0495 3388 [ 1CE4A2790EB4A96F4ED1E4264866AFE6 ] C:\Windows\System32\NaturalLanguage6.dll
23:46:29.0495 3388 C:\Windows\System32\NaturalLanguage6.dll - ok
23:46:29.0511 3388 [ AA111488C03C58A2BF66509ABB4FDE60 ] C:\Windows\System32\NlsData0009.dll
23:46:29.0511 3388 C:\Windows\System32\NlsData0009.dll - ok
23:46:29.0526 3388 [ 8629B71343F61E1140243581C63BC0C7 ] C:\Windows\System32\NlsLexicons0009.dll
23:46:29.0526 3388 C:\Windows\System32\NlsLexicons0009.dll - ok
23:46:29.0526 3388 [ 24F90AEFEBE601D427CB4511E74CDCB6 ] C:\Windows\System32\linkinfo.dll
23:46:29.0526 3388 C:\Windows\System32\linkinfo.dll - ok
23:46:29.0542 3388 [ 5016B8FC59AD616F03813FBE63295081 ] C:\Windows\System32\thumbcache.dll
23:46:29.0542 3388 C:\Windows\System32\thumbcache.dll - ok
23:46:29.0542 3388 [ BA55597B5B444990C0BF2E22DD341C48 ] C:\Program Files\DellTPad\Apoint.exe
23:46:29.0542 3388 C:\Program Files\DellTPad\Apoint.exe - ok
23:46:29.0557 3388 [ F70A63E713110C6668783DB2CAE94AE8 ] C:\Windows\System32\igfxtray.exe
23:46:29.0557 3388 C:\Windows\System32\igfxtray.exe - ok
23:46:29.0557 3388 [ 04044BF8E6989BE45FA718C24407CA28 ] C:\Windows\System32\networkexplorer.dll
23:46:29.0557 3388 C:\Windows\System32\networkexplorer.dll - ok
23:46:29.0557 3388 [ 99B4071862E7BEF7DD4896A3B6E3477B ] C:\Windows\System32\hkcmd.exe
23:46:29.0557 3388 C:\Windows\System32\hkcmd.exe - ok
23:46:29.0573 3388 [ 83A3890B00A43D7504C92AB474B82092 ] C:\Windows\System32\igfxpers.exe
23:46:29.0573 3388 C:\Windows\System32\igfxpers.exe - ok
23:46:29.0573 3388 [ 61216539E55DDF2F78E421E7EF140650 ] C:\Windows\System32\ExplorerFrame.dll
23:46:29.0573 3388 C:\Windows\System32\ExplorerFrame.dll - ok
23:46:29.0589 3388 [ C419DF63E0121D72411285780C2FC6CC ] C:\Windows\Updreg.EXE
23:46:29.0589 3388 C:\Windows\Updreg.EXE - ok
23:46:29.0604 3388 [ 2327C11B043FCEB80BE00CC8D077E9AA ] C:\Windows\System32\dfrgui.exe
23:46:29.0604 3388 C:\Windows\System32\dfrgui.exe - ok
23:46:29.0604 3388 [ 86F047B6AE9C3C7ADE3140B657F00D5A ] C:\Windows\System32\hccutils.dll
23:46:29.0604 3388 C:\Windows\System32\hccutils.dll - ok
23:46:29.0604 3388 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\PROGRA~1\WI1F86~1\MESSEN~1\msgslang.dll
23:46:29.0604 3388 C:\PROGRA~1\WI1F86~1\MESSEN~1\msgslang.dll - ok
23:46:29.0620 3388 [ EE6F75859F882AAF96B4FA15C83DCC07 ] C:\Program Files\VideoLAN\VLC\vlc.exe
23:46:29.0620 3388 C:\Program Files\VideoLAN\VLC\vlc.exe - ok
23:46:29.0620 3388 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\$E-MONEY-BAG$\Desktop\tdsskiller.exe
23:46:29.0620 3388 C:\Users\$E-MONEY-BAG$\Desktop\tdsskiller.exe - ok
23:46:29.0635 3388 [ 22CC6CDBA678790046693654C3B212E4 ] C:\Program Files\Internet Explorer\iexplore.exe
23:46:29.0635 3388 C:\Program Files\Internet Explorer\iexplore.exe - ok
23:46:29.0635 3388 [ DE7F813217EC88C0A6D4D8F2F39D7949 ] C:\Windows\System32\msiltcfg.dll
23:46:29.0635 3388 C:\Windows\System32\msiltcfg.dll - ok
23:46:29.0651 3388 [ BADC359C9A0D9C217B7E8DA17BF3F5BB ] C:\Windows\System32\ntshrui.dll
23:46:29.0651 3388 C:\Windows\System32\ntshrui.dll - ok
23:46:29.0651 3388 [ 069385484EA57B663D688894C88975C5 ] C:\Windows\System32\wuapp.exe
23:46:29.0651 3388 C:\Windows\System32\wuapp.exe - ok
23:46:29.0667 3388 [ 285C594C4913FA9DC7BB6BA3AD6F101A ] C:\Windows\System32\wucltux.dll
23:46:29.0667 3388 C:\Windows\System32\wucltux.dll - ok
23:46:29.0667 3388 [ 2835FEAA282185CD4446164A4F9899C1 ] C:\Windows\System32\WLTRAY.EXE
23:46:29.0667 3388 C:\Windows\System32\WLTRAY.EXE - ok
23:46:29.0682 3388 [ 75E8A30FA3460F9596B0F4C9F8051C09 ] C:\Program Files\BitTorrent\bittorrent.exe
23:46:29.0682 3388 C:\Program Files\BitTorrent\bittorrent.exe - ok
23:46:29.0698 3388 [ 11BD448FD93F7B92D101CCC0C7473FD8 ] C:\Windows\Installer\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}\AppleSoftwareUpdateIco.exe
23:46:29.0698 3388 C:\Windows\Installer\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}\AppleSoftwareUpdateIco.exe - ok
23:46:29.0698 3388 [ 027E5E14C9CFF810377701BDEAD8210F ] C:\Windows\System32\control.exe
23:46:29.0698 3388 C:\Windows\System32\control.exe - ok
23:46:29.0713 3388 [ A5CBDC87E694154F90DBA134733E7E8B ] C:\Windows\System32\brcpl.dll
23:46:29.0713 3388 C:\Windows\System32\brcpl.dll - ok
23:46:29.0713 3388 [ C3ED032AF1C30F92546A698CC7173605 ] C:\Program Files\ESET\ESET Smart Security\egui.exe
23:46:29.0713 3388 C:\Program Files\ESET\ESET Smart Security\egui.exe - ok
23:46:29.0729 3388 [ 4BA0D50CADE8D0E9162663BC9D8EC575 ] C:\Windows\Installer\{83E3F4E4-CEA1-452B-9180-A40813CD111C}\egui.exe
23:46:29.0729 3388 C:\Windows\Installer\{83E3F4E4-CEA1-452B-9180-A40813CD111C}\egui.exe - ok
23:46:29.0729 3388 [ DEB6D244460AB3C103B848C5EB968D0D ] C:\Program Files\Free Window Registry Repair\Regpair.exe
23:46:29.0729 3388 C:\Program Files\Free Window Registry Repair\Regpair.exe - ok
23:46:29.0745 3388 [ 0D6340BE0D39C430BF08867EBB7EEBB5 ] C:\Program Files\Dell\MediaDirect\MDirect.exe
23:46:29.0745 3388 C:\Program Files\Dell\MediaDirect\MDirect.exe - ok
23:46:29.0745 3388 [ 7A326CFD159D0E9411A253FBF8150270 ] C:\Program Files\Dell\MediaDirect\PCMService.exe
23:46:29.0745 3388 C:\Program Files\Dell\MediaDirect\PCMService.exe - ok
23:46:29.0760 3388 [ 8728A91948AC0FE779BDF47BC551BAF5 ] C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
23:46:29.0760 3388 C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe - ok
23:46:29.0760 3388 [ 790222D6CCFC576F0D07D418E6115D85 ] C:\Program Files\Windows Calendar\WinCal.exe
23:46:29.0760 3388 C:\Program Files\Windows Calendar\WinCal.exe - ok
23:46:29.0776 3388 [ 06164026C38AA5366E4D127E2E36FDE8 ] C:\Program Files\Windows Mail\wab.exe
23:46:29.0776 3388 C:\Program Files\Windows Mail\wab.exe - ok
23:46:29.0776 3388 [ 0D392EDE3B97E0B3131B2F63EF1DB94E ] C:\Program Files\Windows Defender\MSASCui.exe
23:46:29.0776 3388 C:\Program Files\Windows Defender\MSASCui.exe - ok
23:46:29.0791 3388 [ 7E6EA9CB72B5DE84A5D700BED877E5F9 ] C:\Program Files\Windows Mail\WinMail.exe
23:46:29.0791 3388 C:\Program Files\Windows Mail\WinMail.exe - ok
23:46:29.0791 3388 [ F03FFC962E18F36A922E61F96BE09925 ] C:\Program Files\Digital Line Detect\DLG.exe
23:46:29.0791 3388 C:\Program Files\Digital Line Detect\DLG.exe - ok
23:46:29.0807 3388 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\65172745.sys
23:46:29.0807 3388 C:\Windows\System32\drivers\65172745.sys - ok
23:46:29.0807 3388 [ 2D821AFA5A1A9CA7F9F997A1AAD09E72 ] C:\Program Files\Windows Media Player\wmplayer.exe
23:46:29.0807 3388 C:\Program Files\Windows Media Player\wmplayer.exe - ok
23:46:29.0823 3388 [ F3870C2935A3B36117EAB30FE389461A ] C:\Windows\System32\igfxdev.dll
23:46:29.0823 3388 C:\Windows\System32\igfxdev.dll - ok
23:46:29.0823 3388 [ 3E6166D76669D0332C56F62DFC61B9E0 ] C:\Program Files\Dell\QuickSet\quickset.exe
23:46:29.0823 3388 C:\Program Files\Dell\QuickSet\quickset.exe - ok
23:46:29.0838 3388 [ 77BD0166102F3B9BB9499B2952C3BCFA ] C:\Program Files\Windows Live\Mail\wlmail.exe
23:46:29.0838 3388 C:\Program Files\Windows Live\Mail\wlmail.exe - ok
23:46:29.0838 3388 [ DAF60E13E96ECB67F0EDAA89C6B01B8D ] C:\Windows\System32\notepad.exe
23:46:29.0838 3388 C:\Windows\System32\notepad.exe - ok
23:46:29.0854 3388 [ 24B1666FD14CC71C7B0679AC61625B90 ] C:\Program Files\Windows Live\Messenger\msnmsgr.exe
23:46:29.0854 3388 C:\Program Files\Windows Live\Messenger\msnmsgr.exe - ok
23:46:29.0854 3388 [ 37AE019B337D4533FBB6831B8954E2EF ] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
23:46:29.0854 3388 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe - ok
23:46:29.0869 3388 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:46:29.0869 3388 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
23:46:29.0869 3388 [ F2B4A9D0D0E1FBF6CCA824EA0A76FFC0 ] C:\Program Files\Sigmatel\C-Major Audio\WDM\stlang.dll
23:46:29.0869 3388 C:\Program Files\Sigmatel\C-Major Audio\WDM\stlang.dll - ok
23:46:29.0885 3388 [ 1B593FBB763150BD225DF266C69A9329 ] C:\Windows\System32\mfc42u.dll
23:46:29.0885 3388 C:\Windows\System32\mfc42u.dll - ok
23:46:29.0885 3388 [ 862363973DCBCC31DD161EF41A69153C ] C:\Windows\System32\odbc32.dll
23:46:29.0885 3388 C:\Windows\System32\odbc32.dll - ok
23:46:29.0901 3388 [ 2DD6AF8E97F59C9D39329BBC2A81F13F ] C:\Windows\System32\rasdlg.dll
23:46:29.0901 3388 C:\Windows\System32\rasdlg.dll - ok
23:46:29.0901 3388 [ C1648084C395152FBFA1B333D92056BC ] C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
23:46:29.0901 3388 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
23:46:29.0916 3388 [ E14D7143DB2FCBD1E81847A868F74DE4 ] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaamon_ENU.dll
23:46:29.0916 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaamon_ENU.dll - ok
23:46:29.0916 3388 [ 63396CBB1365769D520E0FD89C2419F2 ] C:\Windows\System32\localspl.dll
23:46:29.0916 3388 C:\Windows\System32\localspl.dll - ok
23:46:29.0932 3388 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
23:46:29.0932 3388 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok
23:46:29.0947 3388 [ C2FB797884D9CC30AC0B5FB28146FE7A ] C:\Program Files\Windows Live\Messenger\uccapi.dll
23:46:29.0947 3388 C:\Program Files\Windows Live\Messenger\uccapi.dll - ok
23:46:29.0947 3388 [ 39D8EAA29CC2CC144E2B1214FA774F6A ] C:\Program Files\Windows Live\Messenger\vvpltfrm.dll
23:46:29.0947 3388 C:\Program Files\Windows Live\Messenger\vvpltfrm.dll - ok
23:46:29.0963 3388 [ BB0EB921877A1A7EF15AE2D97A71CBA9 ] C:\Windows\System32\tcpmon.dll
23:46:29.0963 3388 C:\Windows\System32\tcpmon.dll - ok
23:46:29.0963 3388 [ 8EB5E95365AC5796E0C8175267D50744 ] C:\Program Files\Windows Live\Messenger\shareanything.dll
23:46:29.0963 3388 C:\Program Files\Windows Live\Messenger\shareanything.dll - ok
23:46:29.0979 3388 [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\Windows\System32\snmpapi.dll
23:46:29.0979 3388 C:\Windows\System32\snmpapi.dll - ok
23:46:29.0979 3388 [ 1EDE113859276E4B0F19B80F39E2CC95 ] C:\Windows\System32\wsnmp32.dll
23:46:29.0979 3388 C:\Windows\System32\wsnmp32.dll - ok
23:46:29.0994 3388 [ 5091452DC719281CF1DD69367E13B494 ] C:\Windows\System32\tcpmib.dll
23:46:29.0994 3388 C:\Windows\System32\tcpmib.dll - ok
23:46:29.0994 3388 [ B4F5DE3DAD8E6B97272F45DB97674878 ] C:\Windows\System32\mgmtapi.dll
23:46:29.0994 3388 C:\Windows\System32\mgmtapi.dll - ok
23:46:30.0010 3388 [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55 ] C:\Windows\System32\SyncCenter.dll
23:46:30.0010 3388 C:\Windows\System32\SyncCenter.dll - ok
23:46:30.0010 3388 [ 0BF0BB276F17B6AD61A8694D2551EC28 ] C:\Windows\System32\usbmon.dll
23:46:30.0010 3388 C:\Windows\System32\usbmon.dll - ok
23:46:30.0025 3388 [ 0EB1CC5EBFCAAB7DBAEE881E2887F7F9 ] C:\Windows\System32\WSDMon.dll
23:46:30.0025 3388 C:\Windows\System32\WSDMon.dll - ok
23:46:30.0025 3388 [ 941486AB385556BF6A62342F8CA15BD8 ] C:\Windows\System32\accessibilitycpl.dll
23:46:30.0025 3388 C:\Windows\System32\accessibilitycpl.dll - ok
23:46:30.0041 3388 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\System32\riched20.dll
23:46:30.0041 3388 C:\Windows\System32\riched20.dll - ok
23:46:30.0041 3388 [ 9B89B3BB79EA1ACF041F40A7B6FC5827 ] C:\Windows\System32\mobsync.exe
23:46:30.0041 3388 C:\Windows\System32\mobsync.exe - ok
23:46:30.0057 3388 [ 3C6FA2F4D58611579B21798E0568F548 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
23:46:30.0057 3388 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
23:46:30.0057 3388 [ 0DAAF8032546D1B4543D7B101B53FD6C ] C:\Windows\System32\odbcint.dll
23:46:30.0057 3388 C:\Windows\System32\odbcint.dll - ok
23:46:30.0072 3388 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
23:46:30.0072 3388 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
23:46:30.0072 3388 [ C90B296C43EDD9DD1751AD3B590ACDE6 ] C:\Windows\System32\win32spl.dll
23:46:30.0072 3388 C:\Windows\System32\win32spl.dll - ok
23:46:30.0088 3388 [ 91BE30E46577861156595BBCF34F5E71 ] C:\Windows\System32\igfxsrvc.exe
23:46:30.0088 3388 C:\Windows\System32\igfxsrvc.exe - ok
23:46:30.0088 3388 [ 4BF053944E973C073339BE841C9ECF28 ] C:\Windows\System32\netrap.dll
23:46:30.0088 3388 C:\Windows\System32\netrap.dll - ok
23:46:30.0103 3388 [ E340845C8E96D107C36420065D7A5733 ] C:\Windows\System32\printcom.dll
23:46:30.0103 3388 C:\Windows\System32\printcom.dll - ok
23:46:30.0103 3388 [ B5950DF243837D8217F4E597919B224A ] C:\Windows\System32\stobject.dll
23:46:30.0103 3388 C:\Windows\System32\stobject.dll - ok
23:46:30.0119 3388 [ 2E8E30F3B318A9FDA5A2485723F4C2B3 ] C:\Windows\System32\inetpp.dll
23:46:30.0119 3388 C:\Windows\System32\inetpp.dll - ok
23:46:30.0135 3388 [ EC69B16644C613F41A57169F8D068F1D ] C:\Windows\System32\batmeter.dll
23:46:30.0135 3388 C:\Windows\System32\batmeter.dll - ok
23:46:30.0135 3388 [ 7599E425947A595448DA778B610923BC ] C:\Program Files\Windows Media Player\wmpsyncmgr.dll
23:46:30.0135 3388 C:\Program Files\Windows Media Player\wmpsyncmgr.dll - ok
23:46:30.0150 3388 [ 82E53EC685889AD8CFB3AD812A906489 ] C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe
23:46:30.0150 3388 C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe - ok
23:46:30.0150 3388 [ CB1135906D951B574F9F2498BE8F11F9 ] C:\Program Files\Digital Line Detect\BVRPDiag.dll
23:46:30.0150 3388 C:\Program Files\Digital Line Detect\BVRPDiag.dll - ok
23:46:30.0166 3388 [ E47C854A28A81F2939F42CBE9FEA994C ] C:\Windows\System32\Magnify.exe
23:46:30.0166 3388 C:\Windows\System32\Magnify.exe - ok
23:46:30.0166 3388 [ 56E315ACFB08A177B4D01E42B9044DB5 ] C:\Windows\System32\mprapi.dll
23:46:30.0166 3388 C:\Windows\System32\mprapi.dll - ok
23:46:30.0181 3388 [ 27BB54357A51594D9F9B6257B5B9A879 ] C:\Windows\System32\Narrator.exe
23:46:30.0181 3388 C:\Windows\System32\Narrator.exe - ok
23:46:30.0181 3388 [ FA2A3AFADC4FB47DBC234A4E57F92CDB ] C:\Windows\System32\ddraw.dll
23:46:30.0181 3388 C:\Windows\System32\ddraw.dll - ok
23:46:30.0197 3388 [ 877F2939794EBA4F3D1BB967007E99E8 ] C:\Windows\System32\osk.exe
23:46:30.0197 3388 C:\Windows\System32\osk.exe - ok
23:46:30.0197 3388 [ 9CB27AE21BF0553BF20F571DD9E2C3A0 ] C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
23:46:30.0197 3388 C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe - ok
23:46:30.0213 3388 [ C6C8DB2C5BE7665768DBE2D50EA13A65 ] C:\Windows\System32\igfxsrvc.dll
23:46:30.0213 3388 C:\Windows\System32\igfxsrvc.dll - ok
23:46:30.0213 3388 [ 27FBD91E2ED4D669294C81EEB71797E9 ] C:\Program Files\BitTorrent\uninst.exe
23:46:30.0213 3388 C:\Program Files\BitTorrent\uninst.exe - ok
23:46:30.0228 3388 [ D8510C2D48496B6C336E816FD67AA0F7 ] C:\Users\$E-MONEY-BAG$\AppData\Local\Google\Chrome\Application\chrome.exe
23:46:30.0228 3388 C:\Users\$E-MONEY-BAG$\AppData\Local\Google\Chrome\Application\chrome.exe - ok
