Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google keeps redirecting


  • This topic is locked This topic is locked
19 replies to this topic

#1 izzabe1la

izzabe1la

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 22 December 2012 - 01:51 PM

Hi,

I have some kind of google redirect virus. It only redirects 1 out of 10 or so times, and it redirects to click.livesearchnow.com.
I am using Firefox with AdBlock Plus and NoScript. I have tried Malwarebytes, TDSS Killer (that actually found and killed something, but the problem persists), Hitman Pro, Rogue Killer, and Malwarebytes Anti-rootkit.
Here are my DDS logs.
Really appreciate your help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2
Run by Kotya at 12:29:11 on 2012-12-22
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6432 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/home?AF=17284
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRunOnce: [Z1] C:\Users\Kotya\AppData\Local\Temp\Rar$EX39.904\mbar\mbar.exe /cleanup /s
StartupFolder: C:\Users\Kotya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kotya\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACROBA~1.LNK - C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B39C2913-CCE2-416A-B67A-D8FAE0CBD9CE} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kotya\AppData\Roaming\Mozilla\Firefox\Profiles\l0m0bap5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-12-11 21992]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-7-16 548264]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-14 370504]
R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe [2011-12-8 167936]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-10 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 rtl819xp;TRENDnet Wireless N PC Card/PCI Adapter NT Driver;C:\Windows\System32\drivers\rtl819xp.sys [2011-12-8 607232]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-3-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 hitmanpro36;HitmanPro 3.6 Support Driver;C:\Windows\System32\drivers\hitmanpro36.sys [2012-12-9 30496]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2012-12-20 32152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-12-9 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-9 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-22 17:43:49 98816 ----a-w- C:\Windows\sed.exe
2012-12-22 17:43:49 256000 ----a-w- C:\Windows\PEV.exe
2012-12-22 17:43:49 208896 ----a-w- C:\Windows\MBR.exe
2012-12-21 15:31:26 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A39EC67-0E87-4490-95ED-79737956C1DB}\mpengine.dll
2012-12-21 04:52:57 32152 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2012-12-21 01:12:09 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 01:12:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 01:12:08 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 01:12:07 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-20 23:59:11 -------- d-----w- C:\Flash 512MB 12202012
2012-12-12 18:45:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-09 20:38:46 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
.
==================== Find3M ====================
.
2012-12-12 01:01:56 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 01:01:56 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 04:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 12:29:18.78 ===============
Attached File  attach.txt   7.84KB   1 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 PM

Posted 22 December 2012 - 07:38 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 izzabe1la

izzabe1la
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 23 December 2012 - 01:23 PM

Hi Gringo,
Thanks so much for helping me. Here are the logs:

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Google Chrome 17.0.963.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

# AdwCleaner v2.101 - Logfile created 12/23/2012 at 12:13:03
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Kotya - KOTYA-PC
# Boot Mode : Normal
# Running from : C:\Users\Kotya\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/home?AF=17284 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\Kotya\AppData\Roaming\Mozilla\Firefox\Profiles\l0m0bap5.default\prefs.js

C:\Users\Kotya\AppData\Roaming\Mozilla\Firefox\Profiles\l0m0bap5.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "3076A725B11108C6F9DFCD630E2D1CA1");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "3");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "16.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 93638355);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kotya\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3524 octets] - [23/12/2012 12:13:03]

########## EOF - C:\AdwCleaner[S1].txt - [3584 octets] ##########

RogueKiller V8.4.0 [Dec 20 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kotya [Admin rights]
Mode : Scan -- Date : 12/23/2012 12:19:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST316002 3AS SCSI Disk Device +++++
--- User ---
[MBR] 05ffe9d600f9be168d07e4f18d91e901
[BSP] 3a051f43b388e33b3ee3a27913f5b2b9 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152485 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12232012_02d1219.txt >>
RKreport[1]_S_12232012_02d1219.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 PM

Posted 23 December 2012 - 01:27 PM

Hello izzabe1la

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 izzabe1la

izzabe1la
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 23 December 2012 - 01:44 PM

I ran Combofix and tried recreating the problem. It stopped redirecting to click.livesearchnow.com; instead, it now redirects to bike-finder.com and feedsmixer.com.

Here is the log:

ComboFix 12-12-23.01 - Kotya 12/23/2012 12:33:14.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6755 [GMT -6:00]
Running from: c:\users\Kotya\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-11-23 to 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 18:37 . 2012-12-23 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 15:31 . 2012-11-19 07:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A39EC67-0E87-4490-95ED-79737956C1DB}\mpengine.dll
2012-12-21 04:52 . 2012-12-21 15:14 32152 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2012-12-21 01:12 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 01:12 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 01:12 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 01:12 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 23:59 . 2012-12-21 00:00 -------- d-----w- C:\Flash 512MB 12202012
2012-12-09 20:38 . 2012-12-09 20:38 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 18:45 . 2011-12-09 01:24 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 01:01 . 2012-06-09 21:16 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 01:01 . 2011-12-09 00:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-04 16:40 . 2012-12-12 18:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-30 01:54 . 2012-09-24 04:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-14 00:08 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 00:08 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-25 04:16 . 2012-10-23 18:08 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
.
c:\users\Kotya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kotya\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files (x86)\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-8 113664]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe [2011-12-8 507904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-12-09 30496]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2012-12-21 32152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-07-17 548264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 WlanWpsSvc;WlanWpsSvc;c:\program files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe [2008-06-27 167936]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 rtl819xp;TRENDnet Wireless N PC Card/PCI Adapter NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-07-03 607232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 01:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kotya\AppData\Roaming\Mozilla\Firefox\Profiles\l0m0bap5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-23 12:38:13
ComboFix-quarantined-files.txt 2012-12-23 18:38
ComboFix2.txt 2012-12-22 17:49
.
Pre-Run: 62,188,081,152 bytes free
Post-Run: 63,664,128,000 bytes free
.
- - End Of File - - 398D4C053DBCFB8430931B85ADFB10DB

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 PM

Posted 23 December 2012 - 01:54 PM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 izzabe1la

izzabe1la
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 23 December 2012 - 02:18 PM

Gringo,

The new redirect destinations are now promotions.monster.com, easycashesfinder.in, and butterflysearch.net.
The logs you requested:

