Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Websearch Results Redirect/Hijack


  • This topic is locked This topic is locked
25 replies to this topic

#1 fireside3

fireside3

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 18 January 2013 - 03:25 AM

I am getting continual browser search results redirects, despite the url of the result I click on.

AVG, SpyBot S&D, MalWare Bytes, and TDSS Killer have all found nothing, or only a few minor adware entries, and in the case of TDSS only found 4 unknown services that didn't have verified digital signature, however I have identified the services as known and harmless. Despite quarantine/removal of adware entries found by SpyBot and MBAM, the browser redirect persists.

DDS & GMER logs attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 18 January 2013 - 06:21 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 fireside3

fireside3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 21 January 2013 - 12:30 AM

Thanks Gringo

==================================================================

Results of screen317's Security Check version 0.99.57
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.60.1.1000
Duplicate Cleaner Free 3.0.1
TweakNow RegCleaner 2012
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (13.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

========================================================================

# AdwCleaner v2.106 - Logfile created 01/20/2013 at 21:27:03
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Fireside3 - FIRESIDE3-PC
# Boot Mode : Normal
# Running from : C:\Users\Fireside3\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Fireside3\AppData\Local\Conduit
Folder Deleted : C:\Users\Fireside3\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Fireside3\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Fireside3\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Fireside3\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16800

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (en-US)

File : C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\prefs.js

C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\user.js ... Deleted !

Deleted : user_pref("FirstSearch.winamp_toolbar.search.hasDoneFirst", 1);
Deleted : user_pref("aol_toolbar.surf.date", "132");
Deleted : user_pref("aol_toolbar.surf.lastDate", "23");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "5");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2011");
Deleted : user_pref("aol_toolbar.surf.month", "4614");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "4626");
Deleted : user_pref("aol_toolbar.surf.week", "1844");
Deleted : user_pref("aol_toolbar.surf.year", "4614");
Deleted : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Deleted : user_pref("winamp_toolbar.firsttime.showwindow", false);
Deleted : user_pref("winamp_toolbar.guid", "{DFF53206-117C-D565-1CE0-5C27EBA582E2}");
Deleted : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.14.1");
Deleted : user_pref("winamp_toolbar.metrics.activestampdate", "23");
Deleted : user_pref("winamp_toolbar.metrics.activestampmonth", "5");
Deleted : user_pref("winamp_toolbar.metrics.activestampyear", "2011");
Deleted : user_pref("winamp_toolbar.metrics.originalDate", "11");
Deleted : user_pref("winamp_toolbar.metrics.originalHours", "20");
Deleted : user_pref("winamp_toolbar.metrics.originalMinutes", "3");
Deleted : user_pref("winamp_toolbar.metrics.originalMonth", "6");
Deleted : user_pref("winamp_toolbar.metrics.originalSeconds", "52");
Deleted : user_pref("winamp_toolbar.metrics.originalYear", "2011");
Deleted : user_pref("winamp_toolbar.remote.publish.xml", "1308846100165");
Deleted : user_pref("winamp_toolbar.search.cid", "11-06-2011");
Deleted : user_pref("winamp_toolbar.search.focusnewtab", false);
Deleted : user_pref("winamp_toolbar.search.instd", "20110611124828439");
Deleted : user_pref("winamp_toolbar.search.newtab", false);
Deleted : user_pref("winamp_toolbar.search.oid", "11-06-2011");
Deleted : user_pref("winamp_toolbar.search.populateoncomplete", false);
Deleted : user_pref("winamp_toolbar.search.savehistory", true);
Deleted : user_pref("winamp_toolbar.search.searchtype", "web");
Deleted : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");
Deleted : user_pref("winamp_toolbar.skin.custom", true);
Deleted : user_pref("winamp_toolbar.upgrade.showwindow", false);
Deleted : user_pref("winamp_toolbar.winamp.appversion", "1");
Deleted : user_pref("winamp_toolbar.winamp.artist", "");
Deleted : user_pref("winamp_toolbar.winamp.button.focus", true);
Deleted : user_pref("winamp_toolbar.winamp.button.forward", true);
Deleted : user_pref("winamp_toolbar.winamp.button.open", true);
Deleted : user_pref("winamp_toolbar.winamp.button.pause", true);
Deleted : user_pref("winamp_toolbar.winamp.button.play", true);
Deleted : user_pref("winamp_toolbar.winamp.button.rewind", true);
Deleted : user_pref("winamp_toolbar.winamp.button.stop", false);
Deleted : user_pref("winamp_toolbar.winamp.button.volume", true);
Deleted : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Deleted : user_pref("winamp_toolbar.winamp.ticker.show", true);
Deleted : user_pref("winamp_toolbar.winamp.title", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.volume", "0");

-\\ Opera v11.64.1403.0

File : C:\Users\Fireside3\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5892 octets] - [20/01/2013 21:03:54]
AdwCleaner[S2].txt - [5925 octets] - [20/01/2013 21:27:03]

########## EOF - C:\AdwCleaner[S2].txt - [5985 octets] ##########

================================================================================

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Fireside3 [Admin rights]
Mode : Remove -- Date : 01/20/2013 23:24:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$6ea35fc9de91689b9a967de789e945b1\n.) -> REPLACED (C:\windows\system32\wbem\fastprox.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$6ea35fc9de91689b9a967de789e945b1\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2411584385-4083172941-383610630-1001\$6ea35fc9de91689b9a967de789e945b1\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6ea35fc9de91689b9a967de789e945b1\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2411584385-4083172941-383610630-1001\$6ea35fc9de91689b9a967de789e945b1\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$6ea35fc9de91689b9a967de789e945b1\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2411584385-4083172941-383610630-1001\$6ea35fc9de91689b9a967de789e945b1\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-24A23T0 ATA Device +++++
--- User ---
[MBR] 2d292327ed8f5b582b448c819eec8c0e
[BSP] 1a121f458341497ad63bb8e8865ce2e7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 260243 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 533389312 | Size: 29692 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01202013_02d2324.txt >>
RKreport[1]_S_01202013_02d2321.txt ; RKreport[2]_D_01202013_02d2324.txt



=================================================================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 21 January 2013 - 01:00 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 fireside3

fireside3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 21 January 2013 - 01:49 AM

I've heard of Combofix, but I'd like a little feedback on if I'm still infected with something, and if there is a manual removal? I've heard Combofix is pretty brute force and may damage a system. Is that true?

Other than the search results redirect, windows defender service not starting (which has happened frequently in the past and I attributed to MBAM or AVG shutting it down) I have had no overt signs of infection at all. The redirects only happened in google. All other programs, and internet function apparently normally, other than a few folder icons that had disappeared apparently. I have noticed the computer is faster since running ADW and Rogue Killer though.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 21 January 2013 - 02:18 AM

It can be bad if you don't know what to do if something goes wronge - I use it on most of the computers I work on and maybe 2% give me troubles


I have more unfixable problems with other tools than I do with combofix
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 fireside3

fireside3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 23 January 2013 - 02:44 AM

OK, I've disabled AVG, but I can't verify whether widows firewall is currently off or on, I am only getting a warning that it is not operating with recommended settings. I still have some reservations about combofix and would like some feedback on what we are looking for, and if there is a manual removal that is safer than combofix? I can navigate a registry. I had other removal techs say that comboxfix solution to some rootkits is to erase all the files on the system drive. Is that true?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 23 January 2013 - 04:26 PM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 fireside3

fireside3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 23 January 2013 - 08:25 PM