23:46:30.0228 3388 [ 5F2E074D17B878461115B1005C817218 ] C:\Users\$E-MONEY-BAG$\AppData\Local\Google\Chrome\Application\23.0.1271.64\Installer\setup.exe
23:46:30.0228 3388 C:\Users\$E-MONEY-BAG$\AppData\Local\Google\Chrome\Application\23.0.1271.64\Installer\setup.exe - ok
23:46:30.0244 3388 [ 1F16F20318DBFD2E2ED54406A81A92FC ] C:\Program Files\DellTPad\Apoint.dll
23:46:30.0244 3388 C:\Program Files\DellTPad\Apoint.dll - ok
23:46:30.0244 3388 [ EF764E33878B3A4A9E5A2FB5D0D031D0 ] C:\Windows\System32\dciman32.dll
23:46:30.0244 3388 C:\Windows\System32\dciman32.dll - ok
23:46:30.0259 3388 [ D9963D39F6711E9A1C14C939C3A25605 ] C:\Windows\System32\mdmxsdk.dll
23:46:30.0259 3388 C:\Windows\System32\mdmxsdk.dll - ok
23:46:30.0259 3388 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Program Files\Dell\MediaDirect\MFC71.dll
23:46:30.0259 3388 C:\Program Files\Dell\MediaDirect\MFC71.dll - ok
23:46:30.0275 3388 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Dell\MediaDirect\msvcr71.dll
23:46:30.0275 3388 C:\Program Files\Dell\MediaDirect\msvcr71.dll - ok
23:46:30.0275 3388 [ E520C4B1D7B50B0585FDB7D24BF872FF ] C:\Windows\System32\Vxdif.dll
23:46:30.0275 3388 C:\Windows\System32\Vxdif.dll - ok
23:46:30.0291 3388 [ 52BC119E49F88F2A5D1466230B1275C7 ] C:\Program Files\Windows Collaboration\WinCollab.exe
23:46:30.0291 3388 C:\Program Files\Windows Collaboration\WinCollab.exe - ok
23:46:30.0291 3388 [ 2DFEF88E99D9ADE243D39AF4C8296103 ] C:\Program Files\ESET\ESET Smart Security\eguiHips.dll
23:46:30.0291 3388 C:\Program Files\ESET\ESET Smart Security\eguiHips.dll - ok
23:46:30.0306 3388 [ 4895E1BDA720F634ABDA31BBEC90DEAE ] C:\Program Files\DellTPad\EzAuto.dll
23:46:30.0306 3388 C:\Program Files\DellTPad\EzAuto.dll - ok
23:46:30.0306 3388 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Dell\MediaDirect\msvcp71.dll
23:46:30.0306 3388 C:\Program Files\Dell\MediaDirect\msvcp71.dll - ok
23:46:30.0322 3388 [ C4AB08459CD7B59B410ACFC04D90E87B ] C:\Program Files\Movie Maker\MOVIEMK.exe
23:46:30.0322 3388 C:\Program Files\Movie Maker\MOVIEMK.exe - ok
23:46:30.0322 3388 [ 5EE6B7D2A1DE24291F82AF1941B89F60 ] C:\Program Files\ESET\ESET Smart Security\eguiScan.dll
23:46:30.0322 3388 C:\Program Files\ESET\ESET Smart Security\eguiScan.dll - ok
23:46:30.0337 3388 [ C03AC1FBCD625F93D2C245D97E06F270 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
23:46:30.0337 3388 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
23:46:30.0337 3388 [ A999F363006B3C7E5600D46F339ABE3E ] C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll
23:46:30.0337 3388 C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll - ok
23:46:30.0353 3388 [ 30F02D9C55053367E26A11482F51E255 ] C:\Windows\System32\SndVolSSO.dll
23:46:30.0353 3388 C:\Windows\System32\SndVolSSO.dll - ok
23:46:30.0353 3388 [ 851BB38EC698C790E0EB5FD944274A61 ] C:\Program Files\WinZip\WINZIP32.EXE
23:46:30.0353 3388 C:\Program Files\WinZip\WINZIP32.EXE - ok
23:46:30.0369 3388 [ 67E1E562BC092A2C0ED0E22F3942B34C ] C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll
23:46:30.0369 3388 C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll - ok
23:46:30.0369 3388 [ 6DA0496A2B907A7003991A2C16583362 ] C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll
23:46:30.0369 3388 C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll - ok
23:46:30.0384 3388 [ 26A6C58455788274184F7F4ED838CFC6 ] C:\Program Files\Mega Codec Pack\Uninstall.exe
23:46:30.0384 3388 C:\Program Files\Mega Codec Pack\Uninstall.exe - ok
23:46:30.0384 3388 [ 5ECE80046AAD02542CF4ED05A6B87688 ] C:\Program Files\WinZip\WZ32.DLL
23:46:30.0384 3388 C:\Program Files\WinZip\WZ32.DLL - ok
23:46:30.0400 3388 [ 80BD4B26E2CBC0D65445D0463DFF6FC2 ] C:\Windows\System32\oledlg.dll
23:46:30.0400 3388 C:\Windows\System32\oledlg.dll - ok
23:46:30.0400 3388 [ 42370C1DE2B83844B253478DB8A907D5 ] C:\Program Files\DellTPad\ApMsgFwd.exe
23:46:30.0400 3388 C:\Program Files\DellTPad\ApMsgFwd.exe - ok
23:46:30.0415 3388 [ F101C848A95FDC6474A66A9D395EAAEB ] C:\Program Files\Common Files\System\wab32.dll
23:46:30.0415 3388 C:\Program Files\Common Files\System\wab32.dll - ok
23:46:30.0415 3388 [ 4B555106290BD117334E9A08761C035A ] C:\Windows\System32\rundll32.exe
23:46:30.0415 3388 C:\Windows\System32\rundll32.exe - ok
23:46:30.0431 3388 [ 571924DA473F79AA51289022C196D5A6 ] C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll
23:46:30.0431 3388 C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll - ok
23:46:30.0431 3388 [ 1FDB299F78530F00AEE38F9400602007 ] C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}\IconCD95F66110.exe
23:46:30.0431 3388 C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}\IconCD95F66110.exe - ok
23:46:30.0447 3388 [ 4B6C4C73B5AE5BF0A190E92E450DB793 ] C:\Program Files\Mega Codec Pack\Filters\FFDShow\ffdshow.ax
23:46:30.0447 3388 C:\Program Files\Mega Codec Pack\Filters\FFDShow\ffdshow.ax - ok
23:46:30.0462 3388 [ E44C7D6F8D665DA2D9385E5E15EDEEF7 ] C:\Windows\System32\consent.exe
23:46:30.0462 3388 C:\Windows\System32\consent.exe - ok
23:46:30.0462 3388 [ 498961DEAAC558A5D85F7596CBCA6DC3 ] C:\Windows\System32\cryptdlg.dll
23:46:30.0462 3388 C:\Windows\System32\cryptdlg.dll - ok
23:46:30.0478 3388 [ F70F3D6E667ABA2287D28296F55D3E47 ] C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll
23:46:30.0478 3388 C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll - ok
23:46:30.0478 3388 [ 86EBF2017FA2641E1529F4AE52F29942 ] C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll
23:46:30.0478 3388 C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll - ok
23:46:30.0493 3388 [ 214460565D2AC0BC124D14B785ADAE06 ] C:\Windows\System32\msoert2.dll
23:46:30.0493 3388 C:\Windows\System32\msoert2.dll - ok
23:46:30.0493 3388 [ 3A72AB0BAF2DC1AE0BA6E1EE28FFCC0B ] C:\Windows\System32\msftedit.dll
23:46:30.0493 3388 C:\Windows\System32\msftedit.dll - ok
23:46:30.0509 3388 [ F9D85FFE9198DE79004353A3FF8A120F ] C:\Program Files\Mega Codec Pack\Filters\Haali\splitter.ax
23:46:30.0509 3388 C:\Program Files\Mega Codec Pack\Filters\Haali\splitter.ax - ok
23:46:30.0509 3388 [ 6C149F7B1D79224C87D2D0F87C533B37 ] C:\Program Files\Common Files\System\wab32res.dll
23:46:30.0509 3388 C:\Program Files\Common Files\System\wab32res.dll - ok
23:46:30.0525 3388 [ E98E402067978DB38282158F9E8609CA ] C:\Windows\System32\netshell.dll
23:46:30.0525 3388 C:\Windows\System32\netshell.dll - ok
23:46:30.0525 3388 [ 066B1558B0286677D4CCE0A20F01F0FE ] C:\Program Files\Dell\MediaDirect\Kernel\common\CLRCEngine3.dll
23:46:30.0525 3388 C:\Program Files\Dell\MediaDirect\Kernel\common\CLRCEngine3.dll - ok
23:46:30.0540 3388 [ 75AD59B9B12EB194486BE8D97B062994 ] C:\Windows\System32\pnidui.dll
23:46:30.0540 3388 C:\Windows\System32\pnidui.dll - ok
23:46:30.0540 3388 [ EAFD199679FF274CF5B7D1212FFB7CFE ] C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll
23:46:30.0540 3388 C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll - ok
23:46:30.0556 3388 [ 4E811BCA911112B42C1218CD198245DE ] C:\Program Files\Mega Codec Pack\Filters\vsfilter.dll
23:46:30.0556 3388 C:\Program Files\Mega Codec Pack\Filters\vsfilter.dll - ok
23:46:30.0556 3388 [ 9B95A0B760C3F9DDDC0C51A910DE1D4B ] C:\Program Files\ESET\ESET Smart Security\eguiParental.dll
23:46:30.0556 3388 C:\Program Files\ESET\ESET Smart Security\eguiParental.dll - ok
23:46:30.0571 3388 [ CDCEAA1B50BDAE2A974DBEE09A64B834 ] C:\Program Files\Winamp Detect\UninstWaDetect.exe
23:46:30.0571 3388 C:\Program Files\Winamp Detect\UninstWaDetect.exe - ok
23:46:30.0571 3388 [ 1191D84C20F70BB4D84AE689E3E57F07 ] C:\Program Files\WinRAR\WinRAR.exe
23:46:30.0571 3388 C:\Program Files\WinRAR\WinRAR.exe - ok
23:46:30.0587 3388 [ AB530FDD34C67B497A20171D1234CFE9 ] C:\Windows\System32\riched32.dll
23:46:30.0587 3388 C:\Windows\System32\riched32.dll - ok
23:46:30.0587 3388 [ 7EA4D54AAF5C0CE7865C494811515826 ] C:\Windows\System32\verifier.dll
23:46:30.0587 3388 C:\Windows\System32\verifier.dll - ok
23:46:30.0603 3388 [ 08904F860B94F29FCF200B623D93389E ] C:\Windows\System32\igfxres.dll
23:46:30.0603 3388 C:\Windows\System32\igfxres.dll - ok
23:46:30.0603 3388 [ 1ED2124313CCE34C877247574212EFC8 ] C:\Windows\System32\calc.exe
23:46:30.0603 3388 C:\Windows\System32\calc.exe - ok
23:46:30.0618 3388 [ 338104E0E18307CD65604FE317B5FB8D ] C:\Windows\System32\mblctr.exe
23:46:30.0618 3388 C:\Windows\System32\mblctr.exe - ok
23:46:30.0618 3388 [ 8D78BE3690DB07A2FD03D2A6B61E3DCD ] C:\Program Files\DellTPad\ApntEx.exe
23:46:30.0618 3388 C:\Program Files\DellTPad\ApntEx.exe - ok
23:46:30.0634 3388 [ 4A839160ED1963F9A1526DDA2D1233B2 ] C:\Windows\System32\AltTab.dll
23:46:30.0634 3388 C:\Windows\System32\AltTab.dll - ok
23:46:30.0634 3388 [ 694AF8B27C9A0A99399E02CE977F986B ] C:\Windows\System32\mspaint.exe
23:46:30.0634 3388 C:\Windows\System32\mspaint.exe - ok
23:46:30.0649 3388 [ C574C551637734B13278898FE2D12D15 ] C:\Program Files\DellTPad\hidfind.exe
23:46:30.0649 3388 C:\Program Files\DellTPad\hidfind.exe - ok
23:46:30.0649 3388 [ 6B5C53E0932C510606D700B7A896EF73 ] C:\Windows\System32\WPDShServiceObj.dll
23:46:30.0649 3388 C:\Windows\System32\WPDShServiceObj.dll - ok
23:46:30.0665 3388 [ 883D02AB5D350BC45E0F60E8CFA97FDC ] C:\Windows\System32\PortableDeviceTypes.dll
23:46:30.0665 3388 C:\Windows\System32\PortableDeviceTypes.dll - ok
23:46:30.0665 3388 [ 16FEE292E95EDC274385103E6B498019 ] C:\Windows\System32\mstsc.exe
23:46:30.0665 3388 C:\Windows\System32\mstsc.exe - ok
23:46:30.0681 3388 [ 9E35FF7F943AE0FB89192BFE058B7FD4 ] C:\Program Files\Windows Sidebar\sidebar.exe
23:46:30.0681 3388 C:\Program Files\Windows Sidebar\sidebar.exe - ok
23:46:30.0681 3388 [ 9495FCC01D7AB7B60E5B8BA7AEFE9E3D ] C:\Windows\System32\wbem\WmiPrvSE.exe
23:46:30.0681 3388 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
23:46:30.0696 3388 [ 744F08CF9ACFFB1C715191D04DEEE907 ] C:\Windows\System32\srchadmin.dll
23:46:30.0696 3388 C:\Windows\System32\srchadmin.dll - ok
23:46:30.0696 3388 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
23:46:30.0696 3388 C:\Windows\System32\webcheck.dll - ok
23:46:30.0712 3388 [ 3EB6D30D82F0E300FCFBAD0498F654FD ] C:\Windows\System32\mlang.dll
23:46:30.0712 3388 C:\Windows\System32\mlang.dll - ok
23:46:30.0712 3388 [ 248F33A6C2380757BC1E20E34D9E827B ] C:\Windows\System32\SoundRecorder.exe
23:46:30.0712 3388 C:\Windows\System32\SoundRecorder.exe - ok
23:46:30.0727 3388 [ 7ADD03E75BEB9E6DD102C3081D29840A ] C:\Windows\System32\drivers\cdfs.sys
23:46:30.0727 3388 C:\Windows\System32\drivers\cdfs.sys - ok
23:46:30.0727 3388 [ 9B0726A03B790E5B82BED44D24009BEF ] C:\Windows\System32\imapi2.dll
23:46:30.0727 3388 C:\Windows\System32\imapi2.dll - ok
23:46:30.0743 3388 [ 16FC5B430123238E522B18E63C257AF8 ] C:\Windows\System32\oobefldr.dll
23:46:30.0743 3388 C:\Windows\System32\oobefldr.dll - ok
23:46:30.0743 3388 [ 10DE220BDFE330073762F89974DB8403 ] C:\Windows\System32\wbem\wmiprov.dll
23:46:30.0743 3388 C:\Windows\System32\wbem\wmiprov.dll - ok
23:46:30.0759 3388 [ 87CDFFCBD09C1CA03A068343D5D93250 ] C:\Windows\System32\wmi.dll
23:46:30.0759 3388 C:\Windows\System32\wmi.dll - ok
23:46:30.0759 3388 [ C0ABD66F31C0B84CD944802E6D3D02C2 ] C:\Windows\System32\bthprops.cpl
23:46:30.0759 3388 C:\Windows\System32\bthprops.cpl - ok
23:46:30.0774 3388 [ 19D0FC69D4E68D5CE2E4B34940529727 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
23:46:30.0774 3388 C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
23:46:30.0774 3388 [ 105A4D87C8DCF2CF5DB042830B203E5F ] C:\Windows\Speech\Common\sapisvr.exe
23:46:30.0774 3388 C:\Windows\Speech\Common\sapisvr.exe - ok
23:46:30.0790 3388 [ 9AD8AEAAB3EB89277AF1DDF31B14F90F ] C:\Windows\System32\Speech\SpeechUX\sapi.cpl
23:46:30.0790 3388 C:\Windows\System32\Speech\SpeechUX\sapi.cpl - ok
23:46:30.0790 3388 [ A623666C8A8EC9A57DCA07915A3F1EC6 ] C:\Windows\System32\sdclt.exe
23:46:30.0790 3388 C:\Windows\System32\sdclt.exe - ok
23:46:30.0805 3388 [ BB4910DE8B6C5E30DF39EC97308D44BA ] C:\Windows\System32\charmap.exe
23:46:30.0805 3388 C:\Windows\System32\charmap.exe - ok
23:46:30.0805 3388 [ 86AB3F6C784197DC1D994A83AF4259CD ] C:\Windows\System32\cleanmgr.exe
23:46:30.0805 3388 C:\Windows\System32\cleanmgr.exe - ok
23:46:30.0821 3388 [ FBF628702A408977FEB0845D48F4F154 ] C:\Windows\System32\migwiz\migwiz.exe
23:46:30.0821 3388 C:\Windows\System32\migwiz\migwiz.exe - ok
23:46:30.0821 3388 [ D3D1CE8FF30786D50272DA3085149904 ] C:\Windows\System32\msinfo32.exe
23:46:30.0821 3388 C:\Windows\System32\msinfo32.exe - ok
23:46:30.0837 3388 [ 95D5AC5CCBE10E8B4B8A0DF41022568D ] C:\Windows\System32\rstrui.exe
23:46:30.0837 3388 C:\Windows\System32\rstrui.exe - ok
23:46:30.0837 3388 [ B13A8D6F708AA2034A9DE0979F81D890 ] C:\Windows\System32\miguiresource.dll
23:46:30.0837 3388 C:\Windows\System32\miguiresource.dll - ok
23:46:30.0852 3388 [ 36B6F71B6D7D280302B348145DB05A9F ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
23:46:30.0852 3388 C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe - ok
23:46:30.0852 3388 [ DF4217DDB34A0B73DC7AAC7829371C0C ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
23:46:30.0852 3388 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - ok
23:46:30.0868 3388 [ 4CAAD229A00C0DEFFF51841AE2B93B46 ] C:\Windows\System32\WindowsPowerShell\v1.0\pwrshmsg.dll
23:46:30.0868 3388 C:\Windows\System32\WindowsPowerShell\v1.0\pwrshmsg.dll - ok
23:46:30.0868 3388 [ 2CB350B72FEA6FB5A010099A4444B636 ] C:\Windows\System32\mycomput.dll
23:46:30.0868 3388 C:\Windows\System32\mycomput.dll - ok
23:46:30.0883 3388 [ 1C474C0C4CB5F15A555FE912CBF4549C ] C:\Windows\System32\odbcad32.exe
23:46:30.0883 3388 C:\Windows\System32\odbcad32.exe - ok
23:46:30.0883 3388 [ 1CB1B95D67BC380FBCCFAEA3CF2DDA80 ] C:\Windows\System32\iscsicpl.exe
23:46:30.0883 3388 C:\Windows\System32\iscsicpl.exe - ok
23:46:30.0899 3388 [ F84D0B1B90404D0A27E86F159FBDAC81 ] C:\Windows\System32\iscsicpl.dll
23:46:30.0899 3388 C:\Windows\System32\iscsicpl.dll - ok
23:46:30.0899 3388 [ 8D865A3E7E2C78317EDE4EAE8316284F ] C:\Windows\System32\MdSched.exe
23:46:30.0899 3388 C:\Windows\System32\MdSched.exe - ok
23:46:30.0915 3388 [ 1959E5AAEE0D988C10F19CEC7DFF2242 ] C:\Windows\System32\wdc.dll
23:46:30.0915 3388 C:\Windows\System32\wdc.dll - ok
23:46:30.0915 3388 [ 90438B514A5AC6A23602484A907E20A7 ] C:\Windows\System32\filemgmt.dll
23:46:30.0915 3388 C:\Windows\System32\filemgmt.dll - ok
23:46:30.0930 3388 [ 7629E9BB2FF06EACA62580A2C1D4FE6A ] C:\Windows\System32\msconfig.exe
23:46:30.0930 3388 C:\Windows\System32\msconfig.exe - ok
23:46:30.0930 3388 [ 0ADED25D371AE14665CE514E413988E7 ] C:\Windows\System32\AuthFWGP.dll
23:46:30.0930 3388 C:\Windows\System32\AuthFWGP.dll - ok