13:00:15.0865 2860 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:00:16.0286 2860 ============================================================
13:00:16.0286 2860 Current date / time: 2012/12/23 13:00:16.0286
13:00:16.0286 2860 SystemInfo:
13:00:16.0286 2860
13:00:16.0286 2860 OS Version: 6.1.7601 ServicePack: 1.0
13:00:16.0286 2860 Product type: Workstation
13:00:16.0286 2860 ComputerName: KOTYA-PC
13:00:16.0286 2860 UserName: Kotya
13:00:16.0286 2860 Windows directory: C:\Windows
13:00:16.0286 2860 System windows directory: C:\Windows
13:00:16.0286 2860 Running under WOW64
13:00:16.0286 2860 Processor architecture: Intel x64
13:00:16.0286 2860 Number of processors: 2
13:00:16.0286 2860 Page size: 0x1000
13:00:16.0286 2860 Boot type: Normal boot
13:00:16.0286 2860 ============================================================
13:00:48.0650 2860 BG loaded
13:00:49.0332 2860 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x285DF, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
13:00:49.0362 2860 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:00:49.0412 2860 ============================================================
13:00:49.0412 2860 \Device\Harddisk0\DR0:
13:00:49.0442 2860 MBR partitions:
13:00:49.0442 2860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:00:49.0442 2860 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129D2800
13:00:49.0442 2860 \Device\Harddisk1\DR1:
13:00:49.0452 2860 MBR partitions:
13:00:49.0452 2860 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x181F0A40
13:00:49.0502 2860 ============================================================
13:00:49.0742 2860 C: <-> \Device\Harddisk0\DR0\Partition2
13:00:49.0802 2860 E: <-> \Device\Harddisk1\DR1\Partition1
13:00:49.0802 2860 ============================================================
13:00:49.0802 2860 Initialize success
13:00:49.0802 2860 ============================================================
13:01:51.0419 3764 ============================================================
13:01:51.0419 3764 Scan started
13:01:51.0419 3764 Mode: Manual; SigCheck; TDLFS;
13:01:51.0419 3764 ============================================================
13:01:53.0837 3764 ================ Scan system memory ========================
13:01:53.0837 3764 System memory - ok
13:01:53.0853 3764 ================ Scan services =============================
13:01:54.0024 3764 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:01:54.0134 3764 1394ohci - ok
13:01:54.0180 3764 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:01:54.0196 3764 ACPI - ok
13:01:54.0212 3764 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:01:54.0305 3764 AcpiPmi - ok
13:01:54.0446 3764 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:01:54.0461 3764 AdobeARMservice - ok
13:01:54.0539 3764 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:01:54.0555 3764 AdobeFlashPlayerUpdateSvc - ok
13:01:54.0602 3764 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:01:54.0617 3764 adp94xx - ok
13:01:54.0648 3764 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:01:54.0664 3764 adpahci - ok
13:01:54.0680 3764 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:01:54.0680 3764 adpu320 - ok
13:01:54.0711 3764 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:01:54.0867 3764 AeLookupSvc - ok
13:01:54.0929 3764 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:01:55.0038 3764 AFD - ok
13:01:55.0070 3764 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:01:55.0101 3764 agp440 - ok
13:01:55.0132 3764 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:01:55.0194 3764 ALG - ok
13:01:55.0210 3764 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:01:55.0226 3764 aliide - ok
13:01:55.0272 3764 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:01:55.0382 3764 AMD External Events Utility - ok
13:01:55.0428 3764 AMD FUEL Service - ok
13:01:55.0460 3764 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:01:55.0491 3764 amdide - ok
13:01:55.0522 3764 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
13:01:55.0538 3764 amdiox64 - ok
13:01:55.0553 3764 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:01:55.0662 3764 AmdK8 - ok
13:01:56.0708 3764 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:01:56.0817 3764 amdkmdag - ok
13:01:56.0848 3764 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:01:56.0895 3764 amdkmdap - ok
13:01:56.0910 3764 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:01:56.0957 3764 AmdPPM - ok
13:01:56.0988 3764 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:01:57.0020 3764 amdsata - ok
13:01:57.0051 3764 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:01:57.0066 3764 amdsbs - ok
13:01:57.0082 3764 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:01:57.0082 3764 amdxata - ok
13:01:57.0113 3764 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:01:57.0144 3764 AODDriver4.01 - ok
13:01:57.0144 3764 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:01:57.0160 3764 AODDriver4.1 - ok
13:01:57.0207 3764 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:01:57.0394 3764 AppID - ok
13:01:57.0425 3764 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:01:57.0472 3764 AppIDSvc - ok
13:01:57.0534 3764 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:01:57.0597 3764 Appinfo - ok
13:01:57.0644 3764 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:01:57.0706 3764 AppMgmt - ok
13:01:57.0737 3764 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:01:57.0768 3764 arc - ok
13:01:57.0784 3764 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:01:57.0800 3764 arcsas - ok
13:01:57.0831 3764 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
13:01:57.0862 3764 AsIO - ok
13:01:57.0878 3764 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:01:57.0956 3764 AsyncMac - ok
13:01:57.0987 3764 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:01:57.0987 3764 atapi - ok
13:01:58.0034 3764 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:01:58.0049 3764 AtiHDAudioService - ok
13:01:58.0704 3764 [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:01:58.0798 3764 atikmdag - ok
13:01:58.0876 3764 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:01:58.0923 3764 AudioEndpointBuilder - ok
13:01:58.0938 3764 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:01:58.0954 3764 AudioSrv - ok
13:01:59.0001 3764 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:01:59.0079 3764 AxInstSV - ok
13:01:59.0126 3764 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:01:59.0172 3764 b06bdrv - ok
13:01:59.0204 3764 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:01:59.0235 3764 b57nd60a - ok
13:01:59.0282 3764 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:01:59.0297 3764 BDESVC - ok
13:01:59.0313 3764 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:01:59.0360 3764 Beep - ok
13:01:59.0438 3764 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:01:59.0484 3764 BFE - ok
13:01:59.0516 3764 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
13:01:59.0562 3764 BITS - ok
13:01:59.0609 3764 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:01:59.0609 3764 blbdrive - ok
13:01:59.0640 3764 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:01:59.0672 3764 bowser - ok
13:01:59.0687 3764 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:01:59.0750 3764 BrFiltLo - ok
13:01:59.0765 3764 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:01:59.0765 3764 BrFiltUp - ok
13:01:59.0812 3764 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:01:59.0843 3764 BridgeMP - ok
13:01:59.0906 3764 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:01:59.0937 3764 Browser - ok
13:01:59.0968 3764 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:02:00.0015 3764 Brserid - ok
13:02:00.0030 3764 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:02:00.0062 3764 BrSerWdm - ok
13:02:00.0077 3764 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:02:00.0108 3764 BrUsbMdm - ok
13:02:00.0124 3764 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:02:00.0155 3764 BrUsbSer - ok
13:02:00.0171 3764 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:02:00.0186 3764 BTHMODEM - ok
13:02:00.0233 3764 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:02:00.0264 3764 bthserv - ok
13:02:00.0296 3764 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:02:00.0342 3764 cdfs - ok
13:02:00.0389 3764 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:02:00.0405 3764 cdrom - ok
13:02:00.0467 3764 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:02:00.0498 3764 CertPropSvc - ok
13:02:00.0530 3764 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:02:00.0545 3764 circlass - ok
13:02:00.0592 3764 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:02:00.0592 3764 CLFS - ok
13:02:00.0639 3764 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:02:00.0654 3764 clr_optimization_v2.0.50727_32 - ok
13:02:00.0701 3764 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:02:00.0701 3764 clr_optimization_v2.0.50727_64 - ok
13:02:00.0717 3764 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:02:00.0748 3764 CmBatt - ok
13:02:00.0764 3764 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:02:00.0764 3764 cmdide - ok
13:02:00.0810 3764 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:02:00.0826 3764 CNG - ok
13:02:00.0857 3764 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:02:00.0857 3764 Compbatt - ok
13:02:00.0888 3764 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:02:00.0920 3764 CompositeBus - ok
13:02:00.0935 3764 COMSysApp - ok
13:02:00.0982 3764 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
13:02:00.0982 3764 cpuz135 - ok
13:02:00.0998 3764 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:02:01.0013 3764 crcdisk - ok
13:02:01.0060 3764 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:02:01.0107 3764 CryptSvc - ok
13:02:01.0154 3764 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:02:01.0200 3764 CSC - ok
13:02:01.0216 3764 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:02:01.0247 3764 CscService - ok
13:02:01.0310 3764 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:02:01.0356 3764 DcomLaunch - ok
13:02:01.0403 3764 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:02:01.0434 3764 defragsvc - ok
13:02:01.0481 3764 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:02:01.0512 3764 DfsC - ok
13:02:01.0575 3764 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:02:01.0622 3764 Dhcp - ok
13:02:01.0637 3764 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:02:01.0684 3764 discache - ok
13:02:01.0715 3764 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:02:01.0731 3764 Disk - ok
13:02:01.0746 3764 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:02:01.0793 3764 Dnscache - ok
13:02:01.0824 3764 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:02:01.0871 3764 dot3svc - ok
13:02:01.0902 3764 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:02:01.0934 3764 DPS - ok
13:02:01.0965 3764 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:02:02.0012 3764 drmkaud - ok
13:02:02.0074 3764 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:02:02.0121 3764 DXGKrnl - ok
13:02:02.0152 3764 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:02:02.0214 3764 EapHost - ok
13:02:02.0339 3764 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:02:02.0495 3764 ebdrv - ok
13:02:02.0511 3764 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:02:02.0573 3764 EFS - ok
13:02:02.0620 3764 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:02:02.0714 3764 ehRecvr - ok
13:02:02.0745 3764 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:02:02.0776 3764 ehSched - ok
13:02:02.0807 3764 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:02:02.0838 3764 elxstor - ok
13:02:02.0854 3764 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:02:02.0870 3764 ErrDev - ok
13:02:02.0932 3764 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:02:02.0994 3764 EventSystem - ok
13:02:03.0010 3764 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:02:03.0041 3764 exfat - ok
13:02:03.0072 3764 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:02:03.0104 3764 fastfat - ok
13:02:03.0166 3764 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:02:03.0228 3764 Fax - ok
13:02:03.0228 3764 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:02:03.0260 3764 fdc - ok
13:02:03.0291 3764 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:02:03.0322 3764 fdPHost - ok
13:02:03.0322 3764 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:02:03.0353 3764 FDResPub - ok
13:02:03.0369 3764 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:02:03.0384 3764 FileInfo - ok
13:02:03.0384 3764 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:02:03.0431 3764 Filetrace - ok
13:02:03.0431 3764 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:02:03.0431 3764 flpydisk - ok
13:02:03.0494 3764 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:02:03.0525 3764 FltMgr - ok
13:02:03.0587 3764 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
13:02:03.0650 3764 FontCache - ok
13:02:03.0696 3764 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:02:03.0728 3764 FontCache3.0.0.0 - ok
13:02:03.0728 3764 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:02:03.0743 3764 FsDepends - ok
13:02:03.0790 3764 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
13:02:03.0806 3764 fssfltr - ok
13:02:03.0884 3764 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:02:03.0946 3764 fsssvc - ok
13:02:03.0993 3764 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:02:04.0024 3764 Fs_Rec - ok
13:02:04.0071 3764 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:02:04.0118 3764 fvevol - ok
13:02:04.0133 3764 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:02:04.0149 3764 gagp30kx - ok
13:02:04.0196 3764 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:02:04.0227 3764 gpsvc - ok
13:02:04.0242 3764 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:02:04.0289 3764 hcw85cir - ok
13:02:04.0336 3764 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:02:04.0383 3764 HdAudAddService - ok
13:02:04.0398 3764 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:02:04.0414 3764 HDAudBus - ok
13:02:04.0430 3764 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:02:04.0461 3764 HidBatt - ok
13:02:04.0476 3764 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:02:04.0508 3764 HidBth - ok
13:02:04.0523 3764 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:02:04.0554 3764 HidIr - ok
13:02:04.0570 3764 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:02:04.0617 3764 hidserv - ok
13:02:04.0664 3764 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:02:04.0695 3764 HidUsb - ok
13:02:04.0726 3764 [ 44F92C1F913E582BEF9CAC66443C6230 ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
13:02:04.0757 3764 hitmanpro36 - ok
13:02:04.0788 3764 [ DD9C88B116408B30F855A76E09DD2962 ] hitmanpro37 C:\Windows\system32\drivers\hitmanpro37.sys
13:02:04.0804 3764 hitmanpro37 - ok
13:02:04.0835 3764 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:02:04.0882 3764 hkmsvc - ok
13:02:04.0913 3764 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:02:04.0976 3764 HomeGroupListener - ok
13:02:05.0022 3764 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:02:05.0069 3764 HomeGroupProvider - ok
13:02:05.0100 3764 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:02:05.0132 3764 HpSAMD - ok
13:02:05.0194 3764 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:02:05.0272 3764 HTTP - ok
13:02:05.0303 3764 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:02:05.0303 3764 hwpolicy - ok
13:02:05.0334 3764 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:02:05.0334 3764 i8042prt - ok
13:02:05.0366 3764 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:02:05.0381 3764 iaStorV - ok
13:02:05.0444 3764 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:02:05.0475 3764 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:02:05.0475 3764 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:02:05.0553 3764 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:02:05.0615 3764 idsvc - ok
13:02:05.0646 3764 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:02:05.0646 3764 iirsp - ok
13:02:05.0709 3764 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:02:05.0787 3764 IKEEXT - ok
13:02:05.0802 3764 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:02:05.0818 3764 intelide - ok
13:02:05.0834 3764 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:02:05.0849 3764 intelppm - ok
13:02:05.0896 3764 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:02:05.0958 3764 IPBusEnum - ok
13:02:05.0974 3764 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:02:06.0052 3764 IpFilterDriver - ok
13:02:06.0083 3764 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:02:06.0114 3764 iphlpsvc - ok
13:02:06.0161 3764 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:02:06.0192 3764 IPMIDRV - ok
13:02:06.0239 3764 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:02:06.0286 3764 IPNAT - ok
13:02:06.0317 3764 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:02:06.0364 3764 IRENUM - ok
13:02:06.0380 3764 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:02:06.0380 3764 isapnp - ok
13:02:06.0395 3764 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:02:06.0411 3764 iScsiPrt - ok
13:02:06.0442 3764 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:02:06.0458 3764 kbdclass - ok
13:02:06.0473 3764 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:02:06.0473 3764 kbdhid - ok
13:02:06.0489 3764 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:02:06.0489 3764 KeyIso - ok
13:02:06.0520 3764 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:02:06.0520 3764 KSecDD - ok
13:02:06.0551 3764 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:02:06.0567 3764 KSecPkg - ok
13:02:06.0582 3764 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:02:06.0614 3764 ksthunk - ok
13:02:06.0645 3764 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:02:06.0692 3764 KtmRm - ok
13:02:06.0738 3764 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:02:06.0816 3764 LanmanServer - ok
13:02:06.0848 3764 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:02:06.0894 3764 LanmanWorkstation - ok
13:02:06.0926 3764 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:02:06.0957 3764 lltdio - ok
13:02:07.0004 3764 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:02:07.0082 3764 lltdsvc - ok
13:02:07.0113 3764 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:02:07.0144 3764 lmhosts - ok
13:02:07.0175 3764 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:02:07.0206 3764 LSI_FC - ok
13:02:07.0206 3764 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:02:07.0222 3764 LSI_SAS - ok
13:02:07.0238 3764 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:02:07.0253 3764 LSI_SAS2 - ok
13:02:07.0269 3764 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:02:07.0284 3764 LSI_SCSI - ok
13:02:07.0300 3764 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:02:07.0378 3764 luafv - ok
13:02:07.0409 3764 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:02:07.0440 3764 Mcx2Svc - ok
13:02:07.0456 3764 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:02:07.0456 3764 megasas - ok
13:02:07.0487 3764 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:02:07.0503 3764 MegaSR - ok
13:02:07.0581 3764 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:02:07.0596 3764 Microsoft Office Groove Audit Service - ok
13:02:07.0628 3764 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:02:07.0690 3764 MMCSS - ok
13:02:07.0706 3764 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:02:07.0752 3764 Modem - ok
13:02:07.0799 3764 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:02:07.0846 3764 monitor - ok
13:02:07.0877 3764 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:02:07.0877 3764 mouclass - ok
13:02:07.0908 3764 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:02:07.0940 3764 mouhid - ok
13:02:07.0986 3764 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:02:08.0018 3764 mountmgr - ok
13:02:08.0080 3764 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:02:08.0111 3764 MozillaMaintenance - ok
13:02:08.0127 3764 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:02:08.0142 3764 mpio - ok
13:02:08.0174 3764 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:02:08.0236 3764 mpsdrv - ok
13:02:08.0283 3764 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:02:08.0345 3764 MpsSvc - ok
13:02:08.0392 3764 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:02:08.0423 3764 MRxDAV - ok
13:02:08.0439 3764 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:02:08.0486 3764 mrxsmb - ok
13:02:08.0532 3764 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:02:08.0579 3764 mrxsmb10 - ok
13:02:08.0595 3764 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:02:08.0626 3764 mrxsmb20 - ok
13:02:08.0657 3764 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:02:08.0657 3764 msahci - ok
13:02:08.0688 3764 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:02:08.0704 3764 msdsm - ok
13:02:08.0720 3764 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:02:08.0751 3764 MSDTC - ok
13:02:08.0782 3764 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:02:08.0844 3764 Msfs - ok
13:02:08.0860 3764 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:02:08.0876 3764 mshidkmdf - ok
13:02:08.0891 3764 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:02:08.0907 3764 msisadrv - ok
13:02:08.0938 3764 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:02:09.0016 3764 MSiSCSI - ok
13:02:09.0016 3764 msiserver - ok
13:02:09.0032 3764 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:02:09.0063 3764 MSKSSRV - ok
13:02:09.0063 3764 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:02:09.0110 3764 MSPCLOCK - ok
13:02:09.0125 3764 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:02:09.0156 3764 MSPQM - ok
13:02:09.0203 3764 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:02:09.0219 3764 MsRPC - ok
13:02:09.0234 3764 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:02:09.0250 3764 mssmbios - ok
13:02:09.0250 3764 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:02:09.0281 3764 MSTEE - ok
13:02:09.0297 3764 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:02:09.0312 3764 MTConfig - ok
13:02:09.0344 3764 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
13:02:09.0359 3764 MTsensor - ok
13:02:09.0390 3764 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:02:09.0406 3764 Mup - ok
13:02:09.0453 3764 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:02:09.0515 3764 napagent - ok
13:02:09.0562 3764 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:02:09.0624 3764 NativeWifiP - ok
13:02:09.0702 3764 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:02:09.0765 3764 NDIS - ok
13:02:09.0780 3764 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:02:09.0796 3764 NdisCap - ok
13:02:09.0827 3764 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:02:09.0905 3764 NdisTapi - ok
13:02:09.0936 3764 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:02:09.0983 3764 Ndisuio - ok
13:02:09.0999 3764 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:02:10.0077 3764 NdisWan - ok
13:02:10.0108 3764 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:02:10.0170 3764 NDProxy - ok
13:02:10.0202 3764 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:02:10.0264 3764 NetBIOS - ok
13:02:10.0311 3764 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:02:10.0342 3764 NetBT - ok
13:02:10.0342 3764 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:02:10.0358 3764 Netlogon - ok
13:02:10.0373 3764 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:02:10.0420 3764 Netman - ok
13:02:10.0436 3764 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:02:10.0482 3764 netprofm - ok
13:02:10.0514 3764 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:02:10.0514 3764 NetTcpPortSharing - ok
13:02:10.0529 3764 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:02:10.0545 3764 nfrd960 - ok
13:02:10.0592 3764 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:02:10.0670 3764 NlaSvc - ok
13:02:10.0685 3764 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:02:10.0716 3764 Npfs - ok
13:02:10.0732 3764 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:02:10.0763 3764 nsi - ok
13:02:10.0794 3764 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:02:10.0857 3764 nsiproxy - ok
13:02:10.0935 3764 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:02:11.0013 3764 Ntfs - ok
13:02:11.0028 3764 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:02:11.0075 3764 Null - ok
13:02:11.0122 3764 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
13:02:11.0153 3764 NVENETFD - ok
13:02:11.0184 3764 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:02:11.0216 3764 nvraid - ok
13:02:11.0231 3764 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:02:11.0247 3764 nvstor - ok
13:02:11.0278 3764 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:02:11.0278 3764 nv_agp - ok
13:02:11.0356 3764 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:02:11.0387 3764 odserv - ok
13:02:11.0418 3764 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:02:11.0418 3764 ohci1394 - ok
13:02:11.0450 3764 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:02:11.0481 3764 ose - ok
13:02:11.0528 3764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:02:11.0574 3764 p2pimsvc - ok
13:02:11.0621 3764 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:02:11.0621 3764 p2psvc - ok
13:02:11.0652 3764 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:02:11.0668 3764 Parport - ok
13:02:11.0668 3764 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:02:11.0684 3764 partmgr - ok
13:02:11.0699 3764 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:02:11.0746 3764 PcaSvc - ok
13:02:11.0777 3764 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:02:11.0793 3764 pci - ok
13:02:11.0808 3764 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:02:11.0824 3764 pciide - ok
13:02:11.0840 3764 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:02:11.0855 3764 pcmcia - ok
13:02:11.0871 3764 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:02:11.0871 3764 pcw - ok
13:02:11.0902 3764 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:02:11.0933 3764 PEAUTH - ok
13:02:11.0996 3764 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:02:12.0136 3764 PeerDistSvc - ok
13:02:12.0245 3764 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:02:12.0292 3764 PerfHost - ok
13:02:12.0417 3764 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:02:12.0495 3764 pla - ok
13:02:12.0588 3764 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:02:12.0651 3764 PlugPlay - ok
13:02:12.0682 3764 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:02:12.0682 3764 PNRPAutoReg - ok
13:02:12.0729 3764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:02:12.0760 3764 PNRPsvc - ok
13:02:12.0838 3764 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:02:12.0900 3764 PolicyAgent - ok
13:02:12.0932 3764 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:02:13.0010 3764 Power - ok
13:02:13.0056 3764 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:02:13.0134 3764 PptpMiniport - ok
13:02:13.0150 3764 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:02:13.0197 3764 Processor - ok
13:02:13.0259 3764 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
13:02:13.0353 3764 ProfSvc - ok
13:02:13.0368 3764 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:02:13.0384 3764 ProtectedStorage - ok
13:02:13.0431 3764 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:02:13.0462 3764 Psched - ok
13:02:13.0868 3764 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:02:13.0961 3764 ql2300 - ok
13:02:14.0008 3764 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:02:14.0024 3764 ql40xx - ok
13:02:14.0070 3764 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:02:14.0117 3764 QWAVE - ok
13:02:14.0133 3764 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:02:14.0164 3764 QWAVEdrv - ok
13:02:14.0180 3764 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:02:14.0242 3764 RasAcd - ok
13:02:14.0273 3764 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:02:14.0336 3764 RasAgileVpn - ok
13:02:14.0351 3764 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:02:14.0429 3764 RasAuto - ok
13:02:14.0492 3764 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:02:14.0570 3764 Rasl2tp - ok
13:02:14.0632 3764 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:02:14.0694 3764 RasMan - ok
13:02:14.0741 3764 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:02:14.0788 3764 RasPppoe - ok
13:02:14.0804 3764 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:02:14.0850 3764 RasSstp - ok
13:02:14.0913 3764 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:02:14.0928 3764 rdbss - ok
13:02:14.0944 3764 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:02:14.0975 3764 rdpbus - ok
13:02:14.0991 3764 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:02:15.0022 3764 RDPCDD - ok
13:02:15.0069 3764 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:02:15.0084 3764 RDPDR - ok
13:02:15.0100 3764 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:02:15.0131 3764 RDPENCDD - ok
13:02:15.0162 3764 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:02:15.0178 3764 RDPREFMP - ok