17:32:48.0574 2668 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:32:48.0808 2668 ============================================================
17:32:48.0808 2668 Current date / time: 2013/01/23 17:32:48.0808
17:32:48.0808 2668 SystemInfo:
17:32:48.0808 2668
17:32:48.0808 2668 OS Version: 6.1.7600 ServicePack: 0.0
17:32:48.0808 2668 Product type: Workstation
17:32:48.0808 2668 ComputerName: FIRESIDE3-PC
17:32:48.0808 2668 UserName: Fireside3
17:32:48.0808 2668 Windows directory: C:\windows
17:32:48.0808 2668 System windows directory: C:\windows
17:32:48.0808 2668 Running under WOW64
17:32:48.0808 2668 Processor architecture: Intel x64
17:32:48.0808 2668 Number of processors: 2
17:32:48.0808 2668 Page size: 0x1000
17:32:48.0808 2668 Boot type: Normal boot
17:32:48.0808 2668 ============================================================
17:32:50.0212 2668 BG loaded
17:32:50.0743 2668 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:32:50.0743 2668 ============================================================
17:32:50.0743 2668 \Device\Harddisk0\DR0:
17:32:50.0743 2668 MBR partitions:
17:32:50.0743 2668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
17:32:50.0743 2668 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
17:32:50.0790 2668 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
17:32:50.0790 2668 ============================================================
17:32:50.0868 2668 C: <-> \Device\Harddisk0\DR0\Partition2
17:32:51.0086 2668 D: <-> \Device\Harddisk0\DR0\Partition3
17:32:51.0086 2668 ============================================================
17:32:51.0086 2668 Initialize success
17:32:51.0086 2668 ============================================================
17:33:31.0406 3712 ============================================================
17:33:31.0406 3712 Scan started
17:33:31.0406 3712 Mode: Manual; SigCheck; TDLFS;
17:33:31.0406 3712 ============================================================
17:33:37.0002 3712 ================ Scan system memory ========================
17:33:37.0002 3712 System memory - ok
17:33:37.0004 3712 ================ Scan services =============================
17:33:37.0326 3712 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
17:33:37.0500 3712 1394ohci - ok
17:33:37.0583 3712 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
17:33:37.0605 3712 ACPI - ok
17:33:37.0656 3712 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
17:33:37.0907 3712 AcpiPmi - ok
17:33:38.0003 3712 [ DC201246A14CB3B274DF59FAF539AB07 ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
17:33:38.0038 3712 ACPIVPC - ok
17:33:38.0162 3712 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:33:38.0183 3712 AdobeARMservice - ok
17:33:38.0228 3712 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
17:33:38.0249 3712 adp94xx - ok
17:33:38.0280 3712 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
17:33:38.0298 3712 adpahci - ok
17:33:38.0321 3712 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
17:33:38.0332 3712 adpu320 - ok
17:33:38.0366 3712 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:33:38.0542 3712 AeLookupSvc - ok
17:33:38.0623 3712 [ 6EF20DDF3172E97D69F596FB90602F29 ] AFD C:\windows\system32\drivers\afd.sys
17:33:38.0739 3712 AFD - ok
17:33:38.0791 3712 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
17:33:38.0815 3712 agp440 - ok
17:33:38.0850 3712 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
17:33:38.0886 3712 ALG - ok
17:33:38.0920 3712 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
17:33:38.0933 3712 aliide - ok
17:33:38.0991 3712 [ 87E226C0E11182943D28E8BEC61618CD ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
17:33:39.0094 3712 AMD External Events Utility - ok
17:33:39.0244 3712 AMD FUEL Service - ok
17:33:39.0292 3712 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\DRIVERS\amdide.sys
17:33:39.0317 3712 amdide - ok
17:33:39.0369 3712 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\windows\system32\DRIVERS\amdiox64.sys
17:33:39.0387 3712 amdiox64 - ok
17:33:39.0424 3712 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
17:33:39.0457 3712 AmdK8 - ok
17:33:40.0166 3712 [ 446A1AAD34191665A8DF6092BD8EB5A8 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
17:33:40.0285 3712 amdkmdag - ok
17:33:40.0363 3712 [ F8F8A908FDB005A65DDF7238C814EEA5 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
17:33:40.0379 3712 amdkmdap - ok
17:33:40.0417 3712 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
17:33:40.0465 3712 AmdPPM - ok
17:33:40.0505 3712 [ AB3166C09438A161FBDE13099A72E0AF ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
17:33:40.0521 3712 amdsata - ok
17:33:40.0561 3712 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
17:33:40.0580 3712 amdsbs - ok
17:33:40.0644 3712 [ 5118DCD2065D8C8D752AD5EC0B2D6AA6 ] amdxata C:\windows\system32\DRIVERS\amdxata.sys
17:33:40.0667 3712 amdxata - ok
17:33:40.0700 3712 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\windows\system32\Drivers\ssadadb.sys
17:33:40.0756 3712 androidusb - ok
17:33:40.0797 3712 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\windows\system32\drivers\appid.sys
17:33:40.0915 3712 AppID - ok
17:33:40.0955 3712 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:33:41.0015 3712 AppIDSvc - ok
17:33:41.0055 3712 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\windows\System32\appinfo.dll
17:33:41.0093 3712 Appinfo - ok
17:33:41.0123 3712 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
17:33:41.0132 3712 arc - ok
17:33:41.0161 3712 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
17:33:41.0170 3712 arcsas - ok
17:33:41.0303 3712 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:33:41.0336 3712 aspnet_state - ok
17:33:41.0389 3712 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:33:41.0433 3712 AsyncMac - ok
17:33:41.0456 3712 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\DRIVERS\atapi.sys
17:33:41.0463 3712 atapi - ok
17:33:41.0517 3712 [ CBE5F8B3E54198F5DFE403A55A95DE08 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
17:33:41.0548 3712 AtiHDAudioService - ok
17:33:41.0594 3712 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie64.sys
17:33:41.0611 3712 AtiPcie - ok
17:33:41.0718 3712 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:33:41.0816 3712 AudioEndpointBuilder - ok
17:33:41.0846 3712 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\windows\System32\Audiosrv.dll
17:33:41.0880 3712 AudioSrv - ok
17:33:42.0171 3712 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
17:33:42.0245 3712 AVGIDSAgent - ok
17:33:42.0297 3712 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
17:33:42.0327 3712 AVGIDSDriver - ok
17:33:42.0378 3712 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfiltera.sys
17:33:42.0392 3712 AVGIDSFilter - ok
17:33:42.0443 3712 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
17:33:42.0474 3712 AVGIDSHA - ok
17:33:42.0527 3712 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
17:33:42.0551 3712 Avgldx64 - ok
17:33:42.0583 3712 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
17:33:42.0595 3712 Avgmfx64 - ok
17:33:42.0643 3712 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
17:33:42.0654 3712 Avgrkx64 - ok
17:33:42.0715 3712 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
17:33:42.0753 3712 Avgtdia - ok
17:33:42.0785 3712 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:33:42.0806 3712 avgwd - ok
17:33:42.0855 3712 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\windows\System32\AxInstSV.dll
17:33:42.0894 3712 AxInstSV - ok
17:33:42.0947 3712 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
17:33:43.0026 3712 b06bdrv - ok
17:33:43.0129 3712 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:33:43.0185 3712 b57nd60a - ok
17:33:43.0331 3712 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
17:33:43.0395 3712 BCM43XX - ok
17:33:43.0446 3712 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
17:33:43.0512 3712 BDESVC - ok
17:33:43.0558 3712 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:33:43.0608 3712 Beep - ok
17:33:43.0713 3712 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\windows\System32\qmgr.dll
17:33:43.0926 3712 BITS - ok
17:33:43.0957 3712 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:33:43.0991 3712 blbdrive - ok
17:33:44.0036 3712 [ 19D20159708E152267E53B66677A4995 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:33:44.0094 3712 bowser - ok
17:33:44.0119 3712 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
17:33:44.0176 3712 BrFiltLo - ok
17:33:44.0196 3712 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
17:33:44.0216 3712 BrFiltUp - ok
17:33:44.0259 3712 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\windows\System32\browser.dll
17:33:44.0315 3712 Browser - ok
17:33:44.0350 3712 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:33:44.0420 3712 Brserid - ok
17:33:44.0442 3712 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:33:44.0485 3712 BrSerWdm - ok
17:33:44.0507 3712 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:33:44.0551 3712 BrUsbMdm - ok
17:33:44.0580 3712 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:33:44.0615 3712 BrUsbSer - ok
17:33:44.0670 3712 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
17:33:44.0745 3712 BthEnum - ok
17:33:44.0834 3712 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
17:33:44.0874 3712 BTHMODEM - ok
17:33:44.0907 3712 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
17:33:44.0942 3712 BthPan - ok
17:33:45.0003 3712 [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
17:33:45.0073 3712 BTHPORT - ok
17:33:45.0105 3712 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
17:33:45.0190 3712 bthserv - ok
17:33:45.0216 3712 [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
17:33:45.0245 3712 BTHUSB - ok
17:33:45.0322 3712 [ 27C684D57A49DAB19BCE9D69529E8BE7 ] Cam5607 C:\windows\system32\Drivers\BisonC07.sys
17:33:45.0386 3712 Cam5607 - ok
17:33:45.0413 3712 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:33:45.0466 3712 cdfs - ok
17:33:45.0518 3712 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:33:45.0551 3712 cdrom - ok
17:33:45.0595 3712 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\windows\System32\certprop.dll
17:33:45.0647 3712 CertPropSvc - ok
17:33:45.0684 3712 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
17:33:45.0725 3712 circlass - ok
17:33:45.0769 3712 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
17:33:45.0781 3712 CLFS - ok
17:33:45.0939 3712 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:33:45.0963 3712 clr_optimization_v2.0.50727_32 - ok
17:33:46.0014 3712 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:33:46.0052 3712 clr_optimization_v2.0.50727_64 - ok
17:33:46.0135 3712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:33:46.0222 3712 clr_optimization_v4.0.30319_32 - ok
17:33:46.0278 3712 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:33:46.0351 3712 clr_optimization_v4.0.30319_64 - ok
17:33:46.0386 3712 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:33:46.0420 3712 CmBatt - ok
17:33:46.0448 3712 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
17:33:46.0461 3712 cmdide - ok
17:33:46.0488 3712 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\windows\system32\Drivers\cng.sys
17:33:46.0518 3712 CNG - ok
17:33:46.0554 3712 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
17:33:46.0578 3712 Compbatt - ok
17:33:46.0672 3712 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
17:33:46.0722 3712 CompositeBus - ok
17:33:46.0777 3712 COMSysApp - ok
17:33:46.0810 3712 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
17:33:46.0824 3712 crcdisk - ok
17:33:46.0895 3712 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\windows\system32\cryptsvc.dll
17:33:46.0976 3712 CryptSvc - ok
17:33:47.0064 3712 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:33:47.0101 3712 cvhsvc - ok
17:33:47.0177 3712 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
17:33:47.0204 3712 dc3d - ok
17:33:47.0246 3712 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\windows\system32\rpcss.dll
17:33:47.0304 3712 DcomLaunch - ok
17:33:47.0372 3712 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
17:33:47.0455 3712 defragsvc - ok
17:33:47.0512 3712 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:33:47.0545 3712 DfsC - ok
17:33:47.0605 3712 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\windows\system32\dhcpcore.dll
17:33:47.0699 3712 Dhcp - ok
17:33:47.0782 3712 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
17:33:47.0838 3712 discache - ok
17:33:47.0896 3712 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
17:33:47.0903 3712 Disk - ok
17:33:47.0946 3712 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\windows\System32\dnsrslvr.dll
17:33:47.0983 3712 Dnscache - ok
17:33:48.0015 3712 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\windows\System32\dot3svc.dll
17:33:48.0070 3712 dot3svc - ok
17:33:48.0133 3712 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
17:33:48.0196 3712 Dot4 - ok
17:33:48.0232 3712 [ 85135AD27E79B689335C08167D917CDE ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
17:33:48.0274 3712 Dot4Print - ok
17:33:48.0311 3712 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
17:33:48.0358 3712 dot4usb - ok
17:33:48.0398 3712 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\windows\system32\dps.dll
17:33:48.0473 3712 DPS - ok
17:33:48.0515 3712 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:33:48.0527 3712 drmkaud - ok
17:33:48.0577 3712 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:33:48.0617 3712 DXGKrnl - ok
17:33:48.0679 3712 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
17:33:48.0774 3712 EapHost - ok
17:33:49.0440 3712 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
17:33:49.0652 3712 ebdrv - ok
17:33:49.0726 3712 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\windows\System32\lsass.exe
17:33:49.0758 3712 EFS - ok
17:33:49.0908 3712 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:33:50.0010 3712 ehRecvr - ok
17:33:50.0060 3712 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
17:33:50.0101 3712 ehSched - ok
17:33:50.0169 3712 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
17:33:50.0197 3712 elxstor - ok
17:33:50.0212 3712 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
17:33:50.0229 3712 ErrDev - ok
17:33:50.0286 3712 [ F6AD6E0674EF94390F0554BF946977AF ] ETD C:\windows\system32\DRIVERS\ETD.sys
17:33:50.0306 3712 ETD ( UnsignedFile.Multi.Generic ) - warning
17:33:50.0306 3712 ETD - detected UnsignedFile.Multi.Generic (1)
17:33:50.0369 3712 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
17:33:50.0435 3712 EventSystem - ok
17:33:50.0456 3712 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
17:33:50.0504 3712 exfat - ok
17:33:50.0568 3712 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
17:33:50.0710 3712 fastfat - ok
17:33:50.0805 3712 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\windows\system32\fxssvc.exe
17:33:50.0852 3712 Fax - ok
17:33:50.0884 3712 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
17:33:50.0925 3712 fdc - ok
17:33:50.0959 3712 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
17:33:51.0003 3712 fdPHost - ok
17:33:51.0038 3712 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:33:51.0066 3712 FDResPub - ok
17:33:51.0080 3712 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:33:51.0088 3712 FileInfo - ok
17:33:51.0092 3712 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:33:51.0134 3712 Filetrace - ok
17:33:51.0172 3712 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
17:33:51.0199 3712 flpydisk - ok
17:33:51.0218 3712 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:33:51.0236 3712 FltMgr - ok
17:33:51.0315 3712 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\windows\system32\FntCache.dll
17:33:51.0380 3712 FontCache - ok
17:33:51.0418 3712 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:33:51.0438 3712 FontCache3.0.0.0 - ok
17:33:51.0466 3712 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:33:51.0480 3712 FsDepends - ok
17:33:51.0496 3712 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:33:51.0510 3712 Fs_Rec - ok
17:33:51.0559 3712 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:33:51.0581 3712 fvevol - ok
17:33:51.0619 3712 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
17:33:51.0637 3712 gagp30kx - ok
17:33:51.0727 3712 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\windows\System32\gpsvc.dll
17:33:51.0792 3712 gpsvc - ok
17:33:51.0895 3712 gupdate - ok
17:33:51.0908 3712 gupdatem - ok
17:33:51.0950 3712 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:33:51.0998 3712 hcw85cir - ok
17:33:52.0018 3712 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:33:52.0065 3712 HdAudAddService - ok
17:33:52.0098 3712 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
17:33:52.0133 3712 HDAudBus - ok
17:33:52.0156 3712 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
17:33:52.0187 3712 HidBatt - ok
17:33:52.0209 3712 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
17:33:52.0248 3712 HidBth - ok
17:33:52.0266 3712 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
17:33:52.0311 3712 HidIr - ok
17:33:52.0358 3712 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
17:33:52.0406 3712 hidserv - ok
17:33:52.0449 3712 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:33:52.0478 3712 HidUsb - ok
17:33:52.0512 3712 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
17:33:52.0604 3712 hkmsvc - ok
17:33:52.0626 3712 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:33:52.0668 3712 HomeGroupListener - ok
17:33:52.0701 3712 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:33:52.0751 3712 HomeGroupProvider - ok
17:33:52.0841 3712 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
17:33:52.0861 3712 HpSAMD - ok
17:33:53.0061 3712 [ 4F6C514B6149E380B8C1EDEAC3D7AEC5 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:33:53.0244 3712 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:33:53.0244 3712 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:33:53.0293 3712 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:33:53.0349 3712 HTTP - ok
17:33:53.0370 3712 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:33:53.0377 3712 hwpolicy - ok
17:33:53.0422 3712 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
17:33:53.0448 3712 i8042prt - ok
17:33:53.0521 3712 [ 513DC087CFED7D2BB82F005385D3531F ] iaStorV C:\windows\system32\DRIVERS\iaStorV.sys
17:33:53.0551 3712 iaStorV - ok
17:33:53.0782 3712 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:33:53.0806 3712 idsvc - ok
17:33:54.0726 3712 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
17:33:54.0948 3712 igfx - ok
17:33:54.0989 3712 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
17:33:55.0007 3712 iirsp - ok
17:33:55.0058 3712 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\windows\System32\ikeext.dll
17:33:55.0144 3712 IKEEXT - ok
17:33:55.0275 3712 [ 72190080AB7D7D876F4210A048A0A892 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
17:33:55.0329 3712 IntcAzAudAddService - ok
17:33:55.0370 3712 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\DRIVERS\intelide.sys
17:33:55.0389 3712 intelide - ok
17:33:55.0427 3712 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:33:55.0457 3712 intelppm - ok
17:33:55.0492 3712 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:33:55.0585 3712 IPBusEnum - ok
17:33:55.0616 3712 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:33:55.0660 3712 IpFilterDriver - ok
17:33:55.0696 3712 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
17:33:55.0706 3712 IPMIDRV - ok
17:33:55.0760 3712 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:33:55.0828 3712 IPNAT - ok
17:33:55.0880 3712 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:33:55.0895 3712 IRENUM - ok
17:33:55.0935 3712 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
17:33:55.0944 3712 isapnp - ok
17:33:56.0010 3712 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
17:33:56.0038 3712 iScsiPrt - ok
17:33:56.0140 3712 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys
17:33:56.0219 3712 k57nd60a - ok
17:33:56.0291 3712 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
17:33:56.0314 3712 kbdclass - ok
17:33:56.0348 3712 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
17:33:56.0369 3712 kbdhid - ok
17:33:56.0382 3712 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\windows\system32\lsass.exe
17:33:56.0395 3712 KeyIso - ok
17:33:56.0408 3712 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:33:56.0416 3712 KSecDD - ok
17:33:56.0482 3712 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:33:56.0509 3712 KSecPkg - ok
17:33:56.0538 3712 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:33:56.0600 3712 ksthunk - ok
17:33:56.0647 3712 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
17:33:56.0746 3712 KtmRm - ok
17:33:56.0795 3712 [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
17:33:56.0821 3712 L1C - ok
17:33:56.0893 3712 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\windows\system32\srvsvc.dll
17:33:56.0959 3712 LanmanServer - ok
17:33:56.0993 3712 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:33:57.0130 3712 LanmanWorkstation - ok
17:33:57.0184 3712 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
17:33:57.0210 3712 LHDmgr - ok
17:33:57.0255 3712 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:33:57.0300 3712 lltdio - ok
17:33:57.0344 3712 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:33:57.0395 3712 lltdsvc - ok
17:33:57.0414 3712 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:33:57.0442 3712 lmhosts - ok
17:33:57.0507 3712 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
17:33:57.0535 3712 LSI_FC - ok
17:33:57.0567 3712 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
17:33:57.0583 3712 LSI_SAS - ok
17:33:57.0632 3712 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
17:33:57.0655 3712 LSI_SAS2 - ok
17:33:57.0689 3712 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
17:33:57.0705 3712 LSI_SCSI - ok
17:33:57.0832 3712 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
17:33:58.0014 3712 luafv - ok
17:33:58.0287 3712 [ 4A503882318BB2F59218D401614E6AF6 ] lvpepf64 C:\windows\system32\DRIVERS\lv302a64.sys
17:33:58.0316 3712 lvpepf64 - ok
17:33:58.0514 3712 [ 125AE13C293889001B8456CF3EB04A40 ] LVRS64 C:\windows\system32\DRIVERS\lvrs64.sys
17:33:58.0583 3712 LVRS64 - ok
17:33:59.0184 3712 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
17:33:59.0203 3712 McAfee SiteAdvisor Service - ok
17:33:59.0310 3712 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:33:59.0346 3712 Mcx2Svc - ok
17:33:59.0367 3712 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
17:33:59.0377 3712 megasas - ok
17:33:59.0486 3712 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
17:33:59.0498 3712 MegaSR - ok
17:33:59.0587 3712 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
17:33:59.0717 3712 MMCSS - ok
17:33:59.0745 3712 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
17:33:59.0837 3712 Modem - ok
17:33:59.0908 3712 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:33:59.0961 3712 monitor - ok
17:34:00.0008 3712 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:34:00.0029 3712 mouclass - ok
17:34:00.0062 3712 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:34:00.0094 3712 mouhid - ok
17:34:00.0110 3712 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:34:00.0120 3712 mountmgr - ok
17:34:00.0164 3712 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\windows\system32\DRIVERS\mpio.sys
17:34:00.0174 3712 mpio - ok
17:34:00.0185 3712 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:34:00.0218 3712 mpsdrv - ok
17:34:00.0261 3712 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:34:00.0325 3712 MRxDAV - ok
17:34:00.0403 3712 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:34:00.0450 3712 mrxsmb - ok
17:34:00.0500 3712 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:34:00.0519 3712 mrxsmb10 - ok
17:34:00.0581 3712 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:34:00.0708 3712 mrxsmb20 - ok
17:34:00.0742 3712 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\windows\system32\DRIVERS\msahci.sys
17:34:00.0749 3712 msahci - ok
17:34:00.0768 3712 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
17:34:00.0778 3712 msdsm - ok
17:34:00.0795 3712 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
17:34:00.0808 3712 MSDTC - ok
17:34:00.0827 3712 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:34:00.0855 3712 Msfs - ok
17:34:00.0885 3712 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:34:00.0935 3712 mshidkmdf - ok
17:34:00.0951 3712 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
17:34:00.0958 3712 msisadrv - ok
17:34:00.0995 3712 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:34:01.0048 3712 MSiSCSI - ok
17:34:01.0052 3712 msiserver - ok
17:34:01.0087 3712 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:34:01.0133 3712 MSKSSRV - ok
17:34:01.0166 3712 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:34:01.0193 3712 MSPCLOCK - ok
17:34:01.0203 3712 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:34:01.0250 3712 MSPQM - ok
17:34:01.0302 3712 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:34:01.0338 3712 MsRPC - ok
17:34:01.0373 3712 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
17:34:01.0384 3712 mssmbios - ok
17:34:01.0411 3712 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:34:01.0467 3712 MSTEE - ok
17:34:01.0486 3712 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
17:34:01.0519 3712 MTConfig - ok
17:34:01.0538 3712 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
17:34:01.0549 3712 Mup - ok
17:34:01.0595 3712 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
17:34:01.0672 3712 napagent - ok
17:34:01.0709 3712 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:34:01.0760 3712 NativeWifiP - ok
17:34:01.0816 3712 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\windows\system32\drivers\ndis.sys
17:34:01.0836 3712 NDIS - ok
17:34:01.0874 3712 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:34:01.0905 3712 NdisCap - ok
17:34:01.0934 3712 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:34:01.0982 3712 NdisTapi - ok
17:34:02.0017 3712 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:34:02.0104 3712 Ndisuio - ok
17:34:02.0194 3712 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:34:02.0282 3712 NdisWan - ok
17:34:02.0299 3712 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:34:02.0326 3712 NDProxy - ok
17:34:02.0394 3712 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:34:02.0425 3712 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:34:02.0425 3712 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:34:02.0477 3712 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:34:02.0531 3712 NetBIOS - ok
17:34:02.0560 3712 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:34:02.0617 3712 NetBT - ok
17:34:02.0648 3712 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\windows\system32\lsass.exe
17:34:02.0661 3712 Netlogon - ok
17:34:02.0780 3712 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
17:34:02.0835 3712 Netman - ok
17:34:02.0889 3712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:34:02.0939 3712 NetMsmqActivator - ok
17:34:02.0944 3712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:34:02.0954 3712 NetPipeActivator - ok
17:34:02.0971 3712 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
17:34:03.0026 3712 netprofm - ok
17:34:03.0033 3712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:34:03.0040 3712 NetTcpActivator - ok
17:34:03.0047 3712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:34:03.0055 3712 NetTcpPortSharing - ok
17:34:03.0187 3712 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\windows\system32\DRIVERS\netw5v64.sys
17:34:03.0367 3712 netw5v64 - ok
17:34:03.0391 3712 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
17:34:03.0400 3712 nfrd960 - ok
17:34:03.0428 3712 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
17:34:03.0473 3712 NlaSvc - ok
17:34:03.0490 3712 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:34:03.0518 3712 Npfs - ok
17:34:03.0541 3712 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
17:34:03.0570 3712 nsi - ok
17:34:03.0591 3712 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:34:03.0619 3712 nsiproxy - ok
17:34:03.0898 3712 [ 1AD8FEF2D6AC7116B68B887A9782FD33 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:34:03.0931 3712 Ntfs - ok
17:34:03.0950 3712 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
17:34:04.0001 3712 Null - ok
17:34:04.0027 3712 [ DEAB10231CBDB0881FC25428EBE11506 ] nvraid C:\windows\system32\DRIVERS\nvraid.sys
17:34:04.0037 3712 nvraid - ok
17:34:04.0076 3712 [ 0AF7B8136794E23E87BE138992880E64 ] nvstor C:\windows\system32\DRIVERS\nvstor.sys
17:34:04.0105 3712 nvstor - ok
17:34:04.0138 3712 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
17:34:04.0150 3712 nv_agp - ok
17:34:04.0199 3712 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
17:34:04.0228 3712 ohci1394 - ok
17:34:04.0263 3712 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:34:04.0277 3712 ose - ok
17:34:04.0709 3712 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:34:04.0883 3712 osppsvc - ok
17:34:05.0005 3712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:34:05.0074 3712 p2pimsvc - ok
17:34:05.0215 3712 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
17:34:05.0250 3712 p2psvc - ok
17:34:05.0282 3712 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
17:34:05.0296 3712 Parport - ok
17:34:05.0316 3712 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\windows\system32\drivers\partmgr.sys
17:34:05.0326 3712 partmgr - ok
17:34:05.0414 3712 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:34:05.0481 3712 PcaSvc - ok
17:34:05.0582 3712 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\windows\system32\DRIVERS\pci.sys
17:34:05.0608 3712 pci - ok
17:34:05.0630 3712 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
17:34:05.0639 3712 pciide - ok
17:34:05.0706 3712 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
17:34:05.0739 3712 pcmcia - ok
17:34:05.0767 3712 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
17:34:05.0777 3712 pcw - ok
17:34:05.0943 3712 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:34:06.0028 3712 PEAUTH - ok
17:34:06.0128 3712 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
17:34:06.0157 3712 PerfHost - ok
17:34:06.0299 3712 [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI C:\windows\system32\DRIVERS\LV302V64.SYS
17:34:06.0405 3712 PID_PEPI - ok
17:34:06.0468 3712 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
17:34:06.0576 3712 pla - ok
17:34:07.0276 3712 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:34:07.0367 3712 PlugPlay - ok
17:34:07.0471 3712 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:34:07.0502 3712 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:34:07.0502 3712 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:34:07.0543 3712 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:34:07.0589 3712 PNRPAutoReg - ok
17:34:07.0650 3712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:34:07.0679 3712 PNRPsvc - ok
17:34:07.0721 3712 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:34:07.0793 3712 PolicyAgent - ok
17:34:07.0850 3712 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
17:34:07.0902 3712 Power - ok
17:34:07.0963 3712 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:34:07.0996 3712 PptpMiniport - ok
17:34:08.0053 3712 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
17:34:08.0088 3712 Processor - ok
17:34:08.0140 3712 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\windows\system32\profsvc.dll
17:34:08.0191 3712 ProfSvc - ok
17:34:08.0226 3712 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\windows\system32\lsass.exe
17:34:08.0239 3712 ProtectedStorage - ok
17:34:08.0270 3712 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:34:08.0302 3712 Psched - ok
17:34:08.0367 3712 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
17:34:08.0419 3712 ql2300 - ok
17:34:08.0441 3712 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
17:34:08.0451 3712 ql40xx - ok
17:34:08.0491 3712 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
17:34:08.0511 3712 QWAVE - ok
17:34:08.0524 3712 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:34:08.0561 3712 QWAVEdrv - ok
17:34:08.0593 3712 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:34:08.0629 3712 RasAcd - ok
17:34:08.0670 3712 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:34:08.0701 3712 RasAgileVpn - ok
17:34:08.0732 3712 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
17:34:08.0786 3712 RasAuto - ok
17:34:08.0810 3712 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:34:08.0842 3712 Rasl2tp - ok
17:34:08.0864 3712 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
17:34:08.0917 3712 RasMan - ok
17:34:08.0937 3712 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:34:08.0981 3712 RasPppoe - ok
17:34:09.0034 3712 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:34:09.0079 3712 RasSstp - ok
17:34:09.0115 3712 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:34:09.0162 3712 rdbss - ok
17:34:09.0184 3712 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
17:34:09.0199 3712 rdpbus - ok
17:34:09.0222 3712 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:34:09.0253 3712 RDPCDD - ok
17:34:09.0287 3712 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:34:09.0318 3712 RDPENCDD - ok
17:34:09.0329 3712 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:34:09.0377 3712 RDPREFMP - ok
17:34:09.0423 3712 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:34:09.0458 3712 RDPWD - ok
17:34:09.0492 3712 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:34:09.0501 3712 rdyboost - ok
17:34:09.0548 3712 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:34:09.0596 3712 RemoteAccess - ok
17:34:09.0636 3712 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:34:09.0671 3712 RemoteRegistry - ok
17:34:09.0725 3712 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
17:34:09.0762 3712 RFCOMM - ok
17:34:09.0825 3712 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:34:09.0860 3712 RpcEptMapper - ok
17:34:09.0882 3712 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
17:34:09.0894 3712 RpcLocator - ok
17:34:09.0923 3712 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\system32\rpcss.dll
17:34:09.0960 3712 RpcSs - ok
17:34:10.0005 3712 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:34:10.0050 3712 rspndr - ok
17:34:10.0101 3712 [ 5AAB4808E8CCAE8C2ECDA5B791260616 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
17:34:10.0120 3712 RSUSBSTOR - ok
17:34:10.0137 3712 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\windows\system32\lsass.exe
17:34:10.0151 3712 SamSs - ok
17:34:10.0166 3712 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
17:34:10.0178 3712 sbp2port - ok
17:34:10.0208 3712 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
17:34:10.0259 3712 SCardSvr - ok
17:34:10.0292 3712 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:34:10.0341 3712 scfilter - ok
17:34:10.0393 3712 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\windows\system32\schedsvc.dll
17:34:10.0430 3712 Schedule - ok
17:34:10.0462 3712 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
17:34:10.0494 3712 SCPolicySvc - ok
17:34:10.0525 3712 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:34:10.0578 3712 SDRSVC - ok
17:34:10.0643 3712 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:34:10.0653 3712 SeaPort - ok
17:34:10.0694 3712 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:34:10.0741 3712 secdrv - ok
17:34:10.0776 3712 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
17:34:10.0829 3712 seclogon - ok
17:34:10.0855 3712 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
17:34:10.0888 3712 SENS - ok
17:34:10.0915 3712 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:34:10.0960 3712 SensrSvc - ok
17:34:10.0982 3712 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
17:34:10.0994 3712 Serenum - ok
17:34:11.0027 3712 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
17:34:11.0057 3712 Serial - ok
17:34:11.0102 3712 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
17:34:11.0148 3712 sermouse - ok
17:34:11.0188 3712 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
17:34:11.0242 3712 SessionEnv - ok
17:34:11.0274 3712 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
17:34:11.0330 3712 sffdisk - ok
17:34:11.0355 3712 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
17:34:11.0388 3712 sffp_mmc - ok
17:34:11.0410 3712 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
17:34:11.0440 3712 sffp_sd - ok
17:34:11.0466 3712 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
17:34:11.0484 3712 sfloppy - ok
17:34:11.0562 3712 [ 72CD52403EFC137290CB5A328510EBCA ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
17:34:11.0595 3712 Sftfs - ok
17:34:11.0698 3712 [ F821B6C5D3FD23E11CBB613F61C94C98 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:34:11.0727 3712 sftlist - ok
17:34:11.0776 3712 [ 31A36EF71AF36EABCC4B4F8AB8F76465 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
17:34:11.0787 3712 Sftplay - ok
17:34:11.0809 3712 [ 2D969194FCC8EB41ED1D52863BFE7F52 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
17:34:11.0816 3712 Sftredir - ok
17:34:11.0834 3712 [ 08B36D2F63AF3CA2248458A4280C0C50 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
17:34:11.0842 3712 Sftvol - ok
17:34:11.0863 3712 [ DB7213FCB2BC1B4F0C5CC5AF344ABCD0 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:34:11.0873 3712 sftvsa - ok
17:34:11.0931 3712 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:34:11.0988 3712 ShellHWDetection - ok
17:34:12.0015 3712 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
17:34:12.0024 3712 SiSRaid2 - ok
17:34:12.0036 3712 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
17:34:12.0045 3712 SiSRaid4 - ok
17:34:12.0169 3712 [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:34:12.0196 3712 SkypeUpdate - ok
17:34:12.0233 3712 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:34:12.0290 3712 Smb - ok
17:34:12.0331 3712 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:34:12.0342 3712 SNMPTRAP - ok
17:34:12.0347 3712 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
17:34:12.0354 3712 spldr - ok
17:34:12.0408 3712 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\windows\System32\spoolsv.exe
17:34:12.0451 3712 Spooler - ok
17:34:12.0545 3712 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
17:34:12.0700 3712 sppsvc - ok
17:34:12.0721 3712 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:34:12.0750 3712 sppuinotify - ok
17:34:12.0810 3712 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\windows\system32\DRIVERS\srv.sys
17:34:12.0849 3712 srv - ok
17:34:12.0875 3712 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:34:12.0913 3712 srv2 - ok
17:34:12.0957 3712 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:34:12.0986 3712 srvnet - ok
17:34:13.0060 3712 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\windows\system32\DRIVERS\ssadbus.sys
17:34:13.0135 3712 ssadbus - ok