23:46:30.0946 3388 [ F382A9980E336B39A7905D22EA49513B ] C:\Program Files\Creative\SBAudigy\Audio Center\AudCtr.exe
23:46:30.0946 3388 C:\Program Files\Creative\SBAudigy\Audio Center\AudCtr.exe - ok
23:46:30.0946 3388 [ CDA2001978A4C967C41A1C7CF79E1815 ] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
23:46:30.0946 3388 C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe - ok
23:46:30.0961 3388 [ 0A4B39851DFF7A2D6A6116F5C88EFBE7 ] C:\Program Files\Creative\SBAudigy\WaveStudio 7\CTWave.exe
23:46:30.0961 3388 C:\Program Files\Creative\SBAudigy\WaveStudio 7\CTWave.exe - ok
23:46:30.0977 3388 [ 32F35EA9D6273ECB6E0CB3EEE9665AAB ] C:\Program Files\Dell\Dell Welcome\welcome.exe
23:46:30.0977 3388 C:\Program Files\Dell\Dell Welcome\welcome.exe - ok
23:46:30.0977 3388 [ 8E122EC62E79C1CD09086BB628138880 ] C:\Program Files\Dell\QuickSet\dadkeyb.dll
23:46:30.0977 3388 C:\Program Files\Dell\QuickSet\dadkeyb.dll - ok
23:46:30.0993 3388 [ A9E853143783526DA70F62633EE2EC8C ] C:\Windows\Installer\{4B6AD248-D3BF-426A-8D64-847288154F13}\NewShortcut1_53A01CC614B04512A2E710D39BF83DC4.exe
23:46:30.0993 3388 C:\Windows\Installer\{4B6AD248-D3BF-426A-8D64-847288154F13}\NewShortcut1_53A01CC614B04512A2E710D39BF83DC4.exe - ok
23:46:30.0993 3388 [ F0963D45DB8935843EF96A2FCEC03DCF ] C:\Windows\Installer\{4B6AD248-D3BF-426A-8D64-847288154F13}\NewShortcut4_7F0C44578E64491B8D7B991504365D1E.exe
23:46:30.0993 3388 C:\Windows\Installer\{4B6AD248-D3BF-426A-8D64-847288154F13}\NewShortcut4_7F0C44578E64491B8D7B991504365D1E.exe - ok
23:46:31.0008 3388 [ F57CE366B75DEFC3A084BEB541FD5DD4 ] C:\Windows\System32\BCMWLCPL.CPL
23:46:31.0008 3388 C:\Windows\System32\BCMWLCPL.CPL - ok
23:46:31.0008 3388 [ 6229806A4ED1B1FF7437BC386F5EF11D ] C:\Program Files\ESET\ESET Smart Security\SysInspector.exe
23:46:31.0008 3388 C:\Program Files\ESET\ESET Smart Security\SysInspector.exe - ok
23:46:31.0024 3388 [ C8AE490A93C3CC2E537B6E06247785A1 ] C:\Windows\System32\wbem\NCProv.dll
23:46:31.0024 3388 C:\Windows\System32\wbem\NCProv.dll - ok
23:46:31.0024 3388 [ 19DB575CCA04A53863C2F3B826A832A0 ] C:\Program Files\ESET\ESET Smart Security\SysRescue.exe
23:46:31.0024 3388 C:\Program Files\ESET\ESET Smart Security\SysRescue.exe - ok
23:46:31.0039 3388 [ E3F535656B5ABF249702EB64F3CF9AF0 ] C:\Windows\System32\wbem\wbemcons.dll
23:46:31.0039 3388 C:\Windows\System32\wbem\wbemcons.dll - ok
23:46:31.0039 3388 [ AD6BEFA4583FE69B8C54E43465941506 ] C:\Program Files\ESET\ESET Smart Security\callmsi.exe
23:46:31.0039 3388 C:\Program Files\ESET\ESET Smart Security\callmsi.exe - ok
23:46:31.0055 3388 [ 626F198768F67A0FEB3AD909E638F551 ] C:\Windows\System32\WindowsAnytimeUpgrade.exe
23:46:31.0055 3388 C:\Windows\System32\WindowsAnytimeUpgrade.exe - ok
23:46:31.0055 3388 [ F87ADBE3B7BF98C8DB90DC9AA601E890 ] C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
23:46:31.0055 3388 C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll - ok
23:46:31.0071 3388 [ 443E13846997C537E8F5ED61130AB705 ] C:\Program Files\Free Window Registry Repair\UNWISE.EXE
23:46:31.0071 3388 C:\Program Files\Free Window Registry Repair\UNWISE.EXE - ok
23:46:31.0071 3388 [ 21AD332BE723EFE40D9F32AD97BA8376 ] C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
23:46:31.0071 3388 C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe - ok
23:46:31.0086 3388 [ 9A75518600FBA10980EE94267CA98489 ] C:\Windows\System32\gameux.dll
23:46:31.0086 3388 C:\Windows\System32\gameux.dll - ok
23:46:31.0086 3388 [ 6ED28075D6D9E0C0464048A30432A142 ] C:\Program Files\Microsoft Games\Hearts\Hearts.exe
23:46:31.0086 3388 C:\Program Files\Microsoft Games\Hearts\Hearts.exe - ok
23:46:31.0102 3388 [ C8C383E6AA546780B2AD3034D6F6ACEF ] C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
23:46:31.0102 3388 C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe - ok
23:46:31.0102 3388 [ 254AC97C9AF4DDF3F5F57855198527B7 ] C:\Windows\System32\wermgr.exe
23:46:31.0102 3388 C:\Windows\System32\wermgr.exe - ok
23:46:31.0117 3388 [ 3F903BDD206EB3C688651048B5E304E1 ] C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
23:46:31.0117 3388 C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe - ok
23:46:31.0133 3388 [ 23C8B66417E69CBBB3C15754CCE7FF81 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
23:46:31.0133 3388 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
23:46:31.0133 3388 [ 07302F014858D038CB93CC349505D0E6 ] C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
23:46:31.0133 3388 C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - ok
23:46:31.0149 3388 [ 401A203AB058DEC44BD44AA81BF2CB64 ] C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
23:46:31.0149 3388 C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe - ok
23:46:31.0149 3388 [ 7DED2A55EF28D06F0B66D31D83E7EE81 ] C:\Program Files\Intel\Intel Matrix Storage Manager\Shell.exe
23:46:31.0149 3388 C:\Program Files\Intel\Intel Matrix Storage Manager\Shell.exe - ok
23:46:31.0149 3388 [ 273AECFED9DF40C0765539F48D5FB5A6 ] C:\Windows\System32\Imsmudlg.exe
23:46:31.0149 3388 C:\Windows\System32\Imsmudlg.exe - ok
23:46:31.0164 3388 [ 79D79477D63DB131A0FB06AB9DB3E327 ] C:\Windows\Installer\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}\iPCUIco.exe
23:46:31.0164 3388 C:\Windows\Installer\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}\iPCUIco.exe - ok
23:46:31.0180 3388 [ 339E159B0956BA01B6662BB8546BDE95 ] C:\Windows\System32\url.dll
23:46:31.0180 3388 C:\Windows\System32\url.dll - ok
23:46:31.0180 3388 [ E06CB59F4BA52424410DB3C45231F0D4 ] C:\Program Files\iPod To Computer Transfer\iPodToComputer.exe
23:46:31.0180 3388 C:\Program Files\iPod To Computer Transfer\iPodToComputer.exe - ok
23:46:31.0195 3388 [ 29FD0CAC68AD8B20DEB76E9EB792E878 ] C:\Program Files\iPod To Computer Transfer\unins000.exe
23:46:31.0195 3388 C:\Program Files\iPod To Computer Transfer\unins000.exe - ok
23:46:31.0195 3388 [ 3192ED5E2FFDF5B630541B9643AE1AA3 ] C:\Windows\System32\upnp.dll
23:46:31.0195 3388 C:\Windows\System32\upnp.dll - ok
23:46:31.0211 3388 [ FE0C21131667A5860CBE56C1D0D00C66 ] C:\Program Files\iTunes\iTunes.exe
23:46:31.0211 3388 C:\Program Files\iTunes\iTunes.exe - ok
23:46:31.0211 3388 [ F2EAA9C72F228E19D37D0B57C179E545 ] C:\Windows\Installer\{0F6F6876-6334-4977-B5DD-CFC12E193420}\iTunesIco.exe
23:46:31.0211 3388 C:\Windows\Installer\{0F6F6876-6334-4977-B5DD-CFC12E193420}\iTunesIco.exe - ok
23:46:31.0227 3388 [ 0BE3B0E7F4E54A29BFF6E85F8AEFCFC3 ] C:\Program Files\ScreenSaverGift\Lighting Storm\Lighting Storm\Lighting Storm.scr
23:46:31.0227 3388 C:\Program Files\ScreenSaverGift\Lighting Storm\Lighting Storm\Lighting Storm.scr - ok
23:46:31.0227 3388 [ AE1FC7E4C16281F1FB5E4FE0270DC682 ] C:\Program Files\ScreenSaverGift\Lighting Storm\Lighting Storm\Uninstall Lighting Storm.exe
23:46:31.0227 3388 C:\Program Files\ScreenSaverGift\Lighting Storm\Lighting Storm\Uninstall Lighting Storm.exe - ok
23:46:31.0242 3388 [ BF899F57858B8C6F162D9EEB2370641C ] C:\Windows\System32\wercon.exe
23:46:31.0242 3388 C:\Windows\System32\wercon.exe - ok
23:46:31.0242 3388 [ 3141224EEBA075BC085175E60CD14782 ] C:\Windows\System32\msra.exe
23:46:31.0242 3388 C:\Windows\System32\msra.exe - ok
23:46:31.0258 3388 [ FACE86ABDF4CE94989A9DA4849498EC7 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
23:46:31.0258 3388 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe - ok
23:46:31.0258 3388 [ 41B7F0A4EBF804D9D512637A06D96D34 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
23:46:31.0258 3388 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll - ok
23:46:31.0273 3388 [ 3A72D62137659AD7BDEECBB49DD85684 ] C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
23:46:31.0273 3388 C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe - ok
23:46:31.0273 3388 [ 222EDB9234167E6793D488E1CD0E2CA1 ] C:\Program Files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
23:46:31.0273 3388 C:\Program Files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe - ok
23:46:31.0289 3388 [ 051023B22D675856D49360356293A939 ] C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIconDll
23:46:31.0289 3388 C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIconDll - ok
23:46:31.0305 3388 [ F4BCC0C5F6E88F9C9A18DBCE748963B1 ] C:\Program Files\NetWaiting\NetWaiting.exe
23:46:31.0305 3388 C:\Program Files\NetWaiting\NetWaiting.exe - ok
23:46:31.0305 3388 [ C559672F31ABE6BA7277DD73C4502238 ] C:\Windows\System32\msiexec.exe
23:46:31.0305 3388 C:\Windows\System32\msiexec.exe - ok
23:46:31.0320 3388 [ F0B7FF56245A73D8399E4497576FC3FC ] C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
23:46:31.0320 3388 C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe - ok
23:46:31.0320 3388 [ 5B906DEEBF4C1FF099B079355DCD29A0 ] C:\Windows\Installer\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}\RoxioCentral.exe
23:46:31.0320 3388 C:\Windows\Installer\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}\RoxioCentral.exe - ok
23:46:31.0336 3388 [ 638C2A26B5B5C62CAC22D050023A9E97 ] C:\Program Files\Safer Networking\RunAlyzer\RunAlyzer.exe
23:46:31.0336 3388 C:\Program Files\Safer Networking\RunAlyzer\RunAlyzer.exe - ok
23:46:31.0336 3388 [ A9E853143783526DA70F62633EE2EC8C ] C:\Windows\Installer\{4B6AD248-D3BF-426A-8D64-847288154F13}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
23:46:31.0336 3388 C:\Windows\Installer\{4B6AD248-D3BF-426A-8D64-847288154F13}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe - ok
23:46:31.0351 3388 [ 5DF19A45F9BCB2F3C7C14BCA2E931A39 ] C:\Program Files\Windows Live\Mesh\WLSync.exe
23:46:31.0351 3388 C:\Program Files\Windows Live\Mesh\WLSync.exe - ok
23:46:31.0351 3388 [ 6EE227818F6A756126275905CA8C1B70 ] C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe
23:46:31.0351 3388 C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe - ok
23:46:31.0367 3388 [ 898ABECCD5F0B9A8E8F1318DDB234685 ] C:\Windows\System32\dot3api.dll
23:46:31.0367 3388 C:\Windows\System32\dot3api.dll - ok
23:46:31.0367 3388 [ 8D544AC1B7AA7FB9DFF0C3E7DA6AD295 ] C:\Windows\System32\wlanhlp.dll
23:46:31.0367 3388 C:\Windows\System32\wlanhlp.dll - ok
23:46:31.0383 3388 [ 1D6B95871DC006190964B04E5657E35F ] C:\Windows\System32\rastapi.dll
23:46:31.0383 3388 C:\Windows\System32\rastapi.dll - ok
23:46:31.0383 3388 [ B96B60EC821F86D445C9739A0F3DED59 ] C:\Windows\System32\unimdm.tsp
23:46:31.0383 3388 C:\Windows\System32\unimdm.tsp - ok
23:46:31.0398 3388 [ DFBAADF1B624DC71E88D34D86B3595BE ] C:\Windows\System32\uniplat.dll
23:46:31.0398 3388 C:\Windows\System32\uniplat.dll - ok
23:46:31.0398 3388 [ 2E837F3D406224DF131C34BC8F71621E ] C:\Windows\System32\modemui.dll
23:46:31.0398 3388 C:\Windows\System32\modemui.dll - ok
23:46:31.0414 3388 [ 0B71899E60D1265229BF3D080EAB573D ] C:\Windows\System32\unimdmat.dll
23:46:31.0414 3388 C:\Windows\System32\unimdmat.dll - ok
23:46:31.0414 3388 [ B4B59AC042EE3733A862F26CBC0B17FC ] C:\Windows\System32\hidphone.tsp
23:46:31.0414 3388 C:\Windows\System32\hidphone.tsp - ok
23:46:31.0429 3388 [ 953193A9DEA40348C1086D171F6440AE ] C:\Windows\System32\kmddsp.tsp
23:46:31.0429 3388 C:\Windows\System32\kmddsp.tsp - ok
23:46:31.0429 3388 [ 2F6776ACEFE41EE889C464EA407918F2 ] C:\Windows\System32\ndptsp.tsp
23:46:31.0429 3388 C:\Windows\System32\ndptsp.tsp - ok
23:46:31.0445 3388 [ 8B645890A93F1FBBC7DA3E07CC72D762 ] C:\Windows\System32\rasppp.dll
23:46:31.0445 3388 C:\Windows\System32\rasppp.dll - ok
23:46:31.0445 3388 [ 88225070DD2F7B0B2ED51E7935078641 ] C:\Windows\System32\rasqec.dll
23:46:31.0445 3388 C:\Windows\System32\rasqec.dll - ok
23:46:31.0445 3388 ============================================================
23:46:31.0445 3388 Scan finished
23:46:31.0445 3388 ============================================================
23:46:31.0476 3424 Detected object count: 6
23:46:31.0476 3424 Actual detected object count: 6
23:47:04.0751 3424 C:\Windows\system32\drivers\afd.sys - copied to quarantine
23:47:07.0668 3424 C:\Windows\$NtUninstallKB60278$\3241749071\@ - copied to quarantine
23:47:07.0668 3424 C:\Windows\$NtUninstallKB60278$\3241749071\Desktop.ini - copied to quarantine
23:47:08.0167 3424 C:\Windows\$NtUninstallKB60278$\3241749071\L\00000004.@ - copied to quarantine
23:47:08.0167 3424 C:\Windows\$NtUninstallKB60278$\3241749071\L\201d3dde - copied to quarantine
23:47:08.0245 3424 C:\Windows\$NtUninstallKB60278$\3241749071\L\55490ac4 - copied to quarantine
23:47:08.0277 3424 C:\Windows\$NtUninstallKB60278$\3241749071\L\ogejidap - copied to quarantine
23:47:08.0308 3424 C:\Windows\$NtUninstallKB60278$\3241749071\U\00000004.@ - copied to quarantine
23:47:08.0713 3424 C:\Windows\$NtUninstallKB60278$\3241749071\U\00000008.@ - copied to quarantine
23:47:09.0119 3424 C:\Windows\$NtUninstallKB60278$\3241749071\U\000000cb.@ - copied to quarantine
23:47:09.0525 3424 C:\Windows\$NtUninstallKB60278$\3241749071\U\80000000.@ - copied to quarantine
23:47:09.0930 3424 C:\Windows\$NtUninstallKB60278$\3241749071\U\80000032.@ - copied to quarantine
23:47:10.0695 3424 Backup copy found, using it..
23:47:10.0788 3424 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
23:47:11.0053 3424 C:\Windows\$NtUninstallKB60278$\1970550690 - will be deleted on reboot
23:47:11.0053 3424 C:\Windows\$NtUninstallKB60278$\3241749071\@ - will be deleted on reboot
23:47:11.0053 3424 C:\Windows\$NtUninstallKB60278$\3241749071\Desktop.ini - will be deleted on reboot
23:47:11.0100 3424 C:\Windows\$NtUninstallKB60278$\3241749071\U\00000004.@ - will be deleted on reboot
23:47:11.0100 3424 C:\Windows\$NtUninstallKB60278$\3241749071\U\00000008.@ - will be deleted on reboot
23:47:11.0116 3424 C:\Windows\$NtUninstallKB60278$\3241749071\U\000000cb.@ - will be deleted on reboot
23:47:11.0116 3424 C:\Windows\$NtUninstallKB60278$\3241749071\U\80000000.@ - will be deleted on reboot
23:47:11.0116 3424 C:\Windows\$NtUninstallKB60278$\3241749071\U\80000032.@ - will be deleted on reboot
23:47:11.0116 3424 AFD ( Virus.Win32.ZAccess.aml ) - User select action: Cure
23:47:11.0116 3424 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:11.0116 3424 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:11.0131 3424 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:11.0131 3424 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:11.0131 3424 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:11.0131 3424 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:11.0131 3424 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:11.0131 3424 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:11.0131 3424 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:47:11.0131 3424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
23:47:17.0808 3212 Deinitialize success