13:02:15.0256 3764 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:02:15.0303 3764 RdpVideoMiniport - ok
13:02:15.0350 3764 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:02:15.0381 3764 RDPWD - ok
13:02:15.0443 3764 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:02:15.0459 3764 rdyboost - ok
13:02:15.0490 3764 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:02:15.0537 3764 RemoteAccess - ok
13:02:15.0568 3764 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:02:15.0599 3764 RemoteRegistry - ok
13:02:15.0646 3764 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:02:15.0693 3764 RpcEptMapper - ok
13:02:15.0724 3764 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:02:15.0786 3764 RpcLocator - ok
13:02:15.0833 3764 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:02:15.0896 3764 RpcSs - ok
13:02:15.0927 3764 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:02:15.0942 3764 rspndr - ok
13:02:15.0974 3764 [ 20B6F5D595FBB4C15AD4815187AC4A82 ] rtl819xp C:\Windows\system32\DRIVERS\rtl819xp.sys
13:02:16.0005 3764 rtl819xp - ok
13:02:16.0036 3764 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:02:16.0067 3764 s3cap - ok
13:02:16.0083 3764 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:02:16.0098 3764 SamSs - ok
13:02:16.0114 3764 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:02:16.0130 3764 sbp2port - ok
13:02:16.0192 3764 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:02:16.0254 3764 SCardSvr - ok
13:02:16.0286 3764 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:02:16.0364 3764 scfilter - ok
13:02:16.0426 3764 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:02:16.0473 3764 Schedule - ok
13:02:16.0504 3764 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:02:16.0535 3764 SCPolicySvc - ok
13:02:16.0566 3764 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:02:16.0582 3764 SDRSVC - ok
13:02:16.0613 3764 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:02:16.0644 3764 secdrv - ok
13:02:16.0676 3764 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:02:16.0691 3764 seclogon - ok
13:02:16.0707 3764 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:02:16.0754 3764 SENS - ok
13:02:16.0785 3764 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:02:16.0816 3764 SensrSvc - ok
13:02:16.0863 3764 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:02:16.0878 3764 Serenum - ok
13:02:16.0910 3764 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:02:16.0910 3764 Serial - ok
13:02:16.0925 3764 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:02:16.0925 3764 sermouse - ok
13:02:16.0972 3764 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:02:17.0019 3764 SessionEnv - ok
13:02:17.0034 3764 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:02:17.0066 3764 sffdisk - ok
13:02:17.0081 3764 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:02:17.0112 3764 sffp_mmc - ok
13:02:17.0128 3764 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:02:17.0237 3764 sffp_sd - ok
13:02:17.0268 3764 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:02:17.0315 3764 sfloppy - ok
13:02:17.0409 3764 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:02:17.0471 3764 SharedAccess - ok
13:02:17.0502 3764 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:02:17.0549 3764 ShellHWDetection - ok
13:02:17.0576 3764 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:02:17.0584 3764 SiSRaid2 - ok
13:02:17.0611 3764 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:02:17.0619 3764 SiSRaid4 - ok
13:02:17.0646 3764 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:02:17.0668 3764 Smb - ok
13:02:17.0731 3764 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:02:17.0746 3764 SNMPTRAP - ok
13:02:18.0199 3764 [ FF10A385061128C9134E5288E709E4B0 ] SplashtopRemoteService C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
13:02:18.0214 3764 SplashtopRemoteService - ok
13:02:18.0261 3764 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:02:18.0292 3764 spldr - ok
13:02:18.0417 3764 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
13:02:18.0464 3764 Spooler - ok
13:02:18.0994 3764 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:02:19.0057 3764 sppsvc - ok
13:02:19.0088 3764 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:02:19.0119 3764 sppuinotify - ok
13:02:19.0150 3764 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:02:19.0197 3764 srv - ok
13:02:19.0228 3764 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:02:19.0260 3764 srv2 - ok
13:02:19.0275 3764 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:02:19.0291 3764 srvnet - ok
13:02:19.0322 3764 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:02:19.0369 3764 SSDPSRV - ok
13:02:19.0384 3764 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:02:19.0416 3764 SstpSvc - ok
13:02:19.0556 3764 [ 1CFA4A1F3C7BB4C8F299E00428EB8677 ] SSUService C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
13:02:19.0587 3764 SSUService - ok
13:02:19.0618 3764 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:02:19.0618 3764 stexstor - ok
13:02:19.0790 3764 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:02:19.0837 3764 stisvc - ok
13:02:19.0868 3764 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:02:19.0884 3764 storflt - ok
13:02:19.0899 3764 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:02:19.0915 3764 storvsc - ok
13:02:19.0930 3764 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:02:19.0946 3764 swenum - ok
13:02:19.0977 3764 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:02:20.0024 3764 swprv - ok
13:02:20.0086 3764 Synth3dVsc - ok
13:02:20.0164 3764 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:02:20.0211 3764 SysMain - ok
13:02:20.0242 3764 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:02:20.0258 3764 TabletInputService - ok
13:02:20.0320 3764 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:02:20.0383 3764 TapiSrv - ok
13:02:20.0398 3764 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:02:20.0430 3764 TBS - ok
13:02:20.0492 3764 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:02:20.0601 3764 Tcpip - ok
13:02:20.0679 3764 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:02:20.0726 3764 TCPIP6 - ok
13:02:20.0773 3764 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:02:20.0788 3764 tcpipreg - ok
13:02:20.0820 3764 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:02:20.0851 3764 TDPIPE - ok
13:02:20.0882 3764 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:02:20.0882 3764 TDTCP - ok
13:02:20.0929 3764 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:02:20.0960 3764 tdx - ok
13:02:20.0976 3764 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:02:20.0991 3764 TermDD - ok
13:02:21.0038 3764 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:02:21.0100 3764 TermService - ok
13:02:21.0116 3764 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:02:21.0132 3764 Themes - ok
13:02:21.0163 3764 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:02:21.0178 3764 THREADORDER - ok
13:02:21.0194 3764 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:02:21.0225 3764 TrkWks - ok
13:02:21.0288 3764 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:02:21.0366 3764 TrustedInstaller - ok
13:02:21.0397 3764 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:02:21.0444 3764 tssecsrv - ok
13:02:21.0506 3764 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:02:21.0568 3764 TsUsbFlt - ok
13:02:21.0584 3764 tsusbhub - ok
13:02:21.0631 3764 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:02:21.0662 3764 tunnel - ok
13:02:21.0693 3764 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:02:21.0709 3764 uagp35 - ok
13:02:21.0756 3764 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:02:21.0834 3764 udfs - ok
13:02:21.0865 3764 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:02:21.0865 3764 UI0Detect - ok
13:02:21.0880 3764 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:02:21.0896 3764 uliagpkx - ok
13:02:21.0912 3764 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:02:21.0943 3764 umbus - ok
13:02:21.0974 3764 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:02:22.0005 3764 UmPass - ok
13:02:22.0052 3764 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:02:22.0099 3764 UmRdpService - ok
13:02:22.0130 3764 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:02:22.0177 3764 upnphost - ok
13:02:22.0208 3764 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:02:22.0224 3764 usbccgp - ok
13:02:22.0239 3764 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:02:22.0255 3764 usbcir - ok
13:02:22.0255 3764 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:02:22.0286 3764 usbehci - ok
13:02:22.0302 3764 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
13:02:22.0333 3764 usbhub - ok
13:02:22.0348 3764 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:02:22.0348 3764 usbohci - ok
13:02:22.0380 3764 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:02:22.0426 3764 usbprint - ok
13:02:22.0458 3764 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:02:22.0473 3764 USBSTOR - ok
13:02:22.0489 3764 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:02:22.0520 3764 usbuhci - ok
13:02:22.0551 3764 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:02:22.0614 3764 UxSms - ok
13:02:22.0614 3764 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:02:22.0629 3764 VaultSvc - ok
13:02:22.0645 3764 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:02:22.0645 3764 vdrvroot - ok
13:02:22.0692 3764 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:02:22.0754 3764 vds - ok
13:02:22.0770 3764 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:02:22.0785 3764 vga - ok
13:02:22.0785 3764 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:02:22.0832 3764 VgaSave - ok
13:02:22.0848 3764 VGPU - ok
13:02:22.0879 3764 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:02:22.0926 3764 vhdmp - ok
13:02:22.0941 3764 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:02:22.0957 3764 viaide - ok
13:02:22.0972 3764 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:02:22.0988 3764 vmbus - ok
13:02:23.0004 3764 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:02:23.0019 3764 VMBusHID - ok
13:02:23.0050 3764 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:02:23.0050 3764 volmgr - ok
13:02:23.0097 3764 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:02:23.0113 3764 volmgrx - ok
13:02:23.0128 3764 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:02:23.0144 3764 volsnap - ok
13:02:23.0175 3764 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
13:02:23.0175 3764 vpcbus - ok
13:02:23.0206 3764 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:02:23.0253 3764 vpcnfltr - ok
13:02:23.0284 3764 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
13:02:23.0300 3764 vpcusb - ok
13:02:23.0362 3764 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
13:02:23.0409 3764 vpcvmm - ok
13:02:23.0425 3764 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:02:23.0440 3764 vsmraid - ok
13:02:23.0518 3764 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:02:23.0643 3764 VSS - ok
13:02:23.0674 3764 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:02:23.0706 3764 vwifibus - ok
13:02:23.0721 3764 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:02:23.0737 3764 vwififlt - ok
13:02:23.0752 3764 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:02:23.0752 3764 vwifimp - ok
13:02:23.0784 3764 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:02:23.0846 3764 W32Time - ok
13:02:23.0862 3764 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:02:23.0877 3764 WacomPen - ok
13:02:23.0940 3764 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:02:24.0002 3764 WANARP - ok
13:02:24.0018 3764 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:02:24.0033 3764 Wanarpv6 - ok
13:02:24.0111 3764 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:02:24.0174 3764 WatAdminSvc - ok
13:02:24.0236 3764 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:02:24.0345 3764 wbengine - ok
13:02:24.0376 3764 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:02:24.0392 3764 WbioSrvc - ok
13:02:24.0439 3764 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:02:24.0470 3764 wcncsvc - ok
13:02:24.0486 3764 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:02:24.0517 3764 WcsPlugInService - ok
13:02:24.0532 3764 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:02:24.0548 3764 Wd - ok
13:02:24.0579 3764 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:02:24.0595 3764 Wdf01000 - ok
13:02:24.0610 3764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:02:24.0704 3764 WdiServiceHost - ok
13:02:24.0720 3764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:02:24.0735 3764 WdiSystemHost - ok
13:02:24.0766 3764 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:02:24.0798 3764 WebClient - ok
13:02:24.0813 3764 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:02:24.0860 3764 Wecsvc - ok
13:02:24.0891 3764 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:02:24.0907 3764 wercplsupport - ok
13:02:24.0938 3764 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:02:24.0954 3764 WerSvc - ok
13:02:24.0985 3764 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:02:25.0047 3764 WfpLwf - ok
13:02:25.0063 3764 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:02:25.0063 3764 WIMMount - ok
13:02:25.0078 3764 WinDefend - ok
13:02:25.0078 3764 WinHttpAutoProxySvc - ok
13:02:25.0125 3764 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:02:25.0203 3764 Winmgmt - ok
13:02:25.0297 3764 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:02:25.0406 3764 WinRM - ok
13:02:25.0453 3764 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:02:25.0484 3764 WinUsb - ok
13:02:25.0515 3764 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:02:25.0578 3764 Wlansvc - ok
13:02:25.0656 3764 [ C71EE856C4F5B52E2D094F494CEE4936 ] WlanWpsSvc C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe
13:02:25.0671 3764 WlanWpsSvc ( UnsignedFile.Multi.Generic ) - warning
13:02:25.0671 3764 WlanWpsSvc - detected UnsignedFile.Multi.Generic (1)
13:02:25.0734 3764 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:02:25.0765 3764 wlcrasvc - ok
13:02:25.0858 3764 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:02:25.0890 3764 wlidsvc - ok
13:02:25.0921 3764 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:02:25.0936 3764 WmiAcpi - ok
13:02:25.0968 3764 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:02:25.0999 3764 wmiApSrv - ok
13:02:26.0046 3764 WMPNetworkSvc - ok
13:02:26.0077 3764 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:02:26.0108 3764 WPCSvc - ok
13:02:26.0139 3764 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:02:26.0155 3764 WPDBusEnum - ok
13:02:26.0170 3764 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:02:26.0217 3764 ws2ifsl - ok
13:02:26.0233 3764 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
13:02:26.0264 3764 wscsvc - ok
13:02:26.0264 3764 WSearch - ok
13:02:26.0358 3764 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:02:26.0404 3764 wuauserv - ok
13:02:26.0436 3764 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:02:26.0467 3764 WudfPf - ok
13:02:26.0498 3764 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:02:26.0529 3764 WUDFRd - ok
13:02:26.0560 3764 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:02:26.0576 3764 wudfsvc - ok
13:02:26.0592 3764 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:02:26.0654 3764 WwanSvc - ok
13:02:26.0670 3764 ================ Scan global ===============================
13:02:26.0685 3764 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:02:26.0732 3764 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:02:26.0748 3764 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:02:26.0763 3764 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:02:26.0794 3764 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:02:26.0794 3764 [Global] - ok
13:02:26.0810 3764 ================ Scan MBR ==================================
13:02:26.0810 3764 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:02:26.0997 3764 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:02:26.0997 3764 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:02:27.0028 3764 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:02:27.0278 3764 \Device\Harddisk1\DR1 - ok
13:02:27.0278 3764 ================ Scan VBR ==================================
13:02:27.0278 3764 [ C2E1D04262837A759C29421970A1E11C ] \Device\Harddisk0\DR0\Partition1
13:02:27.0278 3764 \Device\Harddisk0\DR0\Partition1 - ok
13:02:27.0309 3764 [ B2E591F6EC82186BF5F14EEEB2131B42 ] \Device\Harddisk0\DR0\Partition2
13:02:27.0309 3764 \Device\Harddisk0\DR0\Partition2 - ok
13:02:27.0309 3764 [ 068355FDD64905432833EA86878B4629 ] \Device\Harddisk1\DR1\Partition1
13:02:27.0309 3764 \Device\Harddisk1\DR1\Partition1 - ok
13:02:27.0309 3764 ================ Scan active images ========================
13:02:27.0309 3764 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
13:02:27.0309 3764 C:\Windows\System32\drivers\crashdmp.sys - ok
13:02:27.0325 3764 [ B27A7B563F66EAD82B488EBAD5E4DD55 ] C:\Windows\System32\drivers\Diskdump.sys
13:02:27.0325 3764 C:\Windows\System32\drivers\Diskdump.sys - ok
13:02:27.0325 3764 [ F7CD50FE7139F07E77DA8AC8033D1832 ] C:\Windows\System32\drivers\nvstor.sys
13:02:27.0325 3764 C:\Windows\System32\drivers\nvstor.sys - ok
13:02:27.0325 3764 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
13:02:27.0325 3764 C:\Windows\System32\drivers\dumpfve.sys - ok
13:02:27.0325 3764 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
13:02:27.0325 3764 C:\Windows\System32\drivers\beep.sys - ok
13:02:27.0340 3764 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
13:02:27.0340 3764 C:\Windows\System32\drivers\cdrom.sys - ok
13:02:27.0340 3764 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
13:02:27.0340 3764 C:\Windows\System32\drivers\null.sys - ok
13:02:27.0340 3764 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
13:02:27.0340 3764 C:\Windows\System32\drivers\vga.sys - ok
13:02:27.0340 3764 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
13:02:27.0340 3764 C:\Windows\System32\drivers\videoprt.sys - ok
13:02:27.0340 3764 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
13:02:27.0340 3764 C:\Windows\System32\drivers\watchdog.sys - ok
13:02:27.0356 3764 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
13:02:27.0356 3764 C:\Windows\System32\drivers\RDPCDD.sys - ok
13:02:27.0356 3764 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
13:02:27.0356 3764 C:\Windows\System32\drivers\RDPENCDD.sys - ok
13:02:27.0356 3764 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
13:02:27.0356 3764 C:\Windows\System32\drivers\RDPREFMP.sys - ok
13:02:27.0356 3764 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
13:02:27.0356 3764 C:\Windows\System32\drivers\msfs.sys - ok
13:02:27.0356 3764 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
13:02:27.0356 3764 C:\Windows\System32\drivers\npfs.sys - ok
13:02:27.0372 3764 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
13:02:27.0372 3764 C:\Windows\System32\drivers\tdi.sys - ok
13:02:27.0372 3764 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
13:02:27.0372 3764 C:\Windows\System32\drivers\tdx.sys - ok
13:02:27.0372 3764 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
13:02:27.0372 3764 C:\Windows\System32\drivers\afd.sys - ok
13:02:27.0372 3764 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
13:02:27.0372 3764 C:\Windows\System32\drivers\netbt.sys - ok
13:02:27.0372 3764 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
13:02:27.0372 3764 C:\Windows\System32\drivers\wfplwf.sys - ok
13:02:27.0387 3764 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
13:02:27.0387 3764 C:\Windows\System32\drivers\ws2ifsl.sys - ok
13:02:27.0387 3764 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
13:02:27.0387 3764 C:\Windows\System32\drivers\netbios.sys - ok
13:02:27.0387 3764 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
13:02:27.0387 3764 C:\Windows\System32\drivers\pacer.sys - ok
13:02:27.0387 3764 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] C:\Windows\System32\drivers\serial.sys
13:02:27.0387 3764 C:\Windows\System32\drivers\serial.sys - ok
13:02:27.0387 3764 [ E675FB2B48C54F09895482E2253B289C ] C:\Windows\System32\drivers\vpcnfltr.sys
13:02:27.0387 3764 C:\Windows\System32\drivers\vpcnfltr.sys - ok
13:02:27.0403 3764 [ 207B6539799CC1C112661A9B620DD233 ] C:\Windows\System32\drivers\vpcvmm.sys
13:02:27.0403 3764 C:\Windows\System32\drivers\vpcvmm.sys - ok
13:02:27.0403 3764 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
13:02:27.0403 3764 C:\Windows\System32\drivers\vwififlt.sys - ok
13:02:27.0403 3764 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
13:02:27.0403 3764 C:\Windows\System32\drivers\wanarp.sys - ok
13:02:27.0403 3764 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
13:02:27.0403 3764 C:\Windows\System32\drivers\discache.sys - ok
13:02:27.0403 3764 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
13:02:27.0403 3764 C:\Windows\System32\drivers\mssmbios.sys - ok
13:02:27.0418 3764 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
13:02:27.0418 3764 C:\Windows\System32\drivers\nsiproxy.sys - ok
13:02:27.0418 3764 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
13:02:27.0418 3764 C:\Windows\System32\drivers\rdbss.sys - ok
13:02:27.0418 3764 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
13:02:27.0418 3764 C:\Windows\System32\drivers\termdd.sys - ok
13:02:27.0418 3764 [ 1E56388B3FE0D031C44144EB8C4D6217 ] C:\Windows\System32\drivers\amdppm.sys
13:02:27.0418 3764 C:\Windows\System32\drivers\amdppm.sys - ok
13:02:27.0418 3764 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
13:02:27.0418 3764 C:\Windows\System32\drivers\blbdrive.sys - ok
13:02:27.0434 3764 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] C:\Windows\System32\drivers\csc.sys
13:02:27.0434 3764 C:\Windows\System32\drivers\csc.sys - ok
13:02:27.0434 3764 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
13:02:27.0434 3764 C:\Windows\System32\drivers\dfsc.sys - ok
13:02:27.0434 3764 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
13:02:27.0434 3764 C:\Windows\System32\drivers\tunnel.sys - ok
13:02:27.0434 3764 [ 68726474C69B738EAC3A62E06B33ADDC ] C:\Windows\SysWOW64\drivers\AsIO.sys
13:02:27.0434 3764 C:\Windows\SysWOW64\drivers\AsIO.sys - ok
13:02:27.0434 3764 [ 2219A3D695405E7BA2186BA6B9EDE14A ] C:\Windows\System32\drivers\ASACPI.sys
13:02:27.0434 3764 C:\Windows\System32\drivers\ASACPI.sys - ok
13:02:27.0434 3764 [ 0086431C29C35BE1DBC43F52CC273887 ] C:\Windows\System32\drivers\parport.sys
13:02:27.0434 3764 C:\Windows\System32\drivers\parport.sys - ok
13:02:27.0450 3764 [ CB624C0035412AF0DEBEC78C41F5CA1B ] C:\Windows\System32\drivers\serenum.sys
13:02:27.0450 3764 C:\Windows\System32\drivers\serenum.sys - ok
13:02:27.0450 3764 [ B6D64EE607637301FF8C33139B4950DE ] C:\Windows\System32\drivers\usbport.sys
13:02:27.0450 3764 C:\Windows\System32\drivers\usbport.sys - ok
13:02:27.0450 3764 [ 74EE782B1D9C241EFE425565854C661C ] C:\Windows\System32\drivers\usbehci.sys
13:02:27.0450 3764 C:\Windows\System32\drivers\usbehci.sys - ok
13:02:27.0450 3764 [ 58E546BBAF87664FC57E0F6081E4F609 ] C:\Windows\System32\drivers\usbohci.sys
13:02:27.0450 3764 C:\Windows\System32\drivers\usbohci.sys - ok
13:02:27.0465 3764 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
13:02:27.0465 3764 C:\Windows\System32\drivers\hdaudbus.sys - ok
13:02:27.0465 3764 [ 20B6F5D595FBB4C15AD4815187AC4A82 ] C:\Windows\System32\drivers\rtl819xp.sys
13:02:27.0465 3764 C:\Windows\System32\drivers\rtl819xp.sys - ok
13:02:27.0465 3764 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
13:02:27.0465 3764 C:\Windows\System32\drivers\vwifibus.sys - ok
13:02:27.0465 3764 [ A85B4F2EF3A7304A5399EF0526423040 ] C:\Windows\System32\drivers\nvm62x64.sys
13:02:27.0465 3764 C:\Windows\System32\drivers\nvm62x64.sys - ok
13:02:27.0465 3764 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] C:\Windows\System32\drivers\atikmpag.sys
13:02:27.0465 3764 C:\Windows\System32\drivers\atikmpag.sys - ok
13:02:27.0465 3764 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
13:02:27.0465 3764 C:\Windows\System32\ntdll.dll - ok
13:02:27.0481 3764 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
13:02:27.0481 3764 C:\Windows\System32\smss.exe - ok
13:02:27.0481 3764 [ 4284FB1240537A33E6EC417EFD87D40F ] C:\Windows\System32\drivers\atikmdag.sys
13:02:27.0481 3764 C:\Windows\System32\drivers\atikmdag.sys - ok
13:02:27.0481 3764 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
13:02:27.0481 3764 C:\Windows\System32\drivers\dxgkrnl.sys - ok
13:02:27.0481 3764 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
13:02:27.0481 3764 C:\Windows\System32\drivers\dxgmms1.sys - ok
13:02:27.0481 3764 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
13:02:27.0481 3764 C:\Windows\System32\autochk.exe - ok
13:02:27.0496 3764 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
13:02:27.0496 3764 C:\Windows\System32\drivers\CompositeBus.sys - ok
13:02:27.0496 3764 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
13:02:27.0496 3764 C:\Windows\System32\drivers\agilevpn.sys - ok
13:02:27.0496 3764 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
13:02:27.0496 3764 C:\Windows\System32\drivers\ndistapi.sys - ok
13:02:27.0496 3764 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
13:02:27.0496 3764 C:\Windows\System32\drivers\ndiswan.sys - ok
13:02:27.0496 3764 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
13:02:27.0496 3764 C:\Windows\System32\drivers\rasl2tp.sys - ok
13:02:27.0512 3764 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
13:02:27.0512 3764 C:\Windows\System32\drivers\raspppoe.sys - ok
13:02:27.0512 3764 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
13:02:27.0512 3764 C:\Windows\System32\drivers\raspptp.sys - ok
13:02:27.0512 3764 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
13:02:27.0512 3764 C:\Windows\System32\drivers\rassstp.sys - ok
13:02:27.0512 3764 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
13:02:27.0512 3764 C:\Windows\System32\drivers\rdpbus.sys - ok
13:02:27.0512 3764 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
13:02:27.0512 3764 C:\Windows\System32\drivers\kbdclass.sys - ok
13:02:27.0528 3764 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
13:02:27.0528 3764 C:\Windows\System32\drivers\mouclass.sys - ok
13:02:27.0528 3764 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
13:02:27.0528 3764 C:\Windows\System32\drivers\ks.sys - ok
13:02:27.0528 3764 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
13:02:27.0528 3764 C:\Windows\System32\drivers\swenum.sys - ok
13:02:27.0528 3764 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] C:\Windows\System32\drivers\amdiox64.sys
13:02:27.0528 3764 C:\Windows\System32\drivers\amdiox64.sys - ok
13:02:27.0528 3764 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
13:02:27.0528 3764 C:\Windows\System32\drivers\umbus.sys - ok
13:02:27.0543 3764 [ 63C8D74BED9F80F4DD0AA7A3101EB639 ] C:\Windows\System32\drivers\usbd.sys
13:02:27.0543 3764 C:\Windows\System32\drivers\usbd.sys - ok
13:02:27.0543 3764 [ C3EC945DEC43C00E2AD4C98DDDD064C7 ] C:\Windows\System32\drivers\usbrpm.sys
13:02:27.0543 3764 C:\Windows\System32\drivers\usbrpm.sys - ok
13:02:27.0543 3764 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] C:\Windows\System32\drivers\vpchbus.sys
13:02:27.0543 3764 C:\Windows\System32\drivers\vpchbus.sys - ok
13:02:27.0543 3764 [ 5FB42082B0D19A0268705F1DD343DF20 ] C:\Windows\System32\drivers\vpcusb.sys
13:02:27.0543 3764 C:\Windows\System32\drivers\vpcusb.sys - ok
13:02:27.0543 3764 [ DC96BD9CCB8403251BCF25047573558E ] C:\Windows\System32\drivers\usbhub.sys
13:02:27.0543 3764 C:\Windows\System32\drivers\usbhub.sys - ok
13:02:27.0559 3764 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
13:02:27.0559 3764 C:\Windows\System32\imagehlp.dll - ok
13:02:27.0559 3764 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
13:02:27.0559 3764 C:\Windows\System32\sechost.dll - ok
13:02:27.0559 3764 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
13:02:27.0559 3764 C:\Windows\System32\usp10.dll - ok
13:02:27.0559 3764 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
13:02:27.0559 3764 C:\Windows\System32\nsi.dll - ok
13:02:27.0559 3764 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
13:02:27.0559 3764 C:\Windows\System32\shell32.dll - ok
13:02:27.0574 3764 [ 7E04D13661FB771CA4FDBB836AD0BA49 ] C:\Windows\System32\wininet.dll
13:02:27.0574 3764 C:\Windows\System32\wininet.dll - ok
13:02:27.0574 3764 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
13:02:27.0574 3764 C:\Windows\System32\psapi.dll - ok
13:02:27.0574 3764 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
13:02:27.0574 3764 C:\Windows\System32\rpcrt4.dll - ok
13:02:27.0574 3764 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
13:02:27.0574 3764 C:\Windows\System32\oleaut32.dll - ok
13:02:27.0574 3764 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
13:02:27.0574 3764 C:\Windows\System32\shlwapi.dll - ok
13:02:27.0590 3764 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
13:02:27.0590 3764 C:\Windows\System32\ws2_32.dll - ok
13:02:27.0590 3764 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
13:02:27.0590 3764 C:\Windows\System32\Wldap32.dll - ok
13:02:27.0590 3764 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
13:02:27.0590 3764 C:\Windows\System32\imm32.dll - ok
