Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential Malware svchost.exe -k netsvcs - Desktop


  • This topic is locked This topic is locked
22 replies to this topic

#1 captn ron

captn ron

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 26 January 2013 - 04:26 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 1.6.0_31
Run by Randy at 15:55:07 on 2013-01-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.2106 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5668E
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5668E
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5668E
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5668E
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\randy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\bigfix.lnk - c:\program files\bigfix\bigfix.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1E09D1EB-787F-4496-AD81-FF5F26CCC8A0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1E09D1EB-787F-4496-AD81-FF5F26CCC8A0}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1E09D1EB-787F-4496-AD81-FF5F26CCC8A0}\C696E6B6379737F5F475F54313032303 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1E09D1EB-787F-4496-AD81-FF5F26CCC8A0}\D4F62696C6560284F6473707F6470273037333 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{1E09D1EB-787F-4496-AD81-FF5F26CCC8A0}\E4567734163747C656 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{75DA16F0-2E37-4EDB-8A55-B4A59D61E1FD} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\randy\appdata\roaming\mozilla\firefox\profiles\p3ic464a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7de28e70-6b7e-4ad4-8c9a-54f3457dd57a%7D&mid=4bc732c0f73647d1a7a7d157d6ce30ad-9a17500a96d428a5cdb8b2643968b9a928fc107f&ds=AVG&v=9.0.0.18&lang=us&pr=fr&d=2011-12-13%2012%3A48%3A17&sap=ku&q=
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-12-14 29520]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2008-7-31 95624]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-12 255968]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-12-14 130960]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-13 855904]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-7 167264]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-24 40776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1343400]
.
=============== Created Last 30 ================
.
2013-01-24 13:17:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-24 13:17:05 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
==================== Find3M ====================
.
2013-01-09 19:24:17 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 19:24:17 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 09:47:48 255968 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85E7D4B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85e8493c]; MOV EAX, [0x85e84ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8244555A] -> \Device\Harddisk0\DR0[0x85AB3030]
3 CLASSPNP[0x8A5B059E] -> ntkrnlpa!IofCallDriver[0x8244555A] -> [0x853E58C8]
5 ACPI[0x82BBB3D4] -> ntkrnlpa!IofCallDriver[0x8244555A] -> \00000060[0x853E5B60]
\Driver\nvstor[0x85F46920] -> IRP_MJ_CREATE -> 0x85E7D4B1
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000060 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22B4A#4&1b498b83&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 625142446 (+7): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:56:08.19 ===============

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2011
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 31
Java™ 6 Update 4
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox 17.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


AdwCleaner v2.108 - Logfile created 01/26/2013 at 16:24:00
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Randy - RONNIEKARA
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Randy\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\Users\Randy\AppData\Local\AVG Security Toolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKU\S-1-5-21-211023370-562865107-2750974251-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-211023370-562865107-2750974251-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\p3ic464a.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\9.0.0.18");
Found : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B7de28e70-6b7e-4ad4-8c9a-54f3457dd57a%[...]

*************************

AdwCleaner[R1].txt - [5494 octets] - [26/01/2013 16:24:00]

########## EOF - C:\AdwCleaner[R1].txt - [5554 octets] ##########

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:40 PM

Posted 26 January 2013 - 11:52 PM

Hello captn ron,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


1.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

2.
Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 captn ron

captn ron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 27 January 2013 - 12:11 PM

Yes, I have a USB flash drive.

# AdwCleaner v2.108 - Logfile created 01/27/2013 at 11:20:02
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Randy - RONNIEKARA
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Randy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Users\Randy\AppData\Local\AVG Security Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\p3ic464a.default\prefs.js

C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\p3ic464a.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\9.0.0.18");
Deleted : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B7de28e70-6b7e-4ad4-8c9a-54f3457dd57a%[...]

*************************

AdwCleaner[R1].txt - [5623 octets] - [26/01/2013 16:24:00]
AdwCleaner[R2].txt - [5683 octets] - [26/01/2013 16:27:03]
AdwCleaner[S1].txt - [5518 octets] - [27/01/2013 11:20:02]

########## EOF - C:\AdwCleaner[S1].txt - [5578 octets] ##########

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:40 PM

Posted 29 January 2013 - 03:45 PM

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 captn ron

captn ron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 29 January 2013 - 09:07 PM

Scan ran successfully. Log posted below:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2013 02
Ran by SYSTEM at 29-01-2013 20:26:26
Running from F:\
Windows ™ Code Name "Longhorn" Preinstallation Environment (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Winlogon: [Shell] cmd.exe /k start cmd.exe [x ] ()
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ===================

3 sacsvr; C:\Windows\System32\sacsvr.dll [14848 2006-11-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

0 FBWF; C:\Windows\System32\DRIVERS\fbwf.sys [69120 2006-11-02] (Microsoft Corporation)
0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2006-11-02] (Microsoft Corporation)
0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [83560 2006-11-02] (Microsoft Corporation)
0 WimFsf; C:\Windows\System32\Drivers\WimFsf.sys [52224 2006-11-02] (Microsoft Corporation)
3 USBSTOR; C:\Windows\system32\drivers\usbstor.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========



==================== One Month Modified Files and Folders ========

2013-01-29 20:07 - 2013-01-29 20:07 - 00000000 ____D C:\FRST

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 00:52] - [2006-11-02 01:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6

c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2009-11-15 11:05:58
Restore point made on: 2009-11-16 17:40:45
Restore point made on: 2009-11-17 00:00:53
Restore point made on: 2009-11-17 17:16:08
Restore point made on: 2009-11-17 17:16:47
Restore point made on: 2009-11-17 17:24:57
Restore point made on: 2009-11-18 00:00:44
Restore point made on: 2009-11-19 04:02:04
Restore point made on: 2009-11-19 04:28:06
Restore point made on: 2009-11-20 00:00:30
Restore point made on: 2009-11-22 15:54:50
Restore point made on: 2009-11-22 17:49:16
Restore point made on: 2009-11-24 02:24:32
Restore point made on: 2009-11-26 00:01:32
Restore point made on: 2009-11-26 14:26:50
Restore point made on: 2009-11-29 00:58:05
Restore point made on: 2009-11-29 16:16:11
Restore point made on: 2009-12-01 04:19:30
Restore point made on: 2009-12-04 11:19:25
Restore point made on: 2009-12-07 16:41:50
Restore point made on: 2009-12-08 16:48:28
Restore point made on: 2009-12-08 17:56:57
Restore point made on: 2009-12-08 17:58:22
Restore point made on: 2009-12-08 18:11:36
Restore point made on: 2009-12-13 09:25:46
Restore point made on: 2009-12-13 12:42:21
Restore point made on: 2009-12-13 12:44:08
Restore point made on: 2009-12-13 12:45:54
Restore point made on: 2009-12-13 12:47:01
Restore point made on: 2009-12-13 12:51:38
Restore point made on: 2009-12-13 13:07:56
Restore point made on: 2009-12-13 13:08:59
Restore point made on: 2009-12-13 17:59:56
Restore point made on: 2009-12-13 18:16:49

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 2942.49 MB
Available physical RAM: 2589.8 MB
Total Pagefile: 2940.77 MB
Available Pagefile: 2573.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.2 MB

==================== Partitions =============================

1 Drive c: (Recovery) (Fixed) (Total:10.95 GB) (Free:0 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Partition_1) (Fixed) (Total:287.14 GB) (Free:175.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (USB20FD) (Removable) (Total:14.92 GB) (Free:0.38 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 14 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: 2527A2C7

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 10 GB 31 KB
Partition 2 Primary 287 GB 10 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Recovery NTFS Partition 10 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Partition_1 NTFS Partition 287 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 04030201

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 5272 KB

=========================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB20FD FAT32 Removable 14 GB Healthy

=========================================================
==================== End Of Log ============================

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:40 PM

Posted 29 January 2013 - 11:14 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM\...\Winlogon: [Shell] cmd.exe /k start cmd.exe [x ] ()
HKLM\...\InprocServer32: [Default-wbemess] 
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


How is your system running now?