17:34:13.0190 3712 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\windows\system32\DRIVERS\ssadmdfl.sys
17:34:13.0252 3712 ssadmdfl - ok
17:34:13.0302 3712 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\windows\system32\DRIVERS\ssadmdm.sys
17:34:13.0328 3712 ssadmdm - ok
17:34:13.0381 3712 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\windows\system32\DRIVERS\sscdbus.sys
17:34:13.0403 3712 sscdbus - ok
17:34:13.0445 3712 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\windows\system32\DRIVERS\sscdmdfl.sys
17:34:13.0470 3712 sscdmdfl - ok
17:34:13.0515 3712 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\windows\system32\DRIVERS\sscdmdm.sys
17:34:13.0537 3712 sscdmdm - ok
17:34:13.0583 3712 [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd C:\windows\system32\DRIVERS\sscdserd.sys
17:34:13.0604 3712 sscdserd - ok
17:34:13.0645 3712 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:34:13.0703 3712 SSDPSRV - ok
17:34:13.0721 3712 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
17:34:13.0751 3712 SstpSvc - ok
17:34:13.0778 3712 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
17:34:13.0786 3712 stexstor - ok
17:34:13.0842 3712 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
17:34:13.0902 3712 stisvc - ok
17:34:13.0924 3712 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
17:34:13.0931 3712 swenum - ok
17:34:13.0957 3712 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
17:34:14.0014 3712 swprv - ok
17:34:14.0081 3712 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
17:34:14.0143 3712 SysMain - ok
17:34:14.0171 3712 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
17:34:14.0203 3712 TabletInputService - ok
17:34:14.0235 3712 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\windows\system32\DRIVERS\tap0901.sys
17:34:14.0301 3712 tap0901 - ok
17:34:14.0318 3712 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
17:34:14.0394 3712 TapiSrv - ok
17:34:14.0417 3712 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
17:34:14.0446 3712 TBS - ok
17:34:14.0550 3712 [ 61DC720BB065D607D5823F13D2A64321 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:34:14.0605 3712 Tcpip - ok
17:34:14.0656 3712 [ 61DC720BB065D607D5823F13D2A64321 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:34:14.0686 3712 TCPIP6 - ok
17:34:14.0720 3712 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:34:14.0775 3712 tcpipreg - ok
17:34:14.0801 3712 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:34:14.0829 3712 TDPIPE - ok
17:34:14.0845 3712 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:34:14.0872 3712 TDTCP - ok
17:34:14.0898 3712 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:34:14.0948 3712 tdx - ok
17:34:14.0970 3712 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
17:34:14.0978 3712 TermDD - ok
17:34:15.0008 3712 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
17:34:15.0067 3712 TermService - ok
17:34:15.0094 3712 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
17:34:15.0107 3712 Themes - ok
17:34:15.0121 3712 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
17:34:15.0149 3712 THREADORDER - ok
17:34:15.0169 3712 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
17:34:15.0218 3712 TrkWks - ok
17:34:15.0269 3712 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:34:15.0299 3712 TrustedInstaller - ok
17:34:15.0321 3712 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:34:15.0359 3712 tssecsrv - ok
17:34:15.0389 3712 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:34:15.0433 3712 tunnel - ok
17:34:15.0460 3712 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
17:34:15.0469 3712 uagp35 - ok
17:34:15.0487 3712 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:34:15.0530 3712 udfs - ok
17:34:15.0569 3712 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:34:15.0580 3712 UI0Detect - ok
17:34:15.0601 3712 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
17:34:15.0609 3712 uliagpkx - ok
17:34:15.0628 3712 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:34:15.0649 3712 umbus - ok
17:34:15.0667 3712 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
17:34:15.0697 3712 UmPass - ok
17:34:15.0727 3712 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
17:34:15.0760 3712 upnphost - ok
17:34:15.0839 3712 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
17:34:15.0870 3712 usbaudio - ok
17:34:15.0899 3712 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:34:15.0941 3712 usbccgp - ok
17:34:15.0971 3712 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
17:34:16.0005 3712 usbcir - ok
17:34:16.0020 3712 [ CB490987A7F6928A04BB838E3BD8A936 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
17:34:16.0030 3712 usbehci - ok
17:34:16.0063 3712 [ 18124EF0A881A00EE222D02A3EE30270 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:34:16.0075 3712 usbhub - ok
17:34:16.0101 3712 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
17:34:16.0118 3712 usbohci - ok
17:34:16.0138 3712 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:34:16.0166 3712 usbprint - ok
17:34:16.0203 3712 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
17:34:16.0235 3712 usbscan - ok
17:34:16.0264 3712 [ A60E7E0FA88FF067D049D525547CD5E9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:34:16.0313 3712 USBSTOR - ok
17:34:16.0334 3712 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
17:34:16.0343 3712 usbuhci - ok
17:34:16.0377 3712 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
17:34:16.0399 3712 usbvideo - ok
17:34:16.0422 3712 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
17:34:16.0451 3712 UxSms - ok
17:34:16.0459 3712 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\windows\system32\lsass.exe
17:34:16.0469 3712 VaultSvc - ok
17:34:16.0500 3712 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
17:34:16.0507 3712 vdrvroot - ok
17:34:16.0525 3712 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
17:34:16.0543 3712 vds - ok
17:34:16.0554 3712 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:34:16.0566 3712 vga - ok
17:34:16.0578 3712 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
17:34:16.0626 3712 VgaSave - ok
17:34:16.0650 3712 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
17:34:16.0661 3712 vhdmp - ok
17:34:16.0675 3712 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
17:34:16.0682 3712 viaide - ok
17:34:16.0700 3712 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
17:34:16.0708 3712 volmgr - ok
17:34:16.0727 3712 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:34:16.0739 3712 volmgrx - ok
17:34:16.0752 3712 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
17:34:16.0762 3712 volsnap - ok
17:34:16.0784 3712 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
17:34:16.0794 3712 vsmraid - ok
17:34:16.0852 3712 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
17:34:16.0913 3712 VSS - ok
17:34:16.0935 3712 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:34:16.0946 3712 vwifibus - ok
17:34:16.0972 3712 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:34:16.0998 3712 vwififlt - ok
17:34:17.0037 3712 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:34:17.0070 3712 vwifimp - ok
17:34:17.0117 3712 [ D22703D522BDBE09A5801FA3B4A1BAF5 ] vzandnetdiag C:\windows\system32\DRIVERS\lgvzandnetdiag64.sys
17:34:17.0141 3712 vzandnetdiag - ok
17:34:17.0197 3712 [ D7BC56AA538A404FE1CC3E192C99C089 ] vzandnetmodem C:\windows\system32\DRIVERS\lgvzandnetmdm64.sys
17:34:17.0234 3712 vzandnetmodem - ok
17:34:17.0278 3712 [ B0949662354899546AACDF445E8636F4 ] vzandnetndis C:\windows\system32\DRIVERS\lgvzandnetndis64.sys
17:34:17.0341 3712 vzandnetndis - ok
17:34:17.0377 3712 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
17:34:17.0420 3712 W32Time - ok
17:34:17.0445 3712 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
17:34:17.0476 3712 WacomPen - ok
17:34:17.0527 3712 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:34:17.0599 3712 WANARP - ok
17:34:17.0608 3712 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:34:17.0637 3712 Wanarpv6 - ok
17:34:17.0729 3712 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:34:17.0820 3712 WatAdminSvc - ok
17:34:17.0871 3712 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
17:34:17.0938 3712 wbengine - ok
17:34:17.0952 3712 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:34:17.0968 3712 WbioSrvc - ok
17:34:18.0018 3712 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\windows\System32\wcncsvc.dll
17:34:18.0078 3712 wcncsvc - ok
17:34:18.0108 3712 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:34:18.0159 3712 WcsPlugInService - ok
17:34:18.0182 3712 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
17:34:18.0197 3712 Wd - ok
17:34:18.0256 3712 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:34:18.0289 3712 Wdf01000 - ok
17:34:18.0310 3712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
17:34:18.0338 3712 WdiServiceHost - ok
17:34:18.0341 3712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
17:34:18.0356 3712 WdiSystemHost - ok
17:34:18.0373 3712 wdmirror - ok
17:34:18.0426 3712 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\windows\System32\webclnt.dll
17:34:18.0492 3712 WebClient - ok
17:34:18.0522 3712 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
17:34:18.0585 3712 Wecsvc - ok
17:34:18.0602 3712 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:34:18.0649 3712 wercplsupport - ok
17:34:18.0682 3712 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
17:34:18.0739 3712 WerSvc - ok
17:34:18.0772 3712 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:34:18.0799 3712 WfpLwf - ok
17:34:18.0837 3712 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
17:34:18.0865 3712 WimFltr - ok
17:34:18.0880 3712 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:34:18.0890 3712 WIMMount - ok
17:34:18.0899 3712 WinHttpAutoProxySvc - ok
17:34:18.0953 3712 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:34:19.0023 3712 Winmgmt - ok
17:34:19.0114 3712 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
17:34:19.0257 3712 WinRM - ok
17:34:19.0329 3712 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
17:34:19.0366 3712 WinUsb - ok
17:34:19.0419 3712 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
17:34:19.0448 3712 Wlansvc - ok
17:34:19.0572 3712 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:34:19.0621 3712 wlidsvc - ok
17:34:19.0635 3712 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
17:34:19.0645 3712 WmiAcpi - ok
17:34:19.0675 3712 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:34:19.0702 3712 wmiApSrv - ok
17:34:19.0739 3712 WMPNetworkSvc - ok
17:34:19.0787 3712 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
17:34:19.0818 3712 WPCSvc - ok
17:34:19.0833 3712 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:34:19.0856 3712 WPDBusEnum - ok
17:34:19.0886 3712 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:34:19.0914 3712 ws2ifsl - ok
17:34:19.0918 3712 WSearch - ok
17:34:19.0947 3712 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
17:34:19.0960 3712 wsvd - ok
17:34:20.0052 3712 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
17:34:20.0164 3712 wuauserv - ok
17:34:20.0197 3712 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:34:20.0265 3712 WudfPf - ok
17:34:20.0306 3712 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:34:20.0372 3712 WUDFRd - ok
17:34:20.0401 3712 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:34:20.0430 3712 wudfsvc - ok
17:34:20.0448 3712 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
17:34:20.0465 3712 WwanSvc - ok
17:34:20.0499 3712 ================ Scan global ===============================
17:34:20.0539 3712 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
17:34:20.0566 3712 [ B200DECA2186858595A97FBE63E896CC ] C:\windows\system32\winsrv.dll
17:34:20.0572 3712 [ B200DECA2186858595A97FBE63E896CC ] C:\windows\system32\winsrv.dll
17:34:20.0605 3712 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
17:34:20.0637 3712 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
17:34:20.0640 3712 [Global] - ok
17:34:20.0640 3712 ================ Scan MBR ==================================
17:34:20.0649 3712 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:34:21.0034 3712 \Device\Harddisk0\DR0 - ok
17:34:21.0035 3712 ================ Scan VBR ==================================
17:34:21.0041 3712 [ C4C0755A6A35809A0A2EFFD44633C0CC ] \Device\Harddisk0\DR0\Partition1
17:34:21.0046 3712 \Device\Harddisk0\DR0\Partition1 - ok
17:34:21.0081 3712 [ CF68F920AB1D0FD88ABFC8E484C3DCAA ] \Device\Harddisk0\DR0\Partition2
17:34:21.0085 3712 \Device\Harddisk0\DR0\Partition2 - ok
17:34:21.0122 3712 [ CEC85966CC815B357651F06A6BFB51B3 ] \Device\Harddisk0\DR0\Partition3
17:34:21.0126 3712 \Device\Harddisk0\DR0\Partition3 - ok
17:34:21.0127 3712 ================ Scan active images ========================
17:34:21.0133 3712 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
17:34:21.0133 3712 C:\Windows\System32\drivers\crashdmp.sys - ok
17:34:21.0145 3712 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
17:34:21.0145 3712 C:\Windows\System32\drivers\Dumpata.sys - ok
17:34:21.0152 3712 [ 5C37497276E3B3A5488B23A326A754B7 ] C:\Windows\System32\drivers\msahci.sys
17:34:21.0152 3712 C:\Windows\System32\drivers\msahci.sys - ok
17:34:21.0159 3712 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
17:34:21.0159 3712 C:\Windows\System32\drivers\dumpfve.sys - ok
17:34:21.0167 3712 [ 83D2D75E1EFB81B3450C18131443F7DB ] C:\Windows\System32\drivers\cdrom.sys
17:34:21.0167 3712 C:\Windows\System32\drivers\cdrom.sys - ok
17:34:21.0174 3712 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] C:\Windows\System32\drivers\avgmfx64.sys
17:34:21.0174 3712 C:\Windows\System32\drivers\avgmfx64.sys - ok
17:34:21.0179 3712 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
17:34:21.0179 3712 C:\Windows\System32\drivers\beep.sys - ok
17:34:21.0184 3712 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
17:34:21.0184 3712 C:\Windows\System32\drivers\null.sys - ok
17:34:21.0189 3712 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
17:34:21.0189 3712 C:\Windows\System32\drivers\vga.sys - ok
17:34:21.0194 3712 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
17:34:21.0194 3712 C:\Windows\System32\drivers\videoprt.sys - ok
17:34:21.0199 3712 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
17:34:21.0199 3712 C:\Windows\System32\drivers\watchdog.sys - ok
17:34:21.0204 3712 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
17:34:21.0204 3712 C:\Windows\System32\drivers\RDPCDD.sys - ok
17:34:21.0209 3712 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
17:34:21.0209 3712 C:\Windows\System32\drivers\RDPENCDD.sys - ok
17:34:21.0213 3712 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
17:34:21.0213 3712 C:\Windows\System32\drivers\msfs.sys - ok
17:34:21.0218 3712 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
17:34:21.0218 3712 C:\Windows\System32\drivers\RDPREFMP.sys - ok
17:34:21.0223 3712 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
17:34:21.0223 3712 C:\Windows\System32\drivers\npfs.sys - ok
17:34:21.0227 3712 [ 0CA6FE26ACC7FFEE1BD0463F40835F32 ] C:\Windows\System32\drivers\tdi.sys
17:34:21.0227 3712 C:\Windows\System32\drivers\tdi.sys - ok
17:34:21.0232 3712 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] C:\Windows\System32\drivers\tdx.sys
17:34:21.0232 3712 C:\Windows\System32\drivers\tdx.sys - ok
17:34:21.0237 3712 [ F8C3C7ED612A41B05C66358FC9786BFD ] C:\Windows\System32\drivers\avgtdia.sys
17:34:21.0237 3712 C:\Windows\System32\drivers\avgtdia.sys - ok
17:34:21.0242 3712 [ 9162B273A44AB9DCE5B44362731D062A ] C:\Windows\System32\drivers\netbt.sys
17:34:21.0242 3712 C:\Windows\System32\drivers\netbt.sys - ok
17:34:21.0247 3712 [ 6EF20DDF3172E97D69F596FB90602F29 ] C:\Windows\System32\drivers\afd.sys
17:34:21.0247 3712 C:\Windows\System32\drivers\afd.sys - ok
17:34:21.0252 3712 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
17:34:21.0252 3712 C:\Windows\System32\drivers\wfplwf.sys - ok
17:34:21.0256 3712 [ EE992183BD8EAEFD9973F352E587A299 ] C:\Windows\System32\drivers\pacer.sys
17:34:21.0256 3712 C:\Windows\System32\drivers\pacer.sys - ok
17:34:21.0261 3712 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
17:34:21.0261 3712 C:\Windows\System32\drivers\netbios.sys - ok
17:34:21.0266 3712 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
17:34:21.0266 3712 C:\Windows\System32\drivers\vwififlt.sys - ok
17:34:21.0271 3712 [ 47CA49400643EFFD3F1C9A27E1D69324 ] C:\Windows\System32\drivers\wanarp.sys
17:34:21.0271 3712 C:\Windows\System32\drivers\wanarp.sys - ok
17:34:21.0275 3712 [ C448651339196C0E869A355171875522 ] C:\Windows\System32\drivers\termdd.sys
17:34:21.0275 3712 C:\Windows\System32\drivers\termdd.sys - ok
17:34:21.0280 3712 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
17:34:21.0280 3712 C:\Windows\System32\drivers\mssmbios.sys - ok
17:34:21.0285 3712 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
17:34:21.0285 3712 C:\Windows\System32\drivers\nsiproxy.sys - ok
17:34:21.0290 3712 [ 3BAC8142102C15D59A87757C1D41DCE5 ] C:\Windows\System32\drivers\rdbss.sys
17:34:21.0290 3712 C:\Windows\System32\drivers\rdbss.sys - ok
17:34:21.0294 3712 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
17:34:21.0294 3712 C:\Windows\System32\drivers\discache.sys - ok
17:34:21.0300 3712 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
17:34:21.0300 3712 C:\Windows\System32\drivers\blbdrive.sys - ok
17:34:21.0304 3712 [ 9C253CE7311CA60FC11C774692A13208 ] C:\Windows\System32\drivers\dfsc.sys
17:34:21.0304 3712 C:\Windows\System32\drivers\dfsc.sys - ok
17:34:21.0309 3712 [ 221FEBAB02D6C97C95558348CC354A85 ] C:\Windows\System32\drivers\avgldx64.sys
17:34:21.0309 3712 C:\Windows\System32\drivers\avgldx64.sys - ok
17:34:21.0314 3712 [ 1E56388B3FE0D031C44144EB8C4D6217 ] C:\Windows\System32\drivers\amdppm.sys
17:34:21.0314 3712 C:\Windows\System32\drivers\amdppm.sys - ok
17:34:21.0319 3712 [ F8F8A908FDB005A65DDF7238C814EEA5 ] C:\Windows\System32\drivers\atikmpag.sys
17:34:21.0319 3712 C:\Windows\System32\drivers\atikmpag.sys - ok
17:34:21.0323 3712 [ 3836171A2CDF3AF8EF10856DB9835A70 ] C:\Windows\System32\drivers\tunnel.sys
17:34:21.0323 3712 C:\Windows\System32\drivers\tunnel.sys - ok
17:34:21.0328 3712 [ 678084C231715CB38A23D7326D6839BA ] C:\Windows\System32\ntdll.dll
17:34:21.0328 3712 C:\Windows\System32\ntdll.dll - ok
17:34:21.0333 3712 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
17:34:21.0333 3712 C:\Windows\System32\smss.exe - ok
17:34:21.0338 3712 [ 446A1AAD34191665A8DF6092BD8EB5A8 ] C:\Windows\System32\drivers\atikmdag.sys
17:34:21.0338 3712 C:\Windows\System32\drivers\atikmdag.sys - ok
17:34:21.0342 3712 [ 1633B9ABF52784A1331476397A48CBEF ] C:\Windows\System32\drivers\dxgkrnl.sys
17:34:21.0342 3712 C:\Windows\System32\drivers\dxgkrnl.sys - ok
17:34:21.0347 3712 [ 3238B9078E0766AB5E62DC737A809ADB ] C:\Windows\System32\drivers\dxgmms1.sys
17:34:21.0347 3712 C:\Windows\System32\drivers\dxgmms1.sys - ok
17:34:21.0352 3712 [ 0A49913402747A0B67DE940FB42CBDBB ] C:\Windows\System32\drivers\hdaudbus.sys
17:34:21.0352 3712 C:\Windows\System32\drivers\hdaudbus.sys - ok
17:34:21.0357 3712 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] C:\Windows\System32\drivers\BCMWL664.SYS
17:34:21.0357 3712 C:\Windows\System32\drivers\BCMWL664.SYS - ok
17:34:21.0362 3712 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
17:34:21.0362 3712 C:\Windows\System32\drivers\vwifibus.sys - ok
17:34:21.0367 3712 [ 55480B9C63F3F91A8EBBADCBF28FE581 ] C:\Windows\System32\drivers\L1C62x64.sys
17:34:21.0367 3712 C:\Windows\System32\drivers\L1C62x64.sys - ok
17:34:21.0370 3712 [ 58E546BBAF87664FC57E0F6081E4F609 ] C:\Windows\System32\drivers\usbohci.sys
17:34:21.0370 3712 C:\Windows\System32\drivers\usbohci.sys - ok
17:34:21.0374 3712 [ A91291136D1E70966645252F6B828711 ] C:\Windows\System32\drivers\usbport.sys
17:34:21.0374 3712 C:\Windows\System32\drivers\usbport.sys - ok
17:34:21.0379 3712 [ CB490987A7F6928A04BB838E3BD8A936 ] C:\Windows\System32\drivers\usbehci.sys
17:34:21.0379 3712 C:\Windows\System32\drivers\usbehci.sys - ok
17:34:21.0384 3712 [ DC201246A14CB3B274DF59FAF539AB07 ] C:\Windows\System32\drivers\AcpiVpc.sys
17:34:21.0384 3712 C:\Windows\System32\drivers\AcpiVpc.sys - ok
17:34:21.0389 3712 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
17:34:21.0389 3712 C:\Windows\System32\drivers\i8042prt.sys - ok
17:34:21.0394 3712 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
17:34:21.0394 3712 C:\Windows\System32\drivers\kbdclass.sys - ok
17:34:21.0399 3712 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
17:34:21.0399 3712 C:\Windows\System32\drivers\mouclass.sys - ok
17:34:21.0404 3712 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
17:34:21.0404 3712 C:\Windows\System32\drivers\agilevpn.sys - ok
17:34:21.0408 3712 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
17:34:21.0408 3712 C:\Windows\System32\drivers\CmBatt.sys - ok
17:34:21.0413 3712 [ F26B3A86F6FA87CA360B879581AB4123 ] C:\Windows\System32\drivers\CompositeBus.sys
17:34:21.0413 3712 C:\Windows\System32\drivers\CompositeBus.sys - ok
17:34:21.0418 3712 [ 87A6E852A22991580D6D39ADC4790463 ] C:\Windows\System32\drivers\rasl2tp.sys
17:34:21.0418 3712 C:\Windows\System32\drivers\rasl2tp.sys - ok
17:34:21.0423 3712 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
17:34:21.0423 3712 C:\Windows\System32\drivers\ndistapi.sys - ok
17:34:21.0427 3712 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] C:\Windows\System32\drivers\ndiswan.sys
17:34:21.0427 3712 C:\Windows\System32\drivers\ndiswan.sys - ok
17:34:21.0432 3712 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
17:34:21.0432 3712 C:\Windows\System32\drivers\raspppoe.sys - ok
17:34:21.0437 3712 [ 27CC19E81BA5E3403C48302127BDA717 ] C:\Windows\System32\drivers\raspptp.sys
17:34:21.0437 3712 C:\Windows\System32\drivers\raspptp.sys - ok
17:34:21.0442 3712 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
17:34:21.0442 3712 C:\Windows\System32\drivers\rassstp.sys - ok
17:34:21.0447 3712 [ 3B73C849B41FB20D77B0E553214061A5 ] C:\Windows\System32\drivers\tap0901.sys
17:34:21.0447 3712 C:\Windows\System32\drivers\tap0901.sys - ok
17:34:21.0451 3712 [ 5C7AF4A20F5BF67042B2E613D123D111 ] C:\Windows\System32\drivers\ks.sys
17:34:21.0452 3712 C:\Windows\System32\drivers\ks.sys - ok
17:34:21.0456 3712 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
17:34:21.0456 3712 C:\Windows\System32\drivers\swenum.sys - ok
17:34:21.0461 3712 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] C:\Windows\System32\drivers\amdiox64.sys
17:34:21.0461 3712 C:\Windows\System32\drivers\amdiox64.sys - ok
17:34:21.0466 3712 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] C:\Windows\System32\drivers\umbus.sys
17:34:21.0466 3712 C:\Windows\System32\drivers\umbus.sys - ok
17:34:21.0470 3712 [ 18124EF0A881A00EE222D02A3EE30270 ] C:\Windows\System32\drivers\usbhub.sys
17:34:21.0471 3712 C:\Windows\System32\drivers\usbhub.sys - ok
17:34:21.0475 3712 [ 659B74FB74B86228D6338D643CD3E3CF ] C:\Windows\System32\drivers\ndproxy.sys
17:34:21.0475 3712 C:\Windows\System32\drivers\ndproxy.sys - ok
17:34:21.0480 3712 [ CBE5F8B3E54198F5DFE403A55A95DE08 ] C:\Windows\System32\drivers\AtihdW76.sys
17:34:21.0480 3712 C:\Windows\System32\drivers\AtihdW76.sys - ok
17:34:21.0485 3712 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
17:34:21.0485 3712 C:\Windows\System32\drivers\drmk.sys - ok
17:34:21.0489 3712 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
17:34:21.0490 3712 C:\Windows\System32\drivers\ksthunk.sys - ok
17:34:21.0494 3712 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
17:34:21.0494 3712 C:\Windows\System32\drivers\portcls.sys - ok
17:34:21.0499 3712 [ 72190080AB7D7D876F4210A048A0A892 ] C:\Windows\System32\drivers\RTKVHD64.sys
17:34:21.0499 3712 C:\Windows\System32\drivers\RTKVHD64.sys - ok
17:34:21.0504 3712 [ 8B7F8E882A649D81CEA1EDE9BBB68FFF ] C:\Windows\System32\autochk.exe
17:34:21.0504 3712 C:\Windows\System32\autochk.exe - ok
17:34:21.0510 3712 [ 072D294B9005F9AA1D03B7EBFA981344 ] C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
17:34:21.0510 3712 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe - ok
17:34:21.0514 3712 [ F108BD69365EFC749C7E5F8BBEB51E3B ] C:\Program Files (x86)\AVG\AVG2012\avgsysa.dll
17:34:21.0514 3712 C:\Program Files (x86)\AVG\AVG2012\avgsysa.dll - ok
17:34:21.0519 3712 [ 863D56F63D254EBE27589893688CA8B3 ] C:\Program Files (x86)\AVG\AVG2012\avgntopenssla.dll
17:34:21.0519 3712 C:\Program Files (x86)\AVG\AVG2012\avgntopenssla.dll - ok
17:34:21.0523 3712 [ 67165D5818A872A7F01047771AA81FC9 ] C:\Program Files (x86)\AVG\AVG2012\avgloga.dll
17:34:21.0523 3712 C:\Program Files (x86)\AVG\AVG2012\avgloga.dll - ok
17:34:21.0528 3712 [ B26AFB54A534D634523C4FB66765B026 ] C:\Windows\System32\drivers\usbccgp.sys
17:34:21.0528 3712 C:\Windows\System32\drivers\usbccgp.sys - ok
17:34:21.0533 3712 [ 63C8D74BED9F80F4DD0AA7A3101EB639 ] C:\Windows\System32\drivers\usbd.sys
17:34:21.0533 3712 C:\Windows\System32\drivers\usbd.sys - ok
17:34:21.0538 3712 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] C:\Windows\System32\drivers\usbvideo.sys
17:34:21.0538 3712 C:\Windows\System32\drivers\usbvideo.sys - ok
17:34:21.0542 3712 [ E6CE7188CC47AE5DAFDAF552D370C52F ] C:\Windows\System32\drivers\dc3d.sys
17:34:21.0542 3712 C:\Windows\System32\drivers\dc3d.sys - ok
17:34:21.0547 3712 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
17:34:21.0547 3712 C:\Windows\System32\drivers\hidparse.sys - ok
17:34:21.0552 3712 [ 685FEC2407FC121EB937CB658B3C0F35 ] C:\Windows\System32\drivers\hidclass.sys
17:34:21.0552 3712 C:\Windows\System32\drivers\hidclass.sys - ok
17:34:21.0557 3712 [ B3BF6B5B50006DEF50B66306D99FCF6F ] C:\Windows\System32\drivers\hidusb.sys
17:34:21.0557 3712 C:\Windows\System32\drivers\hidusb.sys - ok
17:34:21.0561 3712 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] C:\Windows\System32\drivers\kbdhid.sys
17:34:21.0561 3712 C:\Windows\System32\drivers\kbdhid.sys - ok
17:34:21.0567 3712 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
17:34:21.0574 3712 C:\Windows\System32\drivers\mouhid.sys - ok
17:34:21.0577 3712 [ 0C9456994D087498B4B12DB6DE02779C ] C:\PROGRA~2\AVG\AVG2012\avgchjwa.dll
17:34:21.0577 3712 C:\PROGRA~2\AVG\AVG2012\avgchjwa.dll - ok
17:34:21.0582 3712 [ 2A4C9B21AEE9B53DD086B3AFBD251514 ] C:\PROGRA~2\AVG\AVG2012\avgclita.dll
17:34:21.0582 3712 C:\PROGRA~2\AVG\AVG2012\avgclita.dll - ok
17:34:21.0586 3712 [ 80DDC9151BFDF260AC4441A2F3943A04 ] C:\PROGRA~2\AVG\AVG2012\avgcclia.dll
17:34:21.0587 3712 C:\PROGRA~2\AVG\AVG2012\avgcclia.dll - ok
17:34:21.0591 3712 [ B96E3E543675039FC93D14EDF627231A ] C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
17:34:21.0591 3712 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe - ok
17:34:21.0596 3712 [ 6BCBEE7F87FBA202A834D856433079F2 ] C:\Program Files (x86)\AVG\AVG2012\avgcorea.dll
17:34:21.0596 3712 C:\Program Files (x86)\AVG\AVG2012\avgcorea.dll - ok
17:34:21.0601 3712 [ 747601D47721AD1DE22CFFB4F912203D ] C:\Program Files (x86)\AVG\AVG2012\avgcerta.dll
17:34:21.0601 3712 C:\Program Files (x86)\AVG\AVG2012\avgcerta.dll - ok
17:34:21.0606 3712 [ D64B112ECC7230808829A7BE86DCE8E3 ] C:\Program Files (x86)\AVG\AVG2012\avgchcla.dll
17:34:21.0606 3712 C:\Program Files (x86)\AVG\AVG2012\avgchcla.dll - ok
17:34:21.0611 3712 [ 48C903068B6BDAB5EF650B9CBEE85295 ] C:\Windows\System32\rpcrt4.dll
17:34:21.0611 3712 C:\Windows\System32\rpcrt4.dll - ok
17:34:21.0616 3712 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
17:34:21.0616 3712 C:\Windows\System32\sechost.dll - ok
17:34:21.0618 3712 [ DE3895BC4F0854747B5D32EB8F1E310B ] C:\Windows\System32\urlmon.dll
17:34:21.0618 3712 C:\Windows\System32\urlmon.dll - ok
17:34:21.0623 3712 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
17:34:21.0623 3712 C:\Windows\System32\clbcatq.dll - ok
17:34:21.0627 3712 [ A655878D5E5F1D14B006313CBB58A041 ] C:\Windows\System32\imagehlp.dll
17:34:21.0627 3712 C:\Windows\System32\imagehlp.dll - ok
17:34:21.0636 3712 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
17:34:21.0636 3712 C:\Windows\System32\msctf.dll - ok
17:34:21.0639 3712 [ 6A977E22D6D9077F2C9E617D89236297 ] C:\Windows\System32\wininet.dll
17:34:21.0639 3712 C:\Windows\System32\wininet.dll - ok
17:34:21.0643 3712 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
17:34:21.0643 3712 C:\Windows\System32\nsi.dll - ok
17:34:21.0648 3712 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
17:34:21.0648 3712 C:\Windows\System32\psapi.dll - ok
17:34:21.0652 3712 [ CA34F2478B2B0EA172CFC8A97B2DC4C5 ] C:\Windows\System32\shell32.dll
17:34:21.0652 3712 C:\Windows\System32\shell32.dll - ok
17:34:21.0657 3712 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
17:34:21.0657 3712 C:\Windows\System32\imm32.dll - ok
17:34:21.0662 3712 [ 5B4B379AD10DEDA4EDA01B8C6961B193 ] C:\Windows\System32\kernel32.dll
17:34:21.0662 3712 C:\Windows\System32\kernel32.dll - ok
17:34:21.0667 3712 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
17:34:21.0667 3712 C:\Windows\System32\lpk.dll - ok
17:34:21.0671 3712 [ 6A4EA4C29FBF78112AE20013FB71E9C1 ] C:\Windows\System32\setupapi.dll
17:34:21.0671 3712 C:\Windows\System32\setupapi.dll - ok
17:34:21.0676 3712 [ 72D7B3EA16946E8F0CF7458150031CC6 ] C:\Windows\System32\user32.dll
17:34:21.0676 3712 C:\Windows\System32\user32.dll - ok
17:34:21.0680 3712 [ 156561022C47CC600130E81E42C4F285 ] C:\Windows\System32\iertutil.dll
17:34:21.0681 3712 C:\Windows\System32\iertutil.dll - ok
17:34:21.0685 3712 [ 8F6C92F275CB489D4EC28C3CB419485D ] C:\Windows\System32\oleaut32.dll
17:34:21.0685 3712 C:\Windows\System32\oleaut32.dll - ok
17:34:21.0690 3712 [ 5F2BDCA5FA0F20A6F452CF0EE2A2B18C ] C:\Windows\System32\usp10.dll
17:34:21.0690 3712 C:\Windows\System32\usp10.dll - ok
17:34:21.0694 3712 [ E5CBF5F8623BBD1DB7B8148A66F6EBA4 ] C:\Windows\System32\Wldap32.dll
17:34:21.0694 3712 C:\Windows\System32\Wldap32.dll - ok
17:34:21.0699 3712 [ 7083F463788CB34FCC42F565D56F89E8 ] C:\Windows\System32\ws2_32.dll
17:34:21.0699 3712 C:\Windows\System32\ws2_32.dll - ok
17:34:21.0704 3712 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
17:34:21.0704 3712 C:\Windows\System32\difxapi.dll - ok
17:34:21.0708 3712 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
17:34:21.0709 3712 C:\Windows\System32\normaliz.dll - ok
17:34:21.0713 3712 [ AC8F79017C5C1FB316930EDEAD0AF517 ] C:\Windows\System32\ole32.dll
17:34:21.0713 3712 C:\Windows\System32\ole32.dll - ok
17:34:21.0718 3712 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
17:34:21.0718 3712 C:\Windows\System32\advapi32.dll - ok
17:34:21.0723 3712 [ D05E03C1B2824236531F5E37334B6A8A ] C:\Windows\System32\cfgmgr32.dll
17:34:21.0723 3712 C:\Windows\System32\cfgmgr32.dll - ok
17:34:21.0727 3712 [ F94B8644F3AFE040EC6E1B6FBC9EFAA9 ] C:\Windows\System32\comdlg32.dll
17:34:21.0727 3712 C:\Windows\System32\comdlg32.dll - ok
17:34:21.0732 3712 [ E1B1255D3A4B3367FE4E9C71E62E3B5A ] C:\Windows\System32\gdi32.dll
17:34:21.0732 3712 C:\Windows\System32\gdi32.dll - ok
17:34:21.0737 3712 [ D1598B80C58017A7DCABCF7F0787289D ] C:\Windows\System32\KernelBase.dll
17:34:21.0737 3712 C:\Windows\System32\KernelBase.dll - ok
17:34:21.0741 3712 [ 7319BB10FA1F86E49E3DCF4136F6C957 ] C:\Windows\System32\msvcrt.dll
17:34:21.0741 3712 C:\Windows\System32\msvcrt.dll - ok
17:34:21.0746 3712 [ 15BDC173EB5FA4F92B67D9FFB269A6EA ] C:\Windows\System32\shlwapi.dll
17:34:21.0746 3712 C:\Windows\System32\shlwapi.dll - ok
17:34:21.0751 3712 [ 5229D844C3625A988D15192428097B70 ] C:\Windows\System32\wintrust.dll
17:34:21.0751 3712 C:\Windows\System32\wintrust.dll - ok
17:34:21.0756 3712 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\System32\comctl32.dll
17:34:21.0756 3712 C:\Windows\System32\comctl32.dll - ok
17:34:21.0760 3712 [ 15B740D94BAD25467A297E75124D7EE2 ] C:\Windows\System32\crypt32.dll
17:34:21.0760 3712 C:\Windows\System32\crypt32.dll - ok
17:34:21.0766 3712 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
17:34:21.0766 3712 C:\Windows\System32\devobj.dll - ok
17:34:21.0770 3712 [ 98FB7DD3B28A92E3C0E5B4BD9D63EF01 ] C:\Windows\System32\msasn1.dll
17:34:21.0770 3712 C:\Windows\System32\msasn1.dll - ok
17:34:21.0775 3712 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
17:34:21.0775 3712 C:\Windows\SysWOW64\normaliz.dll - ok
17:34:21.0780 3712 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
17:34:21.0780 3712 C:\Windows\System32\drivers\dxapi.sys - ok
17:34:21.0785 3712 [ F5CC1F57DA292EA574B4AD5B1FCBC2A3 ] C:\Windows\System32\win32k.sys
17:34:21.0785 3712 C:\Windows\System32\win32k.sys - ok
17:34:21.0789 3712 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
17:34:21.0789 3712 C:\Windows\System32\basesrv.dll - ok
17:34:21.0794 3712 [ 0D7598360DF6C8637E6D678C20B5C47C ] C:\Windows\System32\csrsrv.dll
17:34:21.0794 3712 C:\Windows\System32\csrsrv.dll - ok
17:34:21.0799 3712 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
17:34:21.0799 3712 C:\Windows\System32\csrss.exe - ok
17:34:21.0804 3712 [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\System32\winsrv.dll
17:34:21.0804 3712 C:\Windows\System32\winsrv.dll - ok
17:34:21.0808 3712 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
17:34:21.0808 3712 C:\Windows\System32\drivers\monitor.sys - ok
17:34:21.0813 3712 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
17:34:21.0813 3712 C:\Windows\System32\sxssrv.dll - ok
17:34:21.0818 3712 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
17:34:21.0818 3712 C:\Windows\System32\tsddd.dll - ok
17:34:21.0823 3712 [ B9A047D231D32FDF5AF2F281E4326A9D ] C:\Windows\System32\KBDUS.DLL
17:34:21.0823 3712 C:\Windows\System32\KBDUS.DLL - ok
17:34:21.0827 3712 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
17:34:21.0827 3712 C:\Windows\System32\profapi.dll - ok
17:34:21.0832 3712 [ F4389DA7DBDA2E7D292D360CF8E400C7 ] C:\Windows\System32\RpcRtRemote.dll
17:34:21.0832 3712 C:\Windows\System32\RpcRtRemote.dll - ok
17:34:21.0837 3712 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
17:34:21.0837 3712 C:\Windows\System32\wininit.exe - ok
17:34:21.0842 3712 [ 100BDF2F89D6056CEE900BB6156DA737 ] C:\Windows\System32\cdd.dll
17:34:21.0842 3712 C:\Windows\System32\cdd.dll - ok
17:34:21.0846 3712 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
17:34:21.0846 3712 C:\Windows\System32\WlS0WndH.dll - ok
17:34:21.0851 3712 [ 456C92A9D8DB51B9938A6234BBC65FC9 ] C:\Windows\System32\sxs.dll
17:34:21.0851 3712 C:\Windows\System32\sxs.dll - ok
17:34:21.0856 3712 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
17:34:21.0856 3712 C:\Windows\System32\cryptbase.dll - ok
17:34:21.0860 3712 [ 01A465AC251BCCF6037DF2EF28AA4292 ] C:\Windows\System32\apphelp.dll
17:34:21.0860 3712 C:\Windows\System32\apphelp.dll - ok
17:34:21.0865 3712 [ 0793F40B9B8A1BDD266296409DBD91EA ] C:\Windows\System32\lsass.exe
17:34:21.0865 3712 C:\Windows\System32\lsass.exe - ok
17:34:21.0868 3712 [ 04FCA22B77A2E37332CC8226187AF87B ] C:\Windows\System32\lsm.exe
17:34:21.0868 3712 C:\Windows\System32\lsm.exe - ok
17:34:21.0873 3712 [ 941AF3C8B0DE1B359BE22DD3288A8C8E ] C:\Windows\System32\scesrv.dll
17:34:21.0873 3712 C:\Windows\System32\scesrv.dll - ok
17:34:21.0877 3712 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
17:34:21.0877 3712 C:\Windows\System32\scext.dll - ok
17:34:21.0882 3712 [ 9F5225F41D5474A651384C088D9FF502 ] C:\Windows\System32\secur32.dll
17:34:21.0882 3712 C:\Windows\System32\secur32.dll - ok
17:34:21.0887 3712 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
17:34:21.0887 3712 C:\Windows\System32\services.exe - ok
17:34:21.0891 3712 [ D23371AB9607651937C7641A38CD52BC ] C:\Windows\System32\srvcli.dll
17:34:21.0891 3712 C:\Windows\System32\srvcli.dll - ok
17:34:21.0896 3712 [ 2A0EA951A326C2E78AF86E2F9704327E ] C:\Windows\System32\sspicli.dll
17:34:21.0896 3712 C:\Windows\System32\sspicli.dll - ok
17:34:21.0901 3712 [ 18367866684A72C5188D50AC1174F1B7 ] C:\Windows\System32\sspisrv.dll
17:34:21.0901 3712 C:\Windows\System32\sspisrv.dll - ok
17:34:21.0905 3712 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
17:34:21.0906 3712 C:\Windows\System32\sysntfy.dll - ok
17:34:21.0910 3712 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
17:34:21.0910 3712 C:\Windows\System32\wmsgapi.dll - ok
17:34:21.0915 3712 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
17:34:21.0915 3712 C:\Windows\System32\cryptdll.dll - ok
17:34:21.0920 3712 [ 55F45DD65AF0536D23775439FFAF551F ] C:\Windows\System32\lsasrv.dll
17:34:21.0920 3712 C:\Windows\System32\lsasrv.dll - ok
17:34:21.0924 3712 [ B160ADAEFC76031D92C4FBAC0918B033 ] C:\Windows\System32\samsrv.dll
17:34:21.0924 3712 C:\Windows\System32\samsrv.dll - ok
17:34:21.0929 3712 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
17:34:21.0929 3712 C:\Windows\System32\wevtapi.dll - ok
17:34:21.0934 3712 [ DA3E2A6FA9660CC75B471530CE88453A ] C:\Windows\System32\winlogon.exe
17:34:21.0934 3712 C:\Windows\System32\winlogon.exe - ok
17:34:21.0938 3712 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
17:34:21.0938 3712 C:\Windows\System32\authz.dll - ok
17:34:21.0943 3712 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
17:34:21.0943 3712 C:\Windows\System32\bcrypt.dll - ok
17:34:21.0948 3712 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
17:34:21.0948 3712 C:\Windows\System32\cngaudit.dll - ok
17:34:21.0952 3712 [ 2E8C52A0EC788D90FA35D9507D828771 ] C:\Windows\System32\ncrypt.dll
17:34:21.0953 3712 C:\Windows\System32\ncrypt.dll - ok
17:34:21.0957 3712 [ D8C88512BA9544AE1CC2034F50ECFA12 ] C:\Windows\System32\winsta.dll
17:34:21.0957 3712 C:\Windows\System32\winsta.dll - ok
17:34:21.0962 3712 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
17:34:21.0962 3712 C:\Windows\System32\msprivs.dll - ok
17:34:21.0967 3712 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
17:34:21.0967 3712 C:\Windows\System32\cryptsp.dll - ok
17:34:21.0971 3712 [ 96772B584BD0E667CD7741EF96284ACB ] C:\Windows\System32\kerberos.dll
17:34:21.0971 3712 C:\Windows\System32\kerberos.dll - ok
17:34:21.0976 3712 [ FC76FE3C1E1FDB761244D4F74EF560FD ] C:\Windows\System32\mswsock.dll
17:34:21.0976 3712 C:\Windows\System32\mswsock.dll - ok
17:34:21.0981 3712 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
17:34:21.0981 3712 C:\Windows\System32\negoexts.dll - ok
17:34:21.0986 3712 [ B561B451320B0B40908A8BFD81705262 ] C:\Windows\System32\netjoin.dll
17:34:21.0986 3712 C:\Windows\System32\netjoin.dll - ok
17:34:21.0990 3712 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
17:34:21.0990 3712 C:\Windows\System32\wship6.dll - ok
17:34:21.0995 3712 [ E247E7DEB20C0CF0801A8AC39E9CE1DF ] C:\Windows\System32\dnsapi.dll
17:34:21.0995 3712 C:\Windows\System32\dnsapi.dll - ok
17:34:22.0000 3712 [ 8CE22E63F08613036DF8C7B00FBDF36B ] C:\Windows\System32\logoncli.dll
17:34:22.0000 3712 C:\Windows\System32\logoncli.dll - ok
17:34:22.0005 3712 [ FA4DB05923DDDEDE3196ABD09AE0F1E9 ] C:\Windows\System32\msv1_0.dll
17:34:22.0005 3712 C:\Windows\System32\msv1_0.dll - ok
17:34:22.0009 3712 [ 956D030D375F207B22FB111E06EF9C35 ] C:\Windows\System32\netlogon.dll
17:34:22.0009 3712 C:\Windows\System32\netlogon.dll - ok
17:34:22.0014 3712 [ 426A455CACD1261D05D158CA8AD8EF2E ] C:\Windows\System32\schannel.dll
17:34:22.0014 3712 C:\Windows\System32\schannel.dll - ok
17:34:22.0019 3712 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
17:34:22.0019 3712 C:\Windows\System32\wdigest.dll - ok
=========================================================