13:02:27.0590 3764 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
13:02:27.0590 3764 C:\Windows\System32\lpk.dll - ok
13:02:27.0590 3764 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
13:02:27.0590 3764 C:\Windows\System32\user32.dll - ok
13:02:27.0606 3764 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
13:02:27.0606 3764 C:\Windows\System32\ole32.dll - ok
13:02:27.0606 3764 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
13:02:27.0606 3764 C:\Windows\System32\msvcrt.dll - ok
13:02:27.0606 3764 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
13:02:27.0606 3764 C:\Windows\System32\comdlg32.dll - ok
13:02:27.0606 3764 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
13:02:27.0606 3764 C:\Windows\System32\setupapi.dll - ok
13:02:27.0606 3764 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
13:02:27.0606 3764 C:\Windows\System32\advapi32.dll - ok
13:02:27.0621 3764 [ 74E96226CB92225E40AACC0E42D27AC0 ] C:\Windows\System32\urlmon.dll
13:02:27.0621 3764 C:\Windows\System32\urlmon.dll - ok
13:02:27.0621 3764 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
13:02:27.0621 3764 C:\Windows\System32\difxapi.dll - ok
13:02:27.0621 3764 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
13:02:27.0621 3764 C:\Windows\System32\gdi32.dll - ok
13:02:27.0621 3764 [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll
13:02:27.0621 3764 C:\Windows\System32\kernel32.dll - ok
13:02:27.0621 3764 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
13:02:27.0621 3764 C:\Windows\System32\msctf.dll - ok
13:02:27.0621 3764 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
13:02:27.0621 3764 C:\Windows\System32\clbcatq.dll - ok
13:02:27.0637 3764 [ C41A504715F1BC09105D1FE8B46E9B2C ] C:\Windows\System32\iertutil.dll
13:02:27.0637 3764 C:\Windows\System32\iertutil.dll - ok
13:02:27.0637 3764 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
13:02:27.0637 3764 C:\Windows\System32\normaliz.dll - ok
13:02:27.0637 3764 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
13:02:27.0637 3764 C:\Windows\System32\crypt32.dll - ok
13:02:27.0637 3764 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
13:02:27.0637 3764 C:\Windows\System32\cfgmgr32.dll - ok
13:02:27.0637 3764 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
13:02:27.0637 3764 C:\Windows\System32\devobj.dll - ok
13:02:27.0652 3764 [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll
13:02:27.0652 3764 C:\Windows\System32\KernelBase.dll - ok
13:02:27.0652 3764 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
13:02:27.0652 3764 C:\Windows\System32\wintrust.dll - ok
13:02:27.0652 3764 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
13:02:27.0652 3764 C:\Windows\System32\comctl32.dll - ok
13:02:27.0652 3764 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
13:02:27.0652 3764 C:\Windows\System32\msasn1.dll - ok
13:02:27.0652 3764 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
13:02:27.0652 3764 C:\Windows\SysWOW64\normaliz.dll - ok
13:02:27.0668 3764 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
13:02:27.0668 3764 C:\Windows\System32\drivers\drmk.sys - ok
13:02:27.0668 3764 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
13:02:27.0668 3764 C:\Windows\System32\drivers\ndproxy.sys - ok
13:02:27.0668 3764 [ 24464B908E143D2561E9E452FEE97309 ] C:\Windows\System32\drivers\AtihdW76.sys
13:02:27.0668 3764 C:\Windows\System32\drivers\AtihdW76.sys - ok
13:02:27.0668 3764 [ 975761C778E33CD22498059B91E7373A ] C:\Windows\System32\drivers\HdAudio.sys
13:02:27.0668 3764 C:\Windows\System32\drivers\HdAudio.sys - ok
13:02:27.0668 3764 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
13:02:27.0668 3764 C:\Windows\System32\drivers\ksthunk.sys - ok
13:02:27.0684 3764 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
13:02:27.0684 3764 C:\Windows\System32\drivers\portcls.sys - ok
13:02:27.0684 3764 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
13:02:27.0684 3764 C:\Windows\System32\drivers\dxapi.sys - ok
13:02:27.0684 3764 [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys
13:02:27.0684 3764 C:\Windows\System32\win32k.sys - ok
13:02:27.0684 3764 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
13:02:27.0684 3764 C:\Windows\System32\csrsrv.dll - ok
13:02:27.0684 3764 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
13:02:27.0684 3764 C:\Windows\System32\csrss.exe - ok
13:02:27.0699 3764 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
13:02:27.0699 3764 C:\Windows\System32\basesrv.dll - ok
13:02:27.0699 3764 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll
13:02:27.0699 3764 C:\Windows\System32\winsrv.dll - ok
13:02:27.0699 3764 [ B8BD2BB284668C84865658C77574381A ] C:\Windows\System32\drivers\cdfs.sys
13:02:27.0699 3764 C:\Windows\System32\drivers\cdfs.sys - ok
13:02:27.0699 3764 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
13:02:27.0699 3764 C:\Windows\System32\drivers\hidparse.sys - ok
13:02:27.0699 3764 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
13:02:27.0699 3764 C:\Windows\System32\drivers\hidclass.sys - ok
13:02:27.0715 3764 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
13:02:27.0715 3764 C:\Windows\System32\drivers\hidusb.sys - ok
13:02:27.0715 3764 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
13:02:27.0715 3764 C:\Windows\System32\drivers\mouhid.sys - ok
13:02:27.0715 3764 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
13:02:27.0715 3764 C:\Windows\System32\drivers\kbdhid.sys - ok
13:02:27.0715 3764 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
13:02:27.0715 3764 C:\Windows\System32\drivers\monitor.sys - ok
13:02:27.0715 3764 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
13:02:27.0715 3764 C:\Windows\System32\profapi.dll - ok
13:02:27.0715 3764 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
13:02:27.0715 3764 C:\Windows\System32\sxssrv.dll - ok
13:02:27.0730 3764 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
13:02:27.0730 3764 C:\Windows\System32\tsddd.dll - ok
13:02:27.0730 3764 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
13:02:27.0730 3764 C:\Windows\System32\wininit.exe - ok
13:02:27.0730 3764 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
13:02:27.0730 3764 C:\Windows\System32\cdd.dll - ok
13:02:27.0730 3764 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
13:02:27.0730 3764 C:\Windows\System32\KBDUS.DLL - ok
13:02:27.0730 3764 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
13:02:27.0730 3764 C:\Windows\System32\RpcRtRemote.dll - ok
13:02:27.0746 3764 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
13:02:27.0746 3764 C:\Windows\System32\WlS0WndH.dll - ok
13:02:27.0746 3764 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
13:02:27.0746 3764 C:\Windows\System32\sxs.dll - ok
13:02:27.0746 3764 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
13:02:27.0746 3764 C:\Windows\System32\cryptbase.dll - ok
13:02:27.0746 3764 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
13:02:27.0746 3764 C:\Windows\System32\apphelp.dll - ok
13:02:27.0746 3764 [ D76510CFA0FC09023077F22C2F979D86 ] C:\Windows\System32\drivers\USBSTOR.SYS
13:02:27.0746 3764 C:\Windows\System32\drivers\USBSTOR.SYS - ok
13:02:27.0762 3764 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
13:02:27.0762 3764 C:\Windows\System32\services.exe - ok
13:02:27.0762 3764 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
13:02:27.0762 3764 C:\Windows\System32\lsasrv.dll - ok
13:02:27.0762 3764 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
13:02:27.0762 3764 C:\Windows\System32\lsass.exe - ok
13:02:27.0762 3764 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
13:02:27.0762 3764 C:\Windows\System32\lsm.exe - ok
13:02:27.0762 3764 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
13:02:27.0762 3764 C:\Windows\System32\scesrv.dll - ok
13:02:27.0777 3764 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
13:02:27.0777 3764 C:\Windows\System32\scext.dll - ok
13:02:27.0777 3764 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
13:02:27.0777 3764 C:\Windows\System32\secur32.dll - ok
13:02:27.0777 3764 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
13:02:27.0777 3764 C:\Windows\System32\sspicli.dll - ok
13:02:27.0777 3764 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
13:02:27.0777 3764 C:\Windows\System32\sspisrv.dll - ok
13:02:27.0777 3764 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
13:02:27.0777 3764 C:\Windows\System32\sysntfy.dll - ok
13:02:27.0793 3764 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
13:02:27.0793 3764 C:\Windows\System32\wmsgapi.dll - ok
13:02:27.0793 3764 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
13:02:27.0793 3764 C:\Windows\System32\samsrv.dll - ok
13:02:27.0793 3764 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
13:02:27.0793 3764 C:\Windows\System32\srvcli.dll - ok
13:02:27.0793 3764 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
13:02:27.0793 3764 C:\Windows\System32\cryptdll.dll - ok
13:02:27.0793 3764 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
13:02:27.0793 3764 C:\Windows\System32\wevtapi.dll - ok
13:02:27.0793 3764 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
13:02:27.0793 3764 C:\Windows\System32\authz.dll - ok
13:02:27.0808 3764 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
13:02:27.0808 3764 C:\Windows\System32\cngaudit.dll - ok
13:02:27.0808 3764 [ 400645085A91BF3EB0271329B95AE0BE ] C:\Windows\System32\ncrypt.dll
13:02:27.0808 3764 C:\Windows\System32\ncrypt.dll - ok
13:02:27.0808 3764 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
13:02:27.0808 3764 C:\Windows\System32\bcrypt.dll - ok
13:02:27.0808 3764 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
13:02:27.0808 3764 C:\Windows\System32\msprivs.dll - ok
13:02:27.0808 3764 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
13:02:27.0808 3764 C:\Windows\System32\negoexts.dll - ok
13:02:27.0824 3764 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
13:02:27.0824 3764 C:\Windows\System32\netjoin.dll - ok
13:02:27.0824 3764 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] C:\Windows\System32\drivers\usbccgp.sys
13:02:27.0824 3764 C:\Windows\System32\drivers\usbccgp.sys - ok
13:02:27.0824 3764 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
13:02:27.0824 3764 C:\Windows\System32\kerberos.dll - ok
13:02:27.0824 3764 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
13:02:27.0824 3764 C:\Windows\System32\cryptsp.dll - ok
13:02:27.0824 3764 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
13:02:27.0824 3764 C:\Windows\System32\mswsock.dll - ok
13:02:27.0840 3764 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
13:02:27.0840 3764 C:\Windows\System32\wship6.dll - ok
13:02:27.0840 3764 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
13:02:27.0840 3764 C:\Windows\System32\winlogon.exe - ok
13:02:27.0840 3764 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
13:02:27.0840 3764 C:\Windows\System32\winsta.dll - ok
13:02:27.0840 3764 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
13:02:27.0840 3764 C:\Windows\System32\msv1_0.dll - ok
13:02:27.0840 3764 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
13:02:27.0840 3764 C:\Windows\System32\netlogon.dll - ok
13:02:27.0855 3764 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
13:02:27.0855 3764 C:\Windows\System32\dnsapi.dll - ok
13:02:27.0855 3764 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
13:02:27.0855 3764 C:\Windows\System32\logoncli.dll - ok
13:02:27.0855 3764 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
13:02:27.0855 3764 C:\Windows\System32\schannel.dll - ok
13:02:27.0855 3764 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
13:02:27.0855 3764 C:\Windows\System32\wdigest.dll - ok
13:02:27.0855 3764 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
13:02:27.0855 3764 C:\Windows\System32\rsaenh.dll - ok
13:02:27.0871 3764 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
13:02:27.0871 3764 C:\Windows\System32\TSpkg.dll - ok
13:02:27.0871 3764 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
13:02:27.0871 3764 C:\Windows\System32\LIVESSP.DLL - ok
13:02:27.0871 3764 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
13:02:27.0871 3764 C:\Windows\System32\pku2u.dll - ok
13:02:27.0871 3764 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
13:02:27.0871 3764 C:\Windows\System32\bcryptprimitives.dll - ok
13:02:27.0871 3764 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
13:02:27.0871 3764 C:\Windows\System32\credssp.dll - ok
13:02:27.0886 3764 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
13:02:27.0886 3764 C:\Windows\System32\efslsaext.dll - ok
13:02:27.0886 3764 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] C:\Windows\System32\drivers\TsUsbFlt.sys
13:02:27.0886 3764 C:\Windows\System32\drivers\TsUsbFlt.sys - ok
13:02:27.0886 3764 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
13:02:27.0886 3764 C:\Windows\System32\ubpm.dll - ok
13:02:27.0886 3764 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
13:02:27.0886 3764 C:\Windows\System32\scecli.dll - ok
13:02:27.0886 3764 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
13:02:27.0886 3764 C:\Windows\System32\svchost.exe - ok
13:02:27.0886 3764 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
13:02:27.0886 3764 C:\Windows\System32\umpnpmgr.dll - ok
13:02:27.0902 3764 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
13:02:27.0902 3764 C:\Windows\System32\devrtl.dll - ok
13:02:27.0902 3764 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
13:02:27.0902 3764 C:\Windows\System32\SPInf.dll - ok
13:02:27.0902 3764 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
13:02:27.0902 3764 C:\Windows\System32\userenv.dll - ok
13:02:27.0902 3764 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
13:02:27.0902 3764 C:\Windows\System32\gpapi.dll - ok
13:02:27.0902 3764 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
13:02:27.0902 3764 C:\Windows\System32\pcwum.dll - ok
13:02:27.0918 3764 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
13:02:27.0918 3764 C:\Windows\System32\umpo.dll - ok
13:02:27.0918 3764 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
13:02:27.0918 3764 C:\Windows\System32\powrprof.dll - ok
13:02:27.0918 3764 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
13:02:27.0918 3764 C:\Windows\System32\drivers\luafv.sys - ok
13:02:27.0918 3764 [ D3381DC54C34D79B22CEE0D65BA91B7C ] C:\Windows\System32\drivers\WUDFPf.sys
13:02:27.0918 3764 C:\Windows\System32\drivers\WUDFPf.sys - ok
13:02:27.0918 3764 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
13:02:27.0918 3764 C:\Windows\System32\rpcss.dll - ok
13:02:27.0933 3764 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
13:02:27.0933 3764 C:\Windows\System32\RpcEpMap.dll - ok
13:02:27.0933 3764 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
13:02:27.0933 3764 C:\Windows\System32\wshqos.dll - ok
13:02:27.0933 3764 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
13:02:27.0933 3764 C:\Windows\System32\WSHTCPIP.DLL - ok
13:02:27.0933 3764 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] C:\Windows\System32\atiesrxx.exe
13:02:27.0933 3764 C:\Windows\System32\atiesrxx.exe - ok
13:02:27.0933 3764 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
13:02:27.0933 3764 C:\Windows\System32\FirewallAPI.dll - ok
13:02:27.0949 3764 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
13:02:27.0949 3764 C:\Windows\System32\wtsapi32.dll - ok
13:02:27.0949 3764 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
13:02:27.0949 3764 C:\Windows\System32\LogonUI.exe - ok
13:02:27.0949 3764 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
13:02:27.0949 3764 C:\Windows\System32\version.dll - ok
13:02:27.0949 3764 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
13:02:27.0949 3764 C:\Windows\System32\authui.dll - ok
13:02:27.0949 3764 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
13:02:27.0949 3764 C:\Windows\System32\wevtsvc.dll - ok
13:02:27.0964 3764 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
13:02:27.0964 3764 C:\Windows\System32\audiosrv.dll - ok
13:02:27.0964 3764 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
13:02:27.0964 3764 C:\Windows\System32\avrt.dll - ok
13:02:27.0964 3764 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
13:02:27.0964 3764 C:\Windows\System32\mmcss.dll - ok
13:02:27.0964 3764 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
13:02:27.0964 3764 C:\Windows\System32\cryptui.dll - ok
13:02:27.0964 3764 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
13:02:27.0964 3764 C:\Windows\System32\MMDevAPI.dll - ok
13:02:27.0980 3764 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
13:02:27.0980 3764 C:\Windows\System32\propsys.dll - ok
13:02:27.0980 3764 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
13:02:27.0980 3764 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
13:02:27.0980 3764 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
13:02:27.0980 3764 C:\Windows\System32\audiodg.exe - ok
13:02:27.0980 3764 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
13:02:27.0980 3764 C:\Windows\System32\samlib.dll - ok
13:02:27.0980 3764 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
13:02:27.0980 3764 C:\Windows\System32\shacct.dll - ok
13:02:27.0980 3764 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
13:02:27.0980 3764 C:\Windows\System32\uxtheme.dll - ok
13:02:27.0996 3764 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
13:02:27.0996 3764 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
13:02:27.0996 3764 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
13:02:27.0996 3764 C:\Windows\System32\MPSSVC.dll - ok
13:02:27.0996 3764 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
13:02:27.0996 3764 C:\Windows\System32\adtschema.dll - ok
13:02:27.0996 3764 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
13:02:27.0996 3764 C:\Windows\System32\ntmarta.dll - ok
13:02:27.0996 3764 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
13:02:27.0996 3764 C:\Windows\System32\wlansvc.dll - ok
13:02:28.0011 3764 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] C:\Windows\System32\cscsvc.dll
13:02:28.0011 3764 C:\Windows\System32\cscsvc.dll - ok
13:02:28.0011 3764 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
13:02:28.0011 3764 C:\Windows\System32\drivers\fltMgr.sys - ok
13:02:28.0011 3764 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
13:02:28.0011 3764 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
13:02:28.0011 3764 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
13:02:28.0011 3764 C:\Windows\System32\PSHED.DLL - ok
13:02:28.0011 3764 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
13:02:28.0011 3764 C:\Windows\System32\gpsvc.dll - ok
13:02:28.0027 3764 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
13:02:28.0027 3764 C:\Windows\System32\dui70.dll - ok
13:02:28.0027 3764 [ 2DF36F15B2BC1571A6A542A3C2107920 ] C:\Windows\System32\nlaapi.dll
13:02:28.0027 3764 C:\Windows\System32\nlaapi.dll - ok
13:02:28.0027 3764 [ 5C78838B4D166D1A27DB3A8A820C799A ] C:\Windows\System32\profsvc.dll
13:02:28.0027 3764 C:\Windows\System32\profsvc.dll - ok
13:02:28.0027 3764 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
13:02:28.0027 3764 C:\Windows\System32\themeservice.dll - ok
13:02:28.0027 3764 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
13:02:28.0027 3764 C:\Windows\System32\atl.dll - ok
13:02:28.0042 3764 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
13:02:28.0042 3764 C:\Windows\System32\dsrole.dll - ok
13:02:28.0042 3764 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
13:02:28.0042 3764 C:\Windows\System32\slc.dll - ok
13:02:28.0042 3764 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
13:02:28.0042 3764 C:\Windows\System32\duser.dll - ok
13:02:28.0042 3764 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
13:02:28.0042 3764 C:\Windows\System32\es.dll - ok
13:02:28.0042 3764 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
13:02:28.0042 3764 C:\Windows\System32\comres.dll - ok
13:02:28.0058 3764 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
13:02:28.0058 3764 C:\Windows\System32\Sens.dll - ok
13:02:28.0058 3764 [ 29910D50542B1AA0F162EF3339C61B6D ] C:\Windows\System32\PeerDist.dll
13:02:28.0058 3764 C:\Windows\System32\PeerDist.dll - ok
13:02:28.0058 3764 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
13:02:28.0058 3764 C:\Windows\System32\SndVolSSO.dll - ok
13:02:28.0058 3764 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
13:02:28.0058 3764 C:\Windows\System32\dwmapi.dll - ok
13:02:28.0058 3764 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
13:02:28.0058 3764 C:\Windows\System32\hid.dll - ok
13:02:28.0074 3764 [ D6F630C1FD7F436316093AE500363B19 ] C:\Windows\System32\xmllite.dll
13:02:28.0074 3764 C:\Windows\System32\xmllite.dll - ok
13:02:28.0074 3764 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
13:02:28.0074 3764 C:\Windows\System32\provsvc.dll - ok
13:02:28.0074 3764 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
13:02:28.0074 3764 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
13:02:28.0074 3764 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
13:02:28.0074 3764 C:\Windows\System32\taskschd.dll - ok
13:02:28.0074 3764 [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
13:02:28.0074 3764 C:\Windows\System32\mstask.dll - ok
13:02:28.0074 3764 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
13:02:28.0074 3764 C:\Windows\System32\uxsms.dll - ok
13:02:28.0089 3764 [ 80E69670BDA10F32A941BA7358E33012 ] C:\Windows\System32\WUDFPlatform.dll
13:02:28.0089 3764 C:\Windows\System32\WUDFPlatform.dll - ok
13:02:28.0089 3764 [ 7A95C95B6C4CF292D689106BCAE49543 ] C:\Windows\System32\WUDFSvc.dll
13:02:28.0089 3764 C:\Windows\System32\WUDFSvc.dll - ok
13:02:28.0089 3764 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
13:02:28.0089 3764 C:\Windows\System32\drivers\lltdio.sys - ok
13:02:28.0089 3764 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
13:02:28.0089 3764 C:\Windows\System32\drivers\nwifi.sys - ok
13:02:28.0089 3764 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
13:02:28.0089 3764 C:\Windows\System32\drivers\ndisuio.sys - ok
13:02:28.0105 3764 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
13:02:28.0105 3764 C:\Windows\System32\drivers\rspndr.sys - ok
13:02:28.0105 3764 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
13:02:28.0105 3764 C:\Windows\System32\lmhsvc.dll - ok
13:02:28.0105 3764 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
13:02:28.0105 3764 C:\Windows\System32\nsisvc.dll - ok
13:02:28.0105 3764 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
13:02:28.0105 3764 C:\Windows\System32\eapsvc.dll - ok
13:02:28.0105 3764 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
13:02:28.0105 3764 C:\Windows\System32\keyiso.dll - ok
13:02:28.0120 3764 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
13:02:28.0120 3764 C:\Windows\System32\dnsrslvr.dll - ok
13:02:28.0120 3764 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
13:02:28.0120 3764 C:\Windows\System32\winnsi.dll - ok
13:02:28.0120 3764 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
13:02:28.0120 3764 C:\Windows\System32\IPHLPAPI.DLL - ok
13:02:28.0120 3764 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
13:02:28.0120 3764 C:\Windows\System32\dhcpcore.dll - ok
13:02:28.0120 3764 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
13:02:28.0120 3764 C:\Windows\System32\nrpsrv.dll - ok
13:02:28.0136 3764 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
13:02:28.0136 3764 C:\Windows\System32\dnsext.dll - ok
13:02:28.0136 3764 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
13:02:28.0136 3764 C:\Windows\System32\FWPUCLNT.DLL - ok
13:02:28.0136 3764 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
13:02:28.0136 3764 C:\Windows\System32\dhcpcsvc.dll - ok
13:02:28.0136 3764 [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
13:02:28.0136 3764 C:\Windows\System32\dhcpcsvc6.dll - ok
13:02:28.0136 3764 [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
13:02:28.0136 3764 C:\Windows\System32\dhcpcore6.dll - ok
13:02:28.0152 3764 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
13:02:28.0152 3764 C:\Windows\System32\eapphost.dll - ok
13:02:28.0152 3764 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
13:02:28.0152 3764 C:\Windows\System32\umb.dll - ok
13:02:28.0152 3764 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
13:02:28.0152 3764 C:\Windows\System32\wlanmsm.dll - ok
13:02:28.0152 3764 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
13:02:28.0152 3764 C:\Windows\System32\wlansec.dll - ok
13:02:28.0152 3764 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
13:02:28.0152 3764 C:\Windows\System32\eappcfg.dll - ok
13:02:28.0167 3764 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
13:02:28.0167 3764 C:\Windows\System32\eappprxy.dll - ok
13:02:28.0167 3764 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
13:02:28.0167 3764 C:\Windows\System32\onex.dll - ok
13:02:28.0167 3764 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
13:02:28.0167 3764 C:\Windows\System32\l2gpstore.dll - ok
13:02:28.0167 3764 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
13:02:28.0167 3764 C:\Windows\System32\WinSCard.dll - ok
13:02:28.0167 3764 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
13:02:28.0167 3764 C:\Windows\System32\wlanutil.dll - ok
13:02:28.0167 3764 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
13:02:28.0167 3764 C:\Windows\System32\wlgpclnt.dll - ok
13:02:28.0183 3764 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll
13:02:28.0183 3764 C:\Windows\System32\msxml6.dll - ok
13:02:28.0183 3764 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
13:02:28.0183 3764 C:\Windows\System32\WindowsCodecs.dll - ok
13:02:28.0183 3764 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
13:02:28.0183 3764 C:\Windows\System32\VaultCredProvider.dll - ok
13:02:28.0183 3764 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
13:02:28.0183 3764 C:\Windows\System32\winbrand.dll - ok
13:02:28.0183 3764 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
13:02:28.0183 3764 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
13:02:28.0198 3764 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
13:02:28.0198 3764 C:\Windows\System32\BioCredProv.dll - ok
13:02:28.0198 3764 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
13:02:28.0198 3764 C:\Windows\System32\credui.dll - ok
13:02:28.0198 3764 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
13:02:28.0198 3764 C:\Windows\System32\winbio.dll - ok
13:02:28.0198 3764 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
13:02:28.0198 3764 C:\Windows\System32\netapi32.dll - ok
13:02:28.0198 3764 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
13:02:28.0198 3764 C:\Windows\System32\netutils.dll - ok
13:02:28.0214 3764 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
13:02:28.0214 3764 C:\Windows\System32\vaultcli.dll - ok
13:02:28.0214 3764 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
13:02:28.0214 3764 C:\Windows\System32\wkscli.dll - ok
13:02:28.0214 3764 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
13:02:28.0214 3764 C:\Windows\System32\samcli.dll - ok
13:02:28.0214 3764 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
13:02:28.0214 3764 C:\Windows\System32\certCredProvider.dll - ok
13:02:28.0214 3764 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
13:02:28.0214 3764 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
13:02:28.0230 3764 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
13:02:28.0230 3764 C:\Windows\System32\rasplap.dll - ok
13:02:28.0230 3764 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
13:02:28.0230 3764 C:\Windows\System32\rasapi32.dll - ok
13:02:28.0230 3764 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
13:02:28.0230 3764 C:\Windows\System32\rasman.dll - ok
13:02:28.0230 3764 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
13:02:28.0230 3764 C:\Windows\System32\rtutils.dll - ok
13:02:28.0230 3764 [ 3E53B43892B023936DBCEBDB541E1C95 ] C:\Windows\System32\atieclxx.exe
13:02:28.0230 3764 C:\Windows\System32\atieclxx.exe - ok
13:02:28.0245 3764 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
13:02:28.0245 3764 C:\Windows\System32\UXInit.dll - ok
13:02:28.0245 3764 [ EDE10FB67846CEFD0D1FC368F8FAC86E ] C:\Windows\System32\atiadlxx.dll
13:02:28.0245 3764 C:\Windows\System32\atiadlxx.dll - ok
13:02:28.0245 3764 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
13:02:28.0245 3764 C:\Windows\System32\oleacc.dll - ok
13:02:28.0245 3764 [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
13:02:28.0245 3764 C:\Windows\System32\UIAutomationCore.dll - ok
13:02:28.0245 3764 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
13:02:28.0245 3764 C:\Windows\System32\wsock32.dll - ok
13:02:28.0261 3764 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
13:02:28.0261 3764 C:\Windows\System32\imageres.dll - ok
13:02:28.0261 3764 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
13:02:28.0261 3764 C:\Windows\System32\shsvcs.dll - ok
13:02:28.0261 3764 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
13:02:28.0261 3764 C:\Windows\System32\schedsvc.dll - ok
13:02:28.0261 3764 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
13:02:28.0261 3764 C:\Windows\System32\netcfgx.dll - ok
13:02:28.0261 3764 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
13:02:28.0261 3764 C:\Windows\System32\drivers\vwifimp.sys - ok
13:02:28.0261 3764 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
13:02:28.0261 3764 C:\Windows\System32\ktmw32.dll - ok