#5 erik123

erik123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 26 November 2012 - 12:04 AM

RogueKiller V4.0.0 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: $E-MONEY-BAG$ [Admin rights]
Mode: Scan -- Time : 26/11/2012 00:03:02

Bad processes: 0

Registry Entries: 1
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:6092) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


Finished

#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:28 AM

Posted 26 November 2012 - 06:23 PM

Hi,



STEP 1



Please re-run TDSSKiller and delete the following object:

\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user



  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside Detect TDLFS file system .
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • From the drop-down menu choose delete ONLY for TDSS File System (if present):
    Posted Image
  • Post the log at pastebin and post the link to the log in your next reply.


STEP 2


Please follow the instructions below:


  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the Posted Image textbox.
  • Don't copy the word "quoted"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\temp\*.exe
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %Public%\Documents\Softwrap\YOYOGAMESGM70FINAL\*.exe
    %Public%\Documents\Fonts\*.exe
    %Public%\Documents\Config\*.exe
    %Public%\Documents\*.*
    %ProgramData%\*.*
    %ProgramData%\*.
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\ComObjects*.exe
    %commonprogramfiles(x86)%\*.*
    %programfiles%\*.*
    %programfiles%\*.
    %ProgramFiles(x86)%\*.*
    %ProgramFiles(x86)%\*.
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %windir%\temp\*.exe
    %windir%\*.
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    bcdedit /enum all /v >C:\boot.txt /c
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    dfsc.sys
    hlp.dat
    str.sys
    crexv.ocx
    /md5stop

  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened


Regards,
Georgi

cXfZ4wS.png


#7 erik123

erik123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 26 November 2012 - 11:58 PM