cont. in second post

#10 fireside3

fireside3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 23 January 2013 - 08:27 PM

17:34:22.0024 3712 [ DA090E97E57DCB48888015B5D3C749CD ] C:\Windows\System32\bcryptprimitives.dll
17:34:22.0024 3712 C:\Windows\System32\bcryptprimitives.dll - ok
17:34:22.0028 3712 [ 94AA2DFFF94DF789AAA0081333A6CADA ] C:\Windows\System32\LIVESSP.DLL
17:34:22.0029 3712 C:\Windows\System32\LIVESSP.DLL - ok
17:34:22.0034 3712 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
17:34:22.0034 3712 C:\Windows\System32\pku2u.dll - ok
17:34:22.0038 3712 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
17:34:22.0038 3712 C:\Windows\System32\rsaenh.dll - ok
17:34:22.0043 3712 [ 0DEFD5FBF801DD8F83BC0ED09861A8EC ] C:\Windows\System32\TSpkg.dll
17:34:22.0043 3712 C:\Windows\System32\TSpkg.dll - ok
17:34:22.0048 3712 [ 9301B8810B2DA4EB6AD55DB75FC1E339 ] C:\Windows\System32\credssp.dll
17:34:22.0048 3712 C:\Windows\System32\credssp.dll - ok
17:34:22.0053 3712 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
17:34:22.0053 3712 C:\Windows\System32\efslsaext.dll - ok
17:34:22.0057 3712 [ 398712DDDAEFB85EDF61DF6A07B65C79 ] C:\Windows\System32\scecli.dll
17:34:22.0057 3712 C:\Windows\System32\scecli.dll - ok
17:34:22.0062 3712 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
17:34:22.0062 3712 C:\Windows\System32\ubpm.dll - ok
17:34:22.0067 3712 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
17:34:22.0067 3712 C:\Windows\System32\devrtl.dll - ok
17:34:22.0071 3712 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
17:34:22.0071 3712 C:\Windows\System32\SPInf.dll - ok
17:34:22.0076 3712 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
17:34:22.0076 3712 C:\Windows\System32\svchost.exe - ok
17:34:22.0080 3712 [ 98B1721B8718164293B9701B98C52D77 ] C:\Windows\System32\umpnpmgr.dll
17:34:22.0081 3712 C:\Windows\System32\umpnpmgr.dll - ok
17:34:22.0085 3712 [ 0776CF79590BDEF0A2728B0B9A813B96 ] C:\Windows\System32\userenv.dll
17:34:22.0085 3712 C:\Windows\System32\userenv.dll - ok
17:34:22.0090 3712 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
17:34:22.0090 3712 C:\Windows\System32\gpapi.dll - ok
17:34:22.0094 3712 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
17:34:22.0094 3712 C:\Windows\System32\pcwum.dll - ok
17:34:22.0099 3712 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
17:34:22.0099 3712 C:\Windows\System32\umpo.dll - ok
17:34:22.0104 3712 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
17:34:22.0104 3712 C:\Windows\System32\powrprof.dll - ok
17:34:22.0109 3712 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
17:34:22.0109 3712 C:\Windows\System32\drivers\luafv.sys - ok
17:34:22.0115 3712 [ 08B36D2F63AF3CA2248458A4280C0C50 ] C:\Windows\System32\drivers\Sftvollh.sys
17:34:22.0115 3712 C:\Windows\System32\drivers\Sftvollh.sys - ok
17:34:22.0119 3712 [ 7CADC74271DD6461C452C271B30BD378 ] C:\Windows\System32\drivers\WUDFPf.sys
17:34:22.0119 3712 C:\Windows\System32\drivers\WUDFPf.sys - ok
17:34:22.0121 3712 [ 7266972E86890E2B30C0C322E906B027 ] C:\Windows\System32\rpcss.dll
17:34:22.0121 3712 C:\Windows\System32\rpcss.dll - ok
17:34:22.0126 3712 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
17:34:22.0126 3712 C:\Windows\System32\RpcEpMap.dll - ok
17:34:22.0131 3712 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
17:34:22.0131 3712 C:\Windows\System32\wshqos.dll - ok
17:34:22.0135 3712 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
17:34:22.0135 3712 C:\Windows\System32\WSHTCPIP.DLL - ok
17:34:22.0140 3712 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
17:34:22.0140 3712 C:\Windows\System32\FirewallAPI.dll - ok
17:34:22.0145 3712 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
17:34:22.0145 3712 C:\Windows\System32\version.dll - ok
17:34:22.0150 3712 [ 99ABDA9C92EC76CBAF52F00239D909C9 ] C:\Windows\System32\wevtsvc.dll
17:34:22.0150 3712 C:\Windows\System32\wevtsvc.dll - ok
17:34:22.0155 3712 [ 07721A77180EDD4D39CCB865BF63C7FD ] C:\Windows\System32\audiosrv.dll
17:34:22.0155 3712 C:\Windows\System32\audiosrv.dll - ok
17:34:22.0159 3712 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
17:34:22.0159 3712 C:\Windows\System32\avrt.dll - ok
17:34:22.0164 3712 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
17:34:22.0164 3712 C:\Windows\System32\mmcss.dll - ok
17:34:22.0169 3712 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
17:34:22.0169 3712 C:\Windows\System32\MMDevAPI.dll - ok
17:34:22.0174 3712 [ B27EA141A7E748B607600A8551A44D5A ] C:\Windows\System32\propsys.dll
17:34:22.0174 3712 C:\Windows\System32\propsys.dll - ok
17:34:22.0178 3712 [ D152EBC32A23069F8AA1D1F24B15E3F9 ] C:\Windows\System32\audiodg.exe
17:34:22.0178 3712 C:\Windows\System32\audiodg.exe - ok
17:34:22.0183 3712 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
17:34:22.0183 3712 C:\Windows\System32\adtschema.dll - ok
17:34:22.0188 3712 [ 93E6A39B1DB898F7C949FA5567E774CF ] C:\Windows\System32\LogonUI.exe
17:34:22.0188 3712 C:\Windows\System32\LogonUI.exe - ok
17:34:22.0192 3712 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
17:34:22.0193 3712 C:\Windows\System32\ntmarta.dll - ok
17:34:22.0197 3712 [ BCF0A980D21711E47D0803BDB0E99CAD ] C:\Windows\System32\authui.dll
17:34:22.0197 3712 C:\Windows\System32\authui.dll - ok
17:34:22.0202 3712 [ DBA90306A721FB922FDACED9E9728C28 ] C:\Windows\System32\cryptui.dll
17:34:22.0202 3712 C:\Windows\System32\cryptui.dll - ok
17:34:22.0207 3712 [ FE5AB4525BC2EC68B9119A6E5D40128B ] C:\Windows\System32\gpsvc.dll
17:34:22.0207 3712 C:\Windows\System32\gpsvc.dll - ok
17:34:22.0212 3712 [ 113921FC4A80A3DDF646852998B836D0 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
17:34:22.0212 3712 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll - ok
17:34:22.0217 3712 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
17:34:22.0217 3712 C:\Windows\System32\atl.dll - ok
17:34:22.0221 3712 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
17:34:22.0221 3712 C:\Windows\System32\dsrole.dll - ok
17:34:22.0226 3712 [ 86E3822A34D454032D8E88C72AE8CF2D ] C:\Windows\System32\nlaapi.dll
17:34:22.0226 3712 C:\Windows\System32\nlaapi.dll - ok
17:34:22.0230 3712 [ F381975E1F4346DE875CB07339CE8D3A ] C:\Windows\System32\profsvc.dll
17:34:22.0230 3712 C:\Windows\System32\profsvc.dll - ok
17:34:22.0235 3712 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
17:34:22.0235 3712 C:\Windows\System32\samlib.dll - ok
17:34:22.0240 3712 [ 84F8C8B9FB1F12532999D25F5DD7E77C ] C:\Windows\System32\shacct.dll
17:34:22.0240 3712 C:\Windows\System32\shacct.dll - ok
17:34:22.0245 3712 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
17:34:22.0245 3712 C:\Windows\System32\themeservice.dll - ok
17:34:22.0250 3712 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
17:34:22.0250 3712 C:\Windows\System32\dui70.dll - ok
17:34:22.0255 3712 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
17:34:22.0255 3712 C:\Windows\System32\slc.dll - ok
17:34:22.0259 3712 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
17:34:22.0259 3712 C:\Windows\System32\uxtheme.dll - ok
17:34:22.0264 3712 [ 01F92AA50D03D67A88579D496311B4B6 ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\GdiPlus.dll
17:34:22.0264 3712 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\GdiPlus.dll - ok
17:34:22.0269 3712 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
17:34:22.0269 3712 C:\Windows\System32\duser.dll - ok
17:34:22.0274 3712 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
17:34:22.0274 3712 C:\Windows\System32\dwmapi.dll - ok
17:34:22.0278 3712 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
17:34:22.0278 3712 C:\Windows\System32\es.dll - ok
17:34:22.0283 3712 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
17:34:22.0283 3712 C:\Windows\System32\hid.dll - ok
17:34:22.0288 3712 [ B2E3D4BB3389817FB5E4CD9378BC8791 ] C:\Windows\System32\SndVolSSO.dll
17:34:22.0288 3712 C:\Windows\System32\SndVolSSO.dll - ok
17:34:22.0292 3712 [ D6F630C1FD7F436316093AE500363B19 ] C:\Windows\System32\xmllite.dll
17:34:22.0292 3712 C:\Windows\System32\xmllite.dll - ok
17:34:22.0297 3712 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
17:34:22.0297 3712 C:\Windows\System32\Sens.dll - ok
17:34:22.0302 3712 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
17:34:22.0302 3712 C:\Windows\System32\uxsms.dll - ok
17:34:22.0307 3712 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
17:34:22.0307 3712 C:\Windows\System32\wtsapi32.dll - ok
17:34:22.0311 3712 [ 37B68E458C0BC255DF2FB7454D0798D3 ] C:\Windows\System32\WUDFPlatform.dll
17:34:22.0311 3712 C:\Windows\System32\WUDFPlatform.dll - ok
17:34:22.0316 3712 [ B551D6637AA0E132C18AC6E504F7B79B ] C:\Windows\System32\WUDFSvc.dll
17:34:22.0316 3712 C:\Windows\System32\WUDFSvc.dll - ok
17:34:22.0321 3712 [ EA99F234843BBDDA1ABD2767111ADE25 ] C:\Windows\System32\WindowsCodecs.dll
17:34:22.0321 3712 C:\Windows\System32\WindowsCodecs.dll - ok
17:34:22.0325 3712 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
17:34:22.0325 3712 C:\Windows\System32\wlansvc.dll - ok
17:34:22.0330 3712 [ 49A5E5CC9662904AFD047E6E578C56C7 ] C:\Windows\System32\imagereog.dll
17:34:22.0330 3712 C:\Windows\System32\imagereog.dll - ok
17:34:22.0335 3712 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
17:34:22.0335 3712 C:\Windows\System32\VaultCredProvider.dll - ok
17:34:22.0340 3712 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
17:34:22.0340 3712 C:\Windows\System32\winbrand.dll - ok
17:34:22.0344 3712 [ BA8F29A31D99D6B2C5A3C2516B5F9592 ] C:\Windows\System32\Apblend64.dll
17:34:22.0344 3712 C:\Windows\System32\Apblend64.dll - ok
17:34:22.0349 3712 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
17:34:22.0349 3712 C:\Windows\System32\drivers\lltdio.sys - ok
17:34:22.0354 3712 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
17:34:22.0354 3712 C:\Windows\System32\drivers\nwifi.sys - ok
17:34:22.0359 3712 [ 1C10772935D67F74ABDFE542ECE7551D ] C:\Windows\System32\netapi32.dll
17:34:22.0359 3712 C:\Windows\System32\netapi32.dll - ok
17:34:22.0363 3712 [ 4C8C2F987FC397DCE98874D6C9C0736A ] C:\Windows\System32\netutils.dll
17:34:22.0365 3712 C:\Windows\System32\netutils.dll - ok
17:34:22.0368 3712 [ 9869A4A10B90546DBD56947839FB4B87 ] C:\Windows\System32\oleacc.dll
17:34:22.0369 3712 C:\Windows\System32\oleacc.dll - ok
17:34:22.0371 3712 [ A87205FE194B239D8D96E4972B779CC1 ] C:\Windows\System32\samcli.dll
17:34:22.0371 3712 C:\Windows\System32\samcli.dll - ok
17:34:22.0376 3712 [ 02CDEB5D8B3DD5F6770DEFFBBC0CFAD0 ] C:\Windows\System32\winspool.drv
17:34:22.0376 3712 C:\Windows\System32\winspool.drv - ok
17:34:22.0380 3712 [ B33CBD1A8C2A33121321D0FEBD7DD870 ] C:\Windows\System32\wkscli.dll
17:34:22.0381 3712 C:\Windows\System32\wkscli.dll - ok
17:34:22.0386 3712 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] C:\Windows\System32\drivers\ndisuio.sys
17:34:22.0386 3712 C:\Windows\System32\drivers\ndisuio.sys - ok
17:34:22.0390 3712 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
17:34:22.0390 3712 C:\Windows\System32\drivers\rspndr.sys - ok
17:34:22.0395 3712 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
17:34:22.0395 3712 C:\Windows\System32\lmhsvc.dll - ok
17:34:22.0400 3712 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
17:34:22.0400 3712 C:\Windows\System32\nsisvc.dll - ok
17:34:22.0404 3712 [ 85CF424C74A1D5EC33533E1DBFF9920A ] C:\Windows\System32\dnsrslvr.dll
17:34:22.0404 3712 C:\Windows\System32\dnsrslvr.dll - ok
17:34:22.0409 3712 [ 982F5395AD181179320083A4FA7E7CA8 ] C:\Windows\System32\eapphost.dll
17:34:22.0409 3712 C:\Windows\System32\eapphost.dll - ok
17:34:22.0413 3712 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
17:34:22.0414 3712 C:\Windows\System32\eapsvc.dll - ok
17:34:22.0418 3712 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
17:34:22.0418 3712 C:\Windows\System32\keyiso.dll - ok
17:34:22.0423 3712 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
17:34:22.0423 3712 C:\Windows\System32\winnsi.dll - ok
17:34:22.0427 3712 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
17:34:22.0427 3712 C:\Windows\System32\dhcpcsvc.dll - ok
17:34:22.0432 3712 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
17:34:22.0432 3712 C:\Windows\System32\eappprxy.dll - ok
17:34:22.0437 3712 [ D2B0D1C2BE5ECA80387F7CB8626DCAFE ] C:\Windows\System32\onex.dll
17:34:22.0437 3712 C:\Windows\System32\onex.dll - ok
17:34:22.0442 3712 [ 2017BFE87CAB3D7EF632CFD2AA08D3F0 ] C:\Windows\System32\umb.dll
17:34:22.0442 3712 C:\Windows\System32\umb.dll - ok
17:34:22.0446 3712 [ 48A31B7CF046702059A86836DC21D786 ] C:\Windows\System32\wlanmsm.dll
17:34:22.0446 3712 C:\Windows\System32\wlanmsm.dll - ok
17:34:22.0451 3712 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
17:34:22.0451 3712 C:\Windows\System32\wlansec.dll - ok
17:34:22.0456 3712 [ 57FE2CFC2F25C200499D5D934EA24EB5 ] C:\Windows\System32\IPHLPAPI.DLL
17:34:22.0456 3712 C:\Windows\System32\IPHLPAPI.DLL - ok
17:34:22.0460 3712 [ CE3B9562D997F69B330D181A8875960F ] C:\Windows\System32\dhcpcore.dll
17:34:22.0461 3712 C:\Windows\System32\dhcpcore.dll - ok
17:34:22.0465 3712 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
17:34:22.0465 3712 C:\Windows\System32\eappcfg.dll - ok
17:34:22.0470 3712 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
17:34:22.0470 3712 C:\Windows\System32\l2gpstore.dll - ok
17:34:22.0475 3712 [ FD5BA198F7190DFE9BE1947EB8710396 ] C:\Windows\System32\nrpsrv.dll
17:34:22.0475 3712 C:\Windows\System32\nrpsrv.dll - ok
17:34:22.0479 3712 [ 22E7431E7DAE8463AF94A79A054276E5 ] C:\Windows\System32\WinSCard.dll
17:34:22.0479 3712 C:\Windows\System32\WinSCard.dll - ok
17:34:22.0484 3712 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
17:34:22.0484 3712 C:\Windows\System32\wlanutil.dll - ok
17:34:22.0489 3712 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
17:34:22.0489 3712 C:\Windows\System32\wlgpclnt.dll - ok
17:34:22.0493 3712 [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
17:34:22.0493 3712 C:\Windows\System32\dhcpcore6.dll - ok
17:34:22.0498 3712 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
17:34:22.0498 3712 C:\Windows\System32\FWPUCLNT.DLL - ok
17:34:22.0503 3712 [ C0AE5127F1803CDCDD5AC6CEC593FEC6 ] C:\Windows\System32\msxml6.dll
17:34:22.0503 3712 C:\Windows\System32\msxml6.dll - ok
17:34:22.0508 3712 [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
17:34:22.0508 3712 C:\Windows\System32\dhcpcsvc6.dll - ok
17:34:22.0512 3712 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
17:34:22.0512 3712 C:\Windows\System32\dnsext.dll - ok
17:34:22.0517 3712 [ 624D0F5FF99428BB90A5B8A4123E918E ] C:\Windows\System32\schedsvc.dll
17:34:22.0517 3712 C:\Windows\System32\schedsvc.dll - ok
17:34:22.0522 3712 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] C:\Windows\System32\shsvcs.dll
17:34:22.0522 3712 C:\Windows\System32\shsvcs.dll - ok
17:34:22.0526 3712 [ 43FAB56AE5F639AD59D7209693F4C4C2 ] C:\Windows\System32\wlanext.exe
17:34:22.0526 3712 C:\Windows\System32\wlanext.exe - ok
17:34:22.0531 3712 [ F64E8258351E501AA065AC499530367C ] C:\Windows\System32\conhost.exe
17:34:22.0531 3712 C:\Windows\System32\conhost.exe - ok
17:34:22.0536 3712 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
17:34:22.0536 3712 C:\Windows\System32\ktmw32.dll - ok
17:34:22.0540 3712 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
17:34:22.0540 3712 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
17:34:22.0545 3712 [ 1B38A0F123FCF1546FACEAF1EFAFAA00 ] C:\Windows\System32\fveapi.dll
17:34:22.0545 3712 C:\Windows\System32\fveapi.dll - ok
17:34:22.0550 3712 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
17:34:22.0550 3712 C:\Windows\System32\fvecerts.dll - ok
17:34:22.0555 3712 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
17:34:22.0555 3712 C:\Windows\System32\tbs.dll - ok
17:34:22.0559 3712 [ 1B547066D0A6CD40EB3BAAC6A9C7E7A9 ] C:\Windows\System32\taskcomp.dll
17:34:22.0559 3712 C:\Windows\System32\taskcomp.dll - ok
17:34:22.0565 3712 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
17:34:22.0565 3712 C:\Windows\System32\wiarpc.dll - ok
17:34:22.0570 3712 [ 19D20159708E152267E53B66677A4995 ] C:\Windows\System32\drivers\bowser.sys
17:34:22.0570 3712 C:\Windows\System32\drivers\bowser.sys - ok
17:34:22.0574 3712 [ 040D62A9D8AD28922632137ACDD984F2 ] C:\Windows\System32\drivers\mrxsmb.sys
17:34:22.0574 3712 C:\Windows\System32\drivers\mrxsmb.sys - ok
17:34:22.0579 3712 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] C:\Windows\System32\drivers\srvnet.sys
17:34:22.0579 3712 C:\Windows\System32\drivers\srvnet.sys - ok
17:34:22.0584 3712 [ F0067552F8F9B33D7C59403AB808A3CB ] C:\Windows\System32\drivers\mrxsmb10.sys
17:34:22.0584 3712 C:\Windows\System32\drivers\mrxsmb10.sys - ok
17:34:22.0589 3712 [ 3C142D31DE9F2F193218A53FE2632051 ] C:\Windows\System32\drivers\mrxsmb20.sys
17:34:22.0589 3712 C:\Windows\System32\drivers\mrxsmb20.sys - ok
17:34:22.0593 3712 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] C:\Windows\System32\drivers\srv2.sys
17:34:22.0593 3712 C:\Windows\System32\drivers\srv2.sys - ok
17:34:22.0598 3712 [ 94FBC06F294D58D02361918418F996E3 ] C:\Windows\System32\browser.dll
17:34:22.0598 3712 C:\Windows\System32\browser.dll - ok
17:34:22.0603 3712 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] C:\Windows\System32\drivers\srv.sys
17:34:22.0603 3712 C:\Windows\System32\drivers\srv.sys - ok
17:34:22.0608 3712 [ 81F1D04D4D0E433099365127375FD501 ] C:\Windows\System32\srvsvc.dll
17:34:22.0608 3712 C:\Windows\System32\srvsvc.dll - ok
17:34:22.0612 3712 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] C:\Windows\System32\wkssvc.dll
17:34:22.0612 3712 C:\Windows\System32\wkssvc.dll - ok
17:34:22.0617 3712 [ 4EAE37133B78A26A84EA1649D9B21A1E ] C:\Windows\System32\clusapi.dll
17:34:22.0617 3712 C:\Windows\System32\clusapi.dll - ok
17:34:22.0622 3712 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
17:34:22.0622 3712 C:\Windows\System32\netmsg.dll - ok
17:34:22.0625 3712 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
17:34:22.0625 3712 C:\Windows\System32\resutils.dll - ok
17:34:22.0629 3712 [ 836892094209E5D9CF403B4CF2829B5C ] C:\Windows\System32\sscore.dll
17:34:22.0630 3712 C:\Windows\System32\sscore.dll - ok
17:34:22.0635 3712 [ AF528B4ECA925F63D437F76E87D8971D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
17:34:22.0635 3712 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
17:34:22.0639 3712 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
17:34:22.0639 3712 C:\Windows\System32\rasadhlp.dll - ok
17:34:22.0644 3712 [ D0FEFC9BA8844315F2ADC216FA1146BB ] C:\Windows\Temp\029492~1.EXE
17:34:22.0644 3712 C:\Windows\Temp\029492~1.EXE - ok
17:34:22.0649 3712 [ E083B12FDC1D00E57E70C397ADFB3F0C ] C:\Windows\System32\wow64.dll
17:34:22.0649 3712 C:\Windows\System32\wow64.dll - ok
17:34:22.0654 3712 [ 5E39878945C109AC68AC81A96DF4EC77 ] C:\Windows\System32\wow64cpu.dll
17:34:22.0654 3712 C:\Windows\System32\wow64cpu.dll - ok
17:34:22.0658 3712 [ 982A28EE7BADBF30B6BC774035DD318F ] C:\Windows\System32\wow64win.dll
17:34:22.0658 3712 C:\Windows\System32\wow64win.dll - ok
17:34:22.0663 3712 [ 606ECB76A424CC535407E7A24E2A34BC ] C:\Windows\SysWOW64\kernel32.dll
17:34:22.0663 3712 C:\Windows\SysWOW64\kernel32.dll - ok
17:34:22.0668 3712 [ 5ED76A46EFF78575F99D3BF3302889CF ] C:\Windows\SysWOW64\ntdll.dll
17:34:22.0668 3712 C:\Windows\SysWOW64\ntdll.dll - ok
17:34:22.0673 3712 [ E6B5DE86ABF68D7D67E451C29287B5C5 ] C:\Windows\SysWOW64\crypt32.dll
17:34:22.0673 3712 C:\Windows\SysWOW64\crypt32.dll - ok
17:34:22.0677 3712 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
17:34:22.0677 3712 C:\Windows\SysWOW64\cryptbase.dll - ok
17:34:22.0682 3712 [ E553135C97982EDACDECDE48D3E38458 ] C:\Windows\SysWOW64\KernelBase.dll
17:34:22.0682 3712 C:\Windows\SysWOW64\KernelBase.dll - ok
17:34:22.0687 3712 [ 4C04900AA8C323F5D4C316A89E976849 ] C:\Windows\SysWOW64\msasn1.dll
17:34:22.0687 3712 C:\Windows\SysWOW64\msasn1.dll - ok
17:34:22.0691 3712 [ E46D48A7FE961401F1CBF85531CDF05D ] C:\Windows\SysWOW64\msvcrt.dll
17:34:22.0691 3712 C:\Windows\SysWOW64\msvcrt.dll - ok
17:34:22.0696 3712 [ 90385551B6B3793E949DF310A11D64E7 ] C:\Windows\SysWOW64\rpcrt4.dll
17:34:22.0696 3712 C:\Windows\SysWOW64\rpcrt4.dll - ok
17:34:22.0701 3712 [ BFB4DB4681256116F69209C8D05032E0 ] C:\Windows\SysWOW64\sspicli.dll
17:34:22.0701 3712 C:\Windows\SysWOW64\sspicli.dll - ok
17:34:22.0706 3712 [ F8090992723D55F6A2A8238F0D152149 ] C:\Windows\SysWOW64\wintrust.dll
17:34:22.0706 3712 C:\Windows\SysWOW64\wintrust.dll - ok
17:34:22.0710 3712 [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\SysWOW64\advapi32.dll
17:34:22.0710 3712 C:\Windows\SysWOW64\advapi32.dll - ok
17:34:22.0715 3712 [ FBE1E0B9EF53B5BB7C36763AA6A685CF ] C:\Windows\SysWOW64\gdi32.dll
17:34:22.0715 3712 C:\Windows\SysWOW64\gdi32.dll - ok
17:34:22.0720 3712 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
17:34:22.0720 3712 C:\Windows\SysWOW64\lpk.dll - ok
17:34:22.0725 3712 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
17:34:22.0725 3712 C:\Windows\SysWOW64\sechost.dll - ok
17:34:22.0729 3712 [ 8679917A54A08CE5B923A2D0A511BABD ] C:\Windows\SysWOW64\shell32.dll
17:34:22.0729 3712 C:\Windows\SysWOW64\shell32.dll - ok
17:34:22.0735 3712 [ E8B0FFC209E504CB7E79FC24E6C085F0 ] C:\Windows\SysWOW64\user32.dll
17:34:22.0735 3712 C:\Windows\SysWOW64\user32.dll - ok
17:34:22.0739 3712 [ 0BA19F3198C40AC4E8CC66EE02EDA6C6 ] C:\Windows\SysWOW64\usp10.dll
17:34:22.0739 3712 C:\Windows\SysWOW64\usp10.dll - ok
17:34:22.0744 3712 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
17:34:22.0744 3712 C:\Windows\SysWOW64\version.dll - ok
17:34:22.0748 3712 [ 0DE3069D6E09BA262856EF31C941BEFE ] C:\Windows\SysWOW64\imm32.dll
17:34:22.0748 3712 C:\Windows\SysWOW64\imm32.dll - ok
17:34:22.0753 3712 [ E2C2D8C982316C8ABF800C6CE3F28FAB ] C:\Windows\SysWOW64\ole32.dll
17:34:22.0753 3712 C:\Windows\SysWOW64\ole32.dll - ok
17:34:22.0758 3712 [ 06333B8D05D4F3A2AF25EB14FC0A1DFF ] C:\Windows\SysWOW64\oleaut32.dll
17:34:22.0758 3712 C:\Windows\SysWOW64\oleaut32.dll - ok
17:34:22.0763 3712 [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\SysWOW64\shlwapi.dll