Edited by fireman4it, 29 January 2013 - 11:14 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:40 PM

Posted 31 January 2013 - 02:17 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 captn ron

captn ron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 31 January 2013 - 06:12 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2013 02
Ran by SYSTEM at 2013-01-30 18:53:04 Run:1
Running from I:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully .
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default value was restored successfully .
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).

==== End of Fixlog ====

svchost.exe (netsvcs) is still using about 40-55% of the CPU usage. It peaks at 99%

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:40 PM

Posted 31 January 2013 - 07:29 PM

Please run just a scan using Frst like you did the first time you used it and post that log. I also need you to run this tool and post its log.


  • Download ListParts to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • Type e:/listparts.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]

Edited by fireman4it, 31 January 2013 - 07:37 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 captn ron

captn ron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 01 February 2013 - 05:38 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2013 02
Ran by SYSTEM at 01-02-2013 17:32:53
Running from G:\
Windows ™ Code Name "Longhorn" Preinstallation Environment (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()

==================== Services (Whitelisted) ===================

3 sacsvr; C:\Windows\System32\sacsvr.dll [14848 2006-11-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

0 FBWF; C:\Windows\System32\DRIVERS\fbwf.sys [69120 2006-11-02] (Microsoft Corporation)
0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [22528 2006-11-02] (Microsoft Corporation)
0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [83560 2006-11-02] (Microsoft Corporation)
0 WimFsf; C:\Windows\System32\Drivers\WimFsf.sys [52224 2006-11-02] (Microsoft Corporation)
3 USBSTOR; C:\Windows\system32\drivers\usbstor.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========



==================== One Month Modified Files and Folders ========

2013-01-29 20:07 - 2013-01-29 20:07 - 00000000 ____D C:\FRST

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 00:52] - [2006-11-02 01:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6

c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2009-11-15 11:05:58
Restore point made on: 2009-11-16 17:40:45
Restore point made on: 2009-11-17 00:00:53
Restore point made on: 2009-11-17 17:16:08
Restore point made on: 2009-11-17 17:16:47
Restore point made on: 2009-11-17 17:24:57
Restore point made on: 2009-11-18 00:00:44
Restore point made on: 2009-11-19 04:02:04
Restore point made on: 2009-11-19 04:28:06
Restore point made on: 2009-11-20 00:00:30
Restore point made on: 2009-11-22 15:54:50
Restore point made on: 2009-11-22 17:49:16
Restore point made on: 2009-11-24 02:24:32
Restore point made on: 2009-11-26 00:01:32
Restore point made on: 2009-11-26 14:26:50
Restore point made on: 2009-11-29 00:58:05
Restore point made on: 2009-11-29 16:16:11
Restore point made on: 2009-12-01 04:19:30
Restore point made on: 2009-12-04 11:19:25
Restore point made on: 2009-12-07 16:41:50
Restore point made on: 2009-12-08 16:48:28
Restore point made on: 2009-12-08 17:56:57
Restore point made on: 2009-12-08 17:58:22
Restore point made on: 2009-12-08 18:11:36
Restore point made on: 2009-12-13 09:25:46
Restore point made on: 2009-12-13 12:42:21
Restore point made on: 2009-12-13 12:44:08
Restore point made on: 2009-12-13 12:45:54
Restore point made on: 2009-12-13 12:47:01
Restore point made on: 2009-12-13 12:51:38
Restore point made on: 2009-12-13 13:07:56
Restore point made on: 2009-12-13 13:08:59
Restore point made on: 2009-12-13 17:59:56
Restore point made on: 2009-12-13 18:16:49

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 2942.49 MB
Available physical RAM: 2589.37 MB
Total Pagefile: 2940.77 MB
Available Pagefile: 2573.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.2 MB

==================== Partitions =============================

1 Drive c: (Recovery) (Fixed) (Total:10.95 GB) (Free:0 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Partition_1) (Fixed) (Total:287.14 GB) (Free:174.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 122 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: 2527A2C7

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 10 GB 31 KB
Partition 2 Primary 287 GB 10 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Recovery NTFS Partition 10 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Partition_1 NTFS Partition 287 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 122 MB 16 KB

=========================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 122 MB Healthy

=========================================================
==================== End Of Log ============================


ListParts by Farbar Version: 16-01-2013
Ran by SYSTEM (administrator) on 01-02-2013 at 17:33:40
Windows 7 (X86)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 2942.49 MB
Available physical RAM: 2575.25 MB
Total Pagefile: 2940.77 MB
Available Pagefile: 2560.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.54 MB

======================= Partitions =========================

1 Drive c: (Recovery) (Fixed) (Total:10.95 GB) (Free:0 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Partition_1) (Fixed) (Total:287.14 GB) (Free:174.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 122 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: 2527A2C7

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 10 GB 31 KB
Partition 2 Primary 287 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Recovery NTFS Partition 10 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Partition_1 NTFS Partition 287 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 122 MB 16 KB

======================================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 122 MB Healthy

======================================================================================================

****** End Of Log ******

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:40 PM

Posted 01 February 2013 - 11:53 PM

1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 captn ron

captn ron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 02 February 2013 - 11:38 AM

Seems to be working much better! Running very fast and CPU usage for processes and services below 25%. I cannot paste the logs because it is telling me my post is too long. Would you prefer I attach? I can zip it to save space.

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:40 PM

Posted 02 February 2013 - 01:38 PM

Hello,

You can use multiple posts to copy and paste the logs please.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 captn ron

captn ron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 02 February 2013 - 02:16 PM