23:54:30.0805 5136 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:54:31.0328 5136 ============================================================
23:54:31.0328 5136 Current date / time: 2012/11/26 23:54:31.0328
23:54:31.0328 5136 SystemInfo:
23:54:31.0328 5136
23:54:31.0328 5136 OS Version: 6.0.6002 ServicePack: 2.0
23:54:31.0328 5136 Product type: Workstation
23:54:31.0328 5136 ComputerName: E-MONEY-BAG-PC
23:54:31.0329 5136 UserName: $E-MONEY-BAG$
23:54:31.0329 5136 Windows directory: C:\Windows
23:54:31.0329 5136 System windows directory: C:\Windows
23:54:31.0329 5136 Processor architecture: Intel x86
23:54:31.0329 5136 Number of processors: 2
23:54:31.0329 5136 Page size: 0x1000
23:54:31.0329 5136 Boot type: Normal boot
23:54:31.0329 5136 ============================================================
23:54:31.0510 5136 BG loaded
23:54:31.0940 5136 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:54:31.0943 5136 ============================================================
23:54:31.0943 5136 \Device\Harddisk0\DR0:
23:54:31.0943 5136 MBR partitions:
23:54:31.0943 5136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
23:54:31.0943 5136 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x1B929168
23:54:31.0974 5136 ============================================================
23:54:32.0033 5136 C: <-> \Device\Harddisk0\DR0\Partition2
23:54:32.0077 5136 D: <-> \Device\Harddisk0\DR0\Partition1
23:54:32.0077 5136 ============================================================
23:54:32.0077 5136 Initialize success
23:54:32.0077 5136 ============================================================
23:54:59.0468 3716 ============================================================
23:54:59.0468 3716 Scan started
23:54:59.0468 3716 Mode: Manual; TDLFS;
23:54:59.0468 3716 ============================================================
23:54:59.0921 3716 ================ Scan system memory ========================
23:54:59.0921 3716 System memory - ok
23:54:59.0922 3716 ================ Scan services =============================
23:55:00.0176 3716 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:55:00.0180 3716 ACPI - ok
23:55:00.0328 3716 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:55:00.0330 3716 AdobeARMservice - ok
23:55:00.0449 3716 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:55:00.0455 3716 AdobeFlashPlayerUpdateSvc - ok
23:55:00.0520 3716 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:55:00.0525 3716 adp94xx - ok
23:55:00.0556 3716 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:55:00.0559 3716 adpahci - ok
23:55:00.0594 3716 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:55:00.0597 3716 adpu160m - ok
23:55:00.0630 3716 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:55:00.0633 3716 adpu320 - ok
23:55:00.0681 3716 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:55:00.0682 3716 AeLookupSvc - ok
23:55:00.0746 3716 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\system32\aestsrv.exe
23:55:00.0748 3716 AESTFilters - ok
23:55:00.0812 3716 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
23:55:00.0849 3716 AFD - ok
23:55:00.0906 3716 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:55:00.0908 3716 agp440 - ok
23:55:00.0974 3716 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:55:00.0977 3716 aic78xx - ok
23:55:01.0002 3716 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
23:55:01.0005 3716 ALG - ok
23:55:01.0037 3716 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
23:55:01.0038 3716 aliide - ok
23:55:01.0060 3716 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:55:01.0062 3716 amdagp - ok
23:55:01.0086 3716 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
23:55:01.0088 3716 amdide - ok
23:55:01.0122 3716 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:55:01.0124 3716 AmdK7 - ok
23:55:01.0147 3716 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:55:01.0149 3716 AmdK8 - ok
23:55:01.0190 3716 [ A80230BD04F0B8BF05185B369BB1CBB8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
23:55:01.0195 3716 ApfiltrService - ok
23:55:01.0257 3716 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
23:55:01.0259 3716 Appinfo - ok
23:55:01.0369 3716 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:55:01.0373 3716 Apple Mobile Device - ok
23:55:01.0447 3716 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
23:55:01.0450 3716 arc - ok
23:55:01.0507 3716 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:55:01.0511 3716 arcsas - ok
23:55:01.0570 3716 [ E54E27976E2C5A6465D44C10B1D87AC0 ] ASPI C:\Windows\System32\DRIVERS\ASPI32.sys
23:55:01.0572 3716 ASPI - ok
23:55:01.0601 3716 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:55:01.0602 3716 AsyncMac - ok
23:55:01.0640 3716 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
23:55:01.0641 3716 atapi - ok
23:55:01.0812 3716 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:55:01.0816 3716 AudioEndpointBuilder - ok
23:55:01.0879 3716 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:55:01.0883 3716 Audiosrv - ok
23:55:02.0002 3716 [ 7BD70AEED0D975285A1B20BD012EBF4E ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
23:55:02.0004 3716 BCM42RLY - ok
23:55:02.0090 3716 [ FA6707A346CD122407F3B0BAD1C47639 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
23:55:02.0100 3716 BCM43XX - ok
23:55:02.0191 3716 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
23:55:02.0192 3716 Beep - ok
23:55:02.0262 3716 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
23:55:02.0266 3716 BFE - ok
23:55:02.0292 3716 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:55:02.0293 3716 blbdrive - ok
23:55:02.0393 3716 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:55:02.0398 3716 Bonjour Service - ok
23:55:02.0462 3716 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:55:02.0464 3716 bowser - ok
23:55:02.0506 3716 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:55:02.0508 3716 BrFiltLo - ok
23:55:02.0542 3716 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:55:02.0543 3716 BrFiltUp - ok
23:55:02.0581 3716 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
23:55:02.0583 3716 Browser - ok
23:55:02.0605 3716 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:55:02.0606 3716 Brserid - ok
23:55:02.0628 3716 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:55:02.0630 3716 BrSerWdm - ok
23:55:02.0652 3716 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:55:02.0654 3716 BrUsbMdm - ok
23:55:02.0674 3716 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:55:02.0675 3716 BrUsbSer - ok
23:55:02.0702 3716 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:55:02.0703 3716 BTHMODEM - ok
23:55:02.0784 3716 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
23:55:02.0786 3716 BVRPMPR5 - ok
23:55:02.0914 3716 catchme - ok
23:55:02.0938 3716 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:55:02.0940 3716 cdfs - ok
23:55:03.0010 3716 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:55:03.0012 3716 cdrom - ok
23:55:03.0067 3716 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
23:55:03.0070 3716 CertPropSvc - ok
23:55:03.0112 3716 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
23:55:03.0114 3716 circlass - ok
23:55:03.0155 3716 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
23:55:03.0161 3716 CLFS - ok
23:55:03.0228 3716 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:55:03.0231 3716 clr_optimization_v2.0.50727_32 - ok
23:55:03.0298 3716 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:55:03.0302 3716 clr_optimization_v4.0.30319_32 - ok
23:55:03.0351 3716 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:55:03.0353 3716 CmBatt - ok
23:55:03.0418 3716 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:55:03.0420 3716 cmdide - ok
23:55:03.0454 3716 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:55:03.0456 3716 Compbatt - ok
23:55:03.0484 3716 COMSysApp - ok
23:55:03.0606 3716 cpuz134 - ok
23:55:03.0618 3716 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:55:03.0621 3716 crcdisk - ok
23:55:03.0657 3716 [ 0C629820AAD9C90E456B221C94D640CA ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
23:55:03.0659 3716 Creative Labs Licensing Service - ok
23:55:03.0696 3716 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:55:03.0699 3716 Crusoe - ok
23:55:03.0771 3716 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:55:03.0775 3716 CryptSvc - ok
23:55:03.0892 3716 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:55:03.0904 3716 DcomLaunch - ok
23:55:03.0979 3716 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:55:03.0982 3716 DfsC - ok
23:55:04.0080 3716 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
23:55:04.0167 3716 DFSR - ok
23:55:04.0211 3716 [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
23:55:04.0214 3716 dg_ssudbus - ok
23:55:04.0283 3716 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:55:04.0288 3716 Dhcp - ok
23:55:04.0349 3716 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
23:55:04.0352 3716 disk - ok
23:55:04.0412 3716 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:55:04.0416 3716 Dnscache - ok
23:55:04.0462 3716 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:55:04.0467 3716 dot3svc - ok
23:55:04.0545 3716 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
23:55:04.0549 3716 DPS - ok
23:55:04.0622 3716 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:55:04.0624 3716 drmkaud - ok
23:55:04.0681 3716 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:55:04.0692 3716 DXGKrnl - ok
23:55:04.0809 3716 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
23:55:04.0814 3716 e1express - ok
23:55:04.0848 3716 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:55:04.0851 3716 E1G60 - ok
23:55:04.0912 3716 [ 04238864710460C5682E260207D06192 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
23:55:04.0916 3716 eamonm - ok
23:55:04.0966 3716 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
23:55:04.0970 3716 EapHost - ok
23:55:05.0042 3716 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
23:55:05.0046 3716 Ecache - ok
23:55:05.0069 3716 efavdrv - ok
23:55:05.0150 3716 [ DEFF87F04AB5F6DD5EDF2B80853BBE10 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
23:55:05.0153 3716 ehdrv - ok
23:55:05.0281 3716 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
23:55:05.0296 3716 ekrn - ok
23:55:05.0367 3716 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:55:05.0374 3716 elxstor - ok
23:55:05.0433 3716 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:55:05.0444 3716 EMDMgmt - ok
23:55:05.0507 3716 [ 5BA193CA0AE31209AAA39939CE6736B2 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
23:55:05.0512 3716 epfw - ok
23:55:05.0570 3716 [ 9CEFD59C8E5EBFB48165AEF54617F539 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
23:55:05.0572 3716 EpfwLWF - ok
23:55:05.0623 3716 [ 7144A06AC105A2A7302944602E415EC1 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
23:55:05.0626 3716 epfwwfp - ok
23:55:05.0645 3716 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:55:05.0648 3716 ErrDev - ok
23:55:05.0689 3716 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
23:55:05.0695 3716 EventSystem - ok
23:55:05.0756 3716 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
23:55:05.0762 3716 exfat - ok
23:55:05.0835 3716 [ 8EF8166E412988F210186E2FAE88D083 ] ExterminateIt C:\Windows\system32\drivers\extit.sys
23:55:05.0838 3716 ExterminateIt - ok
23:55:05.0890 3716 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:55:05.0894 3716 fastfat - ok
23:55:05.0917 3716 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:55:05.0919 3716 fdc - ok
23:55:05.0958 3716 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
23:55:05.0961 3716 fdPHost - ok
23:55:05.0979 3716 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:55:05.0982 3716 FDResPub - ok
23:55:06.0033 3716 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:55:06.0035 3716 FileInfo - ok
23:55:06.0055 3716 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:55:06.0058 3716 Filetrace - ok
23:55:06.0088 3716 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:55:06.0090 3716 flpydisk - ok
23:55:06.0122 3716 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:55:06.0126 3716 FltMgr - ok
23:55:06.0244 3716 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
23:55:06.0259 3716 FontCache - ok
23:55:06.0343 3716 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:55:06.0346 3716 FontCache3.0.0.0 - ok
23:55:06.0420 3716 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
23:55:06.0422 3716 fssfltr - ok
23:55:06.0575 3716 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:55:06.0630 3716 fsssvc - ok
23:55:06.0675 3716 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:55:06.0677 3716 Fs_Rec - ok
23:55:06.0727 3716 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:55:06.0730 3716 gagp30kx - ok
23:55:06.0768 3716 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:55:06.0770 3716 GEARAspiWDM - ok
23:55:06.0857 3716 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
23:55:06.0860 3716 GoToAssist - ok
23:55:06.0915 3716 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
23:55:06.0926 3716 gpsvc - ok
23:55:07.0024 3716 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:07.0028 3716 gupdate - ok
23:55:07.0046 3716 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:07.0049 3716 gupdatem - ok
23:55:07.0098 3716 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:55:07.0110 3716 HDAudBus - ok
23:55:07.0144 3716 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:55:07.0147 3716 HidBth - ok
23:55:07.0175 3716 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:55:07.0177 3716 HidIr - ok
23:55:07.0208 3716 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
23:55:07.0210 3716 hidserv - ok
23:55:07.0235 3716 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:55:07.0236 3716 HidUsb - ok
23:55:07.0267 3716 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:55:07.0271 3716 hkmsvc - ok
23:55:07.0297 3716 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:55:07.0298 3716 HpCISSs - ok
23:55:07.0375 3716 [ 99F85640054BA65190B860D878A7C9AE ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:55:07.0384 3716 HSF_DPV - ok
23:55:07.0443 3716 [ DD1E0A26D0F60A7EA65A1BEEC7D44EAB ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
23:55:07.0444 3716 HssDRV6 - ok
23:55:07.0475 3716 [ CFBC2B81972E298F0E19EE68FA9E73DA ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:55:07.0477 3716 HSXHWAZL - ok
23:55:07.0551 3716 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:55:07.0555 3716 HTTP - ok
23:55:07.0578 3716 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:55:07.0580 3716 i2omp - ok
23:55:07.0639 3716 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:55:07.0641 3716 i8042prt - ok
23:55:07.0758 3716 [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
23:55:07.0763 3716 IAANTMON - ok
23:55:07.0803 3716 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
23:55:07.0806 3716 iaStor - ok
23:55:07.0838 3716 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:55:07.0841 3716 iaStorV - ok
23:55:07.0940 3716 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:55:07.0949 3716 idsvc - ok
23:55:08.0054 3716 [ C134E69CE901422D1F2D7EA8D69098FE ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:55:08.0074 3716 igfx - ok
23:55:08.0091 3716 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:55:08.0093 3716 iirsp - ok
23:55:08.0171 3716 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
23:55:08.0179 3716 IKEEXT - ok
23:55:08.0235 3716 [ 98D303CCB3415E9202E82043B37D66DC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
23:55:08.0238 3716 IntcHdmiAddService - ok
23:55:08.0260 3716 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:55:08.0261 3716 intelide - ok
23:55:08.0310 3716 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:55:08.0312 3716 intelppm - ok
23:55:08.0348 3716 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:55:08.0351 3716 IPBusEnum - ok
23:55:08.0408 3716 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:55:08.0410 3716 IpFilterDriver - ok
23:55:08.0445 3716 IpInIp - ok
23:55:08.0478 3716 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:55:08.0481 3716 IPMIDRV - ok
23:55:08.0506 3716 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:55:08.0509 3716 IPNAT - ok
23:55:08.0572 3716 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:55:08.0586 3716 iPod Service - ok
23:55:08.0613 3716 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:55:08.0616 3716 IRENUM - ok
23:55:08.0653 3716 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:55:08.0655 3716 isapnp - ok
23:55:08.0696 3716 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:55:08.0701 3716 iScsiPrt - ok
23:55:08.0731 3716 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:55:08.0734 3716 iteatapi - ok
23:55:08.0768 3716 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:55:08.0769 3716 iteraid - ok
23:55:08.0807 3716 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:55:08.0809 3716 kbdclass - ok
23:55:08.0856 3716 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:55:08.0857 3716 kbdhid - ok
23:55:08.0904 3716 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
23:55:08.0907 3716 KeyIso - ok
23:55:08.0971 3716 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:55:08.0976 3716 KSecDD - ok
23:55:09.0010 3716 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:55:09.0015 3716 KtmRm - ok
23:55:09.0067 3716 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
23:55:09.0071 3716 LanmanServer - ok
23:55:09.0100 3716 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:55:09.0105 3716 LanmanWorkstation - ok
23:55:09.0181 3716 [ 05C10E70B437841F31E1BFA8812895BA ] libusb0 C:\Windows\system32\drivers\libusb0.sys
23:55:09.0183 3716 libusb0 - ok
23:55:09.0227 3716 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:55:09.0228 3716 lltdio - ok
23:55:09.0266 3716 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:55:09.0269 3716 lltdsvc - ok
23:55:09.0287 3716 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:55:09.0289 3716 lmhosts - ok
23:55:09.0321 3716 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:55:09.0324 3716 LSI_FC - ok
23:55:09.0358 3716 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:55:09.0360 3716 LSI_SAS - ok
23:55:09.0395 3716 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:55:09.0397 3716 LSI_SCSI - ok
23:55:09.0423 3716 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
23:55:09.0424 3716 luafv - ok
23:55:09.0440 3716 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:55:09.0441 3716 mdmxsdk - ok
23:55:09.0493 3716 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
23:55:09.0495 3716 megasas - ok
23:55:09.0541 3716 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:55:09.0550 3716 MegaSR - ok
23:55:09.0597 3716 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
23:55:09.0599 3716 MMCSS - ok
23:55:09.0619 3716 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
23:55:09.0620 3716 Modem - ok
23:55:09.0632 3716 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:55:09.0633 3716 monitor - ok
23:55:09.0643 3716 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:55:09.0645 3716 mouclass - ok
23:55:09.0668 3716 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:55:09.0670 3716 mouhid - ok
23:55:09.0678 3716 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:55:09.0680 3716 MountMgr - ok
23:55:09.0710 3716 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
23:55:09.0713 3716 mpio - ok
23:55:09.0752 3716 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:55:09.0754 3716 mpsdrv - ok
23:55:09.0830 3716 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:55:09.0835 3716 MpsSvc - ok
23:55:09.0860 3716 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:55:09.0862 3716 Mraid35x - ok
23:55:09.0891 3716 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:55:09.0893 3716 MRxDAV - ok
23:55:09.0946 3716 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:55:09.0948 3716 mrxsmb - ok
23:55:10.0003 3716 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:55:10.0006 3716 mrxsmb10 - ok
23:55:10.0015 3716 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:55:10.0017 3716 mrxsmb20 - ok
23:55:10.0046 3716 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
23:55:10.0048 3716 msahci - ok
23:55:10.0075 3716 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:55:10.0078 3716 msdsm - ok
23:55:10.0136 3716 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
23:55:10.0138 3716 MSDTC - ok
23:55:10.0191 3716 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:55:10.0193 3716 Msfs - ok
23:55:10.0216 3716 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:55:10.0218 3716 msisadrv - ok
23:55:10.0263 3716 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:55:10.0265 3716 MSiSCSI - ok
23:55:10.0272 3716 msiserver - ok
23:55:10.0309 3716 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:55:10.0311 3716 MSKSSRV - ok
23:55:10.0342 3716 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:55:10.0344 3716 MSPCLOCK - ok
23:55:10.0375 3716 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:55:10.0377 3716 MSPQM - ok
23:55:10.0417 3716 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:55:10.0421 3716 MsRPC - ok
23:55:10.0434 3716 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:55:10.0436 3716 mssmbios - ok
23:55:10.0477 3716 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:55:10.0479 3716 MSTEE - ok
23:55:10.0488 3716 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
23:55:10.0490 3716 Mup - ok
23:55:10.0541 3716 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
23:55:10.0545 3716 napagent - ok
23:55:10.0581 3716 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:55:10.0584 3716 NativeWifiP - ok
23:55:10.0611 3716 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:55:10.0621 3716 NDIS - ok
23:55:10.0638 3716 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:55:10.0639 3716 NdisTapi - ok
23:55:10.0655 3716 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:55:10.0656 3716 Ndisuio - ok
23:55:10.0674 3716 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:55:10.0676 3716 NdisWan - ok
23:55:10.0687 3716 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:55:10.0689 3716 NDProxy - ok
23:55:10.0772 3716 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
23:55:10.0774 3716 Netaapl - ok
23:55:10.0791 3716 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:55:10.0792 3716 NetBIOS - ok
23:55:10.0829 3716 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:55:10.0832 3716 netbt - ok
23:55:10.0851 3716 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
23:55:10.0853 3716 Netlogon - ok
23:55:10.0893 3716 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
23:55:10.0897 3716 Netman - ok
23:55:10.0916 3716 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
23:55:10.0920 3716 netprofm - ok
23:55:10.0965 3716 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:55:10.0966 3716 NetTcpPortSharing - ok
23:55:10.0995 3716 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:55:10.0997 3716 nfrd960 - ok
23:55:11.0020 3716 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:55:11.0023 3716 NlaSvc - ok
23:55:11.0037 3716 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:55:11.0040 3716 Npfs - ok
23:55:11.0070 3716 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
23:55:11.0072 3716 nsi - ok
23:55:11.0107 3716 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:55:11.0108 3716 nsiproxy - ok
23:55:11.0169 3716 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:55:11.0202 3716 Ntfs - ok
23:55:11.0240 3716 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:55:11.0242 3716 ntrigdigi - ok
23:55:11.0253 3716 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
23:55:11.0254 3716 Null - ok
23:55:11.0280 3716 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:55:11.0284 3716 nvraid - ok
23:55:11.0311 3716 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:55:11.0314 3716 nvstor - ok
23:55:11.0336 3716 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:55:11.0340 3716 nv_agp - ok
23:55:11.0347 3716 NwlnkFlt - ok
23:55:11.0357 3716 NwlnkFwd - ok
23:55:11.0424 3716 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:55:11.0425 3716 ohci1394 - ok
23:55:11.0453 3716 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:55:11.0461 3716 p2pimsvc - ok
23:55:11.0487 3716 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
23:55:11.0494 3716 p2psvc - ok
23:55:11.0519 3716 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
23:55:11.0520 3716 Parport - ok
23:55:11.0576 3716 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:55:11.0577 3716 partmgr - ok
23:55:11.0595 3716 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:55:11.0596 3716 Parvdm - ok
23:55:11.0653 3716 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\Windows\system32\Drivers\PCASp50.sys
23:55:11.0655 3716 PCASp50 - ok
23:55:11.0681 3716 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
23:55:11.0683 3716 PcaSvc - ok
23:55:11.0722 3716 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
23:55:11.0724 3716 pci - ok
23:55:11.0750 3716 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
23:55:11.0751 3716 pciide - ok
23:55:11.0776 3716 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:55:11.0781 3716 pcmcia - ok
23:55:11.0787 3716 PCTINDIS5 - ok
23:55:11.0861 3716 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:55:11.0868 3716 PEAUTH - ok
23:55:11.0961 3716 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
23:55:11.0974 3716 pla - ok
23:55:12.0013 3716 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:55:12.0017 3716 PlugPlay - ok
23:55:12.0043 3716 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:55:12.0050 3716 PNRPAutoReg - ok
23:55:12.0076 3716 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:55:12.0083 3716 PNRPsvc - ok
23:55:12.0105 3716 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:55:12.0109 3716 PolicyAgent - ok
23:55:12.0160 3716 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:55:12.0162 3716 PptpMiniport - ok
23:55:12.0180 3716 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
23:55:12.0183 3716 Processor - ok
23:55:12.0213 3716 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
23:55:12.0216 3716 ProfSvc - ok
23:55:12.0231 3716 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:55:12.0233 3716 ProtectedStorage - ok
23:55:12.0256 3716 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:55:12.0258 3716 PSched - ok
23:55:12.0318 3716 [ 1DF21F001F3A94EBA4A2950C70CC358F ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
23:55:12.0322 3716 PSI - ok
23:55:12.0390 3716 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:55:12.0391 3716 PxHelp20 - ok
23:55:12.0474 3716 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:55:12.0518 3716 ql2300 - ok
23:55:12.0545 3716 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:55:12.0546 3716 ql40xx - ok
23:55:12.0589 3716 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
23:55:12.0593 3716 QWAVE - ok
23:55:12.0608 3716 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:55:12.0609 3716 QWAVEdrv - ok
23:55:12.0728 3716 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
23:55:12.0794 3716 R300 - ok
23:55:12.0824 3716 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:55:12.0826 3716 RasAcd - ok
23:55:12.0846 3716 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
23:55:12.0849 3716 RasAuto - ok
23:55:12.0861 3716 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:55:12.0863 3716 Rasl2tp - ok
23:55:12.0927 3716 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
23:55:12.0931 3716 RasMan - ok
23:55:12.0967 3716 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:55:12.0969 3716 RasPppoe - ok
23:55:12.0991 3716 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:55:12.0993 3716 RasSstp - ok
23:55:13.0020 3716 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:55:13.0023 3716 rdbss - ok
23:55:13.0039 3716 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:55:13.0040 3716 RDPCDD - ok
23:55:13.0080 3716 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:55:13.0083 3716 rdpdr - ok
23:55:13.0091 3716 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:55:13.0093 3716 RDPENCDD - ok
23:55:13.0143 3716 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:55:13.0148 3716 RDPWD - ok
23:55:13.0200 3716 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:55:13.0203 3716 RemoteAccess - ok
23:55:13.0242 3716 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:55:13.0246 3716 RemoteRegistry - ok
23:55:13.0304 3716 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
23:55:13.0305 3716 rimmptsk - ok
23:55:13.0318 3716 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
23:55:13.0320 3716 rimsptsk - ok
23:55:13.0327 3716 RimUsb - ok
23:55:13.0392 3716 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
23:55:13.0394 3716 RimVSerPort - ok
23:55:13.0403 3716 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
23:55:13.0405 3716 rismxdp - ok
23:55:13.0440 3716 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
23:55:13.0442 3716 ROOTMODEM - ok
23:55:13.0479 3716 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:55:13.0481 3716 RpcLocator - ok
23:55:13.0512 3716 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
23:55:13.0519 3716 RpcSs - ok
23:55:13.0539 3716 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:55:13.0541 3716 rspndr - ok
23:55:13.0555 3716 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
23:55:13.0557 3716 SamSs - ok
23:55:13.0583 3716 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:55:13.0586 3716 sbp2port - ok
23:55:13.0634 3716 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:55:13.0637 3716 SCardSvr - ok
23:55:13.0676 3716 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
23:55:13.0683 3716 Schedule - ok
23:55:13.0703 3716 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:55:13.0704 3716 SCPolicySvc - ok
23:55:13.0738 3716 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:55:13.0740 3716 sdbus - ok
23:55:13.0768 3716 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:55:13.0771 3716 SDRSVC - ok
23:55:13.0788 3716 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:55:13.0789 3716 secdrv - ok
23:55:13.0799 3716 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
23:55:13.0802 3716 seclogon - ok
23:55:13.0816 3716 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
23:55:13.0819 3716 SENS - ok
23:55:13.0860 3716 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:55:13.0861 3716 Serenum - ok
23:55:13.0887 3716 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
23:55:13.0889 3716 Serial - ok
23:55:13.0912 3716 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:55:13.0914 3716 sermouse - ok
23:55:13.0961 3716 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
23:55:13.0964 3716 SessionEnv - ok
23:55:13.0986 3716 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:55:13.0988 3716 sffdisk - ok
23:55:14.0008 3716 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:55:14.0010 3716 sffp_mmc - ok
23:55:14.0051 3716 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:55:14.0052 3716 sffp_sd - ok
23:55:14.0074 3716 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:55:14.0076 3716 sfloppy - ok
23:55:14.0113 3716 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:55:14.0116 3716 SharedAccess - ok
23:55:14.0153 3716 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:55:14.0157 3716 ShellHWDetection - ok
23:55:14.0184 3716 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:55:14.0186 3716 sisagp - ok
23:55:14.0212 3716 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:55:14.0214 3716 SiSRaid2 - ok
23:55:14.0237 3716 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:55:14.0240 3716 SiSRaid4 - ok
23:55:14.0360 3716 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
23:55:14.0390 3716 slsvc - ok
23:55:14.0421 3716 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:55:14.0424 3716 SLUINotify - ok
23:55:14.0444 3716 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:55:14.0446 3716 Smb - ok
23:55:14.0481 3716 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:55:14.0483 3716 SNMPTRAP - ok
23:55:14.0500 3716 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
23:55:14.0504 3716 spldr - ok
23:55:14.0536 3716 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
23:55:14.0539 3716 Spooler - ok
23:55:14.0584 3716 [ D15DA1BA189770D93EEA2D7E18F95AF9 ] sptd C:\Windows\System32\Drivers\sptd.sys
23:55:14.0603 3716 sptd - ok
23:55:14.0664 3716 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:55:14.0668 3716 srv - ok
23:55:14.0728 3716 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:55:14.0730 3716 srv2 - ok
23:55:14.0782 3716 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:55:14.0784 3716 srvnet - ok
23:55:14.0802 3716 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:55:14.0806 3716 SSDPSRV - ok
23:55:14.0854 3716 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:55:14.0857 3716 SstpSvc - ok
23:55:14.0900 3716 [ 8F299012EF58246F1C98DE7B7E48DBF0 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
23:55:14.0904 3716 ssudmdm - ok
23:55:14.0944 3716 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
23:55:14.0947 3716 STacSV - ok
23:55:15.0038 3716 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
23:55:15.0041 3716 STHDA - ok
23:55:15.0083 3716 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
23:55:15.0089 3716 stisvc - ok
23:55:15.0167 3716 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:55:15.0168 3716 stllssvr - ok
23:55:15.0229 3716 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:55:15.0230 3716 swenum - ok
23:55:15.0258 3716 [ 57BBAEF27DC790160245B43EB6DCD576 ] swmsflt C:\Windows\System32\drivers\swmsflt.sys
23:55:15.0260 3716 swmsflt - ok
23:55:15.0312 3716 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
23:55:15.0317 3716 swprv - ok
23:55:15.0346 3716 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:55:15.0349 3716 Symc8xx - ok
23:55:15.0367 3716 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:55:15.0369 3716 Sym_hi - ok
23:55:15.0402 3716 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:55:15.0404 3716 Sym_u3 - ok
23:55:15.0450 3716 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
23:55:15.0458 3716 SysMain - ok
23:55:15.0484 3716 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:55:15.0488 3716 TabletInputService - ok
23:55:15.0551 3716 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
23:55:15.0554 3716 taphss - ok
23:55:15.0601 3716 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:55:15.0606 3716 TapiSrv - ok
23:55:15.0619 3716 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
23:55:15.0622 3716 TBS - ok
23:55:15.0703 3716 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:55:15.0710 3716 Tcpip - ok
23:55:15.0747 3716 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:55:15.0754 3716 Tcpip6 - ok
23:55:15.0812 3716 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:55:15.0813 3716 tcpipreg - ok
23:55:15.0855 3716 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:55:15.0857 3716 TDPIPE - ok
23:55:15.0877 3716 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:55:15.0879 3716 TDTCP - ok
23:55:15.0924 3716 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:55:15.0926 3716 tdx - ok
23:55:15.0956 3716 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:55:15.0957 3716 TermDD - ok
23:55:15.0999 3716 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
23:55:16.0005 3716 TermService - ok
23:55:16.0022 3716 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
23:55:16.0026 3716 Themes - ok
23:55:16.0039 3716 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
23:55:16.0040 3716 THREADORDER - ok
23:55:16.0069 3716 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
23:55:16.0072 3716 TrkWks - ok
23:55:16.0130 3716 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:55:16.0131 3716 TrustedInstaller - ok
23:55:16.0171 3716 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:55:16.0173 3716 tssecsrv - ok
23:55:16.0205 3716 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:55:16.0207 3716 tunmp - ok
23:55:16.0232 3716 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:55:16.0233 3716 tunnel - ok
23:55:16.0267 3716 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:55:16.0269 3716 uagp35 - ok
23:55:16.0304 3716 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:55:16.0310 3716 udfs - ok
23:55:16.0346 3716 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:55:16.0349 3716 UI0Detect - ok
23:55:16.0377 3716 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:55:16.0379 3716 uliagpkx - ok
23:55:16.0411 3716 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:55:16.0417 3716 uliahci - ok
23:55:16.0446 3716 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:55:16.0449 3716 UlSata - ok
23:55:16.0474 3716 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:55:16.0478 3716 ulsata2 - ok
23:55:16.0498 3716 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:55:16.0499 3716 umbus - ok
23:55:16.0523 3716 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
23:55:16.0528 3716 upnphost - ok
23:55:16.0556 3716 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:55:16.0558 3716 USBAAPL - ok
23:55:16.0611 3716 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:55:16.0613 3716 usbccgp - ok
23:55:16.0639 3716 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:55:16.0641 3716 usbcir - ok
23:55:16.0677 3716 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:55:16.0679 3716 usbehci - ok
23:55:16.0710 3716 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:55:16.0712 3716 usbhub - ok
23:55:16.0740 3716 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:55:16.0742 3716 usbohci - ok
23:55:16.0766 3716 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:55:16.0767 3716 usbprint - ok
23:55:16.0804 3716 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:55:16.0805 3716 USBSTOR - ok
23:55:16.0823 3716 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:55:16.0825 3716 usbuhci - ok
23:55:16.0856 3716 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
23:55:16.0859 3716 UxSms - ok
23:55:16.0904 3716 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
23:55:16.0910 3716 vds - ok
23:55:16.0924 3716 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:55:16.0926 3716 vga - ok
23:55:16.0947 3716 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:55:16.0949 3716 VgaSave - ok
23:55:16.0975 3716 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:55:16.0976 3716 viaagp - ok
23:55:16.0993 3716 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:55:16.0995 3716 ViaC7 - ok
23:55:17.0016 3716 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
23:55:17.0019 3716 viaide - ok
23:55:17.0050 3716 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:55:17.0052 3716 volmgr - ok
23:55:17.0084 3716 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:55:17.0088 3716 volmgrx - ok
23:55:17.0111 3716 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:55:17.0114 3716 volsnap - ok
23:55:17.0159 3716 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:55:17.0161 3716 vsmraid - ok
23:55:17.0224 3716 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
23:55:17.0236 3716 VSS - ok
23:55:17.0256 3716 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
23:55:17.0261 3716 W32Time - ok
23:55:17.0289 3716 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:55:17.0292 3716 WacomPen - ok
23:55:17.0322 3716 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:55:17.0324 3716 Wanarp - ok
23:55:17.0331 3716 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:55:17.0332 3716 Wanarpv6 - ok
23:55:17.0382 3716 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:55:17.0388 3716 wcncsvc - ok
23:55:17.0449 3716 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:55:17.0452 3716 WcsPlugInService - ok
23:55:17.0471 3716 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
23:55:17.0472 3716 Wd - ok
23:55:17.0527 3716 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:55:17.0532 3716 Wdf01000 - ok
23:55:17.0551 3716 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:55:17.0554 3716 WdiServiceHost - ok
23:55:17.0560 3716 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:55:17.0564 3716 WdiSystemHost - ok
23:55:17.0595 3716 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
23:55:17.0599 3716 WebClient - ok
23:55:17.0631 3716 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:55:17.0635 3716 Wecsvc - ok
23:55:17.0647 3716 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:55:17.0651 3716 wercplsupport - ok
23:55:17.0677 3716 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
23:55:17.0681 3716 WerSvc - ok
23:55:17.0742 3716 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:55:17.0748 3716 winachsf - ok
23:55:17.0814 3716 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:55:17.0819 3716 WinDefend - ok
23:55:17.0829 3716 WinHttpAutoProxySvc - ok
23:55:17.0899 3716 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:55:17.0910 3716 Winmgmt - ok
23:55:17.0995 3716 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
23:55:18.0007 3716 WinRM - ok
23:55:18.0087 3716 [ 676F4B665BDD8053EAA53AC1695B8074 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
23:55:18.0089 3716 WinUSB - ok
23:55:18.0150 3716 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:55:18.0157 3716 Wlansvc - ok
23:55:18.0257 3716 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:55:18.0258 3716 wlcrasvc - ok
23:55:18.0392 3716 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:55:18.0407 3716 wlidsvc - ok
23:55:18.0415 3716 wltrysvc - ok
23:55:18.0512 3716 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:55:18.0514 3716 WmiAcpi - ok
23:55:18.0545 3716 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:55:18.0548 3716 wmiApSrv - ok
23:55:18.0606 3716 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:55:18.0613 3716 WMPNetworkSvc - ok
23:55:18.0677 3716 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:55:18.0681 3716 WPCSvc - ok
23:55:18.0713 3716 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:55:18.0717 3716 WPDBusEnum - ok
23:55:18.0751 3716 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:55:18.0752 3716 WpdUsb - ok
23:55:18.0844 3716 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:55:18.0852 3716 WPFFontCache_v0400 - ok
23:55:18.0962 3716 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:55:18.0964 3716 ws2ifsl - ok
23:55:19.0023 3716 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
23:55:19.0026 3716 wscsvc - ok
23:55:19.0033 3716 WSearch - ok
23:55:19.0117 3716 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:55:19.0119 3716 WudfPf - ok
23:55:19.0150 3716 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:55:19.0153 3716 WUDFRd - ok
23:55:19.0168 3716 [ 2C0206FF8D2C75AC027D1096FA2FAFDA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:55:19.0172 3716 wudfsvc - ok
23:55:19.0202 3716 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
23:55:19.0203 3716 XAudio - ok
23:55:19.0226 3716 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
23:55:19.0230 3716 XAudioService - ok
23:55:19.0292 3716 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
23:55:19.0296 3716 yukonwlh - ok
23:55:19.0342 3716 ================ Scan global ===============================
23:55:19.0370 3716 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:55:19.0404 3716 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:55:19.0427 3716 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:55:19.0473 3716 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:55:19.0478 3716 [Global] - ok
23:55:19.0478 3716 ================ Scan MBR ==================================
23:55:19.0502 3716 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
23:55:19.0912 3716 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:55:19.0912 3716 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:55:19.0913 3716 ================ Scan VBR ==================================
23:55:19.0952 3716 [ 1C87BB41B794AA77B498067DE1159056 ] \Device\Harddisk0\DR0\Partition1
23:55:19.0954 3716 \Device\Harddisk0\DR0\Partition1 - ok
23:55:19.0959 3716 [ F805FA144E726CEAA4CF9A250587B283 ] \Device\Harddisk0\DR0\Partition2
23:55:19.0961 3716 \Device\Harddisk0\DR0\Partition2 - ok
23:55:19.0962 3716 ============================================================
23:55:19.0962 3716 Scan finished
23:55:19.0962 3716 ============================================================
23:55:19.0983 2792 Detected object count: 1
23:55:19.0983 2792 Actual detected object count: 1
23:55:49.0988 2792 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:55:50.0013 2792 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:55:50.0519 2792 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:55:51.0030 2792 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:55:51.0458 2792 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:55:51.0869 2792 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:55:51.0874 2792 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:55:51.0880 2792 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:55:51.0886 2792 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:55:52.0313 2792 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:55:52.0774 2792 \Device\Harddisk0\DR0\TDLFS - deleted
23:55:52.0774 2792 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
23:55:58.0344 3692 Deinitialize success