17:34:22.0763 3712 C:\Windows\SysWOW64\shlwapi.dll - ok
17:34:22.0767 3712 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
17:34:22.0767 3712 C:\Windows\SysWOW64\msctf.dll - ok
17:34:22.0772 3712 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
17:34:22.0772 3712 C:\Windows\SysWOW64\psapi.dll - ok
17:34:22.0777 3712 [ E30E5BB0DBA49EFE5BBBAFEA440CFBD9 ] C:\Windows\SysWOW64\wtsapi32.dll
17:34:22.0777 3712 C:\Windows\SysWOW64\wtsapi32.dll - ok
17:34:22.0781 3712 [ 95CAE3D82E682CB56BF6F02D281C4E08 ] C:\Windows\System32\bcmihvsrv64.dll
17:34:22.0781 3712 C:\Windows\System32\bcmihvsrv64.dll - ok
17:34:22.0786 3712 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
17:34:22.0786 3712 C:\Windows\SysWOW64\shfolder.dll - ok
17:34:22.0791 3712 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:34:22.0791 3712 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
17:34:22.0796 3712 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
17:34:22.0796 3712 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
17:34:22.0801 3712 [ 93312F83FD4D5C38CEE8AA1265C061EE ] C:\Program Files (x86)\AVG\AVG2012\avgsysx.dll
17:34:22.0801 3712 C:\Program Files (x86)\AVG\AVG2012\avgsysx.dll - ok
17:34:22.0806 3712 [ EA1145DEBCD508FD25BD1E95C4346929 ] C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:34:22.0806 3712 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe - ok
17:34:22.0811 3712 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] C:\Windows\System32\drivers\avgidsfiltera.sys
17:34:22.0811 3712 C:\Windows\System32\drivers\avgidsfiltera.sys - ok
17:34:22.0815 3712 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
17:34:22.0816 3712 C:\Windows\System32\wlanapi.dll - ok
17:34:22.0821 3712 [ 25CD97F030AE70AF458FF6AB0B7E9B2E ] C:\Program Files (x86)\AVG\AVG2012\avglogx.dll
17:34:22.0821 3712 C:\Program Files (x86)\AVG\AVG2012\avglogx.dll - ok
17:34:22.0825 3712 [ 91DC97F9DA3E2B59049D410870935C78 ] C:\Program Files (x86)\AVG\AVG2012\avgntopensslx.dll
17:34:22.0825 3712 C:\Program Files (x86)\AVG\AVG2012\avgntopensslx.dll - ok
17:34:22.0830 3712 [ 8C57411B66282C01533CB776F98AD384 ] C:\Windows\System32\cryptsvc.dll
17:34:22.0830 3712 C:\Windows\System32\cryptsvc.dll - ok
17:34:22.0835 3712 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] C:\Windows\System32\dps.dll
17:34:22.0835 3712 C:\Windows\System32\dps.dll - ok
17:34:22.0840 3712 [ 1C540B6FCD8A6F772650660CFB03A06A ] C:\Windows\System32\efscore.dll
17:34:22.0840 3712 C:\Windows\System32\efscore.dll - ok
17:34:22.0844 3712 [ 0C043B0ABBB5E14E68906AB80365395B ] C:\Windows\System32\efssvc.dll
17:34:22.0844 3712 C:\Windows\System32\efssvc.dll - ok
17:34:22.0849 3712 [ 58283053C781AD3A579C95D7765C1FA0 ] C:\Windows\System32\efsutil.dll
17:34:22.0849 3712 C:\Windows\System32\efsutil.dll - ok
17:34:22.0854 3712 [ DC57BAF15064ECB79F6D2CCF352E1D88 ] C:\Windows\System32\taskschd.dll
17:34:22.0854 3712 C:\Windows\System32\taskschd.dll - ok
17:34:22.0859 3712 [ A261AD1FDC6D6A658A82B81AF81B215F ] C:\Windows\System32\vssapi.dll
17:34:22.0859 3712 C:\Windows\System32\vssapi.dll - ok
17:34:22.0863 3712 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
17:34:22.0863 3712 C:\Windows\System32\vsstrace.dll - ok
17:34:22.0868 3712 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] C:\PROGRA~2\McAfee\SITEAD~1\mcsacore.exe
17:34:22.0868 3712 C:\PROGRA~2\McAfee\SITEAD~1\mcsacore.exe - ok
17:34:22.0873 3712 [ C02E3CE20E7776C922B5C8938350B5F1 ] C:\Windows\SysWOW64\apphelp.dll
17:34:22.0873 3712 C:\Windows\SysWOW64\apphelp.dll - ok
17:34:22.0876 3712 [ D5AC41AE382738483FAFFBD7E373D49A ] C:\Windows\System32\HPZinw12.dll
17:34:22.0876 3712 C:\Windows\System32\HPZinw12.dll - ok
17:34:22.0880 3712 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] C:\Windows\System32\nlasvc.dll
17:34:22.0881 3712 C:\Windows\System32\nlasvc.dll - ok
17:34:22.0886 3712 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
17:34:22.0886 3712 C:\Windows\System32\wsock32.dll - ok
17:34:22.0890 3712 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
17:34:22.0890 3712 C:\Windows\System32\aepic.dll - ok
17:34:22.0895 3712 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
17:34:22.0895 3712 C:\Windows\System32\drivers\PEAuth.sys - ok
17:34:22.0900 3712 [ 107F279517E2A04DB4AC1B1FAF1D573B ] C:\Windows\System32\ncsi.dll
17:34:22.0900 3712 C:\Windows\System32\ncsi.dll - ok
17:34:22.0904 3712 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
17:34:22.0905 3712 C:\Windows\System32\pcasvc.dll - ok
17:34:22.0909 3712 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
17:34:22.0909 3712 C:\Windows\System32\sfc.dll - ok
17:34:22.0913 3712 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
17:34:22.0913 3712 C:\Windows\System32\sfc_os.dll - ok
17:34:22.0918 3712 [ 3941179CA038E14640DEAF30A92A6F30 ] C:\Windows\System32\webio.dll
17:34:22.0918 3712 C:\Windows\System32\webio.dll - ok
17:34:22.0926 3712 [ 0BF0C2A72F2CB0BA4382C392D3E331AF ] C:\Windows\System32\winhttp.dll
17:34:22.0926 3712 C:\Windows\System32\winhttp.dll - ok
17:34:22.0929 3712 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
17:34:22.0929 3712 C:\Windows\System32\ssdpapi.dll - ok
17:34:22.0934 3712 [ 37F6046CDC630442D7DC087501FF6FC6 ] C:\Windows\System32\HPZipm12.dll
17:34:22.0934 3712 C:\Windows\System32\HPZipm12.dll - ok
17:34:22.0939 3712 [ 6A05392F79A820B5024486C3583D85D3 ] C:\PROGRA~2\McAfee\SITEAD~1\saOemMgr.exe
17:34:22.0939 3712 C:\PROGRA~2\McAfee\SITEAD~1\saOemMgr.exe - ok
17:34:22.0944 3712 [ 331E7BDE228914574FC9AE6CD520DAFA ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:34:22.0944 3712 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - ok
17:34:22.0948 3712 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
17:34:22.0949 3712 C:\Windows\SysWOW64\nsi.dll - ok
17:34:22.0953 3712 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
17:34:22.0954 3712 C:\Windows\SysWOW64\SensApi.dll - ok
17:34:22.0958 3712 [ 4FB96AACF2F05C7357546BECD7678863 ] C:\Windows\SysWOW64\webio.dll
17:34:22.0958 3712 C:\Windows\SysWOW64\webio.dll - ok
17:34:22.0963 3712 [ CC9BBCFC715FBEDF7AE476106FE653E9 ] C:\Windows\SysWOW64\winhttp.dll
17:34:22.0963 3712 C:\Windows\SysWOW64\winhttp.dll - ok
17:34:22.0967 3712 [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\SysWOW64\ws2_32.dll
17:34:22.0967 3712 C:\Windows\SysWOW64\ws2_32.dll - ok
17:34:22.0972 3712 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
17:34:22.0972 3712 C:\Windows\SysWOW64\wsock32.dll - ok
17:34:22.0977 3712 [ 64ECE532B8ABD7E035803515E9C11DC9 ] C:\PROGRA~2\McAfee\SITEAD~1\sasshmod.dll
17:34:22.0977 3712 C:\PROGRA~2\McAfee\SITEAD~1\sasshmod.dll - ok
17:34:22.0982 3712 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
17:34:22.0982 3712 C:\Windows\SysWOW64\clbcatq.dll - ok
17:34:22.0987 3712 [ 5F856156F709DF40B42D36AE8A0F0695 ] C:\Windows\SysWOW64\msxml6.dll
17:34:22.0987 3712 C:\Windows\SysWOW64\msxml6.dll - ok
17:34:22.0991 3712 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
17:34:22.0991 3712 C:\Windows\SysWOW64\profapi.dll - ok
17:34:22.0996 3712 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
17:34:22.0996 3712 C:\Windows\SysWOW64\cryptsp.dll - ok
17:34:23.0001 3712 [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\SysWOW64\RpcRtRemote.dll
17:34:23.0001 3712 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
17:34:23.0006 3712 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
17:34:23.0006 3712 C:\Windows\SysWOW64\rsaenh.dll - ok
17:34:23.0010 3712 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
17:34:23.0010 3712 C:\Windows\System32\comres.dll - ok
17:34:23.0015 3712 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
17:34:23.0015 3712 C:\Windows\System32\drivers\secdrv.sys - ok
17:34:23.0020 3712 [ 72CD52403EFC137290CB5A328510EBCA ] C:\Windows\System32\drivers\Sftfslh.sys
17:34:23.0020 3712 C:\Windows\System32\drivers\Sftfslh.sys - ok
17:34:23.0025 3712 [ F7866AF72ABBAF84B1FA5AA195378C59 ] C:\Windows\System32\drivers\fltMgr.sys
17:34:23.0025 3712 C:\Windows\System32\drivers\fltMgr.sys - ok
17:34:23.0029 3712 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
17:34:23.0029 3712 C:\Windows\System32\PSHED.DLL - ok
17:34:23.0034 3712 [ CD64B78DB77D443181A9E2E834796863 ] C:\PROGRA~2\McAfee\SITEAD~1\saUI.exe
17:34:23.0034 3712 C:\PROGRA~2\McAfee\SITEAD~1\saUI.exe - ok
17:34:23.0039 3712 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
17:34:23.0039 3712 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
17:34:23.0044 3712 [ AC633C7D40C63A197649955A512AD7BD ] C:\Program Files (x86)\AVG\AVG2012\avgwd.dll
17:34:23.0044 3712 C:\Program Files (x86)\AVG\AVG2012\avgwd.dll - ok
17:34:23.0048 3712 [ 8F6D9A20F1FB06F0602A7D5A82840DBF ] C:\Windows\System32\netcfgx.dll
17:34:23.0048 3712 C:\Windows\System32\netcfgx.dll - ok
17:34:23.0053 3712 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
17:34:23.0053 3712 C:\Windows\System32\drivers\vwifimp.sys - ok
17:34:23.0058 3712 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
17:34:23.0058 3712 C:\Windows\System32\aeevts.dll - ok
17:34:23.0063 3712 [ E2C78D19572AACC2062A00F01503807E ] C:\Program Files (x86)\AVG\AVG2012\avgcfgx.dll
17:34:23.0063 3712 C:\Program Files (x86)\AVG\AVG2012\avgcfgx.dll - ok
17:34:23.0067 3712 [ CA4D146EAC05EC4BA5FC4936F3369627 ] C:\Windows\SysWOW64\urlmon.dll
17:34:23.0068 3712 C:\Windows\SysWOW64\urlmon.dll - ok
17:34:23.0072 3712 [ 570C6B12E7BD623A85EA1F01C75C346A ] C:\Windows\SysWOW64\iertutil.dll
17:34:23.0072 3712 C:\Windows\SysWOW64\iertutil.dll - ok
17:34:23.0077 3712 [ 27CDAF355CCE3762C7F13719E814418B ] C:\Windows\SysWOW64\wininet.dll
17:34:23.0077 3712 C:\Windows\SysWOW64\wininet.dll - ok
17:34:23.0081 3712 [ 432BE6CF7311062633459EEF6B242FB5 ] C:\Windows\SysWOW64\regsvr32.exe
17:34:23.0082 3712 C:\Windows\SysWOW64\regsvr32.exe - ok
17:34:23.0087 3712 [ 4B8DD8541C0E26602005DD0137333615 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
17:34:23.0087 3712 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll - ok
17:34:23.0092 3712 [ 079FC5AAA9963057548DF29F069EC406 ] C:\Windows\AppPatch\AcGenral.dll
17:34:23.0092 3712 C:\Windows\AppPatch\AcGenral.dll - ok
17:34:23.0096 3712 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
17:34:23.0096 3712 C:\Windows\SysWOW64\msacm32.dll - ok
17:34:23.0101 3712 [ 742AA02BD9FA3492C9E525BBD427D87D ] C:\Windows\SysWOW64\samcli.dll
17:34:23.0101 3712 C:\Windows\SysWOW64\samcli.dll - ok
17:34:23.0106 3712 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
17:34:23.0106 3712 C:\Windows\SysWOW64\sfc.dll - ok
17:34:23.0110 3712 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
17:34:23.0110 3712 C:\Windows\SysWOW64\sfc_os.dll - ok
17:34:23.0115 3712 [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\SysWOW64\userenv.dll
17:34:23.0115 3712 C:\Windows\SysWOW64\userenv.dll - ok
17:34:23.0120 3712 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
17:34:23.0120 3712 C:\Windows\SysWOW64\uxtheme.dll - ok
17:34:23.0125 3712 [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\SysWOW64\winmm.dll
17:34:23.0125 3712 C:\Windows\SysWOW64\winmm.dll - ok
17:34:23.0127 3712 [ E702ED19C332C1F12C1403D100E2F4F3 ] C:\Windows\SysWOW64\cfgmgr32.dll
17:34:23.0127 3712 C:\Windows\SysWOW64\cfgmgr32.dll - ok
17:34:23.0132 3712 [ 6C9C05D5344B9AB80E9180FC859BC45A ] C:\Windows\SysWOW64\devobj.dll
17:34:23.0132 3712 C:\Windows\SysWOW64\devobj.dll - ok
17:34:23.0137 3712 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
17:34:23.0137 3712 C:\Windows\SysWOW64\dwmapi.dll - ok
17:34:23.0141 3712 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
17:34:23.0142 3712 C:\Windows\SysWOW64\mpr.dll - ok
17:34:23.0146 3712 [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\SysWOW64\setupapi.dll
17:34:23.0146 3712 C:\Windows\SysWOW64\setupapi.dll - ok
17:34:23.0151 3712 [ A0B9E5D9D00322705E804240E4A02684 ] C:\PROGRA~2\McAfee\SITEAD~1\saupkeep.dll
17:34:23.0151 3712 C:\PROGRA~2\McAfee\SITEAD~1\saupkeep.dll - ok
17:34:23.0156 3712 [ 60732ECEC8AEF0A05FE36E661AA1C99C ] C:\Program Files (x86)\AVG\AVG2012\avgclitx.dll
17:34:23.0156 3712 C:\Program Files (x86)\AVG\AVG2012\avgclitx.dll - ok
17:34:23.0161 3712 [ 59BCE9F07985F8A4204F4D6554CFF708 ] C:\Windows\System32\regsvr32.exe
17:34:23.0161 3712 C:\Windows\System32\regsvr32.exe - ok
17:34:23.0165 3712 [ 31A36EF71AF36EABCC4B4F8AB8F76465 ] C:\Windows\System32\drivers\Sftplaylh.sys
17:34:23.0165 3712 C:\Windows\System32\drivers\Sftplaylh.sys - ok
17:34:23.0171 3712 [ DB7213FCB2BC1B4F0C5CC5AF344ABCD0 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:34:23.0171 3712 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - ok
17:34:23.0176 3712 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
17:34:23.0176 3712 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
17:34:23.0181 3712 [ D3EAD1CF16BA729A7F7C9A5D94AA7C05 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
17:34:23.0181 3712 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll - ok
17:34:23.0186 3712 [ DB16A7C0A453F7E220A5F29E42572FD8 ] C:\Windows\AppPatch\AppPatch64\AcGenral.dll
17:34:23.0186 3712 C:\Windows\AppPatch\AppPatch64\AcGenral.dll - ok
17:34:23.0191 3712 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
17:34:23.0191 3712 C:\Windows\System32\rundll32.exe - ok
17:34:23.0195 3712 [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\SysWOW64\credssp.dll
17:34:23.0195 3712 C:\Windows\SysWOW64\credssp.dll - ok
17:34:23.0200 3712 [ E73F21A566A81CD30CB63E8F006056BE ] C:\Windows\SysWOW64\secur32.dll
17:34:23.0200 3712 C:\Windows\SysWOW64\secur32.dll - ok
17:34:23.0207 3712 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
17:34:23.0207 3712 C:\Windows\System32\mpr.dll - ok
17:34:23.0210 3712 [ 5B8D71AC2074550D78BC188A8888054F ] C:\Program Files (x86)\AVG\AVG2012\avgidpsdkx.dll
17:34:23.0210 3712 C:\Program Files (x86)\AVG\AVG2012\avgidpsdkx.dll - ok
17:34:23.0215 3712 [ B1C8444187B377E6A2B9183630B8D906 ] C:\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll
17:34:23.0215 3712 C:\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll - ok
17:34:23.0220 3712 [ 579BA0A911FF5EA70CB604CD3B744B0A ] C:\Program Files (x86)\Skype\Updater\Updater.exe
17:34:23.0220 3712 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
17:34:23.0225 3712 [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\SysWOW64\rundll32.exe
17:34:23.0225 3712 C:\Windows\SysWOW64\rundll32.exe - ok
17:34:23.0229 3712 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] C:\Windows\System32\wiaservc.dll
17:34:23.0229 3712 C:\Windows\System32\wiaservc.dll - ok
17:34:23.0235 3712 [ 61DA1DD85F7A9A8F8DEA8771931FAAF6 ] C:\Windows\SysWOW64\imagehlp.dll
17:34:23.0235 3712 C:\Windows\SysWOW64\imagehlp.dll - ok
17:34:23.0239 3712 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
17:34:23.0239 3712 C:\Windows\System32\wiatrace.dll - ok
17:34:23.0244 3712 [ 1351931877DE0C46C4D42DAA26F7B5B1 ] C:\Windows\AppPatch\AcLayers.dll
17:34:23.0244 3712 C:\Windows\AppPatch\AcLayers.dll - ok
17:34:23.0248 3712 [ 3C1284516A62078FB68F768DE4F1A7BE ] C:\Windows\System32\sysmain.dll
17:34:23.0248 3712 C:\Windows\System32\sysmain.dll - ok
17:34:23.0253 3712 [ 76D078AF6F587B162D50210F761EB9ED ] C:\Windows\System32\drivers\tcpipreg.sys
17:34:23.0253 3712 C:\Windows\System32\drivers\tcpipreg.sys - ok
17:34:23.0258 3712 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
17:34:23.0258 3712 C:\Windows\System32\wbem\WMIsvc.dll - ok
17:34:23.0263 3712 [ 61E02CC3184B63FAFE0B83EAC8B3B8EF ] C:\Windows\SysWOW64\winspool.drv
17:34:23.0263 3712 C:\Windows\SysWOW64\winspool.drv - ok
17:34:23.0268 3712 [ 357CABBF155AFD1D3926E62539D2A3A7 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:34:23.0268 3712 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
17:34:23.0273 3712 [ FAF9BA81FB0543CB4B7EFFD24CFA815F ] C:\Windows\System32\wbemcomn.dll
17:34:23.0273 3712 C:\Windows\System32\wbemcomn.dll - ok
17:34:23.0277 3712 [ A7582A70802D5B9F28ED3940F6A3E9ED ] C:\Windows\System32\wbem\WmiDcPrv.dll
17:34:23.0277 3712 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
17:34:23.0282 3712 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
17:34:23.0282 3712 C:\Windows\System32\wbem\WinMgmtR.dll - ok
17:34:23.0287 3712 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
17:34:23.0287 3712 C:\Windows\System32\wbem\fastprox.dll - ok
17:34:23.0292 3712 [ E84B3CB28AB4D95C07738AE9937C2734 ] C:\PROGRA~2\McAfee\SITEAD~1\sahook.dll
17:34:23.0292 3712 C:\PROGRA~2\McAfee\SITEAD~1\sahook.dll - ok
17:34:23.0296 3712 [ 353F64DD67EB26AE91397C183E8172EF ] C:\Windows\AppPatch\acwow64.dll
17:34:23.0296 3712 C:\Windows\AppPatch\acwow64.dll - ok
17:34:23.0301 3712 [ 014A55E66FE115561D8DA94EAD4A85FF ] C:\PROGRA~2\McAfee\SITEAD~1\x64\McBrwCtl.dll
17:34:23.0301 3712 C:\PROGRA~2\McAfee\SITEAD~1\x64\McBrwCtl.dll - ok
17:34:23.0306 3712 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
17:34:23.0306 3712 C:\Windows\System32\ntdsapi.dll - ok
17:34:23.0311 3712 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
17:34:23.0311 3712 C:\Windows\System32\wbem\wbemprox.dll - ok
17:34:23.0315 3712 [ B642E645D7A790E0FA41E16C6C4234E6 ] C:\Program Files (x86)\AVG\AVG2012\avgwdwsc.dll
17:34:23.0315 3712 C:\Program Files (x86)\AVG\AVG2012\avgwdwsc.dll - ok
17:34:23.0321 3712 [ 3B9665D4B8C587A6014B9B8DFF5974A0 ] C:\Windows\System32\wbem\wbemcore.dll
17:34:23.0321 3712 C:\Windows\System32\wbem\wbemcore.dll - ok
17:34:23.0325 3712 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
17:34:23.0325 3712 C:\Windows\System32\SensApi.dll - ok
17:34:23.0330 3712 [ 374B26395852A9092BDE2E4C8D4D0C8D ] C:\Windows\SysWOW64\wscapi.dll
17:34:23.0330 3712 C:\Windows\SysWOW64\wscapi.dll - ok
17:34:23.0335 3712 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
17:34:23.0335 3712 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
17:34:23.0340 3712 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
17:34:23.0340 3712 C:\Windows\System32\wer.dll - ok
17:34:23.0344 3712 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
17:34:23.0344 3712 C:\Windows\SysWOW64\ntmarta.dll - ok
17:34:23.0349 3712 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
17:34:23.0349 3712 C:\Windows\System32\wbem\esscli.dll - ok
17:34:23.0354 3712 [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\SysWOW64\Wldap32.dll
17:34:23.0354 3712 C:\Windows\SysWOW64\Wldap32.dll - ok
17:34:23.0359 3712 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] C:\Windows\System32\drivers\avgidsdrivera.sys
17:34:23.0359 3712 C:\Windows\System32\drivers\avgidsdrivera.sys - ok
17:34:23.0363 3712 [ C7874A3B4C4FD56CB80FA4F2A02232FD ] C:\Program Files (x86)\AVG\AVG2012\avgcorex.dll
17:34:23.0364 3712 C:\Program Files (x86)\AVG\AVG2012\avgcorex.dll - ok
17:34:23.0369 3712 [ FFDAE493D48DEFE7936C735A175ACB6D ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
17:34:23.0369 3712 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
17:34:23.0373 3712 [ 99829F5F2B0742CEEE5DD82FBE2E6FAF ] C:\Windows\System32\msxml3.dll
17:34:23.0373 3712 C:\Windows\System32\msxml3.dll - ok
17:34:23.0376 3712 [ F821B6C5D3FD23E11CBB613F61C94C98 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:34:23.0376 3712 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe - ok
17:34:23.0381 3712 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
17:34:23.0381 3712 C:\Windows\System32\wbem\wbemsvc.dll - ok
17:34:23.0386 3712 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
17:34:23.0386 3712 C:\Windows\System32\wbem\wmiutils.dll - ok
17:34:23.0391 3712 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
17:34:23.0391 3712 C:\Windows\System32\wbem\repdrvfs.dll - ok
17:34:23.0395 3712 [ D790CAFEFF0291D0AF8C76F5A1EE2E4E ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
17:34:23.0395 3712 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
17:34:23.0401 3712 [ 4A996E304E40F51B0B89B61D27DF0A9A ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll
17:34:23.0401 3712 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll - ok
17:34:23.0406 3712 [ 393EB3B537EE7D2F41ABA8D2A5FD2EAA ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll
17:34:23.0406 3712 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll - ok
17:34:23.0411 3712 [ 981E5A0079E30E3D37630D0C95042783 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll
17:34:23.0411 3712 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll - ok
17:34:23.0416 3712 [ 72EE3BF7378869AB5D72E7E191FD5FAA ] C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
17:34:23.0416 3712 C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe - ok
17:34:23.0421 3712 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
17:34:23.0421 3712 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
17:34:23.0426 3712 [ 96F3F676B4D0DF4DA9C4081358C4662F ] C:\Windows\SysWOW64\wbemcomn.dll
17:34:23.0426 3712 C:\Windows\SysWOW64\wbemcomn.dll - ok
17:34:23.0430 3712 [ C3DBF7DFF5A38136E26BADB7AB4E2972 ] C:\Windows\SysWOW64\netapi32.dll
17:34:23.0430 3712 C:\Windows\SysWOW64\netapi32.dll - ok
17:34:23.0435 3712 [ C6BB27D9A8AC13D4A44486F528B5C884 ] C:\Windows\SysWOW64\netutils.dll
17:34:23.0435 3712 C:\Windows\SysWOW64\netutils.dll - ok
17:34:23.0440 3712 [ 89D840773C9C4358A5031DCC860449EC ] C:\Windows\SysWOW64\srvcli.dll
17:34:23.0440 3712 C:\Windows\SysWOW64\srvcli.dll - ok
17:34:23.0444 3712 [ 7AD12703039056D2A0815F85960E1FA1 ] C:\Windows\SysWOW64\wkscli.dll
17:34:23.0444 3712 C:\Windows\SysWOW64\wkscli.dll - ok
17:34:23.0449 3712 [ 6954203D0B09440E214587CA97C22AE2 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll
17:34:23.0449 3712 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll - ok
17:34:23.0455 3712 [ A5675206B80C4127BC687DCCA9A57212 ] C:\Program Files (x86)\AVG\AVG2012\avgntsqlitex.dll
17:34:23.0455 3712 C:\Program Files (x86)\AVG\AVG2012\avgntsqlitex.dll - ok
17:34:23.0460 3712 [ BE257E49E5BD284ECC83EE3747EC9DA0 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll
17:34:23.0460 3712 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll - ok
17:34:23.0465 3712 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
17:34:23.0465 3712 C:\Windows\System32\UXInit.dll - ok
17:34:23.0470 3712 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