13:02:28.0276 3764 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
13:02:28.0276 3764 C:\Windows\System32\taskcomp.dll - ok
13:02:28.0276 3764 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
13:02:28.0276 3764 C:\Windows\System32\drivers\http.sys - ok
13:02:28.0276 3764 [ B96C17B5DC1424D56EEA3A99E97428CD ] C:\Windows\System32\spoolsv.exe
13:02:28.0276 3764 C:\Windows\System32\spoolsv.exe - ok
13:02:28.0276 3764 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
13:02:28.0276 3764 C:\Windows\System32\BFE.DLL - ok
13:02:28.0276 3764 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
13:02:28.0276 3764 C:\Windows\System32\drivers\bowser.sys - ok
13:02:28.0292 3764 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
13:02:28.0292 3764 C:\Windows\System32\drivers\mpsdrv.sys - ok
13:02:28.0292 3764 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
13:02:28.0292 3764 C:\Windows\System32\drivers\mrxsmb.sys - ok
13:02:28.0292 3764 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
13:02:28.0292 3764 C:\Windows\System32\drivers\mrxsmb10.sys - ok
13:02:28.0292 3764 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
13:02:28.0292 3764 C:\Windows\System32\drivers\mrxsmb20.sys - ok
13:02:28.0292 3764 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
13:02:28.0292 3764 C:\Windows\System32\wfapigp.dll - ok
13:02:28.0308 3764 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
13:02:28.0308 3764 C:\Windows\System32\wkssvc.dll - ok
13:02:28.0308 3764 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
13:02:28.0308 3764 C:\Windows\System32\dllhost.exe - ok
13:02:28.0308 3764 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
13:02:28.0308 3764 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
13:02:28.0308 3764 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
13:02:28.0308 3764 C:\Windows\System32\mscms.dll - ok
13:02:28.0323 3764 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
13:02:28.0323 3764 C:\Windows\System32\pcasvc.dll - ok
13:02:28.0323 3764 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
13:02:28.0323 3764 C:\Windows\System32\fveapi.dll - ok
13:02:28.0323 3764 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
13:02:28.0323 3764 C:\Windows\System32\IDStore.dll - ok
13:02:28.0323 3764 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
13:02:28.0323 3764 C:\Windows\System32\snmptrap.exe - ok
13:02:28.0323 3764 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
13:02:28.0323 3764 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
13:02:28.0339 3764 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
13:02:28.0339 3764 C:\Windows\System32\fvecerts.dll - ok
13:02:28.0339 3764 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
13:02:28.0339 3764 C:\Windows\System32\tbs.dll - ok
13:02:28.0339 3764 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
13:02:28.0339 3764 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
13:02:28.0339 3764 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
13:02:28.0339 3764 C:\Windows\System32\wiarpc.dll - ok
13:02:28.0339 3764 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
13:02:28.0339 3764 C:\Windows\System32\rasadhlp.dll - ok
13:02:28.0354 3764 [ 0BA4D8CE0C214F7208E72B3B8F8B7895 ] C:\Windows\System32\vpc.exe
13:02:28.0354 3764 C:\Windows\System32\vpc.exe - ok
13:02:28.0354 3764 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
13:02:28.0354 3764 C:\Windows\System32\localspl.dll - ok
13:02:28.0354 3764 [ 91A8E32B00BF7899EDAB6783287DDDA6 ] C:\Windows\System32\PeerDistSh.dll
13:02:28.0354 3764 C:\Windows\System32\PeerDistSh.dll - ok
13:02:28.0354 3764 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
13:02:28.0354 3764 C:\Windows\System32\spoolss.dll - ok
13:02:28.0354 3764 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
13:02:28.0354 3764 C:\Windows\System32\sstpsvc.dll - ok
13:02:28.0354 3764 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
13:02:28.0354 3764 C:\Windows\System32\winspool.drv - ok
13:02:28.0370 3764 [ 5E36F8E4034A4B148CBA14EB535C47CA ] C:\Windows\System32\KBDRU.DLL
13:02:28.0370 3764 C:\Windows\System32\KBDRU.DLL - ok
13:02:28.0370 3764 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
13:02:28.0370 3764 C:\Windows\System32\mpr.dll - ok
13:02:28.0370 3764 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
13:02:28.0370 3764 C:\Windows\System32\dwm.exe - ok
13:02:28.0370 3764 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
13:02:28.0370 3764 C:\Windows\System32\userinit.exe - ok
13:02:28.0370 3764 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
13:02:28.0370 3764 C:\Windows\System32\dwmcore.dll - ok
13:02:28.0386 3764 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
13:02:28.0386 3764 C:\Windows\System32\dwmredir.dll - ok
13:02:28.0386 3764 [ D63BEE2A8B22482F7080A8D3F2E1A733 ] C:\Windows\System32\d3d10_1.dll
13:02:28.0386 3764 C:\Windows\System32\d3d10_1.dll - ok
13:02:28.0386 3764 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
13:02:28.0386 3764 C:\Windows\System32\d3d10_1core.dll - ok
13:02:28.0386 3764 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
13:02:28.0386 3764 C:\Windows\System32\dxgi.dll - ok
13:02:28.0386 3764 [ AC4C51EB24AA95B77F705AB159189E24 ] C:\Windows\explorer.exe
13:02:28.0386 3764 C:\Windows\explorer.exe - ok
13:02:28.0401 3764 [ E59544DED9E443236536763A43FB9938 ] C:\Windows\System32\aticfx64.dll
13:02:28.0401 3764 C:\Windows\System32\aticfx64.dll - ok
13:02:28.0401 3764 [ E65BF915C5BEA56395EE242BBA768B53 ] C:\Windows\System32\atiuxp64.dll
13:02:28.0401 3764 C:\Windows\System32\atiuxp64.dll - ok
13:02:28.0401 3764 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
13:02:28.0401 3764 C:\Windows\System32\PlaySndSrv.dll - ok
13:02:28.0401 3764 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
13:02:28.0401 3764 C:\Windows\System32\taskhost.exe - ok
13:02:28.0401 3764 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
13:02:28.0401 3764 C:\Windows\System32\MsCtfMonitor.dll - ok
13:02:28.0417 3764 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
13:02:28.0417 3764 C:\Windows\System32\msutb.dll - ok
13:02:28.0417 3764 [ B2742EA6ED844D747E2348A504E491CB ] C:\Windows\System32\dxva2.dll
13:02:28.0417 3764 C:\Windows\System32\dxva2.dll - ok
13:02:28.0417 3764 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
13:02:28.0417 3764 C:\Windows\System32\HotStartUserAgent.dll - ok
13:02:28.0417 3764 [ 1D296F090ED401967B30BD2B970DC306 ] C:\Windows\System32\icm32.dll
13:02:28.0417 3764 C:\Windows\System32\icm32.dll - ok
13:02:28.0417 3764 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
13:02:28.0417 3764 C:\Windows\System32\PrintIsolationProxy.dll - ok
13:02:28.0432 3764 [ 9122CAF63F1E2353801A1401F82D426D ] C:\Windows\System32\bzpdf.dll
13:02:28.0432 3764 C:\Windows\System32\bzpdf.dll - ok
13:02:28.0432 3764 [ 6B527A4E50A48B3F592B63D7A9519919 ] C:\Windows\System32\custmon64i.dll
13:02:28.0432 3764 C:\Windows\System32\custmon64i.dll - ok
13:02:28.0432 3764 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
13:02:28.0432 3764 C:\Windows\System32\FXSMON.dll - ok
13:02:28.0432 3764 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
13:02:28.0432 3764 C:\Windows\System32\tcpmon.dll - ok
13:02:28.0432 3764 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
13:02:28.0432 3764 C:\Windows\System32\snmpapi.dll - ok
13:02:28.0448 3764 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
13:02:28.0448 3764 C:\Windows\System32\wsnmp32.dll - ok
13:02:28.0448 3764 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
13:02:28.0448 3764 C:\Windows\System32\usbmon.dll - ok
13:02:28.0448 3764 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
13:02:28.0448 3764 C:\Windows\System32\WSDMon.dll - ok
13:02:28.0448 3764 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
13:02:28.0448 3764 C:\Windows\System32\WSDApi.dll - ok
13:02:28.0448 3764 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
13:02:28.0448 3764 C:\Windows\System32\webservices.dll - ok
13:02:28.0448 3764 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
13:02:28.0448 3764 C:\Windows\System32\fundisc.dll - ok
13:02:28.0464 3764 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
13:02:28.0464 3764 C:\Windows\System32\fdPnp.dll - ok
13:02:28.0464 3764 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
13:02:28.0464 3764 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
13:02:28.0464 3764 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
13:02:28.0464 3764 C:\Windows\System32\ExplorerFrame.dll - ok
13:02:28.0464 3764 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
13:02:28.0464 3764 C:\Windows\System32\winmm.dll - ok
13:02:28.0464 3764 [ 1EEF6ACBBE1D5DCD2EE545895DA87454 ] C:\Users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
13:02:28.0464 3764 C:\Users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll - ok
13:02:28.0479 3764 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
13:02:28.0479 3764 C:\Windows\System32\dbghelp.dll - ok
13:02:28.0479 3764 [ 163FA878240D7732D200DF68A0749A30 ] C:\Windows\System32\atidxx64.dll
13:02:28.0479 3764 C:\Windows\System32\atidxx64.dll - ok
13:02:28.0479 3764 [ 1658E808E4D4889C66DE47EC87F1DED1 ] C:\Windows\System32\msvcp60.dll
13:02:28.0479 3764 C:\Windows\System32\msvcp60.dll - ok
13:02:28.0479 3764 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:02:28.0479 3764 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
13:02:28.0479 3764 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
13:02:28.0479 3764 C:\Windows\SysWOW64\ntdll.dll - ok
13:02:28.0495 3764 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
13:02:28.0495 3764 C:\Windows\System32\EhStorShell.dll - ok
13:02:28.0495 3764 [ 32802C0F6FC7C8F561B9D91F52A46421 ] C:\Windows\System32\cscui.dll
13:02:28.0495 3764 C:\Windows\System32\cscui.dll - ok
13:02:28.0495 3764 [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll
13:02:28.0495 3764 C:\Windows\System32\wow64.dll - ok
13:02:28.0495 3764 [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll
13:02:28.0495 3764 C:\Windows\System32\wow64win.dll - ok
13:02:28.0495 3764 [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll
13:02:28.0495 3764 C:\Windows\System32\wow64cpu.dll - ok
13:02:28.0510 3764 [ 7EE5F17A21D9A9101207DF4BC37B085D ] C:\Windows\System32\cscdll.dll
13:02:28.0510 3764 C:\Windows\System32\cscdll.dll - ok
13:02:28.0510 3764 [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll
13:02:28.0510 3764 C:\Windows\SysWOW64\kernel32.dll - ok
13:02:28.0510 3764 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
13:02:28.0510 3764 C:\Windows\System32\cscapi.dll - ok
13:02:28.0510 3764 [ 7BBF670114373CE6A203FA155A9E0D0A ] C:\Windows\System32\ntshrui.dll
13:02:28.0510 3764 C:\Windows\System32\ntshrui.dll - ok
13:02:28.0510 3764 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
13:02:28.0510 3764 C:\Windows\System32\IconCodecService.dll - ok
13:02:28.0526 3764 [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll
13:02:28.0526 3764 C:\Windows\SysWOW64\KernelBase.dll - ok
13:02:28.0526 3764 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
13:02:28.0526 3764 C:\Windows\SysWOW64\user32.dll - ok
13:02:28.0526 3764 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
13:02:28.0526 3764 C:\Windows\SysWOW64\gdi32.dll - ok
13:02:28.0526 3764 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
13:02:28.0526 3764 C:\Windows\SysWOW64\lpk.dll - ok
13:02:28.0526 3764 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
13:02:28.0526 3764 C:\Windows\SysWOW64\usp10.dll - ok
13:02:28.0526 3764 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
13:02:28.0526 3764 C:\Windows\SysWOW64\msvcrt.dll - ok
13:02:28.0542 3764 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
13:02:28.0542 3764 C:\Windows\SysWOW64\advapi32.dll - ok
13:02:28.0542 3764 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
13:02:28.0542 3764 C:\Windows\SysWOW64\rpcrt4.dll - ok
13:02:28.0542 3764 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
13:02:28.0542 3764 C:\Windows\SysWOW64\sechost.dll - ok
13:02:28.0542 3764 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
13:02:28.0542 3764 C:\Windows\SysWOW64\cryptbase.dll - ok
13:02:28.0542 3764 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
13:02:28.0542 3764 C:\Windows\SysWOW64\shell32.dll - ok
13:02:28.0557 3764 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
13:02:28.0557 3764 C:\Windows\SysWOW64\sspicli.dll - ok
13:02:28.0557 3764 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
13:02:28.0557 3764 C:\Windows\System32\uDWM.dll - ok
13:02:28.0557 3764 [ 8F1C949FD695C83C4E30C3BFC004C81F ] C:\Windows\System32\spool\prtprocs\x64\HPZPPWN7.DLL
13:02:28.0557 3764 C:\Windows\System32\spool\prtprocs\x64\HPZPPWN7.DLL - ok
13:02:28.0557 3764 [ 2AC11BE0F5D9A01433732AAB8BA21774 ] C:\Windows\System32\win32spl.dll
13:02:28.0557 3764 C:\Windows\System32\win32spl.dll - ok
13:02:28.0557 3764 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
13:02:28.0557 3764 C:\Windows\System32\inetpp.dll - ok
13:02:28.0573 3764 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
13:02:28.0573 3764 C:\Windows\System32\winhttp.dll - ok
13:02:28.0573 3764 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
13:02:28.0573 3764 C:\Windows\System32\webio.dll - ok
13:02:28.0573 3764 [ 2E483EC51216B52C711C7EC642798BB7 ] C:\Windows\System32\sti.dll
13:02:28.0573 3764 C:\Windows\System32\sti.dll - ok
13:02:28.0573 3764 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
13:02:28.0573 3764 C:\Windows\SysWOW64\shlwapi.dll - ok
13:02:28.0573 3764 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
13:02:28.0573 3764 C:\Windows\SysWOW64\ole32.dll - ok
13:02:28.0588 3764 [ 1EE99A89CC788ADA662441D1E9830529 ] C:\Windows\System32\nlasvc.dll
13:02:28.0588 3764 C:\Windows\System32\nlasvc.dll - ok
13:02:28.0588 3764 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
13:02:28.0588 3764 C:\Windows\System32\NapiNSP.dll - ok
13:02:28.0588 3764 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
13:02:28.0588 3764 C:\Windows\System32\pnrpnsp.dll - ok
13:02:28.0588 3764 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
13:02:28.0588 3764 C:\Windows\System32\winrnr.dll - ok
13:02:28.0588 3764 [ FCE23E27F62989AD0BB88E256E847A41 ] C:\Windows\System32\CertPolEng.dll
13:02:28.0588 3764 C:\Windows\System32\CertPolEng.dll - ok
13:02:28.0604 3764 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
13:02:28.0604 3764 C:\Windows\SysWOW64\oleaut32.dll - ok
13:02:28.0604 3764 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
13:02:28.0604 3764 C:\Windows\SysWOW64\crypt32.dll - ok
13:02:28.0604 3764 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
13:02:28.0604 3764 C:\Windows\System32\dssenh.dll - ok
13:02:28.0604 3764 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
13:02:28.0604 3764 C:\Windows\SysWOW64\msasn1.dll - ok
13:02:28.0604 3764 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
13:02:28.0604 3764 C:\Windows\SysWOW64\wintrust.dll - ok
13:02:28.0620 3764 [ B3892E6DA8E2C8CE4B0A9D3EB9A185E5 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll
13:02:28.0620 3764 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll - ok
13:02:28.0620 3764 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
13:02:28.0620 3764 C:\Windows\SysWOW64\imm32.dll - ok
13:02:28.0620 3764 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
13:02:28.0620 3764 C:\Windows\SysWOW64\msctf.dll - ok
13:02:28.0620 3764 [ ADE2BCD1FDE5C9669FCE1F4541AB46DD ] C:\Windows\System32\spool\drivers\x64\3\UNIDRV.DLL
13:02:28.0620 3764 C:\Windows\System32\spool\drivers\x64\3\UNIDRV.DLL - ok
13:02:28.0620 3764 [ 32FB817DFBEE1BA2589AA3964718DCFC ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
13:02:28.0620 3764 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe - ok
13:02:28.0635 3764 [ 37D44BFEA9B50D75764660ADC35C83AC ] C:\Windows\System32\msvcp100.dll
13:02:28.0635 3764 C:\Windows\System32\msvcp100.dll - ok
13:02:28.0635 3764 [ B88DA7FD10BDBB3754D98AFD39677C29 ] C:\Windows\System32\msvcr100.dll
13:02:28.0635 3764 C:\Windows\System32\msvcr100.dll - ok
13:02:28.0635 3764 [ 5AC3CB53406CB9AABB25D46B3385528F ] C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll
13:02:28.0635 3764 C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll - ok
13:02:28.0635 3764 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys
13:02:28.0635 3764 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys - ok
13:02:28.0635 3764 [ E2DEA77BAAAED15CA1CE0C8E017C7F2F ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\device.dll
13:02:28.0635 3764 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\device.dll - ok
13:02:28.0651 3764 [ E910B8B8FD87E43F8698908D93290CBF ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
13:02:28.0651 3764 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll - ok
13:02:28.0651 3764 [ 7AE92C896AF9ABFBDB18C1D055B6EBA7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll
13:02:28.0651 3764 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll - ok
13:02:28.0651 3764 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
13:02:28.0651 3764 C:\Windows\System32\cryptsvc.dll - ok
13:02:28.0651 3764 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
13:02:28.0651 3764 C:\Windows\System32\dps.dll - ok
13:02:28.0651 3764 [ C08063F052308B6F5882482615387F30 ] C:\Windows\System32\drivers\cpuz135_x64.sys
13:02:28.0651 3764 C:\Windows\System32\drivers\cpuz135_x64.sys - ok
13:02:28.0666 3764 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
13:02:28.0666 3764 C:\Windows\System32\IKEEXT.DLL - ok
13:02:28.0666 3764 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
13:02:28.0666 3764 C:\Windows\System32\netman.dll - ok
13:02:28.0666 3764 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
13:02:28.0666 3764 C:\Windows\System32\cryptnet.dll - ok
13:02:28.0666 3764 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
13:02:28.0666 3764 C:\Windows\System32\aepic.dll - ok
13:02:28.0666 3764 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
13:02:28.0666 3764 C:\Windows\System32\sfc.dll - ok
13:02:28.0666 3764 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
13:02:28.0666 3764 C:\Windows\System32\sfc_os.dll - ok
13:02:28.0682 3764 [ 4A435F95B940E93A88FEC144BD409789 ] C:\Windows\System32\ncsi.dll
13:02:28.0682 3764 C:\Windows\System32\ncsi.dll - ok
13:02:28.0682 3764 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
13:02:28.0682 3764 C:\Windows\System32\vssapi.dll - ok
13:02:28.0682 3764 [ 8B538C97502AD16B1A49804005426A9D ] C:\Windows\System32\spool\drivers\x64\3\hpzui5mu.dll
13:02:28.0682 3764 C:\Windows\System32\spool\drivers\x64\3\hpzui5mu.dll - ok
13:02:28.0682 3764 [ 06A754FE28A06F780A099703CFCAAA22 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
13:02:28.0682 3764 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll - ok
13:02:28.0698 3764 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
13:02:28.0698 3764 C:\Windows\System32\vpnikeapi.dll - ok
13:02:28.0698 3764 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
13:02:28.0698 3764 C:\Windows\System32\aeevts.dll - ok
13:02:28.0698 3764 [ 9C963A14F955AF99F6DF0C1F5FC5AF9B ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\platform.dll
13:02:28.0698 3764 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\platform.dll - ok
13:02:28.0698 3764 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
13:02:28.0698 3764 C:\Windows\System32\vsstrace.dll - ok
13:02:28.0698 3764 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
13:02:28.0698 3764 C:\Windows\System32\ssdpapi.dll - ok
13:02:28.0698 3764 [ CDA59C183B3DB8CF35380836ADD74AAD ] C:\Windows\System32\compstui.dll
13:02:28.0698 3764 C:\Windows\System32\compstui.dll - ok
13:02:28.0713 3764 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
13:02:28.0713 3764 C:\Windows\System32\msimg32.dll - ok
13:02:28.0713 3764 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
13:02:28.0713 3764 C:\Windows\System32\drivers\PEAuth.sys - ok
13:02:28.0713 3764 [ FF10A385061128C9134E5288E709E4B0 ] C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
13:02:28.0713 3764 C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe - ok
13:02:28.0713 3764 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
13:02:28.0713 3764 C:\Windows\System32\drivers\secdrv.sys - ok
13:02:28.0713 3764 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
13:02:28.0713 3764 C:\Windows\System32\seclogon.dll - ok
13:02:28.0729 3764 [ 42C671E0525618E23371D0E68282F37C ] C:\Windows\SysWOW64\wininet.dll
13:02:28.0729 3764 C:\Windows\SysWOW64\wininet.dll - ok
13:02:28.0729 3764 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
13:02:28.0729 3764 C:\Windows\SysWOW64\wtsapi32.dll - ok
13:02:28.0729 3764 [ 557A086A4659799D63A9CE474ADFEBE8 ] C:\Windows\SysWOW64\urlmon.dll
13:02:28.0729 3764 C:\Windows\SysWOW64\urlmon.dll - ok
13:02:28.0729 3764 [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll
13:02:28.0729 3764 C:\Windows\System32\msxml3.dll - ok
13:02:28.0729 3764 [ 537013677D6C96B2713F6A98A5138B2D ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
13:02:28.0729 3764 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll - ok
13:02:28.0744 3764 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
13:02:28.0744 3764 C:\Windows\System32\wlanapi.dll - ok
13:02:28.0744 3764 [ C5D48985BADF6CFEDCBCCDD5D92F526D ] C:\Windows\SysWOW64\iertutil.dll
13:02:28.0744 3764 C:\Windows\SysWOW64\iertutil.dll - ok
13:02:28.0744 3764 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
13:02:28.0744 3764 C:\Windows\SysWOW64\winspool.drv - ok
13:02:28.0744 3764 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
13:02:28.0744 3764 C:\Windows\SysWOW64\comdlg32.dll - ok
13:02:28.0744 3764 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
13:02:28.0744 3764 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
13:02:28.0760 3764 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
13:02:28.0760 3764 C:\Windows\System32\drivers\srvnet.sys - ok
13:02:28.0760 3764 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
13:02:28.0760 3764 C:\Windows\System32\httpapi.dll - ok
13:02:28.0760 3764 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
13:02:28.0760 3764 C:\Windows\SysWOW64\winsta.dll - ok
13:02:28.0760 3764 [ 1CFA4A1F3C7BB4C8F299E00428EB8677 ] C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
13:02:28.0760 3764 C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe - ok
13:02:28.0760 3764 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
13:02:28.0760 3764 C:\Windows\SysWOW64\userenv.dll - ok
13:02:28.0776 3764 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
13:02:28.0776 3764 C:\Windows\SysWOW64\profapi.dll - ok
13:02:28.0776 3764 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
13:02:28.0776 3764 C:\Windows\SysWOW64\version.dll - ok
13:02:28.0776 3764 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
13:02:28.0776 3764 C:\Windows\SysWOW64\winhttp.dll - ok
13:02:28.0776 3764 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
13:02:28.0776 3764 C:\Windows\SysWOW64\webio.dll - ok
13:02:28.0776 3764 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
13:02:28.0776 3764 C:\Windows\System32\wiaservc.dll - ok
13:02:28.0791 3764 [ DF687E3D8836BFB04FCC0615BF15A519 ] C:\Windows\System32\drivers\tcpipreg.sys
13:02:28.0791 3764 C:\Windows\System32\drivers\tcpipreg.sys - ok
13:02:28.0791 3764 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
13:02:28.0791 3764 C:\Windows\System32\sysmain.dll - ok
13:02:28.0791 3764 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
13:02:28.0791 3764 C:\Windows\System32\tapisrv.dll - ok
13:02:28.0791 3764 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
13:02:28.0791 3764 C:\Windows\System32\wiatrace.dll - ok
13:02:28.0791 3764 [ B4FDC427E788650466CD4C3E1CC9641F ] C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\RtlLib.dll
13:02:28.0791 3764 C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\RtlLib.dll - ok
13:02:28.0807 3764 [ C71EE856C4F5B52E2D094F494CEE4936 ] C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe
13:02:28.0807 3764 C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe - ok
13:02:28.0807 3764 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
13:02:28.0807 3764 C:\Windows\System32\trkwks.dll - ok
13:02:28.0807 3764 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
13:02:28.0807 3764 C:\Windows\System32\wbem\WMIsvc.dll - ok
13:02:28.0807 3764 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
13:02:28.0807 3764 C:\Windows\SysWOW64\cfgmgr32.dll - ok
13:02:28.0807 3764 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
13:02:28.0807 3764 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
13:02:28.0822 3764 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
13:02:28.0822 3764 C:\Windows\SysWOW64\nsi.dll - ok
13:02:28.0822 3764 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
13:02:28.0822 3764 C:\Windows\SysWOW64\setupapi.dll - ok
13:02:28.0822 3764 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
13:02:28.0822 3764 C:\Windows\SysWOW64\winnsi.dll - ok
13:02:28.0822 3764 [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
13:02:28.0822 3764 C:\Program Files\Windows Defender\MpSvc.dll - ok
13:02:28.0822 3764 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
13:02:28.0822 3764 C:\Windows\System32\wbemcomn.dll - ok
13:02:28.0822 3764 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
13:02:28.0822 3764 C:\Windows\System32\wbem\WinMgmtR.dll - ok
13:02:28.0838 3764 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
13:02:28.0838 3764 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
13:02:28.0838 3764 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
13:02:28.0838 3764 C:\Windows\System32\wbem\fastprox.dll - ok
13:02:28.0838 3764 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
13:02:28.0838 3764 C:\Windows\System32\ntdsapi.dll - ok
13:02:28.0838 3764 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
13:02:28.0838 3764 C:\Windows\System32\wbem\wbemprox.dll - ok
13:02:28.0838 3764 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
13:02:28.0838 3764 C:\Windows\System32\wbem\wbemcore.dll - ok
13:02:28.0854 3764 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
13:02:28.0854 3764 C:\Program Files\Windows Defender\MpClient.dll - ok
13:02:28.0854 3764 [ DAB07D21077EE762E40ADB7578B0EC73 ] C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\RtlIhvOid.dll
13:02:28.0854 3764 C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\RtlIhvOid.dll - ok
13:02:28.0854 3764 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
13:02:28.0854 3764 C:\Windows\SysWOW64\devobj.dll - ok
13:02:28.0854 3764 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
13:02:28.0854 3764 C:\Windows\SysWOW64\wlanapi.dll - ok
13:02:28.0854 3764 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
13:02:28.0854 3764 C:\Windows\SysWOW64\wlanutil.dll - ok
13:02:28.0869 3764 [ A882CD13F68656CFD657E6639D3D3E17 ] C:\Windows\SysWOW64\wlanui.dll
13:02:28.0869 3764 C:\Windows\SysWOW64\wlanui.dll - ok
13:02:28.0869 3764 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\SysWOW64\eappcfg.dll
13:02:28.0869 3764 C:\Windows\SysWOW64\eappcfg.dll - ok
13:02:28.0869 3764 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
13:02:28.0869 3764 C:\Windows\SysWOW64\uxtheme.dll - ok
13:02:28.0869 3764 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
13:02:28.0869 3764 C:\Windows\System32\wbem\esscli.dll - ok
13:02:28.0869 3764 [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\SysWOW64\onex.dll
13:02:28.0869 3764 C:\Windows\SysWOW64\onex.dll - ok
13:02:28.0885 3764 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\SysWOW64\eappprxy.dll
13:02:28.0885 3764 C:\Windows\SysWOW64\eappprxy.dll - ok
13:02:28.0885 3764 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\SysWOW64\wlanhlp.dll
13:02:28.0885 3764 C:\Windows\SysWOW64\wlanhlp.dll - ok
13:02:28.0885 3764 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
13:02:28.0885 3764 C:\Windows\SysWOW64\atl.dll - ok
13:02:28.0885 3764 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