#8 erik123

erik123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 27 November 2012 - 12:59 AM

OTL logfile created on: 11/27/2012 12:14:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\$E-MONEY-BAG$\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.25% Memory free
6.20 Gb Paging File | 4.95 Gb Available in Paging File | 79.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 134.22 Gb Free Space | 60.85% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.93 Gb Free Space | 50.52% Space Free | Partition Type: NTFS

Computer Name: E-MONEY-BAG-PC | User Name: $E-MONEY-BAG$ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/11/26 23:53:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\$E-MONEY-BAG$\Desktop\OTL.exe
PRC - [2012/10/08 20:52:39 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/05 07:20:24 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/05/04 04:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 04:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 04:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 04:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/12/21 10:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 06:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 02:23:14 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/05/08 23:48:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/08 22:49:21 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/08 22:49:06 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/09/08 09:01:08 | 000,556,032 | ---- | M] () -- C:\Program Files\Mega Codec Pack\Filters\Haali\splitter.ax
MOD - [2011/09/08 08:59:54 | 000,080,384 | ---- | M] () -- C:\Program Files\Mega Codec Pack\Filters\Haali\mkzlib.dll
MOD - [2011/09/08 08:59:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Mega Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/07/03 08:42:04 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - [2012/11/13 01:04:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/10/05 07:42:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/05 07:20:24 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\efavdrv.sys -- (efavdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\$E-MON~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/08/01 13:13:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012/08/01 13:13:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/12/07 13:04:24 | 000,035,392 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/11/24 22:23:16 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/11/24 22:23:12 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/08/09 14:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 09:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2011/08/04 09:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/09/08 17:19:42 | 000,070,760 | ---- | M] (CurioLab S.M.B.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\extit.sys -- (ExterminateIt)
DRV - [2010/07/07 09:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/22 02:44:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/08/04 21:52:28 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/11/20 20:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 09:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/07/03 08:41:54 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 07:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081005
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 82 7B DF D9 CA CD 01 [binary data]
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://vshareus.my-quick-search.com/?hp=df
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No CLSID value found
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\$E-MONEY-BAG$\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 02:00:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/02/18 19:15:47 | 000,000,000 | ---D | M]

[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2011/07/15 21:49:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/27 15:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012/08/04 10:45:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/08/04 10:45:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/08/04 10:45:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/08/04 10:45:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/08/04 10:45:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/08/04 10:45:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/08/04 10:45:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/01/18 17:22:31 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={0CBC313D-8E74-45FC-BE47-39CDB57A698F}&mid=c795773d2040f756769ce9d67e8f989b-24cc51989732a00043dc764235adc075582db382&lang=us&ds=AVG&pr=fr&d=2011-12-12 18:23:33&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\$E-MONEY-BAG$\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\$E-MONEY-BAG$\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\$E-MONEY-BAG$\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\$E-MONEY-BAG$\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\$E-MONEY-BAG$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_1\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2010/09/03 22:35:55 | 000,417,888 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14421 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - Reg Error: Value error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\Toolbar\WebBrowser: (no name) - {74714D77-1695-4E73-A98E-25CB374F46B4} - No CLSID value found.
O3 - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5013449-5B26-4D79-9B19-56ACB07E1EA7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fcd0e3d-9af2-11de-890d-00219bf397e8}\Shell - "" = AutoRun
O33 - MountPoints2\{2fcd0e3d-9af2-11de-890d-00219bf397e8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{75c45408-fe99-11df-884a-00219bf397e8}\Shell - "" = AutoRun
O33 - MountPoints2\{75c45408-fe99-11df-884a-00219bf397e8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{85bae3d5-77f5-11de-a346-00219bf397e8}\Shell\AutoRun\command - "" = F:\CA_EDGEmobile.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^$E-MONEY-BAG$^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BitTorrent - hkey= - key= - C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\$E-MONEY-BAG$\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: 01910012.sys - Driver
SafeBootMin: 98872006.sys - Driver
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: 01910012.sys - Driver
SafeBootNet: 98872006.sys - Driver
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

========== Files/Folders - Created Within 90 Days ==========

[2012/11/27 00:10:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\$E-MONEY-BAG$\Desktop\OTL.exe
[2012/11/26 00:02:50 | 000,000,000 | ---D | C] -- C:\Users\$E-MONEY-BAG$\Desktop\RK_Quarantine
[2012/11/25 23:47:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/25 23:41:43 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\$E-MONEY-BAG$\Desktop\tdsskiller.exe
[2012/11/25 01:48:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/11/24 01:49:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/24 01:47:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/11/23 19:19:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/23 19:19:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/23 19:19:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/23 19:17:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/23 19:17:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/18 21:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/18 21:12:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/13 00:58:53 | 000,000,000 | ---D | C] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mega Codec Pack
[2012/11/13 00:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mega Codec Pack
[2012/11/13 00:56:05 | 000,000,000 | ---D | C] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\vlc
[2012/11/13 00:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/11/04 23:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/11/04 23:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/10/30 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/19 01:26:30 | 000,000,000 | ---D | C] -- C:\Users\$E-MONEY-BAG$\AppData\Local\doubleTwist Corporation
[2012/10/19 01:24:10 | 000,000,000 | ---D | C] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\OpenCandy
[2012/10/16 23:19:59 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx
[2012/10/16 23:19:58 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmapi32.ocx
[2012/10/16 23:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\MyHeritage
[2012/10/10 17:24:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/10 17:23:52 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/10 17:23:51 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/01 00:39:43 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/10/01 00:34:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/10/01 00:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/10/01 00:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/10/01 00:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/10/01 00:23:03 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012/10/01 00:23:02 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012/10/01 00:23:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012/10/01 00:22:47 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012/10/01 00:21:07 | 000,000,000 | ---D | C] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Windows Live
[2012/10/01 00:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/10/01 00:19:53 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2012/09/21 23:51:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/21 23:51:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/21 23:51:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/21 23:51:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/21 23:51:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/21 23:51:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/21 23:51:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/21 23:51:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/21 23:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/21 23:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/21 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/21 23:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/12 14:48:38 | 000,000,000 | ---D | C] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Electronic Arts
[2012/09/12 14:38:47 | 000,000,000 | ---D | C] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Unity
[2009/01/06 14:20:31 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/11/27 00:07:55 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/27 00:07:55 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/26 23:54:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/26 23:54:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/26 23:53:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\$E-MONEY-BAG$\Desktop\OTL.exe
[2012/11/26 23:50:51 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/26 23:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/25 23:56:58 | 000,830,464 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\Desktop\RogueKiller-4.0.0.exe
[2012/11/25 23:48:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 23:48:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 23:40:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\$E-MONEY-BAG$\Desktop\tdsskiller.exe
[2012/11/25 03:00:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/11/25 02:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\File Helper.job
[2012/11/25 02:13:24 | 000,267,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/24 01:23:39 | 000,000,162 | ---- | M] () -- C:\Windows\reimage.ini
[2012/11/24 00:31:04 | 218,407,158 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/23 18:35:20 | 000,006,648 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\AppData\Local\d3d9caps.dat
[2012/11/16 00:07:23 | 000,086,528 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/13 01:04:50 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/13 01:04:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/13 08:28:08 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/08/29 06:27:41 | 003,602,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/08/29 06:27:41 | 003,550,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/25 23:57:47 | 000,830,464 | ---- | C] () -- C:\Users\$E-MONEY-BAG$\Desktop\RogueKiller-4.0.0.exe
[2012/11/24 01:22:13 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2012/11/24 00:31:04 | 218,407,158 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/23 19:19:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/23 19:19:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/23 19:19:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/23 19:19:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/23 19:19:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/04 23:13:32 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/10/01 00:33:55 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/10/01 00:32:51 | 000,001,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/10/01 00:31:00 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/10/01 00:29:29 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/02/25 22:31:16 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/04/24 22:24:01 | 000,000,600 | ---- | C] () -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\winscp.rnd
[2008/12/26 21:41:26 | 000,006,648 | ---- | C] () -- C:\Users\$E-MONEY-BAG$\AppData\Local\d3d9caps.dat
[2008/12/26 20:55:35 | 000,086,528 | ---- | C] () -- C:\Users\$E-MONEY-BAG$\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/11/14 15:48:15 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB60278$\3241749071\L
[2012/11/25 23:47:49 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB60278$\3241749071\U
[2012/11/25 23:44:02 | 000,000,804 | ---- | M] () -- C:\Windows\$NtUninstallKB60278$\3241749071\L\00000004.@
[2010/01/30 23:37:00 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\LocalLow\Microsoft\Silverlight\is\sbiagton.acg\vf2gy5vg.fiu\1\l
[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/25 18:26:25 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\6EDB0
[2008/12/25 19:55:23 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\acccore
[2008/12/28 20:08:51 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Audacity
[2011/11/25 18:26:11 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\awwjjUCeelBrz
[2012/11/23 19:12:43 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\BitTorrent
[2009/04/17 21:00:41 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Bytemobile
[2010/03/11 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/15 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\DAEMON Tools
[2009/01/15 12:35:52 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\DAEMON Tools Lite
[2009/01/15 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\DAEMON Tools Pro
[2012/11/25 01:43:47 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Electronic Arts
[2012/02/18 19:18:47 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\ESET
[2009/03/24 16:09:39 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\funkitron
[2011/11/25 20:22:53 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\gTTTZqhhYCk
[2009/08/04 21:44:39 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\invibes
[2012/10/19 01:24:10 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\OpenCandy
[2011/11/25 18:25:49 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\oVlt01shrPSnLhw
[2011/11/25 18:26:10 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\PmmGG5ssQJdEKfZ
[2009/04/17 21:00:21 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Sierra Wireless
[2012/04/15 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\StreamTorrent
[2010/08/04 22:02:02 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\SumatraPDF
[2011/11/25 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\THdKfgTjjkrO
[2010/07/05 17:19:14 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Xilisoft
[2012/11/24 00:34:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/11/23 18:52:20 | 000,040,622 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/10/05 10:01:16 | 000,003,784 | RH-- | M] () -- C:\dell.sdr
[2009/01/14 22:12:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/11 20:32:07 | 000,001,106 | -H-- | M] () -- C:\IPH.PH
[2009/01/14 22:12:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/11/25 23:47:59 | 3524,587,520 | -HS- | M] () -- C:\pagefile.sys
[2010/09/08 17:55:25 | 000,000,464 | ---- | M] () -- C:\rkill.log
[2008/10/05 07:47:51 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2012/11/25 23:43:01 | 000,004,284 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_25.11.2012_23.42.00_log.txt
[2012/11/25 23:47:17 | 000,404,104 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_25.11.2012_23.44.28_log.txt
[2012/11/25 23:51:23 | 000,003,836 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_25.11.2012_23.48.36_log.txt
[2012/11/26 23:55:58 | 000,125,164 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_26.11.2012_23.54.30_log.txt
[2012/11/26 23:58:05 | 000,123,108 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_26.11.2012_23.57.31_log.txt

< %USERPROFILE%\*.* >
[2012/11/27 00:11:38 | 006,815,744 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat
[2012/11/27 00:11:38 | 000,262,144 | -H-- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat.LOG1
[2008/12/25 14:39:48 | 000,000,000 | -H-- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat.LOG2
[2009/08/24 02:36:44 | 000,065,536 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat{42e6b43d-8d35-11de-a8ac-00234d4d8e4d}.TM.blf
[2009/08/24 02:36:44 | 000,524,288 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat{42e6b43d-8d35-11de-a8ac-00234d4d8e4d}.TMContainer00000000000000000001.regtrans-ms
[2009/08/24 02:06:33 | 000,524,288 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat{42e6b43d-8d35-11de-a8ac-00234d4d8e4d}.TMContainer00000000000000000002.regtrans-ms
[2009/08/12 02:41:05 | 000,065,536 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat{4fa26208-e374-11dd-9c66-00219bf397e8}.TM.blf
[2009/08/12 02:41:05 | 000,524,288 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat{4fa26208-e374-11dd-9c66-00219bf397e8}.TMContainer00000000000000000001.regtrans-ms
[2009/02/02 20:04:24 | 000,524,288 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat{4fa26208-e374-11dd-9c66-00219bf397e8}.TMContainer00000000000000000002.regtrans-ms
[2012/11/25 23:47:19 | 000,065,536 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat{51c1c7c6-928c-11de-9ad1-00219bf397e8}.TM.blf
[2012/11/25 23:47:19 | 000,524,288 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat{51c1c7c6-928c-11de-9ad1-00219bf397e8}.TMContainer00000000000000000001.regtrans-ms
[2009/08/26 23:11:42 | 000,524,288 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.dat{51c1c7c6-928c-11de-9ad1-00219bf397e8}.TMContainer00000000000000000002.regtrans-ms
[2009/01/15 22:21:20 | 000,065,536 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2009/01/15 22:21:20 | 000,524,288 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2008/12/25 14:46:39 | 000,524,288 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2008/12/25 14:39:49 | 000,000,020 | -HS- | M] () -- C:\Users\$E-MONEY-BAG$\ntuser.ini