17:34:23.0470 3712 C:\Windows\System32\BioCredProv.dll - ok
17:34:23.0475 3712 [ 97D38371502AA797DB14EB1FA5FCE4CD ] C:\Windows\System32\credui.dll
17:34:23.0475 3712 C:\Windows\System32\credui.dll - ok
17:34:23.0480 3712 [ 2A381A9740165D7A1405148B6DFB3E38 ] C:\Windows\System32\SmartcardCredentialProvider.dll
17:34:23.0480 3712 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
17:34:23.0485 3712 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
17:34:23.0485 3712 C:\Windows\System32\winbio.dll - ok
17:34:23.0489 3712 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
17:34:23.0489 3712 C:\Windows\System32\certCredProvider.dll - ok
17:34:23.0494 3712 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
17:34:23.0494 3712 C:\Windows\System32\vaultcli.dll - ok
17:34:23.0499 3712 [ EB4A30EAC3B3C304EAC8A10970E3402E ] C:\Program Files (x86)\AVG\AVG2012\avgsched.dll
17:34:23.0499 3712 C:\Program Files (x86)\AVG\AVG2012\avgsched.dll - ok
17:34:23.0504 3712 [ 1ECB3FFBF22B8A7C958CCF8F96119FC0 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
17:34:23.0504 3712 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
17:34:23.0509 3712 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
17:34:23.0509 3712 C:\Windows\System32\rasplap.dll - ok
17:34:23.0513 3712 [ 1CEDFE91F527858CACA1B08B04666BC0 ] C:\Windows\SysWOW64\wbem\fastprox.dll
17:34:23.0513 3712 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
17:34:23.0518 3712 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
17:34:23.0518 3712 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
17:34:23.0523 3712 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
17:34:23.0523 3712 C:\Windows\System32\rasapi32.dll - ok
17:34:23.0528 3712 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
17:34:23.0528 3712 C:\Windows\System32\rasman.dll - ok
17:34:23.0532 3712 [ F5A61F0A0030C80DF319B0C14A4C8885 ] C:\Windows\System32\rtutils.dll
17:34:23.0532 3712 C:\Windows\System32\rtutils.dll - ok
17:34:23.0538 3712 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
17:34:23.0538 3712 C:\Windows\SysWOW64\ntdsapi.dll - ok
17:34:23.0542 3712 [ 3FC19AC516C6962C5D66DD4F911F861E ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll
17:34:23.0542 3712 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll - ok
17:34:23.0547 3712 [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
17:34:23.0547 3712 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
17:34:23.0552 3712 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
17:34:23.0552 3712 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
17:34:23.0557 3712 [ D8ECA7A87AAA3AE308B5277411666622 ] C:\Windows\SysWOW64\logoncli.dll
17:34:23.0557 3712 C:\Windows\SysWOW64\logoncli.dll - ok
17:34:23.0562 3712 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
17:34:23.0562 3712 C:\Windows\SysWOW64\winnsi.dll - ok
17:34:23.0568 3712 [ 8415EF35A9CC4CF9E335AEC0EB562AAA ] C:\Program Files (x86)\AVG\AVG2012\avgcfga.dll
17:34:23.0568 3712 C:\Program Files (x86)\AVG\AVG2012\avgcfga.dll - ok
17:34:23.0573 3712 [ AE6AF014B616F53BA762F0BCFD8F7F21 ] C:\Windows\SysWOW64\msi.dll
17:34:23.0573 3712 C:\Windows\SysWOW64\msi.dll - ok
17:34:23.0577 3712 [ 9E3D27F8B25773343B69DC4ECB28E100 ] C:\PROGRA~2\McAfee\SITEAD~1\x64\McIEPlg.dll
17:34:23.0577 3712 C:\PROGRA~2\McAfee\SITEAD~1\x64\McIEPlg.dll - ok
17:34:23.0582 3712 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
17:34:23.0582 3712 C:\Windows\System32\imageres.dll - ok
17:34:23.0587 3712 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
17:34:23.0587 3712 C:\Windows\System32\msimg32.dll - ok
17:34:23.0592 3712 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
17:34:23.0592 3712 C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe - ok
17:34:23.0596 3712 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll
17:34:23.0596 3712 C:\Windows\SysWOW64\fltLib.dll - ok
17:34:23.0602 3712 [ 2D969194FCC8EB41ED1D52863BFE7F52 ] C:\Windows\System32\drivers\Sftredirlh.sys
17:34:23.0602 3712 C:\Windows\System32\drivers\Sftredirlh.sys - ok
17:34:23.0606 3712 [ 21CF5C7D8D727DCC337A1D251B6135F4 ] C:\Windows\SysWOW64\schannel.dll
17:34:23.0606 3712 C:\Windows\SysWOW64\schannel.dll - ok
17:34:23.0611 3712 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
17:34:23.0611 3712 C:\Windows\System32\dssenh.dll - ok
17:34:23.0616 3712 [ 6BA3AA852ED9CC6F25B7277B2DA205EB ] C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe
17:34:23.0616 3712 C:\Program Files (x86)\Lenovo\VeriFace\VerifyHost.exe - ok
17:34:23.0621 3712 [ 5ED3EC7EC6D21170119429C83EFBB2D8 ] C:\Program Files (x86)\Lenovo\VeriFace\FaceVerify2.dll
17:34:23.0621 3712 C:\Program Files (x86)\Lenovo\VeriFace\FaceVerify2.dll - ok
17:34:23.0626 3712 [ EDB57065790B62EF83BE117AD3EDFDE2 ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
17:34:23.0626 3712 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll - ok
17:34:23.0631 3712 [ 35C4838C288B68B708F32839065D9288 ] C:\Program Files (x86)\Lenovo\VeriFace\Apblend.dll
17:34:23.0631 3712 C:\Program Files (x86)\Lenovo\VeriFace\Apblend.dll - ok
17:34:23.0636 3712 [ A223CF703E28CBD7E9E7982141FA403C ] C:\Windows\SysWOW64\comdlg32.dll
17:34:23.0636 3712 C:\Windows\SysWOW64\comdlg32.dll - ok
17:34:23.0641 3712 [ 53214857EFEDD273D8B72571F7F188F5 ] C:\Program Files (x86)\Lenovo\VeriFace\MainOp.dll
17:34:23.0641 3712 C:\Program Files (x86)\Lenovo\VeriFace\MainOp.dll - ok
17:34:23.0646 3712 [ 2DEEB96A0957BD058753FF250E85EF49 ] C:\Windows\SysWOW64\msvfw32.dll
17:34:23.0646 3712 C:\Windows\SysWOW64\msvfw32.dll - ok
17:34:23.0650 3712 [ AA1F84D9410806BFAA6CFA09FA1D95E1 ] C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
17:34:23.0651 3712 C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll - ok
17:34:23.0656 3712 [ 5B9731C5E44E54831E56AD7D469ED744 ] C:\Program Files (x86)\Lenovo\VeriFace\FunFrm.dll
17:34:23.0656 3712 C:\Program Files (x86)\Lenovo\VeriFace\FunFrm.dll - ok
17:34:23.0660 3712 [ 185CEA3699B6E5D8309FEB6FDD15C2F3 ] C:\Program Files (x86)\Lenovo\VeriFace\LangHlpr.dll
17:34:23.0660 3712 C:\Program Files (x86)\Lenovo\VeriFace\LangHlpr.dll - ok
17:34:23.0665 3712 [ 2A63DAFAF83F6324330310993F753E59 ] C:\Program Files (x86)\Lenovo\VeriFace\Momo.dll
17:34:23.0665 3712 C:\Program Files (x86)\Lenovo\VeriFace\Momo.dll - ok
17:34:23.0670 3712 [ 0FAA326194F92B5D47A372A5AC0BA75B ] C:\Program Files (x86)\Lenovo\VeriFace\SetDev.dll
17:34:23.0670 3712 C:\Program Files (x86)\Lenovo\VeriFace\SetDev.dll - ok
17:34:23.0675 3712 [ E24FE90E9DE8D8AE70E59F7B01675DEF ] C:\Windows\SysWOW64\avicap32.dll
17:34:23.0675 3712 C:\Windows\SysWOW64\avicap32.dll - ok
17:34:23.0680 3712 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
17:34:23.0680 3712 C:\Windows\SysWOW64\dsound.dll - ok
17:34:23.0684 3712 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
17:34:23.0684 3712 C:\Windows\SysWOW64\powrprof.dll - ok
17:34:23.0689 3712 [ C9E73EBCD5E38CB6379FAAEA3FBD97BD ] C:\Program Files (x86)\Lenovo\VeriFace\English\Facev.dll
17:34:23.0689 3712 C:\Program Files (x86)\Lenovo\VeriFace\English\Facev.dll - ok
17:34:23.0694 3712 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
17:34:23.0694 3712 C:\Windows\SysWOW64\oledlg.dll - ok
17:34:23.0699 3712 [ AFF2E23E4E867140F07ABADC9E29ACDC ] C:\Program Files (x86)\AVG\AVG2012\avgopensslx.dll
17:34:23.0699 3712 C:\Program Files (x86)\AVG\AVG2012\avgopensslx.dll - ok
17:34:23.0704 3712 [ 82BC97E5793DEF69691AAD5AB953A200 ] C:\Windows\System32\wbem\WmiPrvSD.dll
17:34:23.0704 3712 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
17:34:23.0708 3712 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
17:34:23.0708 3712 C:\Windows\System32\ncobjapi.dll - ok
17:34:23.0713 3712 [ 583D2AB70DA4BDC7DCB5EC5C7B87A57C ] C:\Program Files (x86)\AVG\AVG2012\avgcertx.dll
17:34:23.0713 3712 C:\Program Files (x86)\AVG\AVG2012\avgcertx.dll - ok
17:34:23.0718 3712 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
17:34:23.0718 3712 C:\Windows\System32\wbem\wbemess.dll - ok
17:34:23.0723 3712 [ 3466855DE825F86C484A3454AD090967 ] C:\Program Files (x86)\AVG\AVG2012\avgchclx.dll
17:34:23.0723 3712 C:\Program Files (x86)\AVG\AVG2012\avgchclx.dll - ok
17:34:23.0728 3712 [ 691C8DFB208227F0CBB5C0897C742ACE ] C:\Windows\SysWOW64\WindowsCodecs.dll
17:34:23.0728 3712 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
17:34:23.0732 3712 [ 64D757051B5B273E55C93E4503EA4F3E ] C:\Windows\System32\wbem\WmiPrvSE.exe
17:34:23.0732 3712 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
17:34:23.0737 3712 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
17:34:23.0737 3712 C:\Windows\SysWOW64\bcrypt.dll - ok
17:34:23.0742 3712 [ C20FF1A17726C357461A7AC5B3BFC3AD ] C:\Windows\SysWOW64\ncrypt.dll
17:34:23.0742 3712 C:\Windows\SysWOW64\ncrypt.dll - ok
17:34:23.0746 3712 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
17:34:23.0747 3712 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
17:34:23.0751 3712 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
17:34:23.0751 3712 C:\Windows\SysWOW64\gpapi.dll - ok
17:34:23.0756 3712 [ 04D16553664796613FE98D441A0C35D7 ] C:\Windows\SysWOW64\cryptnet.dll
17:34:23.0756 3712 C:\Windows\SysWOW64\cryptnet.dll - ok
17:34:23.0761 3712 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
17:34:23.0761 3712 C:\Windows\System32\dllhost.exe - ok
17:34:23.0765 3712 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
17:34:23.0765 3712 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll - ok
17:34:23.0771 3712 [ EE24C42561D40F7AD7C2A7A460287090 ] C:\Windows\System32\wbem\cimwin32.dll
17:34:23.0771 3712 C:\Windows\System32\wbem\cimwin32.dll - ok
17:34:23.0775 3712 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
17:34:23.0775 3712 C:\Windows\System32\IDStore.dll - ok
17:34:23.0780 3712 [ 3EEFB971D61EF9638FD21F14C703CA11 ] C:\Windows\System32\taskhost.exe
17:34:23.0780 3712 C:\Windows\System32\taskhost.exe - ok
17:34:23.0785 3712 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
17:34:23.0785 3712 C:\Windows\System32\AtBroker.exe - ok
17:34:23.0790 3712 [ 5D89D063A4CB036C258685C8E057E768 ] C:\Windows\System32\framedynos.dll
17:34:23.0790 3712 C:\Windows\System32\framedynos.dll - ok
17:34:23.0795 3712 [ D74BE85ECB91F02919F21F7F2539E991 ] C:\Program Files (x86)\McAfee\SiteAdvisor\saSubMgr.dll
17:34:23.0795 3712 C:\Program Files (x86)\McAfee\SiteAdvisor\saSubMgr.dll - ok
17:34:23.0799 3712 [ 6F8F1376A13114CC10C0E69274F5A4DE ] C:\Windows\System32\userinit.exe
17:34:23.0799 3712 C:\Windows\System32\userinit.exe - ok
17:34:23.0804 3712 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
17:34:23.0804 3712 C:\Windows\System32\dwm.exe - ok
17:34:23.0809 3712 [ EF184066A851E7838D5BF8C8FAE66CC4 ] C:\Windows\System32\dwmredir.dll
17:34:23.0809 3712 C:\Windows\System32\dwmredir.dll - ok
17:34:23.0813 3712 [ 9D8AB964CE511AF81207DF0E1205184C ] C:\Windows\System32\dwmcore.dll
17:34:23.0813 3712 C:\Windows\System32\dwmcore.dll - ok
17:34:23.0818 3712 [ 0862495E0C825893DB75EF44FAEA8E93 ] C:\Windows\explorer.exe
17:34:23.0818 3712 C:\Windows\explorer.exe - ok
17:34:23.0823 3712 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
17:34:23.0823 3712 C:\Windows\System32\PlaySndSrv.dll - ok
17:34:23.0828 3712 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
17:34:23.0828 3712 C:\Windows\System32\MsCtfMonitor.dll - ok
17:34:23.0833 3712 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
17:34:23.0833 3712 C:\Windows\System32\msutb.dll - ok
17:34:23.0837 3712 [ 62390F4ACE9E2B63E3CA26B7F7497897 ] C:\Windows\SysWOW64\dnsapi.dll
17:34:23.0838 3712 C:\Windows\SysWOW64\dnsapi.dll - ok
17:34:23.0842 3712 [ 7F37322A489E285CFBCC02F6A53B3F1B ] C:\Windows\System32\HotStartUserAgent.dll
17:34:23.0842 3712 C:\Windows\System32\HotStartUserAgent.dll - ok
17:34:23.0847 3712 [ E52A95ED91EB87FE72971CBB6B665C27 ] C:\Windows\System32\d3d10_1.dll
17:34:23.0847 3712 C:\Windows\System32\d3d10_1.dll - ok
17:34:23.0852 3712 [ 7C0C964394EEEC9720388CD5DA1F5323 ] C:\Windows\System32\d3d10_1core.dll
17:34:23.0852 3712 C:\Windows\System32\d3d10_1core.dll - ok
17:34:23.0857 3712 [ D95DB5C915C001F78709C17285109BDC ] C:\Windows\System32\dxgi.dll
17:34:23.0857 3712 C:\Windows\System32\dxgi.dll - ok
17:34:23.0861 3712 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
17:34:23.0861 3712 C:\Windows\System32\winmm.dll - ok
17:34:23.0866 3712 [ 9DF21887DD7D78D8DFE82BFC99A67618 ] C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McSACorePS.dll
17:34:23.0866 3712 C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McSACorePS.dll - ok
17:34:23.0871 3712 [ 70CA2B40F95621B8924FCEAF9190A5E4 ] C:\Windows\System32\aticfx64.dll
17:34:23.0871 3712 C:\Windows\System32\aticfx64.dll - ok
17:34:23.0876 3712 [ CC02B565A013A48FB5922615CA627AA9 ] C:\Windows\System32\atiuxp64.dll
17:34:23.0876 3712 C:\Windows\System32\atiuxp64.dll - ok
17:34:23.0879 3712 [ E2C3ED93767007CB0BEBAB233435FCEF ] C:\Windows\System32\atidxx64.dll
17:34:23.0879 3712 C:\Windows\System32\atidxx64.dll - ok
17:34:23.0883 3712 [ 76283C133E9429A5B8BFA81B4C6A0AC5 ] C:\Program Files (x86)\McAfee\SiteAdvisor\saplugin.dll
17:34:23.0883 3712 C:\Program Files (x86)\McAfee\SiteAdvisor\saplugin.dll - ok
17:34:23.0889 3712 [ 1C27E145EC99F20BC1B13FD98165A83F ] C:\Windows\System32\ExplorerFrame.dll
17:34:23.0889 3712 C:\Windows\System32\ExplorerFrame.dll - ok
17:34:23.0893 3712 [ CBD010BFBED9657C3813400AAD03CF8A ] C:\Windows\SysWOW64\oleacc.dll
17:34:23.0893 3712 C:\Windows\SysWOW64\oleacc.dll - ok
17:34:23.0898 3712 [ 61A86809B62769643892BC0812B204AA ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
17:34:23.0898 3712 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE - ok
17:34:23.0903 3712 [ 5686EDB3B234003C5E110F49C07A99B8 ] C:\Program Files (x86)\McAfee\SiteAdvisor\mcbrwctl.dll
17:34:23.0903 3712 C:\Program Files (x86)\McAfee\SiteAdvisor\mcbrwctl.dll - ok
17:34:23.0908 3712 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
17:34:23.0908 3712 C:\Windows\System32\uDWM.dll - ok
17:34:23.0913 3712 [ ADBA8A211DEB8EE1B2AC332F05378B1C ] C:\Users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
17:34:23.0913 3712 C:\Users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll - ok
17:34:23.0918 3712 [ 7069F42544AF91D36AA3B2116039030A ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL
17:34:23.0918 3712 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL - ok
17:34:23.0923 3712 [ 349B1D5D8D1B5A7B10BCD01470BD5F64 ] C:\Users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\msvcp110.dll
17:34:23.0923 3712 C:\Users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\msvcp110.dll - ok
17:34:23.0928 3712 [ C72ABC6B7B90A61364B6DD889B5435F3 ] C:\Users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\msvcr110.dll
17:34:23.0928 3712 C:\Users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\msvcr110.dll - ok
17:34:23.0933 3712 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
17:34:23.0933 3712 C:\Windows\System32\EhStorShell.dll - ok
17:34:23.0938 3712 [ 0DFBB6B13ACFBDEE0E7DF0FD145614AC ] C:\Windows\System32\ntshrui.dll
17:34:23.0938 3712 C:\Windows\System32\ntshrui.dll - ok
17:34:23.0943 3712 [ BFEBE1E4B301F44CEA7C1B4021BD0264 ] C:\Windows\System32\cscapi.dll
17:34:23.0943 3712 C:\Windows\System32\cscapi.dll - ok
17:34:23.0948 3712 [ C3F833FD9A71502BC6C0F3F8F19745F4 ] C:\Windows\System32\IcnOvrly.dll
17:34:23.0948 3712 C:\Windows\System32\IcnOvrly.dll - ok
17:34:23.0953 3712 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
17:34:23.0953 3712 C:\Windows\System32\IconCodecService.dll - ok
17:34:23.0958 3712 [ 2DA943E5F82A33748B691B3411F08CB8 ] C:\Windows\System32\esent.dll
17:34:23.0958 3712 C:\Windows\System32\esent.dll - ok
17:34:23.0963 3712 [ 5C4BA8EF8FBA80397C33CC33F7F3922F ] C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
17:34:23.0963 3712 C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll - ok
17:34:23.0967 3712 [ 79C7CFAEA6879A8C1A1E8B5FFE8983AA ] C:\Windows\SysWOW64\dbghelp.dll
17:34:23.0967 3712 C:\Windows\SysWOW64\dbghelp.dll - ok
17:34:23.0972 3712 [ 702A13ED6F2B4740FA77A7A19B382348 ] C:\Windows\SysWOW64\credui.dll
17:34:23.0973 3712 C:\Windows\SysWOW64\credui.dll - ok
17:34:23.0977 3712 [ 565A30B70BE8A9B171839003F2D69683 ] C:\Windows\SysWOW64\hlink.dll
17:34:23.0977 3712 C:\Windows\SysWOW64\hlink.dll - ok
17:34:23.0981 3712 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
17:34:23.0981 3712 C:\Windows\SysWOW64\msimg32.dll - ok
17:34:23.0987 3712 [ 74AF1FFCAFD60DA88A386AE161F56438 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll
17:34:23.0987 3712 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll - ok
17:34:23.0992 3712 [ F9F003ECAB0AC26E2ABA43E672F15BD9 ] C:\Program Files (x86)\McAfee\SiteAdvisor\McSACorePS.dll
17:34:23.0992 3712 C:\Program Files (x86)\McAfee\SiteAdvisor\McSACorePS.dll - ok
17:34:23.0997 3712 [ 44C7130BC448599D1E975F4C9A732101 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll
17:34:23.0997 3712 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll - ok
17:34:24.0002 3712 [ 90691014D96030B69D7B8D6A0967FC67 ] C:\Windows\SysWOW64\msv1_0.dll
17:34:24.0002 3712 C:\Windows\SysWOW64\msv1_0.dll - ok
17:34:24.0009 3712 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\SysWOW64\cryptdll.dll
17:34:24.0009 3712 C:\Windows\SysWOW64\cryptdll.dll - ok
17:34:24.0013 3712 [ BD669749EAEFF96773B5F8D0A43E0068 ] C:\Windows\SysWOW64\msxml3.dll
17:34:24.0013 3712 C:\Windows\SysWOW64\msxml3.dll - ok
17:34:24.0020 3712 [ D065BE66822847B7F127D1F90158376E ] C:\Windows\System32\appinfo.dll
17:34:24.0020 3712 C:\Windows\System32\appinfo.dll - ok
17:34:24.0026 3712 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
17:34:24.0026 3712 C:\Windows\System32\hidserv.dll - ok
17:34:24.0030 3712 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
17:34:24.0030 3712 C:\Windows\System32\wdi.dll - ok
17:34:24.0038 3712 [ 2E57DDF2880A7E52E76F41C7E96D327B ] C:\Windows\System32\wpdbusenum.dll
17:34:24.0038 3712 C:\Windows\System32\wpdbusenum.dll - ok
17:34:24.0042 3712 [ 5DA7D8934F7AB0884A6A8FC02E8B2AA7 ] C:\Windows\System32\PortableDeviceApi.dll
17:34:24.0042 3712 C:\Windows\System32\PortableDeviceApi.dll - ok
17:34:24.0048 3712 [ D891293880F2F00AB7BA959910300EF7 ] C:\Windows\System32\diagperf.dll
17:34:24.0048 3712 C:\Windows\System32\diagperf.dll - ok
17:34:24.0053 3712 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
17:34:24.0053 3712 C:\Windows\System32\perftrack.dll - ok
17:34:24.0059 3712 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
17:34:24.0059 3712 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
17:34:24.0064 3712 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
17:34:24.0064 3712 C:\Windows\System32\Apphlpdm.dll - ok
17:34:24.0069 3712 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
17:34:24.0069 3712 C:\Windows\System32\pnpts.dll - ok
17:34:24.0077 3712 [ 65AF044B5570D355124DCD1E099AA98F ] C:\Windows\System32\wdiasqmmodule.dll
17:34:24.0077 3712 C:\Windows\System32\wdiasqmmodule.dll - ok
17:34:24.0080 3712 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
17:34:24.0080 3712 C:\Windows\System32\radardt.dll - ok
17:34:24.0088 3712 [ 6AB6D4DF10EC784CF4A66CBFAF417A11 ] C:\Windows\System32\runonce.exe
17:34:24.0088 3712 C:\Windows\System32\runonce.exe - ok
17:34:24.0092 3712 [ 169F916EFEAA44487E65305B7D2D754B ] C:\Windows\SysWOW64\runonce.exe
17:34:24.0092 3712 C:\Windows\SysWOW64\runonce.exe - ok
17:34:24.0097 3712 [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\SysWOW64\propsys.dll
17:34:24.0097 3712 C:\Windows\SysWOW64\propsys.dll - ok
17:34:24.0101 3712 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
17:34:24.0101 3712 C:\Windows\System32\aelupsvc.dll - ok
17:34:24.0106 3712 [ 8AE6DD9A6D246004DA047F704F0CC487 ] C:\Windows\SysWOW64\cmd.exe
17:34:24.0106 3712 C:\Windows\SysWOW64\cmd.exe - ok
17:34:24.0111 3712 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
17:34:24.0111 3712 C:\Windows\SysWOW64\winbrand.dll - ok
17:34:24.0116 3712 [ 0C7B28DECCEB403B8853F52664F26E9B ] C:\Windows\SysWOW64\ieframe.dll
17:34:24.0116 3712 C:\Windows\SysWOW64\ieframe.dll - ok
17:34:24.0120 3712 [ E07B77C3BDC82A024E294FB67ABFEDA0 ] C:\Windows\SysWOW64\shdocvw.dll
17:34:24.0121 3712 C:\Windows\SysWOW64\shdocvw.dll - ok
17:34:24.0125 3712 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Fireside3\AppData\Local\Temp\D0CE36A7-3AF1-49F8-B617-622DD4D9B6C6.exe
17:34:24.0126 3712 C:\Users\Fireside3\AppData\Local\Temp\D0CE36A7-3AF1-49F8-B617-622DD4D9B6C6.exe - ok
17:34:24.0128 3712 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
17:34:24.0128 3712 C:\Windows\SysWOW64\EhStorShell.dll - ok
17:34:24.0133 3712 [ 36333D345062E42E849C0AF00CBEFC97 ] C:\Windows\SysWOW64\ntshrui.dll
17:34:24.0133 3712 C:\Windows\SysWOW64\ntshrui.dll - ok
17:34:24.0138 3712 [ ADD9D33D685DFADDFAD5AFB42CF31A70 ] C:\Windows\SysWOW64\cscapi.dll
17:34:24.0138 3712 C:\Windows\SysWOW64\cscapi.dll - ok
17:34:24.0142 3712 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
17:34:24.0142 3712 C:\Windows\SysWOW64\slc.dll - ok
17:34:24.0147 3712 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
17:34:24.0147 3712 C:\Windows\SysWOW64\imageres.dll - ok
17:34:24.0152 3712 [ 11CDF138552BFEC115B60ED6DC3ACEB6 ] C:\Windows\SysWOW64\devrtl.dll
17:34:24.0152 3712 C:\Windows\SysWOW64\devrtl.dll - ok
17:34:24.0156 3712 [ B801CAB1A62A7C5F3F5EC9A02444F3DC ] C:\Windows\System32\iedkcs32.dll
17:34:24.0156 3712 C:\Windows\System32\iedkcs32.dll - ok
17:34:24.0161 3712 [ 6D220604AA4240303DD8DEAEAB428377 ] C:\Windows\System32\ie4uinit.exe
17:34:24.0161 3712 C:\Windows\System32\ie4uinit.exe - ok
17:34:24.0166 3712 [ C3C32FE6F59BF9863C924C7ED7328834 ] C:\Windows\System32\timedate.cpl
17:34:24.0166 3712 C:\Windows\System32\timedate.cpl - ok
17:34:24.0171 3712 [ 1E4BDDBD5A63059A97063339B4F8986F ] C:\Windows\System32\actxprxy.dll
17:34:24.0171 3712 C:\Windows\System32\actxprxy.dll - ok
17:34:24.0175 3712 [ FBE8EBF528DC49B3DEB186CA9545D97E ] C:\Windows\System32\shdocvw.dll
17:34:24.0176 3712 C:\Windows\System32\shdocvw.dll - ok
17:34:24.0180 3712 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
17:34:24.0180 3712 C:\Windows\System32\linkinfo.dll - ok