13:02:28.0885 3764 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
13:02:28.0885 3764 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
13:02:28.0885 3764 C:\Windows\System32\wbem\wbemsvc.dll - ok
13:02:28.0900 3764 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
13:02:28.0900 3764 C:\Windows\System32\wbem\wmiutils.dll - ok
13:02:28.0900 3764 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
13:02:28.0900 3764 C:\Windows\System32\wbem\repdrvfs.dll - ok
13:02:28.0900 3764 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
13:02:28.0900 3764 C:\Windows\SysWOW64\clbcatq.dll - ok
13:02:28.0900 3764 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
13:02:28.0900 3764 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
13:02:28.0900 3764 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
13:02:28.0900 3764 C:\Windows\SysWOW64\dui70.dll - ok
13:02:28.0916 3764 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
13:02:28.0916 3764 C:\Windows\SysWOW64\wbemcomn.dll - ok
13:02:28.0916 3764 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
13:02:28.0916 3764 C:\Windows\SysWOW64\ws2_32.dll - ok
13:02:28.0916 3764 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\SysWOW64\credui.dll
13:02:28.0916 3764 C:\Windows\SysWOW64\credui.dll - ok
13:02:28.0916 3764 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
13:02:28.0916 3764 C:\Windows\SysWOW64\cryptsp.dll - ok
13:02:28.0916 3764 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
13:02:28.0916 3764 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
13:02:28.0932 3764 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
13:02:28.0932 3764 C:\Windows\SysWOW64\rsaenh.dll - ok
13:02:28.0932 3764 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
13:02:28.0932 3764 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
13:02:28.0932 3764 [ F1ED09F4F1FE819031F9140B76F20395 ] C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\libeay32.dll
13:02:28.0932 3764 C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\libeay32.dll - ok
13:02:28.0932 3764 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
13:02:28.0932 3764 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
13:02:28.0932 3764 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
13:02:28.0932 3764 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
13:02:28.0947 3764 [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll
13:02:28.0947 3764 C:\Program Files\Windows Defender\MpEvMsg.dll - ok
13:02:28.0947 3764 [ 7C02774740B2EA1F5237808B1A363D34 ] C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\IpLib.dll
13:02:28.0947 3764 C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\IpLib.dll - ok
13:02:28.0947 3764 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
13:02:28.0947 3764 C:\Windows\SysWOW64\wsock32.dll - ok
13:02:28.0947 3764 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
13:02:28.0947 3764 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
13:02:28.0947 3764 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
13:02:28.0947 3764 C:\Windows\SysWOW64\ntdsapi.dll - ok
13:02:28.0963 3764 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
13:02:28.0963 3764 C:\Windows\System32\ncobjapi.dll - ok
13:02:28.0963 3764 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
13:02:28.0963 3764 C:\Windows\System32\wbem\wbemess.dll - ok
13:02:28.0963 3764 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:02:28.0963 3764 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
13:02:28.0963 3764 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
13:02:28.0963 3764 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
13:02:28.0963 3764 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
13:02:28.0963 3764 C:\Windows\System32\SensApi.dll - ok
13:02:28.0978 3764 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
13:02:28.0978 3764 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
13:02:28.0978 3764 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
13:02:28.0978 3764 C:\Windows\System32\wbem\cimwin32.dll - ok
13:02:28.0978 3764 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
13:02:28.0978 3764 C:\Windows\System32\wer.dll - ok
13:02:28.0978 3764 [ A34A587FFFD45FA649FBA6D03784D257 ] C:\Windows\System32\iphlpsvc.dll
13:02:28.0978 3764 C:\Windows\System32\iphlpsvc.dll - ok
13:02:28.0978 3764 [ 079FD1D59EAD19270C979AF174D881A3 ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
13:02:28.0978 3764 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
13:02:28.0994 3764 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
13:02:28.0994 3764 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
13:02:28.0994 3764 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
13:02:28.0994 3764 C:\Windows\System32\sqmapi.dll - ok
13:02:28.0994 3764 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
13:02:28.0994 3764 C:\Windows\System32\wdscore.dll - ok
13:02:28.0994 3764 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
13:02:28.0994 3764 C:\Windows\System32\rasmans.dll - ok
13:02:28.0994 3764 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
13:02:28.0994 3764 C:\Windows\System32\drivers\srv2.sys - ok
13:02:29.0010 3764 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
13:02:29.0010 3764 C:\Windows\System32\rastapi.dll - ok
13:02:29.0010 3764 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
13:02:29.0010 3764 C:\Windows\System32\tapi32.dll - ok
13:02:29.0010 3764 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
13:02:29.0010 3764 C:\Windows\System32\framedynos.dll - ok
13:02:29.0010 3764 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
13:02:29.0010 3764 C:\Windows\System32\hnetcfg.dll - ok
13:02:29.0010 3764 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
13:02:29.0010 3764 C:\Windows\System32\unimdm.tsp - ok
13:02:29.0010 3764 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
13:02:29.0010 3764 C:\Windows\System32\drivers\srv.sys - ok
13:02:29.0025 3764 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
13:02:29.0025 3764 C:\Windows\System32\nci.dll - ok
13:02:29.0025 3764 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
13:02:29.0025 3764 C:\Windows\System32\netprofm.dll - ok
13:02:29.0025 3764 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
13:02:29.0025 3764 C:\Windows\System32\uniplat.dll - ok
13:02:29.0025 3764 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
13:02:29.0025 3764 C:\Windows\System32\kmddsp.tsp - ok
13:02:29.0025 3764 [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
13:02:29.0025 3764 C:\Windows\System32\wmi.dll - ok
13:02:29.0041 3764 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
13:02:29.0041 3764 C:\Windows\System32\ndptsp.tsp - ok
13:02:29.0041 3764 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
13:02:29.0041 3764 C:\Windows\System32\hidphone.tsp - ok
13:02:29.0041 3764 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
13:02:29.0041 3764 C:\Windows\System32\rasppp.dll - ok
13:02:29.0041 3764 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
13:02:29.0041 3764 C:\Windows\System32\raschap.dll - ok
13:02:29.0041 3764 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
13:02:29.0041 3764 C:\Windows\System32\vpnike.dll - ok
13:02:29.0056 3764 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
13:02:29.0056 3764 C:\Windows\System32\srvsvc.dll - ok
13:02:29.0056 3764 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
13:02:29.0056 3764 C:\Windows\System32\browser.dll - ok
13:02:29.0056 3764 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
13:02:29.0056 3764 C:\Windows\System32\ipnathlp.dll - ok
13:02:29.0056 3764 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
13:02:29.0056 3764 C:\Windows\System32\mprapi.dll - ok
13:02:29.0056 3764 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
13:02:29.0056 3764 C:\Windows\System32\netshell.dll - ok
13:02:29.0072 3764 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
13:02:29.0072 3764 C:\Windows\System32\netmsg.dll - ok
13:02:29.0072 3764 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
13:02:29.0072 3764 C:\Windows\System32\sscore.dll - ok
13:02:29.0072 3764 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
13:02:29.0072 3764 C:\Windows\System32\clusapi.dll - ok
13:02:29.0072 3764 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
13:02:29.0072 3764 C:\Windows\System32\resutils.dll - ok
13:02:29.0072 3764 [ D63F0353F632FB1EDE724173BE6DB5B5 ] C:\Windows\System32\esent.dll
13:02:29.0072 3764 C:\Windows\System32\esent.dll - ok
13:02:29.0072 3764 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
13:02:29.0072 3764 C:\Windows\System32\appinfo.dll - ok
13:02:29.0088 3764 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
13:02:29.0088 3764 C:\Windows\System32\hidserv.dll - ok
13:02:29.0088 3764 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
13:02:29.0088 3764 C:\Windows\System32\wdi.dll - ok
13:02:29.0088 3764 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
13:02:29.0088 3764 C:\Windows\System32\wpdbusenum.dll - ok
13:02:29.0088 3764 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
13:02:29.0088 3764 C:\Windows\System32\npmproxy.dll - ok
13:02:29.0088 3764 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
13:02:29.0088 3764 C:\Windows\System32\perftrack.dll - ok
13:02:29.0103 3764 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
13:02:29.0103 3764 C:\Windows\System32\PortableDeviceApi.dll - ok
13:02:29.0103 3764 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
13:02:29.0103 3764 C:\Windows\System32\diagperf.dll - ok
13:02:29.0103 3764 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
13:02:29.0103 3764 C:\Windows\System32\runonce.exe - ok
13:02:29.0103 3764 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
13:02:29.0103 3764 C:\Windows\SysWOW64\runonce.exe - ok
13:02:29.0103 3764 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
13:02:29.0103 3764 C:\Windows\SysWOW64\propsys.dll - ok
13:02:29.0119 3764 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
13:02:29.0119 3764 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
13:02:29.0119 3764 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
13:02:29.0119 3764 C:\Windows\System32\Apphlpdm.dll - ok
13:02:29.0119 3764 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
13:02:29.0119 3764 C:\Windows\System32\pnpts.dll - ok
13:02:29.0119 3764 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
13:02:29.0119 3764 C:\Windows\SysWOW64\ntmarta.dll - ok
13:02:29.0119 3764 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
13:02:29.0119 3764 C:\Windows\System32\radardt.dll - ok
13:02:29.0134 3764 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
13:02:29.0134 3764 C:\Windows\System32\wdiasqmmodule.dll - ok
13:02:29.0134 3764 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
13:02:29.0134 3764 C:\Windows\SysWOW64\Wldap32.dll - ok
13:02:29.0134 3764 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
13:02:29.0134 3764 C:\Windows\SysWOW64\apphelp.dll - ok
13:02:29.0134 3764 [ 30DB64D316F502558DB2380F7343C9FD ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
13:02:29.0134 3764 C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll - ok
13:02:29.0134 3764 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
13:02:29.0134 3764 C:\Windows\System32\IPSECSVC.DLL - ok
13:02:29.0150 3764 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
13:02:29.0150 3764 C:\Windows\System32\FwRemoteSvr.dll - ok
13:02:29.0150 3764 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
13:02:29.0150 3764 C:\Windows\System32\dimsjob.dll - ok
13:02:29.0150 3764 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
13:02:29.0150 3764 C:\Windows\System32\pautoenr.dll - ok
13:02:29.0150 3764 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
13:02:29.0150 3764 C:\Windows\System32\certcli.dll - ok
13:02:29.0150 3764 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
13:02:29.0150 3764 C:\Windows\System32\CertEnroll.dll - ok
13:02:29.0166 3764 [ 207204AF80505AF51271FE164B56F662 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll
13:02:29.0166 3764 C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll - ok
13:02:29.0166 3764 [ 5FF5E12F28725D14CAA3B408848ADFFC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
13:02:29.0166 3764 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll - ok
13:02:29.0166 3764 [ 30EFEBDC960A482E3E188B9960B286E2 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll
13:02:29.0166 3764 C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll - ok
13:02:29.0166 3764 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
13:02:29.0166 3764 C:\Windows\SysWOW64\msimg32.dll - ok
13:02:29.0166 3764 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll
13:02:29.0166 3764 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll - ok
13:02:29.0181 3764 [ D8C2B95BC2353E1F18850D6B8F5DBA13 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
13:02:29.0181 3764 C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll - ok
13:02:29.0181 3764 [ 533AECD1B5356870AE2D905B4D3B42B7 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMisc.dll
13:02:29.0181 3764 C:\Program Files (x86)\Microsoft Office\Office12\GrooveMisc.dll - ok
13:02:29.0181 3764 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\SysWOW64\msxml3.dll
13:02:29.0181 3764 C:\Windows\SysWOW64\msxml3.dll - ok
13:02:29.0181 3764 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
13:02:29.0181 3764 C:\Windows\SysWOW64\cmd.exe - ok
13:02:29.0181 3764 [ 3326166011C9BC13D6A8EFD856E9921C ] C:\Windows\System32\conhost.exe
13:02:29.0181 3764 C:\Windows\System32\conhost.exe - ok
13:02:29.0197 3764 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
13:02:29.0197 3764 C:\Windows\SysWOW64\winbrand.dll - ok
13:02:29.0197 3764 [ 37F358CBD2A1D82C56A542325DA6D368 ] C:\Windows\SysWOW64\ieframe.dll
13:02:29.0197 3764 C:\Windows\SysWOW64\ieframe.dll - ok
13:02:29.0197 3764 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
13:02:29.0197 3764 C:\Windows\SysWOW64\psapi.dll - ok
13:02:29.0197 3764 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
13:02:29.0197 3764 C:\Windows\SysWOW64\oleacc.dll - ok
13:02:29.0197 3764 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
13:02:29.0197 3764 C:\Windows\System32\aelupsvc.dll - ok
13:02:29.0212 3764 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
13:02:29.0212 3764 C:\Windows\SysWOW64\shdocvw.dll - ok
13:02:29.0212 3764 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Kotya\AppData\Local\Temp\C020B709-3237-417E-B82A-9DBF93FFDC8D.exe
13:02:29.0212 3764 C:\Users\Kotya\AppData\Local\Temp\C020B709-3237-417E-B82A-9DBF93FFDC8D.exe - ok
13:02:29.0212 3764 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
13:02:29.0212 3764 C:\Windows\SysWOW64\imagehlp.dll - ok
13:02:29.0212 3764 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\SysWOW64\ncrypt.dll
13:02:29.0212 3764 C:\Windows\SysWOW64\ncrypt.dll - ok
13:02:29.0212 3764 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
13:02:29.0212 3764 C:\Windows\SysWOW64\bcrypt.dll - ok
13:02:29.0228 3764 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
13:02:29.0228 3764 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
13:02:29.0228 3764 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
13:02:29.0228 3764 C:\Windows\SysWOW64\gpapi.dll - ok
13:02:29.0228 3764 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
13:02:29.0228 3764 C:\Windows\SysWOW64\cryptnet.dll - ok
13:02:29.0228 3764 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
13:02:29.0228 3764 C:\Windows\SysWOW64\SensApi.dll - ok
13:02:29.0228 3764 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
13:02:29.0228 3764 C:\Windows\SysWOW64\credssp.dll - ok
13:02:29.0244 3764 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
13:02:29.0244 3764 C:\Windows\SysWOW64\mswsock.dll - ok
13:02:29.0244 3764 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
13:02:29.0244 3764 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
13:02:29.0244 3764 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
13:02:29.0244 3764 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
13:02:29.0244 3764 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
13:02:29.0244 3764 C:\Windows\SysWOW64\wship6.dll - ok
13:02:29.0244 3764 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
13:02:29.0244 3764 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
13:02:29.0259 3764 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
13:02:29.0259 3764 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
13:02:29.0259 3764 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
13:02:29.0259 3764 C:\Windows\SysWOW64\dnsapi.dll - ok
13:02:29.0259 3764 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
13:02:29.0259 3764 C:\Windows\SysWOW64\rasadhlp.dll - ok
13:02:29.0259 3764 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
13:02:29.0259 3764 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
13:02:29.0259 3764 [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll
13:02:29.0259 3764 C:\Program Files\Windows Defender\MpRTP.dll - ok
13:02:29.0275 3764 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
13:02:29.0275 3764 C:\Windows\System32\tdh.dll - ok
13:02:29.0275 3764 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
13:02:29.0275 3764 C:\Windows\SysWOW64\dwmapi.dll - ok
13:02:29.0275 3764 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
13:02:29.0275 3764 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
13:02:29.0275 3764 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
13:02:29.0275 3764 C:\Windows\SysWOW64\EhStorShell.dll - ok
13:02:29.0275 3764 [ EB77DB354791A5932CA559B6F6374E95 ] C:\Windows\SysWOW64\ntshrui.dll
13:02:29.0275 3764 C:\Windows\SysWOW64\ntshrui.dll - ok
13:02:29.0290 3764 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
13:02:29.0290 3764 C:\Windows\SysWOW64\srvcli.dll - ok
13:02:29.0290 3764 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
13:02:29.0290 3764 C:\Windows\SysWOW64\cscapi.dll - ok
13:02:29.0290 3764 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
13:02:29.0290 3764 C:\Windows\SysWOW64\slc.dll - ok
13:02:29.0290 3764 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
13:02:29.0290 3764 C:\Windows\SysWOW64\imageres.dll - ok
13:02:29.0290 3764 [ D527EF4364D2D00443470940B177EAD4 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A39EC67-0E87-4490-95ED-79737956C1DB}\mpengine.dll
13:02:29.0290 3764 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A39EC67-0E87-4490-95ED-79737956C1DB}\mpengine.dll - ok
13:02:29.0306 3764 [ B144A2223EF11ED42310124A7839258E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A39EC67-0E87-4490-95ED-79737956C1DB}\mpasbase.vdm
13:02:29.0306 3764 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A39EC67-0E87-4490-95ED-79737956C1DB}\mpasbase.vdm - ok
13:02:29.0306 3764 [ 3AD3754D21038807238B96C455DFE165 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A39EC67-0E87-4490-95ED-79737956C1DB}\mpasdlta.vdm
13:02:29.0306 3764 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A39EC67-0E87-4490-95ED-79737956C1DB}\mpasdlta.vdm - ok
13:02:29.0306 3764 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
13:02:29.0306 3764 C:\Windows\System32\ndiscapCfg.dll - ok
13:02:29.0306 3764 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
13:02:29.0306 3764 C:\Windows\System32\rascfg.dll - ok
13:02:29.0306 3764 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
13:02:29.0306 3764 C:\Windows\System32\mprmsg.dll - ok
13:02:29.0322 3764 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
13:02:29.0322 3764 C:\Windows\System32\tcpipcfg.dll - ok
13:02:29.0322 3764 [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
13:02:29.0322 3764 C:\Windows\System32\wlaninst.dll - ok
13:02:29.0322 3764 [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
13:02:29.0322 3764 C:\Windows\System32\wwaninst.dll - ok
13:02:29.0322 3764 [ 198803E5E93E29967DFB0BCFD0186151 ] C:\Windows\System32\spfileq.dll
13:02:29.0322 3764 C:\Windows\System32\spfileq.dll - ok
13:02:29.0322 3764 [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll
13:02:29.0322 3764 C:\Program Files\Windows Defender\MsMpLics.dll - ok
13:02:29.0337 3764 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
13:02:29.0337 3764 C:\Windows\System32\wscapi.dll - ok
13:02:29.0337 3764 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
13:02:29.0337 3764 C:\Windows\System32\wscisvif.dll - ok
13:02:29.0337 3764 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
13:02:29.0337 3764 C:\Windows\System32\wscproxystub.dll - ok
13:02:29.0337 3764 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
13:02:29.0337 3764 C:\Windows\SysWOW64\sfc.dll - ok
13:02:29.0337 3764 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
13:02:29.0337 3764 C:\Windows\SysWOW64\sfc_os.dll - ok
13:02:29.0353 3764 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
13:02:29.0353 3764 C:\Windows\SysWOW64\devrtl.dll - ok
13:02:29.0353 3764 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
13:02:29.0353 3764 C:\Windows\SysWOW64\mpr.dll - ok
13:02:29.0353 3764 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
13:02:29.0353 3764 C:\Windows\SysWOW64\netutils.dll - ok
13:02:29.0353 3764 [ D56C13F26ADCB3BC0455DB42883F6E7D ] C:\Windows\System32\iedkcs32.dll
13:02:29.0353 3764 C:\Windows\System32\iedkcs32.dll - ok
13:02:29.0353 3764 [ 6D220604AA4240303DD8DEAEAB428377 ] C:\Windows\System32\ie4uinit.exe
13:02:29.0353 3764 C:\Windows\System32\ie4uinit.exe - ok
13:02:29.0353 3764 [ 1FCB1A72BF5C784F7358E6BEF38E4571 ] C:\Windows\System32\timedate.cpl
13:02:29.0353 3764 C:\Windows\System32\timedate.cpl - ok
13:02:29.0368 3764 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
13:02:29.0368 3764 C:\Windows\System32\actxprxy.dll - ok
13:02:29.0368 3764 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
13:02:29.0368 3764 C:\Windows\System32\shdocvw.dll - ok
13:02:29.0368 3764 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
13:02:29.0368 3764 C:\Windows\System32\linkinfo.dll - ok
13:02:29.0368 3764 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
13:02:29.0368 3764 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
13:02:29.0368 3764 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
13:02:29.0368 3764 C:\Windows\System32\gameux.dll - ok
13:02:29.0384 3764 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
13:02:29.0384 3764 C:\Windows\System32\msiltcfg.dll - ok
13:02:29.0384 3764 [ 6A16BCE3C09496650BE881C467611653 ] C:\Windows\System32\msi.dll
13:02:29.0384 3764 C:\Windows\System32\msi.dll - ok
13:02:29.0384 3764 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
13:02:29.0384 3764 C:\Windows\System32\msftedit.dll - ok
13:02:29.0384 3764 [ 7CB3ACB163DE051169095DC6507B8977 ] C:\Windows\System32\msls31.dll
13:02:29.0384 3764 C:\Windows\System32\msls31.dll - ok
13:02:29.0384 3764 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
13:02:29.0384 3764 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
13:02:29.0400 3764 [ E3BF29CED96790CDAAFA981FFDDF53A3 ] C:\Program Files\Windows Sidebar\sidebar.exe
13:02:29.0400 3764 C:\Program Files\Windows Sidebar\sidebar.exe - ok
13:02:29.0400 3764 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
13:02:29.0400 3764 C:\Windows\System32\thumbcache.dll - ok
13:02:29.0400 3764 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
13:02:29.0400 3764 C:\Windows\System32\DeviceCenter.dll - ok
13:02:29.0400 3764 [ AE18DCD6934D657EA0995E919FB0F4DD ] C:\Windows\System32\mshtml.dll
13:02:29.0400 3764 C:\Windows\System32\mshtml.dll - ok
13:02:29.0400 3764 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:02:29.0400 3764 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
13:02:29.0415 3764 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:02:29.0415 3764 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
13:02:29.0415 3764 [ 0E34B7BB1FCF22BCC1E394D16F9E992B ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
13:02:29.0415 3764 C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe - ok
13:02:29.0415 3764 [ 0CE4D3BD306DA6D1F6F233C403F5B667 ] C:\Windows\SysWOW64\msi.dll
13:02:29.0415 3764 C:\Windows\SysWOW64\msi.dll - ok
13:02:29.0415 3764 [ DB29633B71298F68EEB4B232F3829086 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
13:02:29.0415 3764 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - ok
13:02:29.0415 3764 [ 036CAF931B3F2A05E0CB8452039E849C ] C:\Windows\SysWOW64\atiadlxy.dll
13:02:29.0415 3764 C:\Windows\SysWOW64\atiadlxy.dll - ok
13:02:29.0431 3764 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
13:02:29.0431 3764 C:\Windows\System32\networkexplorer.dll - ok
13:02:29.0431 3764 [ 91207A331F160E7D0C0AAB2AC94FE40D ] C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
13:02:29.0431 3764 C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe - ok
13:02:29.0431 3764 [ 4B9949208944C50B1A16FD1F05ED0A04 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
13:02:29.0431 3764 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe - ok
13:02:29.0431 3764 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
13:02:29.0431 3764 C:\Windows\System32\mscoree.dll - ok
13:02:29.0431 3764 [ C5D27A81676BCA05947E2ED1B137A3C0 ] C:\Windows\SysWOW64\amdocl.dll
13:02:29.0431 3764 C:\Windows\SysWOW64\amdocl.dll - ok
13:02:29.0446 3764 [ 9AC621E695DDE63218BAB2F2F0513129 ] C:\Windows\SysWOW64\OpenCL.dll
13:02:29.0446 3764 C:\Windows\SysWOW64\OpenCL.dll - ok
13:02:29.0446 3764 [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
13:02:29.0446 3764 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
13:02:29.0446 3764 [ 78BFE3201ADA2FE02D1E35D2488E5F55 ] C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
13:02:29.0446 3764 C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe - ok
13:02:29.0446 3764 [ C2FF17734176CD15221C10044EF0BA1A ] C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
13:02:29.0446 3764 C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - ok
13:02:29.0446 3764 [ B52D802364993FA65F23FD582D55C4E9 ] C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe
13:02:29.0446 3764 C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe - ok
13:02:29.0462 3764 [ 51464B6C373CD07E7D4A6CC9294ED67C ] C:\Users\Kotya\AppData\Roaming\Dropbox\bin\Dropbox.exe
13:02:29.0462 3764 C:\Users\Kotya\AppData\Roaming\Dropbox\bin\Dropbox.exe - ok
13:02:29.0462 3764 [ F965B884AFEC50D87792DB0A071B9EB6 ] C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanDll.dll
13:02:29.0462 3764 C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanDll.dll - ok
13:02:29.0462 3764 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\SysWOW64\mscms.dll
13:02:29.0462 3764 C:\Windows\SysWOW64\mscms.dll - ok
13:02:29.0462 3764 [ C1648084C395152FBFA1B333D92056BC ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
13:02:29.0462 3764 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
13:02:29.0462 3764 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
13:02:29.0462 3764 C:\Windows\System32\UIAnimation.dll - ok
13:02:29.0478 3764 [ 9C17DCD6DDFEB1A012544FAF4F2789F6 ] C:\Windows\AppPatch\AcGenral.dll
13:02:29.0478 3764 C:\Windows\AppPatch\AcGenral.dll - ok
13:02:29.0478 3764 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Users\Kotya\AppData\Roaming\Dropbox\bin\msvcr71.dll
13:02:29.0478 3764 C:\Users\Kotya\AppData\Roaming\Dropbox\bin\msvcr71.dll - ok
13:02:29.0478 3764 [ 01675528F5289D2A4DE01647FB2C81F8 ] C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WPSCtrl.dll
13:02:29.0478 3764 C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WPSCtrl.dll - ok
13:02:29.0478 3764 [ 74B2D4C4DAEAF401C73DE8F7A5491331 ] C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWPS.dll
13:02:29.0478 3764 C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWPS.dll - ok
13:02:29.0478 3764 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
13:02:29.0478 3764 C:\Windows\System32\drprov.dll - ok
13:02:29.0493 3764 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
13:02:29.0493 3764 C:\Windows\System32\ntlanman.dll - ok
13:02:29.0493 3764 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