Genius! :thumbup2: TDSS Part 1

10:48:17.0688 3480 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:48:19.0826 3480 ============================================================
10:48:19.0826 3480 Current date / time: 2013/02/02 10:48:19.0826
10:48:19.0826 3480 SystemInfo:
10:48:19.0826 3480
10:48:19.0826 3480 OS Version: 6.1.7601 ServicePack: 1.0
10:48:19.0826 3480 Product type: Workstation
10:48:19.0826 3480 ComputerName: RONNIEKARA
10:48:19.0826 3480 UserName: Randy
10:48:19.0826 3480 Windows directory: C:\Windows
10:48:19.0826 3480 System windows directory: C:\Windows
10:48:19.0826 3480 Processor architecture: Intel x86
10:48:19.0826 3480 Number of processors: 2
10:48:19.0826 3480 Page size: 0x1000
10:48:19.0826 3480 Boot type: Normal boot
10:48:19.0826 3480 ============================================================
10:48:37.0758 3480 BG loaded
10:48:38.0278 3480 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:48:38.0362 3480 Drive \Device\Harddisk3\DR3 - Size: 0x7A80000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:48:38.0378 3480 ============================================================
10:48:38.0378 3480 \Device\Harddisk0\DR0:
10:48:38.0387 3480 MBR partitions:
10:48:38.0387 3480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x15E4B16
10:48:38.0388 3480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15E4B55, BlocksNum 0x23E4975B
10:48:38.0388 3480 \Device\Harddisk3\DR3:
10:48:38.0389 3480 MBR partitions:
10:48:38.0389 3480 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3D3E0
10:48:38.0389 3480 ============================================================
10:48:38.0495 3480 C: <-> \Device\Harddisk0\DR0\Partition2
10:48:38.0621 3480 D: <-> \Device\Harddisk0\DR0\Partition1
10:48:38.0622 3480 ============================================================
10:48:38.0622 3480 Initialize success
10:48:38.0622 3480 ============================================================
10:48:50.0907 3720 ============================================================
10:48:50.0907 3720 Scan started
10:48:50.0907 3720 Mode: Manual; SigCheck; TDLFS;
10:48:50.0907 3720 ============================================================
10:48:52.0771 3720 ================ Scan system memory ========================
10:48:52.0771 3720 System memory - ok
10:48:52.0771 3720 ================ Scan services =============================
10:48:53.0324 3720 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:48:53.0582 3720 1394ohci - ok
10:48:53.0830 3720 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:48:53.0869 3720 ACDaemon - ok
10:48:53.0968 3720 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:48:54.0006 3720 ACPI - ok
10:48:54.0096 3720 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:48:54.0477 3720 AcpiPmi - ok
10:48:54.0801 3720 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:48:54.0811 3720 AdobeARMservice - ok
10:48:55.0041 3720 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:48:55.0083 3720 AdobeFlashPlayerUpdateSvc - ok
10:48:55.0249 3720 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:48:55.0276 3720 adp94xx - ok
10:48:55.0331 3720 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:48:55.0348 3720 adpahci - ok
10:48:55.0429 3720 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:48:55.0455 3720 adpu320 - ok
10:48:55.0517 3720 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:48:55.0620 3720 AeLookupSvc - ok
10:48:55.0799 3720 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
10:48:55.0918 3720 AFD - ok
10:48:55.0976 3720 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:48:55.0996 3720 agp440 - ok
10:48:56.0091 3720 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
10:48:56.0113 3720 aic78xx - ok
10:48:56.0272 3720 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
10:48:56.0375 3720 ALG - ok
10:48:56.0427 3720 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
10:48:56.0446 3720 aliide - ok
10:48:56.0495 3720 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:48:56.0534 3720 amdagp - ok
10:48:56.0621 3720 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
10:48:56.0654 3720 amdide - ok
10:48:56.0802 3720 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:48:56.0964 3720 AmdK8 - ok
10:48:57.0000 3720 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:48:57.0042 3720 AmdPPM - ok
10:48:57.0116 3720 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:48:57.0144 3720 amdsata - ok
10:48:57.0226 3720 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:48:57.0240 3720 amdsbs - ok
10:48:57.0269 3720 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:48:57.0292 3720 amdxata - ok
10:48:57.0348 3720 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
10:48:57.0409 3720 AppID - ok
10:48:57.0454 3720 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:48:57.0581 3720 AppIDSvc - ok
10:48:57.0697 3720 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
10:48:57.0803 3720 Appinfo - ok
10:48:57.0970 3720 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:48:57.0991 3720 Apple Mobile Device - ok
10:48:58.0057 3720 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:48:58.0088 3720 arc - ok
10:48:58.0107 3720 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:48:58.0131 3720 arcsas - ok
10:48:58.0204 3720 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:48:58.0356 3720 AsyncMac - ok
10:48:58.0416 3720 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
10:48:58.0448 3720 atapi - ok
10:48:58.0601 3720 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:48:58.0675 3720 AudioEndpointBuilder - ok
10:48:58.0693 3720 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:48:58.0733 3720 Audiosrv - ok
10:48:59.0097 3720 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
10:48:59.0146 3720 AVG Security Toolbar Service - ok
10:49:00.0094 3720 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
10:49:00.0197 3720 AVGIDSAgent - ok
10:49:00.0268 3720 [ B9ACB889BA1E0561868C025F95D63E25 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:49:00.0279 3720 AVGIDSDriver - ok
10:49:00.0349 3720 [ 13256FC72FA5B3F6D6E8C5957E579B7C ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:49:00.0359 3720 AVGIDSEH - ok
10:49:00.0378 3720 [ FA0685CC51DE5CFD804E7DEAA6488E0E ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:49:00.0388 3720 AVGIDSFilter - ok
10:49:00.0404 3720 [ F788B51100D0F40EA176798CCE954A1A ] AVGIDSShim C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
10:49:00.0414 3720 AVGIDSShim - ok
10:49:00.0522 3720 [ 901EB73F900D8DD1E8862C40427B83AE ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
10:49:00.0536 3720 Avgldx86 - ok
10:49:00.0583 3720 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
10:49:00.0593 3720 Avgmfx86 - ok
10:49:00.0638 3720 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
10:49:00.0676 3720 Avgrkx86 - ok
10:49:00.0717 3720 [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
10:49:00.0739 3720 Avgtdix - ok
10:49:00.0848 3720 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe
10:49:00.0862 3720 avgwd - ok
10:49:00.0976 3720 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:49:01.0068 3720 AxInstSV - ok
10:49:01.0161 3720 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
10:49:01.0261 3720 b06bdrv - ok
10:49:01.0330 3720 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:49:01.0398 3720 b57nd60x - ok
10:49:02.0020 3720 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
10:49:02.0089 3720 BCM43XX - ok
10:49:02.0233 3720 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
10:49:02.0369 3720 BDESVC - ok
10:49:02.0459 3720 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
10:49:02.0544 3720 Beep - ok
10:49:02.0595 3720 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:49:02.0628 3720 blbdrive - ok
10:49:02.0777 3720 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:49:02.0790 3720 Bonjour Service - ok
10:49:02.0839 3720 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:49:02.0864 3720 bowser - ok
10:49:02.0896 3720 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:49:03.0146 3720 BrFiltLo - ok
10:49:03.0178 3720 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:49:03.0272 3720 BrFiltUp - ok
10:49:03.0340 3720 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
10:49:03.0377 3720 Browser - ok
10:49:03.0446 3720 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:49:03.0490 3720 Brserid - ok
10:49:03.0520 3720 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:49:03.0609 3720 BrSerWdm - ok
10:49:03.0648 3720 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:49:03.0732 3720 BrUsbMdm - ok
10:49:03.0757 3720 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:49:03.0838 3720 BrUsbSer - ok
10:49:03.0864 3720 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:49:03.0921 3720 BTHMODEM - ok
10:49:04.0068 3720 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
10:49:04.0121 3720 bthserv - ok
10:49:04.0200 3720 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:49:04.0297 3720 cdfs - ok
10:49:04.0530 3720 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:49:04.0645 3720 cdrom - ok
10:49:04.0813 3720 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
10:49:04.0912 3720 CertPropSvc - ok
10:49:05.0027 3720 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:49:05.0124 3720 circlass - ok
10:49:05.0256 3720 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
10:49:05.0342 3720 CLFS - ok
10:49:06.0247 3720 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:49:06.0432 3720 clr_optimization_v2.0.50727_32 - ok
10:49:06.0931 3720 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:49:07.0361 3720 clr_optimization_v4.0.30319_32 - ok
10:49:07.0452 3720 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:49:07.0537 3720 CmBatt - ok
10:49:07.0803 3720 [ 60404D612FDE353D73C818D3905A5D76 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
10:49:07.0844 3720 cmdAgent - ok
10:49:07.0957 3720 [ 95B4DEE20D89403D636DCA2BE73742CB ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
10:49:07.0971 3720 cmdGuard - ok
10:49:08.0131 3720 [ 12186867F48B4817C58D45F268FDA3D5 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
10:49:08.0140 3720 cmdHlp - ok
10:49:08.0220 3720 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:49:08.0254 3720 cmdide - ok
10:49:08.0555 3720 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
10:49:08.0598 3720 CNG - ok
10:49:08.0679 3720 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:49:08.0761 3720 Compbatt - ok