17:34:24.0185 3712 [ 46EDD0A6B42BA5D2044FA0909BE4BE95 ] C:\Windows\System32\msftedit.dll
17:34:24.0185 3712 C:\Windows\System32\msftedit.dll - ok
17:34:24.0190 3712 [ 7CB3ACB163DE051169095DC6507B8977 ] C:\Windows\System32\msls31.dll
17:34:24.0190 3712 C:\Windows\System32\msls31.dll - ok
17:34:24.0194 3712 [ 14F5C0DB4B2C47874D6C937A5A1B367C ] C:\Windows\System32\gameux.dll
17:34:24.0194 3712 C:\Windows\System32\gameux.dll - ok
17:34:24.0199 3712 [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\SysWOW64\mswsock.dll
17:34:24.0199 3712 C:\Windows\SysWOW64\mswsock.dll - ok
17:34:24.0204 3712 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
17:34:24.0204 3712 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
17:34:24.0208 3712 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
17:34:24.0208 3712 C:\Windows\SysWOW64\wship6.dll - ok
17:34:24.0213 3712 [ 4355CF8BD07B0E48C111FC3D2F36D313 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
17:34:24.0213 3712 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
17:34:24.0218 3712 [ DD76912E8D165C68659D9875256710A3 ] C:\Windows\System32\DeviceCenter.dll
17:34:24.0218 3712 C:\Windows\System32\DeviceCenter.dll - ok
17:34:24.0223 3712 [ A38A290E27AFE18D7D5F3CFD33FEF47D ] C:\Windows\System32\msi.dll
17:34:24.0223 3712 C:\Windows\System32\msi.dll - ok
17:34:24.0228 3712 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
17:34:24.0228 3712 C:\Windows\System32\msiltcfg.dll - ok
17:34:24.0232 3712 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
17:34:24.0232 3712 C:\Windows\SysWOW64\rasadhlp.dll - ok
17:34:24.0237 3712 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\49088681.sys
17:34:24.0237 3712 C:\Windows\System32\drivers\49088681.sys - ok
17:34:24.0242 3712 [ C083F40450A977D92A9587BA08B8C486 ] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
17:34:24.0242 3712 C:\Program Files (x86)\Lenovo\Energy Management\utility.exe - ok
17:34:24.0247 3712 [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\SysWOW64\riched20.dll
17:34:24.0247 3712 C:\Windows\SysWOW64\riched20.dll - ok
17:34:24.0252 3712 [ 8898C95862D03D16B2A06DB4DB6BB6B2 ] C:\Windows\SysWOW64\ExplorerFrame.dll
17:34:24.0252 3712 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
17:34:24.0257 3712 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
17:34:24.0257 3712 C:\Windows\SysWOW64\duser.dll - ok
17:34:24.0261 3712 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
17:34:24.0261 3712 C:\Windows\SysWOW64\dui70.dll - ok
17:34:24.0266 3712 [ 60CC15392FF14DCB9C29C69B3233741B ] C:\Windows\System32\stobject.dll
17:34:24.0266 3712 C:\Windows\System32\stobject.dll - ok
17:34:24.0271 3712 [ 86B6AC0FD2881B3D20B80F51C7152AE0 ] C:\Windows\System32\batmeter.dll
17:34:24.0271 3712 C:\Windows\System32\batmeter.dll - ok
17:34:24.0276 3712 [ 39F56BD3EBC3EC88D0319CCC63B6D452 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
17:34:24.0276 3712 C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe - ok
17:34:24.0280 3712 [ F468C806267D46B68DB7EB32FBF0A103 ] C:\Windows\System32\thumbcache.dll
17:34:24.0280 3712 C:\Windows\System32\thumbcache.dll - ok
17:34:24.0285 3712 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
17:34:24.0285 3712 C:\Windows\System32\oledlg.dll - ok
17:34:24.0290 3712 [ 81D64E8D70E5FBF9F7ABF2D41154F54D ] C:\Windows\System32\AudioSes.dll
17:34:24.0290 3712 C:\Windows\System32\AudioSes.dll - ok
17:34:24.0295 3712 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
17:34:24.0295 3712 C:\Windows\System32\UIAnimation.dll - ok
17:34:24.0299 3712 [ 655A3626F78139E86CF05F5D62E3F7EF ] C:\Windows\System32\pdh.dll
17:34:24.0299 3712 C:\Windows\System32\pdh.dll - ok
17:34:24.0304 3712 [ 706AA831C8C83FC0F7583B109B9CFC7F ] C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
17:34:24.0304 3712 C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll - ok
17:34:24.0309 3712 [ 8BC7AE7E16458355508ECF5EC3A04E72 ] C:\Windows\System32\networkexplorer.dll
17:34:24.0309 3712 C:\Windows\System32\networkexplorer.dll - ok
17:34:24.0314 3712 [ 17E03B6C08DE84D8E88F0577A6BC0974 ] C:\Program Files (x86)\Lenovo\Energy Management\KbdHook.dll
17:34:24.0314 3712 C:\Program Files (x86)\Lenovo\Energy Management\KbdHook.dll - ok
17:34:24.0319 3712 [ B2A4E7F9CEBD75B2D1A2A2E6283AA00C ] C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe
17:34:24.0319 3712 C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe - ok
17:34:24.0324 3712 [ 651F169718CC46C8A9264880C538D5FF ] C:\Windows\System32\prnfldr.dll
17:34:24.0324 3712 C:\Windows\System32\prnfldr.dll - ok
17:34:24.0328 3712 [ C586B3FF9F959AB78B9305BA19C87CE7 ] C:\Program Files (x86)\Livestation\Livestation.exe
17:34:24.0328 3712 C:\Program Files (x86)\Livestation\Livestation.exe - ok
17:34:24.0333 3712 [ C7FB2773325396B36C8BC74FF5F62525 ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe
17:34:24.0333 3712 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe - ok
17:34:24.0338 3712 [ 913C2E4A03201644FC986EDEB5F8A390 ] C:\Windows\System32\DXP.dll
17:34:24.0338 3712 C:\Windows\System32\DXP.dll - ok
17:34:24.0343 3712 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
17:34:24.0343 3712 C:\Windows\System32\Syncreg.dll - ok
17:34:24.0347 3712 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
17:34:24.0347 3712 C:\Windows\SysWOW64\atl.dll - ok
17:34:24.0352 3712 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
17:34:24.0352 3712 C:\Windows\ehome\ehSSO.dll - ok
17:34:24.0357 3712 [ 7FD58BA8562948EE374E2513C6771EF9 ] C:\Windows\System32\mf.dll
17:34:24.0357 3712 C:\Windows\System32\mf.dll - ok
17:34:24.0362 3712 [ 66920354B984D4A3848A84B4E66745EA ] C:\Windows\System32\netshell.dll
17:34:24.0362 3712 C:\Windows\System32\netshell.dll - ok
17:34:24.0366 3712 [ 7459301D21C2E21468823F73042D9F87 ] C:\Windows\SysWOW64\d3d9.dll
17:34:24.0366 3712 C:\Windows\SysWOW64\d3d9.dll - ok
17:34:24.0371 3712 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
17:34:24.0371 3712 C:\Windows\System32\AltTab.dll - ok
17:34:24.0376 3712 [ FD4F95ABDE5603478C929B6CB0BDCFFF ] C:\Windows\System32\pnidui.dll
17:34:24.0376 3712 C:\Windows\System32\pnidui.dll - ok
17:34:24.0378 3712 [ AB01C36BCC34CCFE5B0BB5FFB2605135 ] C:\Windows\System32\WPDShServiceObj.dll
17:34:24.0378 3712 C:\Windows\System32\WPDShServiceObj.dll - ok
17:34:24.0383 3712 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
17:34:24.0383 3712 C:\Windows\SysWOW64\d3d8thk.dll - ok
17:34:24.0388 3712 [ D1BBE227367ED791D5FCF08E132D2956 ] C:\Windows\SysWOW64\opengl32.dll
17:34:24.0388 3712 C:\Windows\SysWOW64\opengl32.dll - ok
17:34:24.0393 3712 [ 205B7034B64DE5A68DEB96B47B7E889B ] C:\Windows\SysWOW64\mscms.dll
17:34:24.0393 3712 C:\Windows\SysWOW64\mscms.dll - ok
17:34:24.0397 3712 [ 90FB1802D488FFA9029854A77D4F3F27 ] C:\Windows\SysWOW64\oleaccrc.dll
17:34:24.0397 3712 C:\Windows\SysWOW64\oleaccrc.dll - ok
17:34:24.0402 3712 [ BD03C64C4B1F34D1F330BF6C4AC8113D ] C:\Windows\System32\QUTIL.DLL
17:34:24.0402 3712 C:\Windows\System32\QUTIL.DLL - ok
17:34:24.0407 3712 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
17:34:24.0407 3712 C:\Windows\System32\PortableDeviceTypes.dll - ok
17:34:24.0412 3712 [ 90952909CA4C1C680915944F7DB596DE ] C:\Users\FIRESI~1\AppData\Local\Temp\{A37FEE12-2CAC-462D-9257-CC93339B8937}\fpb.tmp
17:34:24.0412 3712 C:\Users\FIRESI~1\AppData\Local\Temp\{A37FEE12-2CAC-462D-9257-CC93339B8937}\fpb.tmp - ok
17:34:24.0416 3712 [ 2C5B8A680A90E96B1EC0D6DA0505E685 ] C:\Windows\System32\srchadmin.dll
17:34:24.0416 3712 C:\Windows\System32\srchadmin.dll - ok
17:34:24.0421 3712 [ 92AAF75C3EB344A098DC026BC9DDF42A ] C:\Windows\System32\bthprops.cpl
17:34:24.0421 3712 C:\Windows\System32\bthprops.cpl - ok
17:34:24.0426 3712 [ 56190EAAD7AE15DEF6FE93DA8B0C27D9 ] C:\Program Files\Internet Explorer\ieproxy.dll
17:34:24.0426 3712 C:\Program Files\Internet Explorer\ieproxy.dll - ok
17:34:24.0431 3712 [ AD31942BDF3D594C404874613BC2FE4D ] C:\Windows\System32\SearchIndexer.exe
17:34:24.0431 3712 C:\Windows\System32\SearchIndexer.exe - ok
17:34:24.0435 3712 [ DE3897365B04C4DA1CF8FF725577C082 ] C:\Windows\SysWOW64\glu32.dll
17:34:24.0435 3712 C:\Windows\SysWOW64\glu32.dll - ok
17:34:24.0440 3712 [ 6DEC79D51F08EB735728D428D17AAA85 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
17:34:24.0440 3712 C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
17:34:24.0445 3712 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
17:34:24.0445 3712 C:\Windows\SysWOW64\ddraw.dll - ok
17:34:24.0450 3712 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
17:34:24.0450 3712 C:\Windows\System32\mfplat.dll - ok
17:34:24.0455 3712 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
17:34:24.0455 3712 C:\Windows\SysWOW64\dciman32.dll - ok
17:34:24.0459 3712 [ DC8FB258F06712BF7E44DA43181B3D43 ] C:\Program Files (x86)\Livestation\avcodec-52.dll
17:34:24.0459 3712 C:\Program Files (x86)\Livestation\avcodec-52.dll - ok
17:34:24.0464 3712 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
17:34:24.0464 3712 C:\Windows\System32\ksuser.dll - ok
17:34:24.0468 3712 [ F87A7BB428E4AC68D348DF600F1EA1A2 ] C:\Windows\System32\tquery.dll
17:34:24.0468 3712 C:\Windows\System32\tquery.dll - ok
17:34:24.0474 3712 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
17:34:24.0474 3712 C:\Windows\System32\FXSST.dll - ok
17:34:24.0478 3712 [ 34E6D8C67E7FD7C917BECFECA326B168 ] C:\Windows\System32\FXSAPI.dll
17:34:24.0478 3712 C:\Windows\System32\FXSAPI.dll - ok
17:34:24.0483 3712 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
17:34:24.0483 3712 C:\Windows\System32\FXSRESM.dll - ok
17:34:24.0488 3712 [ 78A6501E4E37118C568A606623A275BB ] C:\Windows\System32\mssrch.dll
17:34:24.0488 3712 C:\Windows\System32\mssrch.dll - ok
17:34:24.0492 3712 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
17:34:24.0493 3712 C:\Windows\System32\msidle.dll - ok
17:34:24.0497 3712 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
17:34:24.0497 3712 C:\Windows\System32\netman.dll - ok
17:34:24.0501 3712 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
17:34:24.0502 3712 C:\Windows\System32\mssprxy.dll - ok
17:34:24.0507 3712 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
17:34:24.0507 3712 C:\Windows\System32\netprofm.dll - ok
17:34:24.0511 3712 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
17:34:24.0511 3712 C:\Windows\System32\npmproxy.dll - ok
17:34:24.0516 3712 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
17:34:24.0516 3712 C:\Windows\System32\rasdlg.dll - ok
17:34:24.0521 3712 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
17:34:24.0521 3712 C:\Windows\System32\en-US\tquery.dll.mui - ok
17:34:24.0525 3712 [ E23C8B63736C2D6B6846708093A6C103 ] C:\Windows\System32\ieframe.dll
17:34:24.0526 3712 C:\Windows\System32\ieframe.dll - ok
17:34:24.0530 3712 [ 114429A77D935053E13A9BF98A8B8CA1 ] C:\Windows\System32\mprapi.dll
17:34:24.0530 3712 C:\Windows\System32\mprapi.dll - ok
17:34:24.0535 3712 [ E793D5BC2D58797235741EBA61DC56B8 ] C:\Windows\System32\msmpeg2vdec.dll
17:34:24.0535 3712 C:\Windows\System32\msmpeg2vdec.dll - ok
17:34:24.0540 3712 [ 0A94EE2C07C72C4E985F72259E9A178B ] C:\Windows\System32\evr.dll
17:34:24.0540 3712 C:\Windows\System32\evr.dll - ok
17:34:24.0544 3712 [ 48A6CA43A5C921C465F70D9B42B3EF1A ] C:\Windows\System32\sqmapi.dll
17:34:24.0544 3712 C:\Windows\System32\sqmapi.dll - ok
17:34:24.0549 3712 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] C:\Windows\System32\FXSSVC.exe
17:34:24.0549 3712 C:\Windows\System32\FXSSVC.exe - ok
17:34:24.0553 3712 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
17:34:24.0554 3712 C:\Windows\System32\mlang.dll - ok
17:34:24.0558 3712 [ BB68579E181956E37EB11F9083C01CF3 ] C:\Windows\System32\dot3api.dll
17:34:24.0558 3712 C:\Windows\System32\dot3api.dll - ok
17:34:24.0563 3712 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
17:34:24.0563 3712 C:\Windows\System32\wlanhlp.dll - ok
17:34:24.0568 3712 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
17:34:24.0568 3712 C:\Windows\System32\hnetcfg.dll - ok
17:34:24.0573 3712 [ 807EB11BD87CD9026906FB79015414CE ] C:\Windows\System32\perfdisk.dll
17:34:24.0573 3712 C:\Windows\System32\perfdisk.dll - ok
17:34:24.0578 3712 [ 42CBAAF98D660FA78074382CF5AF3A05 ] C:\Windows\System32\WMVDECOD.DLL
17:34:24.0578 3712 C:\Windows\System32\WMVDECOD.DLL - ok
17:34:24.0582 3712 [ 34C01D728DDDE4C5DD763F31CF65FDF5 ] C:\Program Files (x86)\Livestation\avutil-50.dll
17:34:24.0582 3712 C:\Program Files (x86)\Livestation\avutil-50.dll - ok
17:34:24.0587 3712 [ 0ABCA5A037A8B4D744991544B286D847 ] C:\Windows\System32\mfc42u.dll
17:34:24.0587 3712 C:\Windows\System32\mfc42u.dll - ok
17:34:24.0592 3712 [ A29D937A2AC5086B0AAA086004A7D87C ] C:\Program Files (x86)\Livestation\avformat-52.dll
17:34:24.0592 3712 C:\Program Files (x86)\Livestation\avformat-52.dll - ok
17:34:24.0597 3712 [ 93589F8021436E0C3E872A4C04CA13FE ] C:\Program Files (x86)\Livestation\swscale-0.dll
17:34:24.0597 3712 C:\Program Files (x86)\Livestation\swscale-0.dll - ok
17:34:24.0602 3712 [ DFF4993094A11275601E7ADBF1D1BD25 ] C:\Windows\System32\odbc32.dll
17:34:24.0602 3712 C:\Windows\System32\odbc32.dll - ok
17:34:24.0607 3712 [ D8E13A9A594CE4614E6CFE8125217679 ] C:\Program Files (x86)\Livestation\live555.dll
17:34:24.0607 3712 C:\Program Files (x86)\Livestation\live555.dll - ok
17:34:24.0612 3712 [ 3E466073C3B1033FF92ADE9031E3D4A2 ] C:\Windows\System32\odbcint.dll
17:34:24.0612 3712 C:\Windows\System32\odbcint.dll - ok
17:34:24.0617 3712 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
17:34:24.0617 3712 C:\Windows\System32\WWanAPI.dll - ok
17:34:24.0622 3712 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
17:34:24.0622 3712 C:\Windows\System32\wwapi.dll - ok
17:34:24.0627 3712 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
17:34:24.0627 3712 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
17:34:24.0630 3712 [ 0B0604BC02CA5F77A1F23C6B0D86AE8C ] C:\Windows\System32\msdmo.dll
17:34:24.0630 3712 C:\Windows\System32\msdmo.dll - ok
17:34:24.0634 3712 [ 36D9DA8558A2FD9EEADD8F0002BB9251 ] C:\Windows\System32\UIRibbon.dll
17:34:24.0634 3712 C:\Windows\System32\UIRibbon.dll - ok
17:34:24.0639 3712 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
17:34:24.0640 3712 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
17:34:24.0645 3712 [ 0B9F7D42D745038437FAE70D97F9AD5A ] C:\Windows\System32\QAGENT.DLL
17:34:24.0645 3712 C:\Windows\System32\QAGENT.DLL - ok
17:34:24.0649 3712 [ CE0CDC5459EAA1D574AF781DDB8F2685 ] C:\Windows\SysWOW64\OpenAL32.dll
17:34:24.0649 3712 C:\Windows\SysWOW64\OpenAL32.dll - ok
17:34:24.0654 3712 [ 73D0343D8288F15692EC1C9D4A78DC1F ] C:\Program Files (x86)\Livestation\libeay32.dll
17:34:24.0654 3712 C:\Program Files (x86)\Livestation\libeay32.dll - ok
17:34:24.0659 3712 [ 4E0D5171F83328986374EEBC975C1F3C ] C:\Windows\System32\UIRibbonRes.dll
17:34:24.0659 3712 C:\Windows\System32\UIRibbonRes.dll - ok
17:34:24.0664 3712 [ 7832C460B01FB9E7601FDD7CBF027AF5 ] C:\Program Files (x86)\Livestation\QtWebKit4.dll
17:34:24.0664 3712 C:\Program Files (x86)\Livestation\QtWebKit4.dll - ok
17:34:24.0668 3712 [ 069C456FDACC17E7572C5D4F72BDB751 ] C:\Windows\System32\fms.dll
17:34:24.0668 3712 C:\Windows\System32\fms.dll - ok
17:34:24.0673 3712 [ D7D7EB64B7DE14A783329805E5AC0031 ] C:\Windows\System32\webcheck.dll
17:34:24.0673 3712 C:\Windows\System32\webcheck.dll - ok
17:34:24.0678 3712 [ E6F66F31422C44EDC00D9C9329E7DF60 ] C:\Windows\System32\SyncCenter.dll
17:34:24.0678 3712 C:\Windows\System32\SyncCenter.dll - ok
17:34:24.0682 3712 [ 8B886A0AC14EAA8599142887991A5A2E ] C:\Windows\System32\imapi2.dll
17:34:24.0682 3712 C:\Windows\System32\imapi2.dll - ok
17:34:24.0687 3712 [ F0AAB2A76A7AF04C70A818E96BAF3E64 ] C:\Windows\System32\hgcpl.dll
17:34:24.0687 3712 C:\Windows\System32\hgcpl.dll - ok
17:34:24.0692 3712 [ 06A7422224D9865A5613710A089987DF ] C:\Windows\System32\provsvc.dll
17:34:24.0692 3712 C:\Windows\System32\provsvc.dll - ok
17:34:24.0697 3712 [ 388D75D19407EFE6D7A043F308F083A8 ] C:\Program Files (x86)\Livestation\phonon4.dll
17:34:24.0697 3712 C:\Program Files (x86)\Livestation\phonon4.dll - ok
17:34:24.0702 3712 [ 7DA4F72284D2C927927DFC0E12AFAB85 ] C:\Program Files (x86)\Livestation\QtGui4.dll
17:34:24.0702 3712 C:\Program Files (x86)\Livestation\QtGui4.dll - ok
17:34:24.0707 3712 [ 8BB1F532EF0914F4DE108A137D859147 ] C:\Program Files (x86)\Livestation\QtCore4.dll
17:34:24.0707 3712 C:\Program Files (x86)\Livestation\QtCore4.dll - ok
17:34:24.0711 3712 [ B3344165F59E1CDA7D9C07737F9E74DB ] C:\Program Files (x86)\Livestation\QtNetwork4.dll
17:34:24.0711 3712 C:\Program Files (x86)\Livestation\QtNetwork4.dll - ok
17:34:24.0716 3712 [ 69FC0AC392AB3698AB99207D7904CBC7 ] C:\Program Files (x86)\Livestation\QtXml4.dll
17:34:24.0716 3712 C:\Program Files (x86)\Livestation\QtXml4.dll - ok
17:34:24.0721 3712 [ 818372E9FCCFD317C3E052B3031257A2 ] C:\Program Files (x86)\Livestation\QtOpenGL4.dll
17:34:24.0721 3712 C:\Program Files (x86)\Livestation\QtOpenGL4.dll - ok
17:34:24.0727 3712 [ 6CA28B7AD68FCE02BB2B23B8DFA5A51F ] C:\Program Files (x86)\Livestation\plugins\imageformats\qgif4.dll
17:34:24.0727 3712 C:\Program Files (x86)\Livestation\plugins\imageformats\qgif4.dll - ok
17:34:24.0732 3712 [ E0CC1AF4D66EEF3A135C50E401A2D415 ] C:\Program Files (x86)\Livestation\plugins\imageformats\qico4.dll
17:34:24.0732 3712 C:\Program Files (x86)\Livestation\plugins\imageformats\qico4.dll - ok
17:34:24.0737 3712 [ D02F845EF350910B3424AD15BBB68E83 ] C:\Program Files (x86)\Livestation\plugins\imageformats\qjpeg4.dll
17:34:24.0737 3712 C:\Program Files (x86)\Livestation\plugins\imageformats\qjpeg4.dll - ok
17:34:24.0742 3712 [ EFC8305426B4A973E03E27842F99C6A6 ] C:\Program Files (x86)\Livestation\plugins\imageformats\qmng4.dll
17:34:24.0742 3712 C:\Program Files (x86)\Livestation\plugins\imageformats\qmng4.dll - ok
17:34:24.0747 3712 [ 4F4EFF3FA549EA0FBEA4B0B98B7D7D73 ] C:\Program Files (x86)\Livestation\plugins\imageformats\qsvg4.dll
17:34:24.0747 3712 C:\Program Files (x86)\Livestation\plugins\imageformats\qsvg4.dll - ok
17:34:24.0752 3712 [ E1A8FFFE94B0D64E70D84CAB8FCC9204 ] C:\Program Files (x86)\Livestation\QtSvg4.dll
17:34:24.0752 3712 C:\Program Files (x86)\Livestation\QtSvg4.dll - ok
17:34:24.0758 3712 [ 25F3BA437EB49BA531B4D4A6AA157ABE ] C:\Program Files (x86)\Livestation\plugins\imageformats\qtiff4.dll
17:34:24.0758 3712 C:\Program Files (x86)\Livestation\plugins\imageformats\qtiff4.dll - ok
17:34:24.0763 3712 [ C4A9FD8E4B68D5A6D06E2B8D36774921 ] C:\Program Files (x86)\Livestation\ssleay32.dll
17:34:24.0763 3712 C:\Program Files (x86)\Livestation\ssleay32.dll - ok
17:34:24.0767 3712 [ 8C680C0E6B3D6711B2B88AC82FE1804E ] C:\Windows\SysWOW64\MMDevAPI.dll
17:34:24.0767 3712 C:\Windows\SysWOW64\MMDevAPI.dll - ok
17:34:24.0772 3712 [ B24ABFAB2D541996A38905369D511953 ] C:\Windows\SysWOW64\wdmaud.drv
17:34:24.0772 3712 C:\Windows\SysWOW64\wdmaud.drv - ok
17:34:24.0777 3712 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
17:34:24.0777 3712 C:\Windows\SysWOW64\ksuser.dll - ok
17:34:24.0781 3712 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
17:34:24.0781 3712 C:\Windows\SysWOW64\avrt.dll - ok
17:34:24.0786 3712 [ AFBB5060A2DAD431A2EAEB2C86CFFE81 ] C:\Windows\SysWOW64\AudioSes.dll
17:34:24.0786 3712 C:\Windows\SysWOW64\AudioSes.dll - ok
17:34:24.0791 3712 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\SysWOW64\msacm32.drv
17:34:24.0791 3712 C:\Windows\SysWOW64\msacm32.drv - ok
17:34:24.0796 3712 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\SysWOW64\midimap.dll
17:34:24.0796 3712 C:\Windows\SysWOW64\midimap.dll - ok
17:34:24.0800 3712 [ 9C24ED831DDFA8319382B2BFD9691AA9 ] C:\Windows\SysWOW64\wrap_oal.dll
17:34:24.0800 3712 C:\Windows\SysWOW64\wrap_oal.dll - ok
17:34:24.0805 3712 [ 283A671E0248AC422173B289BCDCCC54 ] C:\Windows\System32\RtkAPO64.dll
17:34:24.0805 3712 C:\Windows\System32\RtkAPO64.dll - ok
17:34:24.0810 3712 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
17:34:24.0810 3712 C:\Windows\System32\AudioEng.dll - ok
17:34:24.0815 3712 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
17:34:24.0815 3712 C:\Windows\System32\AUDIOKSE.dll - ok
17:34:24.0820 3712 [ CB3CF9915ED7888FDBAF3694775DCCC7 ] C:\Windows\System32\RTEEL64A.dll
17:34:24.0820 3712 C:\Windows\System32\RTEEL64A.dll - ok
17:34:24.0825 3712 [ 483849E481652C22BAFC8052414B3099 ] C:\Windows\System32\RTEED64A.dll
17:34:24.0825 3712 C:\Windows\System32\RTEED64A.dll - ok
17:34:24.0830 3712 [ B4E58FC9DF06A709EA984290288AFD37 ] C:\Windows\SysWOW64\atiglpxx.dll
17:34:24.0830 3712 C:\Windows\SysWOW64\atiglpxx.dll - ok
17:34:24.0834 3712 [ D882F92BF58175997B78FA883ED36B35 ] C:\Windows\SysWOW64\atioglxx.dll
17:34:24.0835 3712 C:\Windows\SysWOW64\atioglxx.dll - ok
17:34:24.0841 3712 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
17:34:24.0841 3712 C:\Windows\System32\wbem\NCProv.dll - ok
17:34:24.0845 3712 [ C1E9163127D8AAB54865A832EFBF4A65 ] C:\Windows\SysWOW64\atigktxx.dll
17:34:24.0845 3712 C:\Windows\SysWOW64\atigktxx.dll - ok
17:34:24.0850 3712 [ B836C906AE8A7F31694C1F6C77FE9638 ] C:\Windows\SysWOW64\aticfx32.dll
17:34:24.0850 3712 C:\Windows\SysWOW64\aticfx32.dll - ok
17:34:24.0855 3712 [ D0139F0E2A1420D0840F18A0528FBC49 ] C:\Windows\SysWOW64\atiadlxy.dll
17:34:24.0855 3712 C:\Windows\SysWOW64\atiadlxy.dll - ok
17:34:24.0858 3712 ============================================================
17:34:24.0858 3712 Scan finished
17:34:24.0858 3712 ============================================================
17:34:24.0870 3704 Detected object count: 4
17:34:24.0870 3704 Actual detected object count: 4
17:35:12.0390 3704 ETD ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:12.0390 3704 ETD ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:35:12.0391 3704 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:12.0391 3704 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:35:12.0393 3704 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:12.0393 3704 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:35:12.0395 3704 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:35:12.0395 3704 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:35:50.0428 1428 Deinitialize success