< %USERPROFILE%\temp\*.exe >

< %USERPROFILE%\AppData\Local\*.* >
[2012/11/23 18:35:20 | 000,006,648 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\AppData\Local\d3d9caps.dat
[2012/11/16 00:07:23 | 000,086,528 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/01 17:04:52 | 000,060,248 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\AppData\Local\GDIPFONTCACHEV1.DAT

< %USERPROFILE%\AppData\Local\*. >
[2010/03/11 21:53:07 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Adobe
[2008/12/25 19:55:04 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\AOL
[2008/12/25 19:55:05 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\AOL OCP
[2008/12/26 20:58:00 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Apple
[2010/03/21 15:33:43 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Apple Computer
[2009/09/27 17:03:07 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Apple_Inc
[2008/12/25 14:39:49 | 000,000,000 | -HSD | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Application Data
[2009/03/28 17:24:37 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Apps
[2009/04/17 21:00:26 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\AT&T
[2012/11/25 01:44:36 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Conduit
[2008/12/25 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\DataSafeOnline
[2009/04/17 21:00:28 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\DBUpdater
[2009/03/28 17:24:46 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Deployment
[2012/10/19 01:27:06 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\doubleTwist Corporation
[2012/02/21 12:06:30 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\ElevatedDiagnostics
[2012/02/18 19:18:47 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\ESET
[2011/12/25 20:54:24 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Google
[2008/12/25 14:39:49 | 000,000,000 | -HSD | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\History
[2012/06/14 23:11:58 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Macromedia
[2010/12/08 15:12:42 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\MediaDirect
[2012/11/04 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Microsoft
[2009/10/23 23:03:48 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Microsoft Games
[2009/08/27 10:35:50 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Microsoft Help
[2011/02/22 17:02:35 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Mozilla
[2010/09/03 11:16:48 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\nlwumrhhr
[2011/03/07 13:42:31 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Powercinema
[2008/12/25 14:50:36 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Stardock_Corporation
[2008/12/25 19:25:56 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\SupportSoft
[2012/11/27 00:06:56 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Temp
[2008/12/25 14:39:49 | 000,000,000 | -HSD | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Temporary Internet Files
[2010/09/08 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\tjgrfcpvk
[2012/09/12 14:38:47 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Unity
[2009/01/14 22:17:42 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\VirtualStore
[2012/10/01 00:21:07 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Windows Live
[2012/05/06 20:20:30 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\WinZip
[2010/07/05 17:19:17 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Xilisoft

< %USERPROFILE%\AppData\Local\temp\*.exe >
[2012/11/25 23:40:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\$E-MONEY-BAG$\AppData\Local\temp\473BFBA7-516A-4B25-A425-88B3ADB847A1.exe
[2011/07/27 13:48:14 | 000,150,016 | ---- | M] (Igor Pavlov) -- C:\Users\$E-MONEY-BAG$\AppData\Local\temp\7z.exe
[2011/07/27 13:48:14 | 000,023,477 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\AppData\Local\temp\dtkill.exe
[2011/07/27 13:48:18 | 000,006,144 | ---- | M] (doubleTwist Corperation) -- C:\Users\$E-MONEY-BAG$\AppData\Local\temp\Executor.exe
[2012/08/22 16:34:00 | 000,763,232 | ---- | M] (Google Inc.) -- C:\Users\$E-MONEY-BAG$\AppData\Local\temp\GoogleUpdateSetup.exe75ad187
[2010/09/01 14:31:06 | 000,134,024 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\AppData\Local\temp\UNINSTALL.exe
[2012/09/12 14:28:22 | 022,657,136 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\AppData\Local\temp\vlc-2.0.2-win32.exe
[2012/11/13 00:54:16 | 022,912,657 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\AppData\Local\temp\vlc-2.0.4-win32.exe
[33 C:\Users\$E-MONEY-BAG$\AppData\Local\temp\*.tmp files -> C:\Users\$E-MONEY-BAG$\AppData\Local\temp\*.tmp -> ]

< %USERPROFILE%\AppData\Roaming\*.* >
[2009/07/29 21:02:54 | 008,270,752 | ---- | M] (Dell, Inc. ) -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\DataSafeDotNet.exe
[2009/01/01 11:45:49 | 000,000,510 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\transfer.log
[2009/06/10 22:04:53 | 000,000,600 | ---- | M] () -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\winscp.rnd

< %USERPROFILE%\AppData\Roaming\*. >
[2011/11/25 18:26:25 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\6EDB0
[2008/12/25 19:55:23 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\acccore
[2010/03/11 21:54:40 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Adobe
[2011/10/12 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Apple Computer
[2008/12/28 20:08:51 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Audacity
[2009/08/06 20:30:51 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\AVG8
[2011/11/25 18:26:11 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\awwjjUCeelBrz
[2012/11/23 19:12:43 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\BitTorrent
[2009/04/17 21:00:41 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Bytemobile
[2010/03/11 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/31 18:26:22 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Creative
[2011/03/07 13:42:31 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\CyberLink
[2009/01/15 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\DAEMON Tools
[2009/01/15 12:35:52 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\DAEMON Tools Lite
[2009/01/15 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\DAEMON Tools Pro
[2008/12/25 14:40:06 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Dell
[2010/04/13 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\DivX
[2012/11/25 01:43:47 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Electronic Arts
[2012/02/18 19:18:47 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\ESET
[2009/03/24 16:09:39 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\funkitron
[2009/01/15 21:30:20 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Google
[2011/11/25 20:22:53 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\gTTTZqhhYCk
[2008/12/25 14:40:50 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Identities
[2009/08/04 21:44:39 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\invibes
[2008/12/25 14:53:40 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Macromedia
[2010/03/14 21:24:32 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Malwarebytes
[2012/06/14 23:11:58 | 000,000,000 | --SD | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Microsoft
[2012/11/25 02:03:03 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Mozilla
[2012/10/19 01:24:10 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\OpenCandy
[2011/11/25 18:25:49 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\oVlt01shrPSnLhw
[2011/11/25 18:26:10 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\PmmGG5ssQJdEKfZ
[2009/01/15 12:08:05 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Roxio
[2009/04/17 21:00:21 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Sierra Wireless
[2012/04/15 13:35:46 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\StreamTorrent
[2010/08/04 22:02:02 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\SumatraPDF
[2011/11/25 18:25:42 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\THdKfgTjjkrO
[2012/11/20 02:10:40 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\vlc
[2011/05/12 22:07:59 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Winamp
[2008/12/26 21:25:33 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\WinRAR
[2010/07/05 17:19:14 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Roaming\Xilisoft

< %Public%\Documents\Softwrap\YOYOGAMESGM70FINAL\*.exe >

< %Public%\Documents\Fonts\*.exe >

< %Public%\Documents\Config\*.exe >

< %Public%\Documents\*.* >
[2008/01/20 21:57:01 | 000,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini

< %ProgramData%\*.* >

< %ProgramData%\*. >
[2012/09/21 23:07:50 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/13 01:05:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2008/12/25 19:29:32 | 000,000,000 | ---D | M] -- C:\ProgramData\AOL
[2009/07/11 19:05:21 | 000,000,000 | ---D | M] -- C:\ProgramData\AOL Downloads
[2008/12/25 19:56:00 | 000,000,000 | ---D | M] -- C:\ProgramData\AOL OCP
[2009/06/16 23:23:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2008/12/26 20:59:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2008/12/25 14:36:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/06/10 22:04:06 | 000,000,000 | ---D | M] -- C:\ProgramData\AT&T
[2012/02/15 14:31:36 | 000,000,000 | ---D | M] -- C:\ProgramData\avg8
[2011/12/12 18:23:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2009/01/15 12:25:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Creative
[2008/10/05 07:20:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Creative Labs
[2011/03/07 13:42:06 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink
[2009/01/15 12:29:18 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/08/04 21:54:46 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Pro
[2008/10/05 07:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Dell
[2008/12/25 14:36:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/06/09 11:25:22 | 000,000,000 | ---D | M] -- C:\ProgramData\DivX
[2008/12/25 14:36:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/02/23 17:54:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2012/02/21 11:40:39 | 000,000,000 | ---D | M] -- C:\ProgramData\ErrorEND
[2012/11/24 00:50:38 | 000,000,000 | ---D | M] -- C:\ProgramData\ESET
[2008/12/25 14:36:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/04/20 20:56:36 | 000,000,000 | ---D | M] -- C:\ProgramData\GameHouse
[2008/12/25 14:53:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2008/10/05 07:40:20 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallShield
[2010/03/14 21:24:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012/08/15 23:35:07 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2012/11/13 00:59:03 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012/11/25 02:10:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012/04/26 20:21:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2010/03/14 21:29:11 | 000,000,000 | ---D | M] -- C:\ProgramData\NOS
[2009/08/27 20:10:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Office Genuine Advantage
[2012/10/17 16:22:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Roxio
[2011/11/30 13:04:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2008/10/05 07:41:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonic
[2010/09/08 18:52:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2008/12/25 14:36:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/07/15 21:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2008/10/05 07:37:48 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft
[2009/04/20 20:45:16 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2008/12/25 14:36:23 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/06/10 21:51:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Trymedia
[2008/10/05 07:42:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2009/07/11 20:15:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2010/06/08 20:37:14 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/06/04 22:30:45 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2010/04/02 10:13:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/27 16:59:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/08 16:41:33 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %CommonProgramFiles%\*.* >

< %CommonProgramFiles%\ComObjects*.exe >
Invalid Environment Variable: commonprogramfiles(x86)

< %programfiles%\*.* >
[2008/01/20 21:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %programfiles%\*. >
[2012/11/04 23:12:06 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/06/07 23:27:10 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/03/31 22:25:15 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2012/05/12 19:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2012/03/30 22:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrentBar
[2011/10/12 00:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/10/05 07:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2008/10/05 07:42:24 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/02/25 21:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Comical
[2012/11/25 02:08:58 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/08/25 19:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2008/10/05 02:05:47 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2012/11/25 01:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/03/31 21:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2012/11/25 01:43:32 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/10/05 07:37:42 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/10/05 10:00:48 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2008/10/05 07:20:09 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/06/09 11:25:11 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/12/25 15:12:44 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2012/02/18 19:15:35 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/05/30 21:21:38 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2012/02/21 11:58:15 | 000,000,000 | ---D | M] -- C:\Program Files\Free Window Registry Repair
[2011/11/25 18:15:17 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/02/23 17:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2011/11/30 13:04:50 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/10/05 07:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/09/21 23:53:10 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/09/27 16:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2012/09/21 23:06:23 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/01/01 11:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\iPod To Computer Transfer
[2012/09/21 23:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/07/15 21:49:07 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/11/18 23:20:30 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/13 00:59:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mega Codec Pack
[2012/11/04 22:52:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2012/11/25 02:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/05/27 21:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2012/10/01 00:32:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/12/25 20:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2012/11/25 02:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/05/30 21:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2008/10/05 07:19:17 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010/08/12 02:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/11/25 02:03:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/02/28 20:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\MP3Gain
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/11/04 23:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\MyHeritage
[2008/10/05 07:19:42 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/04/17 20:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\Option
[2009/08/05 21:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
[2010/08/04 22:01:06 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Reader 9.1
[2009/04/24 22:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\QuickFreedom
[2012/08/04 10:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/09/04 17:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/03/05 22:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2008/10/05 07:42:14 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/09/03 23:17:16 | 000,000,000 | ---D | M] -- C:\Program Files\Safer Networking
[2011/02/26 00:37:17 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2011/02/22 21:44:29 | 000,000,000 | ---D | M] -- C:\Program Files\ScreenSaverGift
[2010/05/30 21:21:38 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/09/08 17:26:40 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
[2009/04/17 20:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Wireless Inc
[2008/10/05 02:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2012/02/18 20:41:06 | 000,000,000 | ---D | M] -- C:\Program Files\StartNow Toolbar
[2011/07/15 21:50:02 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2006/11/02 07:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/07/05 17:32:38 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/09/16 12:25:48 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins
[2011/05/29 22:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2011/05/29 22:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Detect
[2009/09/16 13:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/09/16 13:44:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/09/16 13:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/10/01 00:40:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/04/12 10:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/11/24 00:32:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/09/16 13:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/18 03:17:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/09/16 13:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/12/25 14:57:20 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2012/05/06 20:20:20 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
Invalid Environment Variable: ProgramFiles(x86)
Invalid Environment Variable: ProgramFiles(x86)

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >
[2008/01/20 20:45:59 | 000,000,680 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 07:58:09 | 000,000,006 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\desktop.ini
[2011/09/14 14:57:07 | 000,059,464 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT

< %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >

< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >

< %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >

< %windir%\temp\*.exe >
[2011/05/24 13:39:24 | 001,676,575 | ---- | M] (AVG Technologies ) -- C:\Windows\temp\AVGProductUpdate.exe
[2012/01/18 17:22:32 | 002,383,200 | ---- | M] () -- C:\Windows\temp\CommonInstaller.exe
[2012/09/04 23:36:25 | 000,981,120 | ---- | M] (McAfee, Inc.) -- C:\Windows\temp\contentDATs.exe
[2011/08/24 17:48:00 | 000,604,312 | ---- | M] (Google Inc.) -- C:\Windows\temp\GoogleUpdateSetup.exe45ff4105
[2011/10/02 09:46:04 | 000,000,000 | ---- | M] () -- C:\Windows\temp\GURA00B.exe
[2012/01/18 17:22:28 | 000,109,920 | ---- | M] () -- C:\Windows\temp\MachineIdCreator.exe
[2012/08/30 00:39:13 | 002,980,888 | ---- | M] (McAfee, Inc.) -- C:\Windows\temp\SecurityScan_Release.exe
[2012/01/18 17:22:30 | 006,310,240 | ---- | M] () -- C:\Windows\temp\ToolbarInstaller.exe
[2012/01/18 17:22:12 | 010,055,008 | ---- | M] () -- C:\Windows\temp\{507CC186-1CB5-4063-AAFD-BEF928A2D655}.exe
[140 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]

< %windir%\*. >
[2012/11/25 23:47:49 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB60278$
[2012/02/21 12:10:04 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch
[2012/11/25 02:10:24 | 000,000,000 | R-SD | M] -- C:\Windows\assembly
[2008/01/20 21:44:00 | 000,000,000 | ---D | M] -- C:\Windows\Boot
[2006/11/02 07:35:52 | 000,000,000 | ---D | M] -- C:\Windows\Branding
[2012/02/21 00:45:51 | 000,000,000 | ---D | M] -- C:\Windows\CheckSur
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Windows\Cursors
[2009/01/01 21:48:43 | 000,000,000 | ---D | M] -- C:\Windows\Debug
[2008/01/20 21:47:16 | 000,000,000 | ---D | M] -- C:\Windows\DigitalLocker
[2011/11/29 01:43:00 | 000,000,000 | --SD | M] -- C:\Windows\Downloaded Program Files
[2012/10/01 00:39:43 | 000,000,000 | ---D | M] -- C:\Windows\en
[2006/11/02 07:40:00 | 000,000,000 | ---D | M] -- C:\Windows\en-US
[2012/11/23 19:17:14 | 000,000,000 | ---D | M] -- C:\Windows\erdnt
[2012/11/25 02:08:23 | 000,000,000 | R-SD | M] -- C:\Windows\Fonts
[2006/11/02 05:22:47 | 000,000,000 | ---D | M] -- C:\Windows\Globalization
[2009/01/14 22:13:41 | 000,000,000 | ---D | M] -- C:\Windows\Help
[2009/09/16 13:44:09 | 000,000,000 | ---D | M] -- C:\Windows\IME
[2012/11/27 00:07:55 | 000,000,000 | ---D | M] -- C:\Windows\inf
[2012/11/25 02:10:42 | 000,000,000 | -HSD | M] -- C:\Windows\Installer
[2008/01/20 21:47:16 | 000,000,000 | ---D | M] -- C:\Windows\L2Schemas
[2009/05/03 22:43:37 | 000,000,000 | ---D | M] -- C:\Windows\Little Shop - Road Trip
[2009/04/26 19:56:39 | 000,000,000 | ---D | M] -- C:\Windows\Little Shop City Lights
[2009/05/03 22:45:16 | 000,000,000 | ---D | M] -- C:\Windows\Little Shop Of Treasures
[2009/05/10 20:20:17 | 000,000,000 | ---D | M] -- C:\Windows\Little Shop Of Treasures 2
[2006/11/02 05:23:02 | 000,000,000 | ---D | M] -- C:\Windows\LiveKernelReports
[2012/11/24 00:46:41 | 000,000,000 | ---D | M] -- C:\Windows\Logs
[2006/11/02 07:35:51 | 000,000,000 | R-SD | M] -- C:\Windows\Media
[2012/11/05 00:16:01 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET
[2012/11/24 00:31:08 | 000,000,000 | ---D | M] -- C:\Windows\Minidump
[2011/08/11 16:28:07 | 000,000,000 | ---D | M] -- C:\Windows\ModemLogs
[2008/01/20 21:47:20 | 000,000,000 | ---D | M] -- C:\Windows\MSAgent
[2006/11/02 06:18:35 | 000,000,000 | ---D | M] -- C:\Windows\nap
[2011/04/14 20:40:44 | 000,000,000 | R--D | M] -- C:\Windows\Offline Web Pages
[2008/10/05 07:57:53 | 000,000,000 | ---D | M] -- C:\Windows\Panther
[2008/10/05 07:32:48 | 000,000,000 | ---D | M] -- C:\Windows\PCHEALTH
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Windows\Performance
[2006/11/02 06:18:36 | 000,000,000 | ---D | M] -- C:\Windows\PLA
[2011/04/14 20:40:44 | 000,000,000 | ---D | M] -- C:\Windows\PolicyDefinitions
[2012/11/14 17:52:32 | 000,000,000 | ---D | M] -- C:\Windows\Prefetch
[2010/09/03 22:27:44 | 000,000,000 | ---D | M] -- C:\Windows\Profiles
[2006/11/02 06:18:36 | 000,000,000 | ---D | M] -- C:\Windows\Provisioning
[2012/11/25 01:48:48 | 000,000,000 | ---D | M] -- C:\Windows\pss
[2009/01/15 22:22:49 | 000,000,000 | ---D | M] -- C:\Windows\registration
[2012/10/11 00:20:44 | 000,000,000 | ---D | M] -- C:\Windows\rescache
[2006/11/02 06:18:36 | 000,000,000 | ---D | M] -- C:\Windows\Resources
[2006/11/02 05:24:41 | 000,000,000 | ---D | M] -- C:\Windows\SchCache
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Windows\schemas
[2006/11/02 06:18:36 | 000,000,000 | ---D | M] -- C:\Windows\security
[2006/11/02 07:45:08 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles
[2009/09/16 13:44:23 | 000,000,000 | ---D | M] -- C:\Windows\servicing
[2008/10/05 09:47:52 | 000,000,000 | ---D | M] -- C:\Windows\Setup
[2010/09/13 22:08:01 | 000,000,000 | ---D | M] -- C:\Windows\SoftwareDistribution
[2006/11/02 07:39:58 | 000,000,000 | ---D | M] -- C:\Windows\Speech
[2010/09/03 10:47:51 | 000,000,000 | ---D | M] -- C:\Windows\Sun
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Windows\system
[2012/11/27 00:07:55 | 000,000,000 | ---D | M] -- C:\Windows\System32
[2006/11/02 06:18:49 | 000,000,000 | ---D | M] -- C:\Windows\tapi
[2012/11/25 02:01:25 | 000,000,000 | ---D | M] -- C:\Windows\Tasks
[2012/11/27 00:10:21 | 000,000,000 | ---D | M] -- C:\Windows\Temp
[2006/11/02 05:23:06 | 000,000,000 | ---D | M] -- C:\Windows\tracing
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Windows\twain_32
[2008/10/05 09:52:54 | 000,000,000 | ---D | M] -- C:\Windows\Users
[2007/05/23 19:06:04 | 000,000,000 | ---D | M] -- C:\Windows\Web
[2006/11/02 07:40:00 | 000,000,000 | ---D | M] -- C:\Windows\WindowsMobile
[2012/10/11 00:25:52 | 000,000,000 | ---D | M] -- C:\Windows\winsxs