10:49:09.0069 3720 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:49:09.0095 3720 CompositeBus - ok
10:49:09.0240 3720 COMSysApp - ok
10:49:09.0369 3720 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:49:09.0440 3720 crcdisk - ok
10:49:09.0738 3720 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:49:09.0932 3720 CryptSvc - ok
10:49:10.0295 3720 [ 7CAAF4AF453EF3582FEF65DD72CAA0AA ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
10:49:10.0475 3720 dc3d - ok
10:49:10.0895 3720 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
10:49:11.0008 3720 DcomLaunch - ok
10:49:11.0216 3720 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
10:49:11.0406 3720 defragsvc - ok
10:49:11.0648 3720 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:49:11.0760 3720 DfsC - ok
10:49:12.0187 3720 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:49:12.0301 3720 Dhcp - ok
10:49:12.0447 3720 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
10:49:12.0529 3720 discache - ok
10:49:12.0801 3720 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:49:12.0848 3720 Disk - ok
10:49:13.0120 3720 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:49:13.0215 3720 Dnscache - ok
10:49:13.0438 3720 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
10:49:13.0595 3720 dot3svc - ok
10:49:13.0758 3720 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
10:49:13.0946 3720 DPS - ok
10:49:14.0396 3720 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:49:14.0471 3720 drmkaud - ok
10:49:14.0977 3720 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:49:15.0014 3720 DXGKrnl - ok
10:49:15.0189 3720 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
10:49:15.0264 3720 EapHost - ok
10:49:17.0002 3720 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
10:49:17.0210 3720 ebdrv - ok
10:49:17.0330 3720 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
10:49:17.0405 3720 EFS - ok
10:49:18.0164 3720 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:49:18.0455 3720 ehRecvr - ok
10:49:18.0568 3720 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
10:49:18.0767 3720 ehSched - ok
10:49:18.0917 3720 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:49:18.0954 3720 elxstor - ok
10:49:19.0654 3720 [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
10:49:19.0722 3720 EPSON_EB_RPCV4_01 - ok
10:49:20.0121 3720 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
10:49:20.0210 3720 EPSON_PM_RPCV4_01 - ok
10:49:20.0331 3720 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:49:20.0459 3720 ErrDev - ok
10:49:20.0750 3720 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
10:49:20.0862 3720 EventSystem - ok
10:49:21.0020 3720 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
10:49:21.0095 3720 exfat - ok
10:49:21.0211 3720 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:49:21.0331 3720 fastfat - ok
10:49:21.0734 3720 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
10:49:21.0844 3720 Fax - ok
10:49:21.0992 3720 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:49:22.0139 3720 fdc - ok
10:49:22.0303 3720 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
10:49:22.0402 3720 fdPHost - ok
10:49:22.0512 3720 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
10:49:22.0642 3720 FDResPub - ok
10:49:22.0721 3720 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:49:22.0781 3720 FileInfo - ok
10:49:22.0865 3720 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:49:22.0934 3720 Filetrace - ok
10:49:23.0085 3720 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:49:23.0245 3720 flpydisk - ok
10:49:23.0372 3720 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:49:23.0392 3720 FltMgr - ok
10:49:23.0572 3720 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
10:49:23.0620 3720 FontCache - ok
10:49:23.0726 3720 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:49:23.0748 3720 FontCache3.0.0.0 - ok
10:49:23.0812 3720 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:49:23.0839 3720 FsDepends - ok
10:49:23.0892 3720 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:49:23.0943 3720 Fs_Rec - ok
10:49:24.0148 3720 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:49:24.0172 3720 fvevol - ok
10:49:24.0368 3720 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:49:24.0410 3720 gagp30kx - ok
10:49:24.0605 3720 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
10:49:24.0613 3720 GEARAspiWDM - ok
10:49:25.0075 3720 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
10:49:25.0217 3720 gpsvc - ok
10:49:25.0938 3720 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:49:25.0965 3720 gupdate - ok
10:49:26.0114 3720 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:49:26.0126 3720 gupdatem - ok
10:49:26.0927 3720 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:49:27.0094 3720 gusvc - ok
10:49:27.0242 3720 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:49:27.0503 3720 hcw85cir - ok
10:49:27.0728 3720 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:49:27.0806 3720 HDAudBus - ok
10:49:27.0948 3720 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:49:28.0078 3720 HidBatt - ok
10:49:28.0149 3720 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:49:28.0320 3720 HidBth - ok
10:49:28.0513 3720 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:49:28.0667 3720 HidIr - ok
10:49:28.0861 3720 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
10:49:28.0984 3720 hidserv - ok
10:49:29.0247 3720 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:49:29.0411 3720 HidUsb - ok
10:49:29.0554 3720 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:49:29.0734 3720 hkmsvc - ok
10:49:29.0937 3720 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:49:30.0088 3720 HomeGroupListener - ok
10:49:30.0299 3720 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:49:30.0366 3720 HomeGroupProvider - ok
10:49:30.0578 3720 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:49:30.0705 3720 HpSAMD - ok
10:49:31.0067 3720 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:49:31.0128 3720 HTTP - ok
10:49:31.0268 3720 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:49:31.0322 3720 hwpolicy - ok
10:49:31.0591 3720 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:49:31.0680 3720 i8042prt - ok
10:49:31.0987 3720 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:49:32.0080 3720 iaStorV - ok
10:49:32.0539 3720 [ 6AA3F94167A12B5BCCBD0883ED27AEA0 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:49:32.0801 3720 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:49:32.0801 3720 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:49:33.0507 3720 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:49:33.0672 3720 idsvc - ok
10:49:33.0862 3720 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:49:33.0897 3720 iirsp - ok
10:49:34.0240 3720 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
10:49:34.0409 3720 IKEEXT - ok
10:49:34.0559 3720 [ 1D79596C08A0153335021ADE850A0710 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
10:49:34.0575 3720 inspect - ok
10:49:35.0902 3720 [ 4E38A2883DF3BA382A59132B3E7D709E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:49:35.0967 3720 IntcAzAudAddService - ok
10:49:36.0036 3720 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
10:49:36.0087 3720 intelide - ok
10:49:36.0326 3720 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:49:36.0462 3720 intelppm - ok
10:49:36.0602 3720 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:49:36.0860 3720 IPBusEnum - ok
10:49:36.0967 3720 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:49:37.0134 3720 IpFilterDriver - ok
10:49:37.0257 3720 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:49:37.0426 3720 IPMIDRV - ok
10:49:37.0569 3720 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:49:37.0726 3720 IPNAT - ok
10:49:37.0886 3720 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:49:39.0067 3720 IRENUM - ok
10:49:39.0244 3720 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:49:39.0350 3720 isapnp - ok
10:49:39.0594 3720 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:49:39.0721 3720 iScsiPrt - ok
10:49:40.0011 3720 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:49:40.0029 3720 kbdclass - ok
10:49:40.0449 3720 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:49:40.0615 3720 kbdhid - ok
10:49:40.0705 3720 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
10:49:40.0722 3720 KeyIso - ok
10:49:40.0863 3720 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:49:40.0874 3720 KSecDD - ok
10:49:41.0011 3720 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:49:41.0042 3720 KSecPkg - ok
10:49:41.0363 3720 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
10:49:41.0643 3720 KtmRm - ok
10:49:41.0980 3720 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
10:49:42.0098 3720 LanmanServer - ok
10:49:42.0230 3720 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:49:42.0256 3720 LanmanWorkstation - ok
10:49:42.0595 3720 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:49:42.0689 3720 lltdio - ok
10:49:42.0917 3720 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:49:43.0147 3720 lltdsvc - ok
10:49:43.0223 3720 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
10:49:43.0346 3720 lmhosts - ok
10:49:43.0539 3720 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:49:43.0597 3720 LSI_FC - ok
10:49:43.0996 3720 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:49:44.0079 3720 LSI_SAS - ok
10:49:44.0263 3720 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:49:44.0347 3720 LSI_SAS2 - ok
10:49:44.0488 3720 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:49:44.0559 3720 LSI_SCSI - ok
10:49:44.0650 3720 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
10:49:44.0720 3720 luafv - ok
10:49:44.0935 3720 MaxBackServiceInt - ok
10:49:45.0506 3720 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
10:49:45.0621 3720 MBAMSwissArmy - ok
10:49:45.0775 3720 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:49:45.0921 3720 Mcx2Svc - ok
10:49:46.0031 3720 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:49:46.0115 3720 megasas - ok
10:49:46.0338 3720 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:49:46.0418 3720 MegaSR - ok
10:49:46.0791 3720 Microsoft SharePoint Workspace Audit Service - ok
10:49:46.0854 3720 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
10:49:46.0931 3720 MMCSS - ok
10:49:46.0961 3720 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
10:49:47.0011 3720 Modem - ok
10:49:47.0061 3720 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:49:47.0096 3720 monitor - ok