13:02:29.0493 3764 C:\Windows\SysWOW64\oledlg.dll - ok
13:02:29.0493 3764 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
13:02:29.0493 3764 C:\Windows\System32\wdmaud.drv - ok
13:02:29.0493 3764 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\SysWOW64\logoncli.dll
13:02:29.0493 3764 C:\Windows\SysWOW64\logoncli.dll - ok
13:02:29.0493 3764 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
13:02:29.0493 3764 C:\Windows\SysWOW64\netapi32.dll - ok
13:02:29.0509 3764 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
13:02:29.0509 3764 C:\Windows\SysWOW64\secur32.dll - ok
13:02:29.0509 3764 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\SysWOW64\security.dll
13:02:29.0509 3764 C:\Windows\SysWOW64\security.dll - ok
13:02:29.0509 3764 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
13:02:29.0509 3764 C:\Windows\SysWOW64\wkscli.dll - ok
13:02:29.0509 3764 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Users\Kotya\AppData\Roaming\Dropbox\bin\msvcp71.dll
13:02:29.0509 3764 C:\Users\Kotya\AppData\Roaming\Dropbox\bin\msvcp71.dll - ok
13:02:29.0509 3764 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
13:02:29.0509 3764 C:\Windows\System32\davclnt.dll - ok
13:02:29.0524 3764 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
13:02:29.0524 3764 C:\Windows\System32\ksuser.dll - ok
13:02:29.0524 3764 [ 816B681CC308FAA128EDCB90643DCED7 ] C:\Windows\SysWOW64\icm32.dll
13:02:29.0524 3764 C:\Windows\SysWOW64\icm32.dll - ok
13:02:29.0524 3764 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
13:02:29.0524 3764 C:\Windows\System32\davhlpr.dll - ok
13:02:29.0524 3764 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
13:02:29.0524 3764 C:\Windows\System32\AudioSes.dll - ok
13:02:29.0524 3764 [ F2A24E4AEC0F8D5DBAB10CB87A8EFED2 ] C:\Windows\SysWOW64\sti.dll
13:02:29.0524 3764 C:\Windows\SysWOW64\sti.dll - ok
13:02:29.0540 3764 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
13:02:29.0540 3764 C:\Windows\System32\msacm32.dll - ok
13:02:29.0540 3764 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
13:02:29.0540 3764 C:\Windows\System32\msacm32.drv - ok
13:02:29.0540 3764 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
13:02:29.0540 3764 C:\Windows\System32\midimap.dll - ok
13:02:29.0540 3764 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
13:02:29.0540 3764 C:\Windows\System32\AudioEng.dll - ok
13:02:29.0540 3764 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
13:02:29.0540 3764 C:\Windows\SysWOW64\dbghelp.dll - ok
13:02:29.0556 3764 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
13:02:29.0556 3764 C:\Windows\System32\AUDIOKSE.dll - ok
13:02:29.0556 3764 [ B3CE0951E3C1EA3C733573C472EE85F9 ] C:\Windows\System32\msimtf.dll
13:02:29.0556 3764 C:\Windows\System32\msimtf.dll - ok
13:02:29.0556 3764 [ 3C6FA2F4D58611579B21798E0568F548 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
13:02:29.0556 3764 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
13:02:29.0556 3764 [ DB001FAEA818AE2E14A74E0ADC530FC0 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll
13:02:29.0556 3764 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll - ok
13:02:29.0556 3764 [ C94324496F829A39FA65104BD48E1E1F ] C:\Windows\SysWOW64\aticaldd.dll
13:02:29.0556 3764 C:\Windows\SysWOW64\aticaldd.dll - ok
13:02:29.0571 3764 [ 01AEA2F16FE0C522DDFD7FAFFC959C6A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll
13:02:29.0571 3764 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll - ok
13:02:29.0571 3764 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
13:02:29.0571 3764 C:\Windows\System32\qmgr.dll - ok
13:02:29.0571 3764 [ 55E3C4F4D953D8518EBDC5EA9AD786CE ] C:\Windows\System32\ieframe.dll
13:02:29.0571 3764 C:\Windows\System32\ieframe.dll - ok
13:02:29.0571 3764 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
13:02:29.0571 3764 C:\Windows\System32\WMALFXGFXDSP.dll - ok
13:02:29.0571 3764 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
13:02:29.0571 3764 C:\Windows\System32\bitsigd.dll - ok
13:02:29.0587 3764 [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
13:02:29.0587 3764 C:\Windows\System32\bitsperf.dll - ok
13:02:29.0587 3764 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
13:02:29.0587 3764 C:\Windows\System32\upnp.dll - ok
13:02:29.0587 3764 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
13:02:29.0587 3764 C:\Windows\SysWOW64\winmm.dll - ok
13:02:29.0587 3764 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
13:02:29.0587 3764 C:\Windows\System32\ssdpsrv.dll - ok
13:02:29.0587 3764 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
13:02:29.0587 3764 C:\Windows\SysWOW64\msacm32.dll - ok
13:02:29.0587 3764 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
13:02:29.0587 3764 C:\Windows\SysWOW64\samcli.dll - ok
13:02:29.0602 3764 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
13:02:29.0602 3764 C:\Windows\System32\qmgrprxy.dll - ok
13:02:29.0602 3764 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
13:02:29.0602 3764 C:\Windows\SysWOW64\qmgrprxy.dll - ok
13:02:29.0602 3764 [ 6D137963730144698CBD10F202E9F251 ] C:\Windows\System32\wersvc.dll
13:02:29.0602 3764 C:\Windows\System32\wersvc.dll - ok
13:02:29.0602 3764 [ 3F50200237961034FACE602373838980 ] C:\Windows\SysWOW64\FirewallAPI.dll
13:02:29.0602 3764 C:\Windows\SysWOW64\FirewallAPI.dll - ok
13:02:29.0602 3764 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
13:02:29.0602 3764 C:\Windows\SysWOW64\sxs.dll - ok
13:02:29.0618 3764 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
13:02:29.0618 3764 C:\Windows\System32\mfplat.dll - ok
13:02:29.0618 3764 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
13:02:29.0618 3764 C:\Windows\System32\stobject.dll - ok
13:02:29.0618 3764 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
13:02:29.0618 3764 C:\Windows\SysWOW64\NapiNSP.dll - ok
13:02:29.0618 3764 [ 104A1070E90F1C530328E69B49718841 ] C:\Windows\SysWOW64\nlaapi.dll
13:02:29.0618 3764 C:\Windows\SysWOW64\nlaapi.dll - ok
13:02:29.0618 3764 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
13:02:29.0618 3764 C:\Windows\SysWOW64\pnrpnsp.dll - ok
13:02:29.0634 3764 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
13:02:29.0634 3764 C:\Windows\SysWOW64\winrnr.dll - ok
13:02:29.0634 3764 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
13:02:29.0634 3764 C:\Windows\System32\batmeter.dll - ok
13:02:29.0634 3764 [ 5746BD7E255DD6A8AFA06F7C42C1BA41 ] C:\Windows\System32\cmd.exe
13:02:29.0634 3764 C:\Windows\System32\cmd.exe - ok
13:02:29.0634 3764 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
13:02:29.0634 3764 C:\Windows\System32\prnfldr.dll - ok
13:02:29.0634 3764 [ 9C33B7DEC06665E81E1D6EBCBEEA7568 ] C:\Windows\SysWOW64\atigktxx.dll
13:02:29.0634 3764 C:\Windows\SysWOW64\atigktxx.dll - ok
13:02:29.0649 3764 [ 3ABB7ADB9CCBCD24D6C55201A3842A94 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
13:02:29.0649 3764 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
13:02:29.0649 3764 [ 8E752CFBF717C9EBA0E8279B80A049F4 ] C:\Windows\SysWOW64\kdbsdk32.dll
13:02:29.0649 3764 C:\Windows\SysWOW64\kdbsdk32.dll - ok
13:02:29.0649 3764 [ 25B50D384D3B6EBC782DC544502AB373 ] C:\Windows\System32\jscript.dll
13:02:29.0649 3764 C:\Windows\System32\jscript.dll - ok
13:02:29.0649 3764 [ 50F9394F53CF8015C703EBD2EF3BABC6 ] C:\Windows\System32\LocationApi.dll
13:02:29.0649 3764 C:\Windows\System32\LocationApi.dll - ok
13:02:29.0649 3764 [ 9111354A308612483F8DA995A1DD1835 ] C:\Windows\System32\SensorsApi.dll
13:02:29.0649 3764 C:\Windows\System32\SensorsApi.dll - ok
13:02:29.0665 3764 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
13:02:29.0665 3764 C:\Windows\System32\PortableDeviceTypes.dll - ok
13:02:29.0665 3764 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
13:02:29.0665 3764 C:\Windows\System32\DXP.dll - ok
13:02:29.0665 3764 [ F60B6FA0D353DD31A59E86D3D3FD8066 ] C:\Windows\System32\imgutil.dll
13:02:29.0665 3764 C:\Windows\System32\imgutil.dll - ok
13:02:29.0665 3764 [ 0728937194E98613051F4A72C7F1D4BF ] C:\Windows\System32\pngfilt.dll
13:02:29.0665 3764 C:\Windows\System32\pngfilt.dll - ok
13:02:29.0665 3764 [ 43600D39FA6DF51D90DF04D905BE4142 ] C:\Windows\System32\vbscript.dll
13:02:29.0665 3764 C:\Windows\System32\vbscript.dll - ok
13:02:29.0680 3764 [ 8BE887F1743FBB39ED2C9CA2937742D6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll
13:02:29.0680 3764 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll - ok
13:02:29.0680 3764 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
13:02:29.0680 3764 C:\Windows\System32\Syncreg.dll - ok
13:02:29.0680 3764 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
13:02:29.0680 3764 C:\Windows\ehome\ehSSO.dll - ok
13:02:29.0680 3764 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
13:02:29.0680 3764 C:\Windows\System32\WPDShServiceObj.dll - ok
13:02:29.0680 3764 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
13:02:29.0680 3764 C:\Windows\System32\mlang.dll - ok
13:02:29.0696 3764 [ 2E76FF14C5987BE45AB65A91332E3C58 ] C:\Program Files\Windows Sidebar\wlsrvc.dll
13:02:29.0696 3764 C:\Program Files\Windows Sidebar\wlsrvc.dll - ok
13:02:29.0696 3764 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
13:02:29.0696 3764 C:\Windows\System32\ActionCenter.dll - ok
13:02:29.0696 3764 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
13:02:29.0696 3764 C:\Windows\System32\FXSST.dll - ok
13:02:29.0696 3764 [ D79D19EC66106119DCD45D042C6B5170 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll
13:02:29.0696 3764 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll - ok
13:02:29.0696 3764 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
13:02:29.0696 3764 C:\Windows\System32\FXSAPI.dll - ok
13:02:29.0712 3764 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
13:02:29.0712 3764 C:\Windows\System32\FXSRESM.dll - ok
13:02:29.0712 3764 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
13:02:29.0712 3764 C:\Windows\System32\FXSSVC.exe - ok
13:02:29.0712 3764 [ EADFC95980BC24DF3C7EE5B2CD38F043 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6af7216038720b1adeca71e81c14bd6\System.Windows.Forms.ni.dll
13:02:29.0712 3764 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6af7216038720b1adeca71e81c14bd6\System.Windows.Forms.ni.dll - ok
13:02:29.0712 3764 [ 5DCD11D0B1CB71E2B035B30670365C35 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll
13:02:29.0712 3764 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll - ok
13:02:29.0712 3764 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
13:02:29.0712 3764 C:\Windows\System32\shfolder.dll - ok
13:02:29.0727 3764 [ A9950F1C63BA70151803C6F24CEE23F3 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
13:02:29.0727 3764 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - ok
13:02:29.0727 3764 [ E63EAF09FC29954D7F8EAB2DEF495062 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\193e9d54d5a1785730cc76195c3ed9c6\System.Web.ni.dll
13:02:29.0727 3764 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\193e9d54d5a1785730cc76195c3ed9c6\System.Web.ni.dll - ok
13:02:29.0727 3764 [ 234AFA322624B3203A2E720F08292B03 ] C:\Windows\System32\cscobj.dll
13:02:29.0727 3764 C:\Windows\System32\cscobj.dll - ok
13:02:29.0727 3764 [ AD31942BDF3D594C404874613BC2FE4D ] C:\Windows\System32\SearchIndexer.exe
13:02:29.0727 3764 C:\Windows\System32\SearchIndexer.exe - ok
13:02:29.0727 3764 [ 6C597496AB646EB9F31C68241050F771 ] C:\Windows\System32\tquery.dll
13:02:29.0727 3764 C:\Windows\System32\tquery.dll - ok
13:02:29.0743 3764 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
13:02:29.0743 3764 C:\Windows\System32\AltTab.dll - ok
13:02:29.0743 3764 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
13:02:29.0743 3764 C:\Windows\System32\pnidui.dll - ok
13:02:29.0743 3764 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\18682670.sys
13:02:29.0743 3764 C:\Windows\System32\drivers\18682670.sys - ok
13:02:29.0743 3764 [ A4B3A9FFA483F8CB36E56C19448DDE36 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll
13:02:29.0743 3764 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll - ok
13:02:29.0743 3764 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
13:02:29.0743 3764 C:\Windows\System32\QUTIL.DLL - ok
13:02:29.0758 3764 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
13:02:29.0758 3764 C:\Windows\System32\srchadmin.dll - ok
13:02:29.0758 3764 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
13:02:29.0758 3764 C:\Windows\SysWOW64\riched20.dll - ok
13:02:29.0758 3764 [ 017F5CE9BC2333FE0FB738B0A9C13C2F ] C:\Windows\System32\mssrch.dll
13:02:29.0758 3764 C:\Windows\System32\mssrch.dll - ok
13:02:29.0758 3764 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
13:02:29.0758 3764 C:\Windows\System32\bthprops.cpl - ok
13:02:29.0758 3764 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
13:02:29.0758 3764 C:\Windows\SysWOW64\rasapi32.dll - ok
13:02:29.0774 3764 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
13:02:29.0774 3764 C:\Windows\SysWOW64\rasman.dll - ok
13:02:29.0774 3764 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
13:02:29.0774 3764 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
13:02:29.0774 3764 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
13:02:29.0774 3764 C:\Windows\SysWOW64\rtutils.dll - ok
13:02:29.0774 3764 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
13:02:29.0774 3764 C:\Windows\System32\rasdlg.dll - ok
13:02:29.0774 3764 [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\SysWOW64\schannel.dll
13:02:29.0774 3764 C:\Windows\SysWOW64\schannel.dll - ok
13:02:29.0790 3764 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
13:02:29.0790 3764 C:\Windows\SysWOW64\netprofm.dll - ok
13:02:29.0790 3764 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
13:02:29.0790 3764 C:\Windows\SysWOW64\npmproxy.dll - ok
13:02:29.0790 3764 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
13:02:29.0790 3764 C:\Windows\System32\dot3api.dll - ok
13:02:29.0790 3764 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
13:02:29.0790 3764 C:\Windows\System32\msidle.dll - ok
13:02:29.0790 3764 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
13:02:29.0790 3764 C:\Windows\System32\mssprxy.dll - ok
13:02:29.0790 3764 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
13:02:29.0790 3764 C:\Windows\System32\wlanhlp.dll - ok
13:02:29.0805 3764 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
13:02:29.0805 3764 C:\Windows\SysWOW64\duser.dll - ok
13:02:29.0805 3764 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
13:02:29.0805 3764 C:\Windows\System32\WWanAPI.dll - ok
13:02:29.0805 3764 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
13:02:29.0805 3764 C:\Windows\System32\en-US\tquery.dll.mui - ok
13:02:29.0805 3764 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
13:02:29.0805 3764 C:\Windows\System32\wwapi.dll - ok
13:02:29.0805 3764 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
13:02:29.0805 3764 C:\Windows\System32\QAGENT.DLL - ok
13:02:29.0821 3764 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
13:02:29.0821 3764 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
13:02:29.0821 3764 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
13:02:29.0821 3764 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
13:02:29.0821 3764 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
13:02:29.0821 3764 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
13:02:29.0821 3764 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
13:02:29.0821 3764 C:\Windows\System32\drmv2clt.dll - ok
13:02:29.0821 3764 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
13:02:29.0821 3764 C:\Windows\System32\wmdrmdev.dll - ok
13:02:29.0836 3764 [ 03CA0AD8B1FA37E002E2639A586CEED8 ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key
13:02:29.0836 3764 C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key - ok
13:02:29.0836 3764 [ 47B8DEBEC68FACCD026F99CAE8698C93 ] C:\Windows\System32\webcheck.dll
13:02:29.0836 3764 C:\Windows\System32\webcheck.dll - ok
13:02:29.0836 3764 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
13:02:29.0836 3764 C:\Windows\System32\SyncCenter.dll - ok
13:02:29.0836 3764 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
13:02:29.0836 3764 C:\Windows\System32\wmp.dll - ok
13:02:29.0836 3764 [ 5D0E28A22860E487148B2820309C0063 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll
13:02:29.0836 3764 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll - ok
13:02:29.0852 3764 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
13:02:29.0852 3764 C:\Windows\System32\wmploc.DLL - ok
13:02:29.0852 3764 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
13:02:29.0852 3764 C:\Windows\System32\imapi2.dll - ok
13:02:29.0852 3764 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
13:02:29.0852 3764 C:\Windows\System32\hgcpl.dll - ok
13:02:29.0852 3764 [ C1D9E25FC988516DF703D6E12ACA915F ] C:\Program Files\Internet Explorer\ieproxy.dll
13:02:29.0852 3764 C:\Program Files\Internet Explorer\ieproxy.dll - ok
13:02:29.0852 3764 [ 42EC9065D9BF266ADE924B066C783A56 ] C:\Windows\System32\SearchProtocolHost.exe
13:02:29.0852 3764 C:\Windows\System32\SearchProtocolHost.exe - ok
13:02:29.0868 3764 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
13:02:29.0868 3764 C:\Windows\System32\FDResPub.dll - ok
13:02:29.0868 3764 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
13:02:29.0868 3764 C:\Windows\System32\fdPHost.dll - ok
13:02:29.0868 3764 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
13:02:29.0868 3764 C:\Windows\System32\fdWSD.dll - ok
13:02:29.0868 3764 [ 6D74290856347CF8682277A54B433D4B ] C:\Users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
13:02:29.0868 3764 C:\Users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll - ok
13:02:29.0868 3764 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
13:02:29.0868 3764 C:\Windows\System32\fdSSDP.dll - ok
13:02:29.0883 3764 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
13:02:29.0883 3764 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
13:02:29.0883 3764 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
13:02:29.0883 3764 C:\Windows\System32\msshooks.dll - ok
13:02:29.0883 3764 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
13:02:29.0883 3764 C:\Windows\System32\fdProxy.dll - ok
13:02:29.0883 3764 [ 52D56D1013D4F1B99102679314CC5325 ] C:\Windows\System32\SearchFilterHost.exe
13:02:29.0883 3764 C:\Windows\System32\SearchFilterHost.exe - ok
13:02:29.0883 3764 [ ABDBABE3A7D2222B3A0DB1B8B9CAD16E ] C:\Windows\System32\mssph.dll
13:02:29.0883 3764 C:\Windows\System32\mssph.dll - ok
13:02:29.0899 3764 [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll
13:02:29.0899 3764 C:\Windows\System32\hgprint.dll - ok
13:02:29.0899 3764 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
13:02:29.0899 3764 C:\Windows\System32\mapi32.dll - ok
13:02:29.0899 3764 [ 2306C0BE24B1234E5076C9DBAF89BE04 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
13:02:29.0899 3764 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe - ok
13:02:29.0899 3764 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
13:02:29.0899 3764 C:\Windows\System32\wmpps.dll - ok
13:02:29.0899 3764 [ 76F39902E25F43FE9450AD3D6A14D0D8 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll
13:02:29.0899 3764 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll - ok
13:02:29.0914 3764 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\msvcr100.dll
13:02:29.0914 3764 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\msvcr100.dll - ok
13:02:29.0914 3764 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
13:02:29.0914 3764 C:\Windows\System32\wbem\NCProv.dll - ok
13:02:29.0914 3764 [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll
13:02:29.0914 3764 C:\Windows\System32\wmpmde.dll - ok
13:02:29.0914 3764 [ 0AE0C4955E1DE29CCDC9DA1B816FE5EE ] C:\Windows\SysWOW64\quartz.dll
13:02:29.0914 3764 C:\Windows\SysWOW64\quartz.dll - ok
13:02:29.0914 3764 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
13:02:29.0914 3764 C:\Windows\System32\WinSATAPI.dll - ok
13:02:29.0914 3764 [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
13:02:29.0914 3764 C:\Windows\SysWOW64\d3d9.dll - ok
13:02:29.0930 3764 [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL
13:02:29.0930 3764 C:\Windows\System32\MSMPEG2ENC.DLL - ok
13:02:29.0930 3764 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
13:02:29.0930 3764 C:\Windows\SysWOW64\d3d8thk.dll - ok
13:02:29.0930 3764 [ 4EEF3B569EC9A8840B4762D57DF28574 ] C:\Windows\SysWOW64\aticfx32.dll
13:02:29.0930 3764 C:\Windows\SysWOW64\aticfx32.dll - ok
13:02:29.0930 3764 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
13:02:29.0930 3764 C:\Windows\System32\devenum.dll - ok
13:02:29.0930 3764 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
13:02:29.0930 3764 C:\Windows\System32\msdmo.dll - ok
13:02:29.0946 3764 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
13:02:29.0946 3764 C:\Windows\System32\upnphost.dll - ok
13:02:29.0946 3764 [ 9E76261945DE1581D81A13C5496F7ED6 ] C:\Windows\SysWOW64\atiu9pag.dll
13:02:29.0946 3764 C:\Windows\SysWOW64\atiu9pag.dll - ok
13:02:29.0946 3764 [ A42B5D922CD096F8292AEC6BED62A595 ] C:\Windows\SysWOW64\atiumdag.dll
13:02:29.0946 3764 C:\Windows\SysWOW64\atiumdag.dll - ok
13:02:29.0946 3764 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
13:02:29.0946 3764 C:\Windows\System32\wbem\wmiprov.dll - ok
13:02:29.0946 3764 [ 679E82F9D5BE28F5B05064A2F46CE4F2 ] C:\Windows\System32\wbem\mofd.dll
13:02:29.0946 3764 C:\Windows\System32\wbem\mofd.dll - ok
13:02:29.0961 3764 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll
13:02:29.0961 3764 C:\Windows\System32\ListSvc.dll - ok
13:02:29.0961 3764 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
13:02:29.0961 3764 C:\Windows\System32\P2P.dll - ok
13:02:29.0961 3764 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
13:02:29.0961 3764 C:\Windows\System32\IdListen.dll - ok
13:02:29.0961 3764 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
13:02:29.0961 3764 C:\Windows\System32\p2pcollab.dll - ok
13:02:29.0961 3764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
13:02:29.0961 3764 C:\Windows\System32\pnrpsvc.dll - ok
13:02:29.0977 3764 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
13:02:29.0977 3764 C:\Windows\System32\QAGENTRT.DLL - ok
13:02:29.0977 3764 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
13:02:29.0977 3764 C:\Windows\System32\fveui.dll - ok
13:02:29.0977 3764 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
13:02:29.0977 3764 C:\Windows\System32\p2psvc.dll - ok
13:02:29.0977 3764 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
13:02:29.0977 3764 C:\Windows\System32\P2PGraph.dll - ok
13:02:29.0977 3764 [ F2C7BB8ACC97F92E987A2D4087D021B1 ] C:\Windows\System32\notepad.exe
13:02:29.0977 3764 C:\Windows\System32\notepad.exe - ok
13:02:29.0992 3764 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
13:02:29.0992 3764 C:\Windows\System32\udhisapi.dll - ok
13:02:29.0992 3764 [ 72AB8C3F8AB7B550A896357C9E0896DA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\2abfa3ca7ad3cc6f199158e6663f3006\PresentationCore.ni.dll
13:02:29.0992 3764 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\2abfa3ca7ad3cc6f199158e6663f3006\PresentationCore.ni.dll - ok
13:02:29.0992 3764 [ C733EBBDD79892B96C9980EBDC0CA704 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c217382951ed46e82a9a3e27bd6379e7\PresentationFramework.ni.dll
13:02:29.0992 3764 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c217382951ed46e82a9a3e27bd6379e7\PresentationFramework.ni.dll - ok
13:02:29.0992 3764 [ C264145F107437CBD3B30303733AEE4F ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
13:02:29.0992 3764 C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
13:02:29.0992 3764 [ C8541AECCCA9260DE93C85F214110FA8 ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
13:02:29.0992 3764 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok
13:02:30.0008 3764 [ 7431CE8830AFDB3E243DBBC22A3532F7 ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
13:02:30.0008 3764 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll - ok
13:02:30.0008 3764 [ 0BF4362E18DFC52382F418278DCC52C4 ] C:\Windows\System32\rdpdd.dll
13:02:30.0008 3764 C:\Windows\System32\rdpdd.dll - ok
13:02:30.0008 3764 [ FF6148B1C150DA05D35C68D143AD6DEA ] C:\Windows\System32\RDPENCDD.dll
13:02:30.0008 3764 C:\Windows\System32\RDPENCDD.dll - ok
13:02:30.0008 3764 [ A23A9301EE7152FB6776052E52BDE9D9 ] C:\Windows\System32\RDPREFDD.dll
13:02:30.0008 3764 C:\Windows\System32\RDPREFDD.dll - ok
13:02:30.0008 3764 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] C:\Windows\System32\FntCache.dll
13:02:30.0008 3764 C:\Windows\System32\FntCache.dll - ok
13:02:30.0024 3764 [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe
13:02:30.0024 3764 C:\Windows\System32\sppsvc.exe - ok
13:02:30.0024 3764 [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
13:02:30.0024 3764 C:\Windows\System32\wscsvc.dll - ok
13:02:30.0024 3764 [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
13:02:30.0024 3764 C:\Windows\System32\drivers\spsys.sys - ok
13:02:30.0024 3764 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
13:02:30.0024 3764 C:\Windows\System32\wuaueng.dll - ok
13:02:30.0024 3764 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
13:02:30.0024 3764 C:\Windows\System32\wuapi.dll - ok
13:02:30.0039 3764 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
13:02:30.0039 3764 C:\Windows\System32\cabinet.dll - ok
13:02:30.0039 3764 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
13:02:30.0039 3764 C:\Windows\System32\wups.dll - ok
13:02:30.0039 3764 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
13:02:30.0039 3764 C:\Windows\System32\mspatcha.dll - ok
13:02:30.0039 3764 [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll
13:02:30.0039 3764 C:\Windows\System32\sppwinob.dll - ok
13:02:30.0039 3764 ============================================================
13:02:30.0039 3764 Scan finished
13:02:30.0039 3764 ============================================================
13:02:30.0055 2260 Detected object count: 3
13:02:30.0055 2260 Actual detected object count: 3
13:02:55.0998 2260 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:02:55.0998 2260 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:02:55.0998 2260 WlanWpsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:02:55.0998 2260 WlanWpsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:02:55.0998 2260 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:02:55.0998 2260 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-23 13:04:53
-----------------------------
13:04:53.505 OS Version: Windows x64 6.1.7601 Service Pack 1
13:04:53.505 Number of processors: 2 586 0x403
13:04:53.505 ComputerName: KOTYA-PC UserName: Kotya
13:04:54.035 Initialize success
13:10:32.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
13:10:32.062 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
13:10:32.062 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000076
13:10:32.078 Disk 1 Vendor: Size: 152587MB BusType: 0
13:10:32.078 Disk 0 MBR read successfully
13:10:32.093 Disk 0 MBR scan
13:10:32.093 Disk 0 Windows 7 default MBR code
13:10:32.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:10:32.125 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152485 MB offset 206848
13:10:32.140 Disk 0 scanning C:\Windows\system32\drivers
13:10:38.318 Service scanning
13:10:52.607 Modules scanning
13:10:52.607 Disk 0 trace - called modules:
13:10:52.623 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
13:10:53.122 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c70390]
13:10:53.122 3 CLASSPNP.SYS[fffff880013b943f] -> nt!IofCallDriver -> [0xfffffa8006d95900]
13:10:53.138 5 ACPI.sys[fffff88000ef57a1] -> nt!IofCallDriver -> \Device\00000063[0xfffffa8006de76a0]
13:10:53.153 Scan finished successfully
13:11:13.075 Disk 0 MBR has been saved successfully to "C:\Users\Kotya\Desktop\MBR.dat"
13:11:13.075 The log file has been saved successfully to "C:\Users\Kotya\Desktop\aswMBR.txt"