Edited by fireside3, 23 January 2013 - 08:30 PM.


#11 fireside3

fireside3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 23 January 2013 - 08:31 PM

aswMBR version 0.9.9.1707 CopyrightŠ 2011 AVAST Software
Run date: 2013-01-23 17:37:41
-----------------------------
17:37:41.113 OS Version: Windows x64 6.1.7600
17:37:41.113 Number of processors: 2 586 0x603
17:37:41.113 ComputerName: FIRESIDE3-PC UserName: Fireside3
17:37:42.112 Initialize success
18:19:40.878 AVAST engine defs: 13012300
18:52:44.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:52:44.496 Disk 0 Vendor: WDC_WD3200BEVT-24A23T0 01.01A02 Size: 305245MB BusType: 11
18:52:44.510 Disk 0 MBR read successfully
18:52:44.516 Disk 0 MBR scan
18:52:44.526 Disk 0 Windows 7 default MBR code
18:52:44.533 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
18:52:44.552 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648
18:52:44.559 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312
18:52:44.593 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
18:52:44.626 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360
18:52:44.663 Disk 0 scanning C:\windows\system32\drivers
18:52:57.056 Service scanning
18:54:06.196 Modules scanning
18:54:06.200 Disk 0 trace - called modules:
18:54:06.232 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:54:06.233 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003125060]
18:54:06.235 3 CLASSPNP.SYS[fffff8800190543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800309c680]
18:54:08.170 AVAST engine scan C:\windows
18:54:10.698 AVAST engine scan C:\windows\system32
18:57:10.184 AVAST engine scan C:\windows\system32\drivers
18:57:24.718 AVAST engine scan C:\Users\Fireside3
18:57:25.422 File: C:\Users\Fireside3\AppData\Local\ATI\Apps\macvr.dll **INFECTED** Win32:BHO-AJD [Trj]
19:11:19.083 AVAST engine scan C:\ProgramData
19:12:31.716 Scan finished successfully
19:16:17.035 Disk 0 MBR has been saved successfully to "C:\Users\Fireside3\Desktop\MBR.dat"
19:16:17.041 The log file has been saved successfully to "C:\Users\Fireside3\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 23 January 2013 - 09:31 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 fireside3

fireside3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 23 January 2013 - 09:38 PM

OK, doing that now. BTW, UAC defaulted back and is working again, although I had previously intentionally disabled it because it was annoying. You did see avast found the malicious dll? I found nothing on this when I googled it though.

#14 fireside3

fireside3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 23 January 2013 - 09:47 PM

OTL logfile created on: 1/23/2013 8:36:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fireside3\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 35.86% Memory free
7.14 Gb Paging File | 5.11 Gb Available in Paging File | 71.53% Paging File free
Paging file location(s): c:\pagefile.sys 4500 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 103.95 Gb Free Space | 40.90% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 0.00 Gb Free Space | 0.02% Space Free | Partition Type: NTFS

Computer Name: FIRESIDE3-PC | User Name: Fireside3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Fireside3\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Fireside3\Desktop\aswMBR.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Livestation\Livestation.exe (Livestation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Livestation\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Livestation\avformat-52.dll ()
MOD - C:\Program Files (x86)\Livestation\swscale-0.dll ()
MOD - C:\Program Files (x86)\Livestation\avutil-50.dll ()
MOD - C:\Program Files (x86)\Livestation\QtCore4.dll ()
MOD - C:\Program Files (x86)\Livestation\live555.dll ()
MOD - C:\Program Files (x86)\Livestation\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Livestation\plugins\imageformats\qtiff4.dll ()
MOD - C:\Program Files (x86)\Livestation\plugins\imageformats\qsvg4.dll ()
MOD - C:\Program Files (x86)\Livestation\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Livestation\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Livestation\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Livestation\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Livestation\QtSvg4.dll ()
MOD - C:\Program Files (x86)\Livestation\phonon4.dll ()
MOD - C:\Program Files (x86)\Livestation\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Livestation\QtGui4.dll ()
MOD - C:\Program Files (x86)\Livestation\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Livestation\QtXml4.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (vzandnetndis) -- C:\Windows\SysNative\drivers\lgvzandnetndis64.sys (LG Electronics Inc.)
DRV:64bit: - (vzandnetmodem) -- C:\Windows\SysNative\drivers\lgvzandnetmdm64.sys (LG Electronics Inc.)
DRV:64bit: - (vzandnetdiag) -- C:\Windows\SysNative\drivers\lgvzandnetdiag64.sys (LG Electronics Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (Cam5607) -- C:\Windows\SysNative\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com/
IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: savemytabs@dmitriy.khudorozhkov:0.53
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.21
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: netvideohunter@netvideohunter.com:1.9.1
FF - prefs.js..extensions.enabledAddons: lsvytknkto@lsvytknkto.org:2.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Fireside3\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/03/31 08:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/03/18 16:54:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/31 08:55:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 09:09:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/01/23 17:44:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/04 13:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/29 20:25:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/03 10:43:39 | 000,000,000 | ---D | M]

[2012/06/13 16:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Extensions
[2013/01/05 02:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/01/05 02:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2013/01/12 13:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions
[2011/12/08 13:27:28 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/09/18 00:06:46 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions\netvideohunter@netvideohunter.com
[2012/06/13 16:16:08 | 000,000,000 | ---D | M] (Save My Tabs) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions\savemytabs@dmitriy.khudorozhkov
[1613/06/20 13:38:49 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\lsvytknkto@lsvytknkto.org.xpi
[2099/01/01 12:00:00 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions\lsvytknkto@lsvytknkto.org.xpi
[2012/06/16 01:38:36 | 000,039,835 | ---- | M] () (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions\uacontrol@qz.tsugumi.org.xpi
[2011/09/16 01:20:16 | 000,688,336 | ---- | M] () (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\{241aae70-0022-11de-87af-0800200c9a66}.xpi
[2012/06/16 01:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/04 13:13:06 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/01 09:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/11 15:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/06/01 09:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 09:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/01/21 05:50:49 | 000,447,234 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15365 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKU\S-1-5-21-2411584385-4083172941-383610630-1001..\Run: [Livestation] C:\Program Files (x86)\Livestation\Livestation.exe (Livestation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{831E4BA4-96D0-4313-B831-00EFB5DDDA82}: DhcpNameServer = 68.29.73.7 68.29.65.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E78D7C7-D71F-4433-9273-F108B31CDE88}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A532D431-A313-413A-957A-E33EC5EEF446}: DhcpNameServer = 192.168.43.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/23 20:34:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fireside3\Desktop\OTL.exe
[2013/01/23 17:22:43 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Fireside3\Desktop\aswMBR.exe
[2013/01/21 00:39:58 | 005,023,971 | ---- | C] (Swearware) -- C:\Users\Fireside3\Desktop\ComboFix.exe
[2013/01/20 23:20:51 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\Desktop\RK_Quarantine
[2013/01/18 07:54:08 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/01/15 07:12:33 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\AppData\Local\DigitalVolcano
[2013/01/14 19:11:43 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner
[2013/01/14 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duplicate Cleaner
[2013/01/12 18:38:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/12 13:56:22 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\Desktop\Firefox tabs issues

========== Files - Modified Within 30 Days ==========

[2013/01/23 20:35:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fireside3\Desktop\OTL.exe
[2013/01/23 20:25:55 | 000,014,563 | ---- | M] () -- C:\Users\Fireside3\Desktop\mystery.jpg
[2013/01/23 19:27:16 | 000,008,231 | ---- | M] () -- C:\Users\Fireside3\Desktop\Open Me.rtf
[2013/01/23 19:16:17 | 000,000,512 | ---- | M] () -- C:\Users\Fireside3\Desktop\MBR.dat
[2013/01/23 17:39:31 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 17:39:31 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 17:31:54 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2013/01/23 17:31:51 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/23 17:25:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Fireside3\Desktop\aswMBR.exe
[2013/01/23 13:26:25 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/23 03:09:01 | 000,000,143 | ---- | M] () -- C:\Users\Fireside3\AppData\Local\kclientgui.ini
[2013/01/23 00:59:16 | 028,413,209 | ---- | M] () -- C:\Users\Fireside3\Desktop\smart meter part1.wma
[2013/01/21 15:20:10 | 000,779,016 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/21 15:20:10 | 000,660,262 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/21 15:20:10 | 000,120,900 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/21 06:18:02 | 000,001,386 | ---- | M] () -- C:\Users\Fireside3\Desktop\CCleaner64 - Shortcut.lnk
[2013/01/21 05:50:49 | 000,447,234 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/01/21 00:45:09 | 005,023,971 | ---- | M] (Swearware) -- C:\Users\Fireside3\Desktop\ComboFix.exe
[2013/01/20 23:12:08 | 000,764,416 | ---- | M] () -- C:\Users\Fireside3\Desktop\RogueKiller.exe
[2013/01/19 21:02:29 | 000,574,677 | ---- | M] () -- C:\Users\Fireside3\Desktop\adwcleaner.exe
[2013/01/18 02:10:52 | 141,955,347 | ---- | M] () -- C:\Users\Fireside3\Desktop\Hazel eats fruitcake at Xmas 2012.wmv
[2013/01/18 02:10:52 | 104,023,236 | ---- | M] () -- C:\Users\Fireside3\Desktop\Hazel eats fruitcake at Xmas 2012.avi
[2013/01/17 14:00:13 | 000,027,375 | ---- | M] () -- C:\Users\Fireside3\Desktop\thm_php58NpX9.jpg
[2013/01/17 13:58:49 | 000,009,533 | ---- | M] () -- C:\Users\Fireside3\Desktop\thm_phpO5c2Wi.jpg
[2013/01/14 19:11:44 | 000,001,070 | ---- | M] () -- C:\Users\Fireside3\Desktop\Duplicate Cleaner.lnk
[2013/01/12 18:38:45 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fireside3\Desktop\TDSSKiller.exe
[2013/01/12 16:55:16 | 105,740,586 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2013/01/12 16:29:36 | 000,001,495 | ---- | M] () -- C:\Users\Fireside3\Desktop\epinephrine human dose.rtf
[2013/01/07 20:02:41 | 001,861,029 | ---- | M] () -- C:\Users\Fireside3\Desktop\attachments_2013_01_08.zip
[2013/01/07 16:16:36 | 003,058,239 | ---- | M] () -- C:\Users\Fireside3\Desktop\attachments_2013_01_07(1).zip
[2013/01/07 13:40:16 | 002,068,200 | ---- | M] () -- C:\Users\Fireside3\Desktop\attachments_2013_01_07.zip
[2013/01/05 16:41:01 | 000,018,751 | ---- | M] () -- C:\Users\Fireside3\Desktop\List.rtf
[2013/01/05 16:05:12 | 000,447,176 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20130121-055049.backup
[2013/01/04 17:08:32 | 000,003,584 | ---- | M] () -- C:\Users\Fireside3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/01 16:59:20 | 000,126,149 | ---- | M] () -- C:\Users\Fireside3\Desktop\306760_4927628276328_1577030512_n.jpg
[2012/12/27 16:30:56 | 234,399,499 | ---- | M] () -- C:\Users\Fireside3\Desktop\Hazel eats fruitcake at Xmas 2012.MP4
[2012/12/25 18:24:48 | 181,795,072 | ---- | M] () -- C:\Users\Fireside3\Desktop\Cinnabunny confronted by turtle.MP4
[2012/12/25 18:21:52 | 005,700,684 | ---- | M] () -- C:\Users\Fireside3\Desktop\DSC02788.JPG

========== Files Created - No Company Name ==========

[2013/01/23 20:25:53 | 000,014,563 | ---- | C] () -- C:\Users\Fireside3\Desktop\mystery.jpg
[2013/01/23 19:16:17 | 000,000,512 | ---- | C] () -- C:\Users\Fireside3\Desktop\MBR.dat
[2013/01/23 13:26:14 | 000,282,960 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/23 00:59:14 | 028,413,209 | ---- | C] () -- C:\Users\Fireside3\Desktop\smart meter part1.wma
[2013/01/21 06:18:02 | 000,001,386 | ---- | C] () -- C:\Users\Fireside3\Desktop\CCleaner64 - Shortcut.lnk
[2013/01/20 23:11:25 | 000,764,416 | ---- | C] () -- C:\Users\Fireside3\Desktop\RogueKiller.exe
[2013/01/19 21:02:17 | 000,574,677 | ---- | C] () -- C:\Users\Fireside3\Desktop\adwcleaner.exe
[2013/01/18 02:07:18 | 141,955,347 | ---- | C] () -- C:\Users\Fireside3\Desktop\Hazel eats fruitcake at Xmas 2012.wmv
[2013/01/18 02:07:18 | 104,023,236 | ---- | C] () -- C:\Users\Fireside3\Desktop\Hazel eats fruitcake at Xmas 2012.avi
[2013/01/17 13:59:47 | 000,027,375 | ---- | C] () -- C:\Users\Fireside3\Desktop\thm_php58NpX9.jpg
[2013/01/17 13:58:19 | 000,009,533 | ---- | C] () -- C:\Users\Fireside3\Desktop\thm_phpO5c2Wi.jpg
[2013/01/14 19:11:44 | 000,001,070 | ---- | C] () -- C:\Users\Fireside3\Desktop\Duplicate Cleaner.lnk
[2013/01/12 16:24:21 | 000,001,495 | ---- | C] () -- C:\Users\Fireside3\Desktop\epinephrine human dose.rtf
[2013/01/07 20:01:39 | 001,861,029 | ---- | C] () -- C:\Users\Fireside3\Desktop\attachments_2013_01_08.zip
[2013/01/07 16:14:47 | 003,058,239 | ---- | C] () -- C:\Users\Fireside3\Desktop\attachments_2013_01_07(1).zip
[2013/01/07 13:38:55 | 002,068,200 | ---- | C] () -- C:\Users\Fireside3\Desktop\attachments_2013_01_07.zip
[2013/01/01 16:59:18 | 000,126,149 | ---- | C] () -- C:\Users\Fireside3\Desktop\306760_4927628276328_1577030512_n.jpg
[2012/12/27 16:27:27 | 234,399,499 | ---- | C] () -- C:\Users\Fireside3\Desktop\Hazel eats fruitcake at Xmas 2012.MP4
[2012/12/25 18:22:07 | 181,795,072 | ---- | C] () -- C:\Users\Fireside3\Desktop\Cinnabunny confronted by turtle.MP4
[2012/12/25 18:21:52 | 005,700,684 | ---- | C] () -- C:\Users\Fireside3\Desktop\DSC02788.JPG
[2012/12/19 11:18:54 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/09/02 23:13:08 | 000,142,435 | ---- | C] () -- C:\windows\hpwins26.dat
[2012/09/02 23:13:08 | 000,000,370 | ---- | C] () -- C:\windows\hpwmdl26.dat
[2012/08/10 09:17:58 | 000,027,520 | ---- | C] () -- C:\Users\Fireside3\AppData\Local\dt.dat
[2012/06/26 23:02:15 | 000,000,338 | ---- | C] () -- C:\Program Files (x86)\temp995.bat
[2012/06/26 22:57:42 | 000,000,048 | ---- | C] () -- C:\windows\wpd99.drv
[2012/04/26 18:07:59 | 000,020,179 | ---- | C] () -- C:\Users\Fireside3\AppData\Roaming\UserTile.png
[2012/01/16 06:44:25 | 000,000,143 | ---- | C] () -- C:\Users\Fireside3\AppData\Local\kclientgui.ini
[2011/12/24 22:40:56 | 000,000,440 | ---- | C] () -- C:\windows\lightworks.ini
[2011/10/31 03:27:42 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2011/09/24 03:30:07 | 000,003,584 | ---- | C] () -- C:\Users\Fireside3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/06/30 04:45:15 | 000,000,275 | ---- | C] () -- C:\Users\Fireside3\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/06/23 17:09:14 | 000,000,017 | ---- | C] () -- C:\Users\Fireside3\AppData\Local\resmon.resmoncfg
[2011/06/13 20:47:32 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2011/06/13 20:47:32 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2011/06/04 16:48:34 | 000,773,296 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/31 09:05:52 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/03/31 08:47:01 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/31 08:47:01 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/31 08:46:54 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/31 08:32:27 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/03/14 11:52:18 | 000,033,792 | ---- | C] () -- C:\windows\SysWow64\rgbacodec.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/03/30 23:41:28 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/03/30 23:41:28 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 19:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:41 PM

Posted 23 January 2013 - 09:47 PM

yes I did and that is what I am going to remove with OTL since we did not run combofix
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users