10:49:47.0124 3720 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:49:47.0135 3720 mouclass - ok
10:49:47.0190 3720 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:49:47.0224 3720 mouhid - ok
10:49:47.0268 3720 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:49:47.0287 3720 mountmgr - ok
10:49:47.0436 3720 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:49:47.0464 3720 MozillaMaintenance - ok
10:49:47.0504 3720 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
10:49:47.0521 3720 mpio - ok
10:49:47.0580 3720 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:49:47.0743 3720 mpsdrv - ok
10:49:47.0870 3720 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:49:48.0115 3720 MRxDAV - ok
10:49:48.0287 3720 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:49:48.0456 3720 mrxsmb - ok
10:49:48.0693 3720 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:49:48.0707 3720 mrxsmb10 - ok
10:49:48.0884 3720 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:49:48.0967 3720 mrxsmb20 - ok
10:49:49.0136 3720 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
10:49:49.0175 3720 msahci - ok
10:49:49.0317 3720 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:49:49.0356 3720 msdsm - ok
10:49:49.0404 3720 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
10:49:49.0460 3720 MSDTC - ok
10:49:49.0519 3720 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:49:49.0544 3720 Msfs - ok
10:49:49.0579 3720 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:49:49.0689 3720 mshidkmdf - ok
10:49:49.0758 3720 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:49:49.0799 3720 msisadrv - ok
10:49:49.0886 3720 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:49:50.0037 3720 MSiSCSI - ok
10:49:50.0043 3720 msiserver - ok
10:49:50.0300 3720 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:49:50.0500 3720 MSKSSRV - ok
10:49:50.0729 3720 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:49:50.0923 3720 MSPCLOCK - ok
10:49:51.0151 3720 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:49:51.0373 3720 MSPQM - ok
10:49:51.0512 3720 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:49:51.0620 3720 MsRPC - ok
10:49:51.0760 3720 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:49:51.0771 3720 mssmbios - ok
10:49:51.0978 3720 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:49:52.0095 3720 MSTEE - ok
10:49:52.0229 3720 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:49:52.0388 3720 MTConfig - ok
10:49:52.0454 3720 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
10:49:52.0533 3720 Mup - ok
10:49:52.0902 3720 [ C29F284FF7AB4ED38CE419A9424E52A2 ] MXOPSWD C:\Windows\system32\DRIVERS\mxopswd.sys
10:49:53.0046 3720 MXOPSWD - ok
10:49:53.0281 3720 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
10:49:53.0377 3720 napagent - ok
10:49:53.0763 3720 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:49:53.0819 3720 NativeWifiP - ok
10:49:54.0266 3720 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
10:49:54.0338 3720 NAUpdate - ok
10:49:54.0836 3720 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:49:54.0879 3720 NDIS - ok
10:49:55.0111 3720 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:49:55.0170 3720 NdisCap - ok
10:49:55.0290 3720 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:49:55.0429 3720 NdisTapi - ok
10:49:55.0597 3720 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:49:55.0676 3720 Ndisuio - ok
10:49:55.0766 3720 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:49:55.0850 3720 NdisWan - ok
10:49:55.0956 3720 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:49:55.0980 3720 NDProxy - ok
10:49:56.0150 3720 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:49:56.0325 3720 NetBIOS - ok
10:49:56.0700 3720 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:49:56.0826 3720 NetBT - ok
10:49:56.0846 3720 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
10:49:56.0871 3720 Netlogon - ok
10:49:56.0957 3720 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
10:49:56.0988 3720 Netman - ok
10:49:57.0033 3720 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
10:49:57.0102 3720 netprofm - ok
10:49:57.0279 3720 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:49:57.0306 3720 NetTcpPortSharing - ok
10:49:57.0408 3720 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:49:57.0464 3720 nfrd960 - ok
10:49:57.0540 3720 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:49:57.0594 3720 NlaSvc - ok
10:49:57.0610 3720 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:49:57.0688 3720 Npfs - ok
10:49:57.0733 3720 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
10:49:57.0780 3720 nsi - ok
10:49:57.0815 3720 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:49:57.0867 3720 nsiproxy - ok
10:49:57.0927 3720 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:49:58.0051 3720 Ntfs - ok
10:49:58.0117 3720 [ EF2B9A14EC5DD74ADE3417FAF1B45E16 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
10:49:58.0127 3720 NuidFltr - ok
10:49:58.0163 3720 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
10:49:58.0214 3720 Null - ok
10:49:58.0323 3720 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
10:49:58.0341 3720 NVENETFD - ok
10:50:00.0582 3720 [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:50:00.0736 3720 nvlddmkm - ok
10:50:00.0779 3720 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:50:00.0801 3720 nvraid - ok
10:50:00.0838 3720 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:50:00.0852 3720 nvstor - ok
10:50:00.0889 3720 [ A1CE1A6FD74C046F029448FCFA5E386D ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
10:50:00.0927 3720 nvstor32 - ok
10:50:00.0984 3720 [ 387DC341E2AED29EB8F67B6EE53BB43B ] nvsvc C:\Windows\system32\nvvsvc.exe
10:50:00.0997 3720 nvsvc - ok
10:50:01.0017 3720 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:50:01.0030 3720 nv_agp - ok
10:50:01.0083 3720 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:50:01.0119 3720 ohci1394 - ok
10:50:01.0173 3720 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:50:01.0220 3720 ose - ok
10:50:01.0407 3720 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:50:01.0548 3720 osppsvc - ok
10:50:01.0591 3720 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:50:01.0660 3720 p2pimsvc - ok
10:50:01.0713 3720 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
10:50:01.0754 3720 p2psvc - ok
10:50:01.0795 3720 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:50:01.0863 3720 Parport - ok
10:50:01.0912 3720 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:50:01.0932 3720 partmgr - ok
10:50:01.0967 3720 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
10:50:02.0011 3720 Parvdm - ok
10:50:02.0059 3720 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:50:02.0085 3720 PcaSvc - ok
10:50:02.0113 3720 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
10:50:02.0127 3720 pci - ok
10:50:02.0156 3720 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
10:50:02.0181 3720 pciide - ok
10:50:02.0218 3720 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:50:02.0248 3720 pcmcia - ok
10:50:02.0256 3720 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
10:50:02.0274 3720 pcw - ok
10:50:02.0301 3720 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:50:02.0349 3720 PEAUTH - ok
10:50:02.0417 3720 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
10:50:02.0503 3720 pla - ok
10:50:02.0547 3720 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:50:02.0628 3720 PlugPlay - ok
10:50:02.0654 3720 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:50:02.0694 3720 PNRPAutoReg - ok
10:50:02.0725 3720 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:50:02.0743 3720 PNRPsvc - ok
10:50:02.0792 3720 [ 60A044879C4FA76314494F5FDDC43B93 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
10:50:02.0801 3720 Point32 - ok
10:50:02.0839 3720 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:50:02.0893 3720 PolicyAgent - ok
10:50:02.0932 3720 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
10:50:02.0977 3720 Power - ok
10:50:03.0022 3720 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:50:03.0071 3720 PptpMiniport - ok
10:50:03.0106 3720 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:50:03.0135 3720 Processor - ok
10:50:03.0182 3720 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
10:50:03.0242 3720 ProfSvc - ok
10:50:03.0271 3720 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:50:03.0307 3720 ProtectedStorage - ok
10:50:03.0338 3720 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:50:03.0382 3720 Psched - ok
10:50:03.0429 3720 [ 9B57F6A0C23C32F835A30D911D56334D ] pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys
10:50:03.0440 3720 pwipf6 - ok
10:50:03.0521 3720 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
10:50:03.0539 3720 PxHelp20 - ok
10:50:03.0623 3720 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:50:03.0671 3720 ql2300 - ok
10:50:03.0689 3720 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:50:03.0706 3720 ql40xx - ok
10:50:03.0741 3720 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
10:50:03.0792 3720 QWAVE - ok
10:50:03.0817 3720 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:50:03.0844 3720 QWAVEdrv - ok
10:50:03.0859 3720 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:50:03.0896 3720 RasAcd - ok
10:50:03.0936 3720 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:50:03.0991 3720 RasAgileVpn - ok
10:50:04.0014 3720 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
10:50:04.0058 3720 RasAuto - ok
10:50:04.0069 3720 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:50:04.0128 3720 Rasl2tp - ok
10:50:04.0174 3720 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
10:50:04.0252 3720 RasMan - ok
10:50:04.0295 3720 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:50:04.0333 3720 RasPppoe - ok
10:50:04.0363 3720 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:50:04.0425 3720 RasSstp - ok
10:50:04.0462 3720 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:50:04.0521 3720 rdbss - ok
10:50:04.0548 3720 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:50:04.0595 3720 rdpbus - ok
10:50:04.0636 3720 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:50:04.0688 3720 RDPCDD - ok
10:50:04.0725 3720 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:50:04.0785 3720 RDPENCDD - ok
10:50:04.0820 3720 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:50:04.0877 3720 RDPREFMP - ok