Had to split the log in two because it was too long to post.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 PM

Posted 23 December 2012 - 02:49 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 izzabe1la

izzabe1la
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 23 December 2012 - 03:21 PM

OTL logfile created on: 12/23/2012 2:16:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kotya\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.18% Memory free
16.00 Gb Paging File | 14.10 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.91 Gb Total Space | 58.94 Gb Free Space | 39.58% Space Free | Partition Type: NTFS
Drive E: | 192.97 Gb Total Space | 31.85 Gb Free Space | 16.50% Space Free | Partition Type: NTFS

Computer Name: KOTYA-PC | User Name: Kotya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kotya\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - C:\Users\Kotya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe ()
PRC - C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe ()
PRC - C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe ()
MOD - C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanDll.dll ()
MOD - C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WPSCtrl.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (WlanWpsSvc) -- C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()
DRV:64bit: - (hitmanpro36) -- C:\Windows\SysNative\drivers\hitmanpro36.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rtl819xp) -- C:\Windows\SysNative\drivers\rtl819xp.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3151544301-834233766-3451716694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3151544301-834233766-3451716694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3151544301-834233766-3451716694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 8E F7 9B 0C DE CC 01 [binary data]
IE - HKU\S-1-5-21-3151544301-834233766-3451716694-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3151544301-834233766-3451716694-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3151544301-834233766-3451716694-1000\..\SearchScopes\{19833F85-0F07-4E0D-9871-DBE1841872C1}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=YYYYYYYYUS&apn_uid=553377C1-7812-4701-BFDA-91CE5889C3C3&apn_sauid=68F16641-719E-4A82-897D-439B95489A4A
IE - HKU\S-1-5-21-3151544301-834233766-3451716694-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: fb2reader%40clear.com.ua:0.23
FF - prefs.js..extensions.enabledAddons: lyivmcdccp%40lyivmcdccp.org:1.0
FF - prefs.js..extensions.enabledAddons: %7B6614d11d-d21d-b211-ae23-815234e1ebb5%7D:2.7.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/13 13:33:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/13 13:33:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/08 19:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kotya\AppData\Roaming\Mozilla\Extensions
[2012/12/09 13:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kotya\AppData\Roaming\Mozilla\Firefox\Profiles\l0m0bap5.default\extensions
[2012/12/06 23:03:41 | 000,040,824 | ---- | M] () (No name found) -- C:\Users\Kotya\AppData\Roaming\Mozilla\Firefox\Profiles\l0m0bap5.default\extensions\fb2reader@clear.com.ua.xpi
[1832/11/28 22:30:07 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Kotya\AppData\Roaming\Mozilla\Firefox\Profiles\l0m0bap5.default\extensions\lyivmcdccp@lyivmcdccp.org.xpi
[2012/12/06 23:03:41 | 000,164,308 | ---- | M] () (No name found) -- C:\Users\Kotya\AppData\Roaming\Mozilla\Firefox\Profiles\l0m0bap5.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi
[2012/11/25 14:19:19 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Kotya\AppData\Roaming\Mozilla\Firefox\Profiles\l0m0bap5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/13 13:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/13 13:33:45 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 19:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/14 19:04:22 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kotya\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-3151544301-834233766-3451716694-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Kotya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kotya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3151544301-834233766-3451716694-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3151544301-834233766-3451716694-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B39C2913-CCE2-416A-B67A-D8FAE0CBD9CE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/23 14:15:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kotya\Desktop\OTL.exe
[2012/12/23 12:57:15 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Kotya\Desktop\aswMBR.exe
[2012/12/23 12:56:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/23 12:56:41 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kotya\Desktop\tdsskiller(1).exe
[2012/12/23 12:38:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/22 12:07:19 | 000,000,000 | ---D | C] -- C:\Users\Kotya\Desktop\RK_Quarantine
[2012/12/22 11:43:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/22 11:43:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/22 11:43:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/22 11:43:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/22 11:43:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/20 19:12:09 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/20 19:12:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/20 19:12:08 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/20 19:12:07 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/20 17:59:11 | 000,000,000 | ---D | C] -- C:\Flash 512MB 12202012
[2012/12/13 13:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/12 12:45:33 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 12:45:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 12:45:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 12:45:33 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 12:45:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 12:45:33 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 12:45:33 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 12:45:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 12:45:21 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 12:45:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 12:45:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 12:45:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 12:45:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 12:45:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 12:45:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 12:45:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 12:45:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 12:45:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 12:45:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 12:45:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 12:45:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 12:45:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 12:45:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 12:45:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 12:45:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 12:45:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 12:45:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 12:45:11 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 12:45:11 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[4 C:\Users\Kotya\Desktop\*.tmp files -> C:\Users\Kotya\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/23 14:15:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kotya\Desktop\OTL.exe
[2012/12/23 13:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/23 13:11:13 | 000,000,512 | ---- | M] () -- C:\Users\Kotya\Desktop\MBR.dat
[2012/12/23 13:06:55 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 13:06:55 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 13:04:21 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/23 13:04:21 | 000,616,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/23 13:04:21 | 000,104,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/23 12:59:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/23 12:59:09 | 2146,873,343 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/23 12:57:05 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Kotya\Desktop\aswMBR.exe
[2012/12/23 12:55:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kotya\Desktop\tdsskiller(1).exe
[2012/12/21 09:14:19 | 000,032,152 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2012/12/20 23:14:55 | 000,004,022 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/12/20 22:28:26 | 000,434,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/11 19:01:56 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/11 19:01:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/09 14:38:46 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[4 C:\Users\Kotya\Desktop\*.tmp files -> C:\Users\Kotya\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/23 13:11:13 | 000,000,512 | ---- | C] () -- C:\Users\Kotya\Desktop\MBR.dat
[2012/12/22 11:43:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/22 11:43:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/22 11:43:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/22 11:43:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/22 11:43:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/20 22:52:57 | 000,032,152 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2012/12/09 14:38:46 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/12/09 14:37:25 | 000,004,022 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/12/09 14:22:42 | 000,434,952 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/23 22:13:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/09/23 22:13:26 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/09/23 22:13:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/09/23 22:13:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/09/23 22:13:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/07/03 23:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/03 23:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/18 17:02:49 | 000,033,280 | ---- | C] () -- C:\Windows\SysWow64\Sp32w.dll
[2012/03/18 17:02:48 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\DLWBC31.DLL
[2012/03/18 17:02:48 | 000,106,512 | ---- | C] () -- C:\Windows\WKW16A.EXE
[2012/02/29 22:46:01 | 000,004,608 | ---- | C] () -- C:\Users\Kotya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/08 23:52:50 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2011/12/08 22:22:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/08 06:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 PM

Posted 24 December 2012 - 07:04 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    IE - HKU\S-1-5-21-3151544301-834233766-3451716694-1000\..\SearchScopes\{19833F85-0F07-4E0D-9871-DBE1841872C1}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=YYYYYYYYUS&apn_uid=553377C1-7812-4701-BFDA-91CE5889C3C3&apn_sauid=68F16641-719E-4A82-897D-439B95489A4A
    FF - prefs.js..extensions.enabledAddons: lyivmcdccp%40lyivmcdccp.org:1.0
    [1832/11/28 22:30:07 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Kotya\AppData\Roaming\Mozilla\Firefox\Profiles\l0m0bap5.default\extensions\lyivmcdccp@lyivmcdccp.org.xpi
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 izzabe1la

izzabe1la
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 24 December 2012 - 05:26 PM

Hi Gringo,

I ran it, but there was no log at the end. However, it seems like it stopped redirecting me!!
May I ask what lyivmcdccp.org.xpi was for?

#12 izzabe1la

izzabe1la
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 24 December 2012 - 08:11 PM

And Merry Christmas :)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 PM

Posted 25 December 2012 - 06:45 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 izzabe1la

izzabe1la
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 26 December 2012 - 08:28 PM

Report:

ComboFix 12-12-25.02 - Kotya 12/26/2012 19:17:21.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6646 [GMT -6:00]
Running from: c:\users\Kotya\Desktop\ComboFix.exe
Command switches used :: c:\users\Kotya\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-27 to 2012-12-27 )))))))))))))))))))))))))))))))
.
.
2012-12-27 01:21 . 2012-12-27 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-25 17:55 . 2012-11-19 07:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27C0F838-BBD2-4C58-B1F8-83E6FB7A79C5}\mpengine.dll
2012-12-24 16:14 . 2012-12-24 16:14 -------- d-----w- C:\_OTL
2012-12-21 04:52 . 2012-12-21 15:14 32152 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2012-12-21 01:12 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 01:12 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 01:12 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 01:12 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 23:59 . 2012-12-21 00:00 -------- d-----w- C:\Flash 512MB 12202012
2012-12-09 20:38 . 2012-12-09 20:38 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 18:45 . 2011-12-09 01:24 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 01:01 . 2012-06-09 21:16 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 01:01 . 2011-12-09 00:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-04 16:40 . 2012-12-12 18:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-30 01:54 . 2012-09-24 04:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
.
c:\users\Kotya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kotya\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files (x86)\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-8 113664]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe [2011-12-8 507904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-12-09 30496]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2012-12-21 32152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-07-17 548264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 WlanWpsSvc;WlanWpsSvc;c:\program files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe [2008-06-27 167936]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 rtl819xp;TRENDnet Wireless N PC Card/PCI Adapter NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-07-03 607232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 01:01]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25 22:11]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25 22:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Kotya\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kotya\AppData\Roaming\Mozilla\Firefox\Profiles\l0m0bap5.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-52010236.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-26 19:22:09
ComboFix-quarantined-files.txt 2012-12-27 01:22
ComboFix2.txt 2012-12-23 18:38
ComboFix3.txt 2012-12-22 17:49
.
Pre-Run: 61,960,900,608 bytes free
Post-Run: 61,739,941,888 bytes free
.
- - End Of File - - 766CC2F7D13B3D9C8F3191AB646EA33C

I did not have any problems, and computer seems to be loading pages faster than before.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:48 PM

Posted 27 December 2012 - 11:58 AM

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


Java 7 Update 9
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 27 December 2012 - 11:59 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users