< %windir%\installer\*. >
[2011/02/25 23:38:31 | 000,000,000 | -HSD | M] -- C:\Windows\installer\$PatchCache$
[2008/10/05 07:40:52 | 000,000,000 | ---D | M] -- C:\Windows\installer\{08E81ABD-79F7-49C2-881F-FD6CB0975693}
[2012/08/04 10:45:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}
[2012/09/21 23:08:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0F6F6876-6334-4977-B5DD-CFC12E193420}
[2010/04/02 10:10:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
[2008/10/05 07:40:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
[2010/08/27 21:03:33 | 000,000,000 | ---D | M] -- C:\Windows\installer\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
[2008/10/05 07:19:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{294EAADF-E50F-4DD8-AD8D-19587EA10512}
[2012/10/01 00:36:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}
[2008/10/05 07:40:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
[2011/06/10 21:12:53 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4286E640-B5FB-11DF-AC4B-005056C00008}
[2008/10/05 07:25:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4B6AD248-D3BF-426A-8D64-847288154F13}
[2012/10/01 00:42:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{50816F92-1652-4A7C-B9BC-48F682742C4B}
[2011/08/25 21:41:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}
[2011/11/25 18:15:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
[2008/10/05 07:33:37 | 000,000,000 | ---D | M] -- C:\Windows\installer\{62230596-37E5-4618-A329-0D21F529A86F}
[2012/09/21 22:55:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}
[2008/10/05 07:42:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
[2008/10/05 07:41:54 | 000,000,000 | ---D | M] -- C:\Windows\installer\{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
[2011/10/12 00:36:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{79155F2B-9895-49D7-8612-D92580E0DE5B}
[2012/08/04 10:45:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7BE15435-2D3E-4B58-867F-9C75BED0208C}
[2008/10/05 07:48:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
[2012/02/18 19:18:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{83E3F4E4-CEA1-452B-9180-A40813CD111C}
[2012/05/15 22:32:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2012/08/15 22:43:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{95120000-00AF-0409-0000-0000000FF1CE}
[2010/02/24 14:30:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
[2012/10/01 00:34:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A726AE06-AAA3-43D1-87E3-70F510314F04}
[2012/11/04 23:14:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}
[2009/06/10 22:04:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AF64F216-D859-43FC-9068-0005A41AEBA3}
[2011/11/24 19:25:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
[2008/10/05 07:41:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
[2008/10/05 07:45:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B935C985-A17F-484B-8470-09E4FC27DC26}
[2011/06/07 23:27:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}
[2009/09/27 16:57:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
[2011/11/03 21:44:33 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C9E14402-3631-4182-B377-6B0DFB1C0339}
[2012/05/06 20:20:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}
[2011/03/05 22:03:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CE86E2F5-850C-4207-94A3-A58D647B1733}
[2012/09/21 22:58:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}
[2012/10/01 00:35:52 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DECDCB7C-58CC-4865-91AF-627F9798FE48}
[2008/10/05 07:37:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
[2012/10/01 00:29:55 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
[2010/12/18 01:43:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E7004147-2CCA-431C-AA05-2AB166B9785D}
[2010/09/29 22:42:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
[2008/10/05 07:41:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
[2012/10/01 00:32:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
[2009/06/08 16:06:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F958CA02-BB40-4007-894B-258729456EE4}
[2009/09/27 16:50:53 | 000,000,000 | ---D | M] -- C:\Windows\installer\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}

< %windir%\system32\*. >
[2010/06/04 02:01:15 | 000,000,000 | -HSD | M] -- C:\Windows\system32\%APPDATA%
[2006/11/02 07:40:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2009/03/24 16:27:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\Adobe
[2009/09/16 13:44:02 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2009/09/16 13:42:01 | 000,000,000 | ---D | M] -- C:\Windows\system32\Boot
[2006/11/02 07:40:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\Branding
[2009/09/16 13:44:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\ca-ES
[2012/10/19 01:28:04 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2012/10/19 01:25:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2009/01/15 22:22:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\CodeIntegrity
[2008/01/20 21:47:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2009/01/15 22:23:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2012/04/20 21:36:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2012/11/26 23:57:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2006/11/02 07:54:02 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2012/10/01 00:36:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\DRVSTORE
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2009/09/16 13:44:01 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2012/10/10 17:50:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2008/10/05 07:25:26 | 000,000,000 | ---D | M] -- C:\Windows\system32\ENU
[2012/04/20 21:36:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2009/09/16 13:44:02 | 000,000,000 | ---D | M] -- C:\Windows\system32\eu-ES
[2009/09/16 13:28:24 | 000,000,000 | ---D | M] -- C:\Windows\system32\EventProviders
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2012/04/20 21:36:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2012/02/18 19:08:42 | 000,000,000 | -H-D | M] -- C:\Windows\system32\GroupPolicy
[2006/11/02 05:23:01 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2008/01/20 21:46:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\ias
[2008/01/20 21:46:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2006/11/02 06:18:42 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2006/11/02 05:33:01 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2012/04/20 21:36:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\licensing
[2012/11/24 03:09:25 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2009/03/24 16:27:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2009/09/16 13:44:01 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2006/11/02 07:45:01 | 000,000,000 | --SD | M] -- C:\Windows\system32\Microsoft
[2012/09/21 23:53:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2009/09/16 13:43:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ms-MY
[2009/01/15 22:23:35 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2006/11/02 07:39:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2009/01/15 22:25:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2006/11/02 06:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\networklist
[2012/04/20 21:36:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2008/10/05 09:47:50 | 000,000,000 | ---D | M] -- C:\Windows\system32\oem
[2009/09/16 13:44:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2006/11/02 07:39:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2008/01/20 21:46:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2006/11/02 06:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\RemInst
[2008/10/05 07:12:28 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2009/09/16 13:44:02 | 000,000,000 | ---D | M] -- C:\Windows\system32\setup
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2006/11/02 07:40:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2009/09/16 13:44:02 | 000,000,000 | ---D | M] -- C:\Windows\system32\SLUI
[2006/11/02 06:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\SMI
[2006/11/02 07:35:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2009/01/15 22:22:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\spool
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2012/01/26 22:01:23 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2012/11/24 01:23:23 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2009/09/16 13:43:58 | 000,000,000 | ---D | M] -- C:\Windows\system32\vi-VN
[2012/11/21 02:27:03 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2006/11/02 07:39:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2011/01/13 00:20:09 | 000,000,000 | ---D | M] -- C:\Windows\system32\WDI
[2006/11/02 08:00:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\wfp
[2011/02/23 03:02:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2006/11/02 06:18:43 | 000,000,000 | ---D | M] -- C:\Windows\system32\winevt
[2006/11/02 07:40:00 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2012/05/08 21:54:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\XPSViewer
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2009/11/18 03:17:54 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2012/04/20 21:36:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW

< %windir%\sysnative\*. >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\syswow64\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/11/25 23:47:49 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\afd.sys
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\syswow64\drivers\*.sys /90 >

< %systemroot%\syswow64\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /rp /s >

< %systemroot%\assembly\tmp\*.* /S /MD5 >

< %systemroot%\assembly\temp\*.* /S /MD5 >

< %systemroot%\assembly\GAC\*.ini >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SystemRoot%\assembly\GAC_MSIL\*.ini >

< wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/04/11 01:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
"" = Microsoft WBEM New Event Subsystem
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
"" = Microsoft WBEM New Event Subsystem
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
"" = MruPidlList
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >
"" = Start Menu Pin
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/04/11 01:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

< HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
"" = ShellFolder for CD Burning
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
"Attributes" = 0x0
"AttributeMask" = 0xffffffff
"Location" = @shell32.dll,-12591 -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2006/11/02 04:39:37 | 015,821,312 | ---- | M] (Microsoft Corporation)

< HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

< HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s >

< HKEY_CURRENT_USER\Software\MSOLoad /s >

< bcdedit /enum all /v >C:\boot.txt /c >
Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {6b3abe04-d2b0-11dc-938e-e6adcbdf5059}
resumeobject {6b3abe05-d2b0-11dc-938e-e6adcbdf5059}
displayorder {6b3abe04-d2b0-11dc-938e-e6adcbdf5059}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
resume No
Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device partition=D:
path \Windows\System32\boot\winload.exe
description Windows Recovery Environment
osdevice partition=D:
systemroot \Windows
nx OptIn
detecthal Yes
winpe Yes
Windows Boot Loader
-------------------
identifier {6b3abe04-d2b0-11dc-938e-e6adcbdf5059}
device partition=C:
path \Windows\system32\winload.exe
description Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {6b3abe05-d2b0-11dc-938e-e6adcbdf5059}
nx OptIn
Resume from Hibernate
---------------------
identifier {6b3abe05-d2b0-11dc-938e-e6adcbdf5059}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes
Windows Legacy OS Loader
------------------------
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device unknown
path \ntldr
description Earlier Version of Windows
EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes
Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}
Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}
Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: E-MONEY-BAG-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
Volume 2 C OS NTFS Partition 221 GB Healthy System

< MD5 for: AFD.SYS >
[2012/11/25 23:47:49 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2012/11/25 23:47:49 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 08:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 08:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 21:33:55 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/10 23:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 08:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2008/10/05 09:52:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/10/05 09:52:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/05 09:52:53 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DFSC.SYS >
[2009/04/10 23:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=218D8AE46C88E82014F5D73D0236D9B2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys
[2011/04/14 09:36:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=3A3436F7DFE0E0C58CD5C3B6C9F21634 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys
[2011/04/14 09:59:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=622C41A07CA7E6DD91770F50D532CB6C -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/14 09:59:03 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=622C41A07CA7E6DD91770F50D532CB6C -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys
[2008/01/20 21:34:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=9E635AE5E8AD93E2B5989E2E23679F97 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys
[2011/04/14 09:24:14 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=A3E9FA213F443AC77C7746119D13FEEC -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys
[2011/04/13 08:22:40 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=E20FB30D720810646ED24FB7CA9899A2 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys

< MD5 for: DISK.SYS >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 21:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 21:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: I8042PRT.SYS >
[2006/11/02 03:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys
[2006/11/02 03:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys
[2008/01/20 21:14:08 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys
[2008/01/20 21:14:08 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
[2008/01/20 21:32:45 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\drivers\i8042prt.sys
[2008/01/20 21:32:49 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\i8042prt.sys
[2008/01/20 21:32:49 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\i8042prt.sys
[2008/01/20 21:32:45 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_8b7c4328\i8042prt.sys
[2008/01/20 21:32:49 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys
[2008/01/20 21:32:49 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\i8042prt.sys
[2008/01/20 21:32:45 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys
[2008/01/20 21:14:07 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
[2008/01/20 21:14:08 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys

< MD5 for: IASTOR.SYS >
[2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/09/06 11:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2007/03/21 12:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: LSASS.EXE >
[2009/06/15 07:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009/09/10 09:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009/06/15 07:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009/02/13 02:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2012/06/01 17:37:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=613DEB66A91820F0A41915B40BB8833F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22869_none_a882cf8373379c5f\lsass.exe
[2009/06/15 08:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\System32\lsass.exe
[2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18541_none_a806cc745a10ffad\lsass.exe
[2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A3E186B4B935905B829219502557314E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18643_none_a808ceee5a0f2f82\lsass.exe
[2009/06/15 07:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009/02/12 23:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009/06/15 07:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009/06/15 08:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009/09/09 06:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009/09/10 09:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008/01/20 21:33:54 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008/01/20 21:33:54 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008/01/20 21:33:54 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2011/11/16 08:57:04 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=EBFAEB786C46B407930811F94F08877D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22742_none_a8916b6f732db5f5\lsass.exe
[2009/02/13 03:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NETBT.SYS >
[2008/01/20 21:34:49 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/10 23:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/10 23:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/01/20 21:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SERIAL.SYS >
[2008/01/20 21:32:52 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys
[2008/01/20 21:32:22 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_44880ea7\serial.sys
[2008/01/20 21:32:52 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\winsxs\x86_hiddigi.inf_31bf3856ad364e35_6.0.6001.18000_none_955c449145dbf667\serial.sys
[2008/01/20 21:32:22 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serial.sys
[2006/11/02 03:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\drivers\serial.sys
[2006/11/02 03:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_9d4661e2\serial.sys
[2006/11/02 03:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\serial.sys

< MD5 for: SERVICES.EXE >
[2008/01/20 21:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/10/05 09:54:14 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 01:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 16:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009/12/08 15:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009/08/15 16:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 12:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011/06/17 15:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2012/03/30 07:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010/02/18 06:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 09:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 09:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009/12/08 15:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010/02/18 09:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 07:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009/12/08 15:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010/06/16 10:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 11:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011/06/17 15:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010/06/16 11:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 10:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 16:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/10/05 09:54:14 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/12/08 12:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009/08/14 12:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 12:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 11:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010/04/05 12:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
[2009/12/08 12:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010/04/05 15:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
[2010/02/18 09:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009/12/08 15:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2012/03/30 07:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 07:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008/01/20 21:34:55 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 11:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 21:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 21:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 21:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 21:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B3B51977

< End of report >

#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:28 AM

Posted 28 November 2012 - 07:14 AM

Hi,



Viewpoint Manager



Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



Bittorrent



Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Bittorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software



Registry Editor / Cleaner Warning !!



The following is referring to Free Window Registry Repair and ErrorEnd and
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools



I have a question for you - Did you purposely install GoToAssist ?
If not I suggest you to uninstall it via add or remove programs from the Control Panel as this is some kind of Remote support service.
More information can be found here => http://www.bleepingcomputer.com/startups/g2aservice.exe-23004.html



We need to run an OTL Fix



  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\$E-MON~1\AppData\Local\Temp\catchme.sys -- (catchme)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
    IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No CLSID value found
    IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
    [2012/01/18 17:22:31 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={0CBC313D-8E74-45FC-BE47-39CDB57A698F}&mid=c795773d2040f756769ce9d67e8f989b-24cc51989732a00043dc764235adc075582db382&lang=us&ds=AVG&pr=fr&d=2011-12-12 18:23:33&v=10.0.0.7&sap=dsp&q={searchTerms}
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - Reg Error: Value error. File not found
    O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
    O3 - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\Toolbar\WebBrowser: (no name) - {74714D77-1695-4E73-A98E-25CB374F46B4} - No CLSID value found.
    O3 - HKU\S-1-5-21-2979000727-2124573571-4186840867-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
    SafeBootMin: 01910012.sys - Driver
    SafeBootMin: 98872006.sys - Driver
    SafeBootNet: 01910012.sys - Driver
    SafeBootNet: 98872006.sys - Driver
    ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
    ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
    [2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [2012/11/25 01:44:36 | 000,000,000 | ---D | M] -- C:\Users\$E-MONEY-BAG$\AppData\Local\Conduit
    [2012/03/30 22:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrentBar
    [2011/08/25 19:19:30 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
    [2010/06/04 02:01:15 | 000,000,000 | -HSD | M] -- C:\Windows\system32\%APPDATA%
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B3B51977
    :files
    xcacls.exe C:\Windows\$NtUninstallKB60278$\1970550690 /p Administrators:f SYSTEM:f /y /c
    xcacls.exe C:\Windows\$NtUninstallKB60278$\3241749071 /p Administrators:f SYSTEM:f /y /c
    xcacls.exe C:\Windows\$NtUninstallKB60278$ /p Administrators:f SYSTEM:f /y /c
    fsutil reparsepoint delete C:\Windows\$NtUninstallKB60278$\1970550690 /c
    fsutil reparsepoint delete C:\Windows\$NtUninstallKB60278$\3241749071 /c
    fsutil reparsepoint delete C:\Windows\$NtUninstallKB60278$ /c
    rd /s /q C:\Windows\$NtUninstallKB60278$ /c
    dir /s /a "C:\Users\$E-MONEY-BAG$\AppData\Local\nlwumrhhr" /c
    dir /s /a "C:\Users\$E-MONEY-BAG$\AppData\Local\tjgrfcpvk" /c
    dir /s /a "C:\Users\$E-MONEY-BAG$\AppData\Roaming\6EDB0" /c
    dir /s /a "C:\Users\$E-MONEY-BAG$\AppData\Roaming\awwjjUCeelBrz" /c
    dir /s /a "C:\Users\$E-MONEY-BAG$\AppData\Roaming\gTTTZqhhYCk" /c
    dir /s /a "C:\Users\$E-MONEY-BAG$\AppData\Roaming\oVlt01shrPSnLhw" /c
    dir /s /a "C:\Users\$E-MONEY-BAG$\AppData\Roaming\PmmGG5ssQJdEKfZ" /c
    dir /s /a "C:\Users\$E-MONEY-BAG$\AppData\Roaming\THdKfgTjjkrO" /c
    netsh winsock reset catalog /c
    ipconfig /flushdns /c
    :commands
    [emptytemp]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.



Regards,
Georgi

cXfZ4wS.png


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:28 AM

Posted 01 December 2012 - 04:54 AM

Hi,


Are you still with me?



Regards,
Georgi

cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:28 AM

Posted 07 December 2012 - 03:14 AM

Due to the lack of feedback, this topic is now closed.
In the event you still have problems, please send a Private Message to any Moderator or the Malware Helper who replied to you here and ask them to reopen this topic within the next 5 days.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users