10:50:04.0915 3720 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:50:04.0981 3720 RDPWD - ok
10:50:05.0028 3720 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:50:05.0043 3720 rdyboost - ok
10:50:05.0080 3720 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
10:50:05.0146 3720 RemoteAccess - ok
10:50:05.0181 3720 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:50:05.0245 3720 RemoteRegistry - ok
10:50:05.0270 3720 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
10:50:05.0296 3720 RimVSerPort - ok
10:50:05.0331 3720 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
10:50:05.0390 3720 ROOTMODEM - ok
10:50:05.0419 3720 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:50:05.0478 3720 RpcEptMapper - ok
10:50:05.0505 3720 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
10:50:05.0547 3720 RpcLocator - ok
10:50:05.0575 3720 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
10:50:05.0615 3720 RpcSs - ok
10:50:05.0638 3720 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:50:05.0676 3720 rspndr - ok
10:50:05.0694 3720 [ 59B8716084597C9D6D7165835C8479C1 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
10:50:05.0756 3720 RTSTOR - ok
10:50:05.0771 3720 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
10:50:05.0798 3720 SamSs - ok
10:50:05.0836 3720 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:50:05.0849 3720 sbp2port - ok
10:50:05.0889 3720 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:50:05.0947 3720 SCardSvr - ok
10:50:05.0967 3720 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:50:06.0028 3720 scfilter - ok
10:50:06.0067 3720 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
10:50:06.0136 3720 Schedule - ok
10:50:06.0163 3720 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:50:06.0198 3720 SCPolicySvc - ok
10:50:06.0237 3720 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:50:06.0294 3720 SDRSVC - ok
10:50:06.0357 3720 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:50:06.0373 3720 SeaPort - ok
10:50:06.0404 3720 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:50:06.0462 3720 secdrv - ok
10:50:06.0497 3720 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
10:50:06.0560 3720 seclogon - ok
10:50:06.0585 3720 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
10:50:06.0646 3720 SENS - ok
10:50:06.0690 3720 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:50:06.0759 3720 SensrSvc - ok
10:50:06.0789 3720 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:50:06.0809 3720 Serenum - ok
10:50:06.0834 3720 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:50:06.0854 3720 Serial - ok
10:50:06.0879 3720 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:50:06.0909 3720 sermouse - ok
10:50:06.0961 3720 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
10:50:07.0002 3720 SessionEnv - ok
10:50:07.0026 3720 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:50:07.0062 3720 sffdisk - ok
10:50:07.0082 3720 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:50:07.0112 3720 sffp_mmc - ok
10:50:07.0133 3720 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:50:07.0162 3720 sffp_sd - ok
10:50:07.0182 3720 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:50:07.0210 3720 sfloppy - ok
10:50:07.0260 3720 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:50:07.0344 3720 ShellHWDetection - ok
10:50:07.0369 3720 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:50:07.0384 3720 sisagp - ok
10:50:07.0413 3720 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:50:07.0428 3720 SiSRaid2 - ok
10:50:07.0447 3720 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:50:07.0459 3720 SiSRaid4 - ok
10:50:07.0485 3720 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:50:07.0515 3720 Smb - ok
10:50:07.0569 3720 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:50:07.0584 3720 SNMPTRAP - ok
10:50:07.0592 3720 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
10:50:07.0605 3720 spldr - ok
10:50:07.0640 3720 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
10:50:07.0658 3720 Spooler - ok
10:50:07.0743 3720 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
10:50:07.0821 3720 sppsvc - ok
10:50:07.0855 3720 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:50:07.0903 3720 sppuinotify - ok
10:50:07.0939 3720 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:50:07.0995 3720 srv - ok
10:50:08.0016 3720 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:50:08.0046 3720 srv2 - ok
10:50:08.0068 3720 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:50:08.0091 3720 srvnet - ok
10:50:08.0130 3720 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:50:08.0210 3720 SSDPSRV - ok
10:50:08.0235 3720 [ 8564BC9598BE1705477B7FA61D657C2B ] SSKBFD C:\Windows\system32\Drivers\sskbfd.sys
10:50:08.0246 3720 SSKBFD - ok
10:50:08.0262 3720 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:50:08.0315 3720 SstpSvc - ok
10:50:08.0364 3720 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:50:08.0375 3720 stexstor - ok
10:50:08.0426 3720 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
10:50:08.0468 3720 StiSvc - ok
10:50:08.0509 3720 [ 7489520E98A119B5A9A00857F4F87D16 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:50:08.0519 3720 stllssvr - ok
10:50:08.0537 3720 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
10:50:08.0547 3720 swenum - ok
10:50:08.0582 3720 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
10:50:08.0647 3720 swprv - ok
10:50:08.0725 3720 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
10:50:08.0797 3720 SysMain - ok
10:50:08.0827 3720 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:50:08.0848 3720 TabletInputService - ok
10:50:08.0885 3720 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
10:50:08.0935 3720 TapiSrv - ok
10:50:08.0958 3720 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
10:50:09.0005 3720 TBS - ok
10:50:09.0076 3720 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:50:09.0104 3720 Tcpip - ok
10:50:09.0143 3720 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:50:09.0172 3720 TCPIP6 - ok
10:50:09.0214 3720 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:50:09.0272 3720 tcpipreg - ok
10:50:09.0319 3720 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:50:09.0354 3720 TDPIPE - ok
10:50:09.0390 3720 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:50:09.0443 3720 TDTCP - ok
10:50:09.0490 3720 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:50:09.0536 3720 tdx - ok
10:50:09.0577 3720 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:50:09.0589 3720 TermDD - ok
10:50:09.0633 3720 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
10:50:09.0674 3720 TermService - ok
10:50:09.0703 3720 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
10:50:09.0736 3720 Themes - ok
10:50:09.0762 3720 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
10:50:09.0789 3720 THREADORDER - ok
10:50:09.0805 3720 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
10:50:09.0854 3720 TrkWks - ok
10:50:09.0914 3720 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:50:10.0002 3720 TrustedInstaller - ok
10:50:10.0049 3720 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:50:10.0096 3720 tssecsrv - ok
10:50:10.0141 3720 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:50:10.0172 3720 TsUsbFlt - ok
10:50:10.0236 3720 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:50:10.0276 3720 tunnel - ok
10:50:10.0318 3720 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:50:10.0330 3720 uagp35 - ok
10:50:10.0365 3720 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:50:10.0409 3720 udfs - ok
10:50:10.0444 3720 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:50:10.0484 3720 UI0Detect - ok
10:50:10.0519 3720 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:50:10.0531 3720 uliagpkx - ok
10:50:10.0554 3720 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
10:50:10.0597 3720 umbus - ok
10:50:10.0633 3720 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:50:10.0665 3720 UmPass - ok
10:50:10.0690 3720 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
10:50:10.0745 3720 upnphost - ok
10:50:10.0793 3720 [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
10:50:10.0821 3720 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
10:50:10.0821 3720 USBAAPL - detected UnsignedFile.Multi.Generic (1)
10:50:10.0865 3720 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:50:10.0901 3720 usbccgp - ok
10:50:10.0957 3720 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:50:10.0983 3720 usbcir - ok
10:50:11.0002 3720 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:50:11.0016 3720 usbehci - ok
10:50:11.0084 3720 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:50:11.0142 3720 usbhub - ok
10:50:11.0172 3720 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:50:11.0222 3720 usbohci - ok
10:50:11.0278 3720 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:50:11.0309 3720 usbprint - ok
10:50:11.0345 3720 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:50:11.0394 3720 usbscan - ok
10:50:11.0419 3720 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:50:11.0474 3720 USBSTOR - ok
10:50:11.0507 3720 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:50:11.0520 3720 usbuhci - ok
10:50:11.0555 3720 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
10:50:11.0580 3720 UxSms - ok
10:50:11.0587 3720 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
10:50:11.0602 3720 VaultSvc - ok
10:50:11.0623 3720 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:50:11.0636 3720 vdrvroot - ok
10:50:11.0675 3720 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
10:50:11.0734 3720 vds - ok
10:50:11.0785 3720 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:50:11.0849 3720 vga - ok
10:50:11.0892 3720 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:50:11.0934 3720 VgaSave - ok
10:50:11.0958 3720 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:50:11.0979 3720 vhdmp - ok
10:50:12.0006 3720 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:50:12.0020 3720 viaagp - ok
10:50:12.0036 3720 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
10:50:12.0073 3720 ViaC7 - ok
10:50:12.0108 3720 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
10:50:12.0119 3720 viaide - ok
10:50:12.0148 3720 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:50:12.0160 3720 volmgr - ok
10:50:12.0181 3720 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:50:12.0198 3720 volmgrx - ok
10:50:12.0221 3720 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:50:12.0236 3720 volsnap - ok
10:50:12.0272 3720 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:50:12.0286 3720 vsmraid - ok
10:50:12.0328 3720 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
10:50:12.0399 3720 VSS - ok
10:50:12.0460 3720 vToolbarUpdater - ok
10:50:12.0516 3720 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:50:12.0570 3720 vwifibus - ok
10:50:12.0607 3720 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:50:12.0631 3720 vwififlt - ok
10:50:12.0649 3720 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:50:12.0681 3720 vwifimp - ok
10:50:12.0718 3720 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
10:50:12.0770 3720 W32Time - ok
10:50:12.0799 3720 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:50:12.0839 3720 WacomPen - ok
10:50:12.0894 3720 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:50:12.0935 3720 WANARP - ok
10:50:12.0940 3720 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:50:12.0966 3720 Wanarpv6 - ok
10:50:13.0043 3720 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:50:13.0091 3720 WatAdminSvc - ok
10:50:13.0143 3720 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
10:50:13.0205 3720 wbengine - ok
10:50:13.0237 3720 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:50:13.0284 3720 WbioSrvc - ok
10:50:13.0333 3720 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:50:13.0399 3720 wcncsvc - ok
10:50:13.0416 3720 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:50:13.0453 3720 WcsPlugInService - ok
10:50:13.0493 3720 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:50:13.0510 3720 Wd - ok
10:50:13.0541 3720 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:50:13.0573 3720 Wdf01000 - ok
10:50:13.0587 3720 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:50:13.0605 3720 WdiServiceHost - ok
10:50:13.0612 3720 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:50:13.0632 3720 WdiSystemHost - ok
10:50:13.0667 3720 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
10:50:13.0712 3720 WebClient - ok
10:50:13.0746 3720 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:50:13.0781 3720 Wecsvc - ok
10:50:13.0797 3720 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:50:13.0853 3720 wercplsupport - ok
10:50:13.0887 3720 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
10:50:13.0934 3720 WerSvc - ok
10:50:13.0978 3720 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:50:14.0061 3720 WfpLwf - ok
10:50:14.0078 3720 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:50:14.0093 3720 WIMMount - ok
10:50:14.0104 3720 WinHttpAutoProxySvc - ok
10:50:14.0181 3720 [ BC9D70133D8DAE53BA7600F61F21533D ] Winmgmt C:\Windows\system32\config\SYSTEM~1\1511242.dll
10:50:14.0189 3720 Winmgmt ( UnsignedFile.Multi.Generic ) - warning
10:50:14.0189 3720 Winmgmt - detected UnsignedFile.Multi.Generic (1)
10:50:14.0244 3720 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
10:50:14.0318 3720 WinRM - ok
10:50:14.0374 3720 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:50:14.0414 3720 WinUsb - ok
10:50:14.0468 3720 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:50:14.0510 3720 Wlansvc - ok
10:50:14.0567 3720 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:50:14.0599 3720 wlidsvc - ok
10:50:14.0620 3720 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:50:14.0656 3720 WmiAcpi - ok
10:50:14.0732 3720 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:50:14.0810 3720 wmiApSrv - ok
10:50:14.0903 3720 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:50:14.0929 3720 WMPNetworkSvc - ok
10:50:14.0964 3720 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:50:14.0989 3720 WPCSvc - ok
10:50:15.0021 3720 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:50:15.0053 3720 WPDBusEnum - ok
10:50:15.0096 3720 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:50:15.0147 3720 ws2ifsl - ok
10:50:15.0152 3720 WSearch - ok
10:50:15.0191 3720 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:50:15.0231 3720 WudfPf - ok
10:50:15.0285 3720 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:50:15.0330 3720 WUDFRd - ok
10:50:15.0368 3720 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:50:15.0394 3720 wudfsvc - ok
10:50:15.0431 3720 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
10:50:15.0484 3720 WwanSvc - ok
10:50:15.0561 3720 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:50:15.0577 3720 YahooAUService - ok
10:50:15.0601 3720 ================ Scan global ===============================
10:50:15.0633 3720 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
10:50:15.0655 3720 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
10:50:15.0672 3720 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
10:50:15.0702 3720 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
10:50:15.0740 3720 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
10:50:15.0744 3720 [Global] - ok
10:50:15.0744 3720 ================ Scan MBR ==================================
10:50:15.0761 3720 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:50:15.0761 3720 Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:50:15.0793 3720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:50:15.0793 3720 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:50:15.0822 3720 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:50:15.0822 3720 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:50:15.0840 3720 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
10:50:16.0107 3720 \Device\Harddisk3\DR3 - ok
10:50:16.0107 3720 ================ Scan VBR ==================================
10:50:16.0111 3720 [ 281333A901BDA888EE86AB2D285ABF2F ] \Device\Harddisk0\DR0\Partition1
10:50:16.0112 3720 \Device\Harddisk0\DR0\Partition1 - ok
10:50:16.0150 3720 [ 683BEAE4967D18064C92CFC259BC95C8 ] \Device\Harddisk0\DR0\Partition2
10:50:16.0151 3720 \Device\Harddisk0\DR0\Partition2 - ok
10:50:16.0158 3720 [ 8E37CFAAF16E1C61BA914B31433B6D1B ] \Device\Harddisk3\DR3\Partition1
10:50:16.0162 3720 \Device\Harddisk3\DR3\Partition1 - ok
10:50:16.0163 3720 ================ Scan active images ========================
10:50:16.0169 3720 [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
10:50:16.0169 3720 C:\Windows\System32\drivers\crashdmp.sys - ok
10:50:16.0177 3720 [ D0F0D7A97C90FE72A79732812E65F822 ] C:\Windows\System32\drivers\Diskdump.sys
10:50:16.0177 3720 C:\Windows\System32\drivers\Diskdump.sys - ok
10:50:16.0185 3720 [ 4380E59A170D88C4F1022EFF6719A8A4 ] C:\Windows\System32\drivers\nvstor.sys
10:50:16.0185 3720 C:\Windows\System32\drivers\nvstor.sys - ok
10:50:16.0193 3720 [ 62A63EF2F3053B461CB327E4D69AAA74 ] C:\Windows\System32\drivers\dumpfve.sys
10:50:16.0193 3720 C:\Windows\System32\drivers\dumpfve.sys - ok
10:50:16.0203 3720 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] C:\Windows\System32\drivers\avgmfx86.sys
10:50:16.0203 3720 C:\Windows\System32\drivers\avgmfx86.sys - ok
10:50:16.0210 3720 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] C:\Windows\System32\drivers\cdrom.sys
10:50:16.0210 3720 C:\Windows\System32\drivers\cdrom.sys - ok
10:50:16.0217 3720 [ 95B4DEE20D89403D636DCA2BE73742CB ] C:\Windows\System32\drivers\cmdguard.sys
10:50:16.0218 3720 C:\Windows\System32\drivers\cmdguard.sys - ok
10:50:16.0225 3720 [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
10:50:16.0225 3720 C:\Windows\System32\drivers\beep.sys - ok
10:50:16.0234 3720 [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
10:50:16.0234 3720 C:\Windows\System32\drivers\null.sys - ok
10:50:16.0241 3720 [ 23DAE03F29D253AE74C44F99E515F9A1 ] C:\Windows\System32\drivers\RDPCDD.sys
10:50:16.0241 3720 C:\Windows\System32\drivers\RDPCDD.sys - ok
10:50:16.0247 3720 [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
10:50:16.0247 3720 C:\Windows\System32\drivers\vga.sys - ok
10:50:16.0256 3720 [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
10:50:16.0256 3720 C:\Windows\System32\drivers\videoprt.sys - ok
10:50:16.0262 3720 [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
10:50:16.0262 3720 C:\Windows\System32\drivers\watchdog.sys - ok
10:50:16.0272 3720 [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
10:50:16.0272 3720 C:\Windows\System32\drivers\RDPENCDD.sys - ok
10:50:16.0278 3720 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
10:50:16.0279 3720 C:\Windows\System32\drivers\msfs.sys - ok
10:50:16.0286 3720 [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
10:50:16.0286 3720 C:\Windows\System32\drivers\npfs.sys - ok
10:50:16.0294 3720 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
10:50:16.0294 3720 C:\Windows\System32\drivers\RDPREFMP.sys - ok
10:50:16.0301 3720 [ 12186867F48B4817C58D45F268FDA3D5 ] C:\Windows\System32\drivers\cmdhlp.sys
10:50:16.0302 3720 C:\Windows\System32\drivers\cmdhlp.sys - ok
10:50:16.0311 3720 [ 2F885864D5BC8A16C86BEE595969A48A ] C:\Windows\System32\drivers\tdi.sys
10:50:16.0311 3720 C:\Windows\System32\drivers\tdi.sys - ok
10:50:16.0318 3720 [ B459575348C20E8121D6039DA063C704 ] C:\Windows\System32\drivers\tdx.sys
10:50:16.0318 3720 C:\Windows\System32\drivers\tdx.sys - ok
10:50:16.0326 3720 [ AAF0EBCAD95F2164CFFB544E00392498 ] C:\Windows\System32\drivers\avgtdix.sys
10:50:16.0326 3720 C:\Windows\System32\drivers\avgtdix.sys - ok
10:50:16.0334 3720 [ 280122DDCF04B378EDD1AD54D71C1E54 ] C:\Windows\System32\drivers\netbt.sys
10:50:16.0335 3720 C:\Windows\System32\drivers\netbt.sys - ok
10:50:16.0342 3720 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] C:\Windows\System32\drivers\afd.sys
10:50:16.0342 3720 C:\Windows\System32\drivers\afd.sys - ok
10:50:16.0348 3720 [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys
10:50:16.0348 3720 C:\Windows\System32\drivers\pacer.sys - ok
10:50:16.0356 3720 [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys
10:50:16.0356 3720 C:\Windows\System32\drivers\wfplwf.sys - ok
10:50:16.0363 3720 [ 7090D3436EEB4E7DA3373090A23448F7 ] C:\Windows\System32\drivers\vwififlt.sys
10:50:16.0363 3720 C:\Windows\System32\drivers\vwififlt.sys - ok
10:50:16.0372 3720 [ 1D79596C08A0153335021ADE850A0710 ] C:\Windows\System32\drivers\inspect.sys
10:50:16.0372 3720 C:\Windows\System32\drivers\inspect.sys - ok
10:50:16.0378 3720 [ 9B57F6A0C23C32F835A30D911D56334D ] C:\Windows\System32\drivers\pwipf6.sys
10:50:16.0378 3720 C:\Windows\System32\drivers\pwipf6.sys - ok
10:50:16.0386 3720 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys
10:50:16.0387 3720 C:\Windows\System32\drivers\netbios.sys - ok
10:50:16.0393 3720 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] C:\Windows\System32\drivers\wanarp.sys

TDSS Part 2

10:50:16.0393 3720 C:\Windows\System32\drivers\wanarp.sys - ok
10:50:16.0401 3720 [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys
10:50:16.0401 3720 C:\Windows\System32\drivers\discache.sys - ok
10:50:16.0409 3720 [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys
10:50:16.0409 3720 C:\Windows\System32\drivers\mssmbios.sys - ok
10:50:16.0416 3720 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys
10:50:16.0416 3720 C:\Windows\System32\drivers\nsiproxy.sys - ok
10:50:16.0424 3720 [ D528BC58A489409BA40334EBF96A311B ] C:\Windows\System32\drivers\rdbss.sys
10:50:16.0424 3720 C:\Windows\System32\drivers\rdbss.sys - ok
10:50:16.0430 3720 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] C:\Windows\System32\drivers\termdd.sys
10:50:16.0430 3720 C:\Windows\System32\drivers\termdd.sys - ok
10:50:16.0439 3720 [ F024449C97EC1E464AAFFDA18593DB88 ] C:\Windows\System32\drivers\dfsc.sys
10:50:16.0439 3720 C:\Windows\System32\drivers\dfsc.sys - ok
10:50:16.0446 3720 [ 901EB73F900D8DD1E8862C40427B83AE ] C:\Windows\System32\drivers\avgldx86.sys
10:50:16.0446 3720 C:\Windows\System32\drivers\avgldx86.sys - ok
10:50:16.0454 3720 [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys
10:50:16.0454 3720 C:\Windows\System32\drivers\blbdrive.sys - ok
10:50:16.0461 3720 [ B2FA25D9B17A68BB93D58B0556E8C90D ] C:\Windows\System32\drivers\tunnel.sys
10:50:16.0461 3720 C:\Windows\System32\drivers\tunnel.sys - ok
10:50:16.0468 3720 [ 16742790895960690237A5143CEDEC8B ] C:\Windows\System32\smss.exe
10:50:16.0468 3720 C:\Windows\System32\smss.exe - ok
10:50:16.0477 3720 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] C:\Windows\System32\drivers\amdk8.sys
10:50:16.0477 3720 C:\Windows\System32\drivers\amdk8.sys - ok
10:50:16.0485 3720 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] C:\Windows\System32\drivers\i8042prt.sys
10:50:16.0485 3720 C:\Windows\System32\drivers\i8042prt.sys - ok
10:50:16.0494 3720 [ C30A91ADE8C9CB91E4281EC83C4500C6 ] C:\Windows\System32\ntdll.dll
10:50:16.0494 3720 C:\Windows\System32\ntdll.dll - ok
10:50:16.0502 3720 [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys
10:50:16.0502 3720 C:\Windows\System32\drivers\kbdclass.sys - ok
10:50:16.0511 3720 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] C:\Windows\System32\drivers\usbohci.sys
10:50:16.0511 3720 C:\Windows\System32\drivers\usbohci.sys - ok
10:50:16.0518 3720 [ 3AA940AA9AC3055FE32FF2D3D20CCD28 ] C:\Windows\System32\drivers\usbport.sys
10:50:16.0518 3720 C:\Windows\System32\drivers\usbport.sys - ok
10:50:16.0526 3720 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] C:\Windows\System32\drivers\usbehci.sys
10:50:16.0526 3720 C:\Windows\System32\drivers\usbehci.sys - ok
10:50:16.0534 3720 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] C:\Windows\System32\drivers\BCMWL6.SYS
10:50:16.0534 3720 C:\Windows\System32\drivers\BCMWL6.SYS - ok
10:50:16.0542 3720 [ 9036377B8A6C15DC2EEC53E489D159B5 ] C:\Windows\System32\drivers\hdaudbus.sys
10:50:16.0542 3720 C:\Windows\System32\drivers\hdaudbus.sys - ok
10:50:16.0549 3720 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] C:\Windows\System32\drivers\vwifibus.sys
10:50:16.0549 3720 C:\Windows\System32\drivers\vwifibus.sys - ok
10:50:16.0557 3720 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\Windows\System32\drivers\GEARAspiWDM.sys
10:50:16.0557 3720 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
10:50:16.0564 3720 [ B5E37E31C053BC9950455A257526514B ] C:\Windows\System32\drivers\nvm62x32.sys
10:50:16.0564 3720 C:\Windows\System32\drivers\nvm62x32.sys - ok
10:50:16.0573 3720 [ 5D41063463FC5D4C34B45FCD8487A29F ] C:\Windows\System32\drivers\nvBridge.kmd
10:50:16.0573 3720 C:\Windows\System32\drivers\nvBridge.kmd - ok
10:50:16.0580 3720 [ 8B75F652726A2BA3197860F300514E3F ] C:\Windows\System32\drivers\nvlddmkm.sys
10:50:16.0580 3720 C:\Windows\System32\drivers\nvlddmkm.sys - ok
10:50:16.0588 3720 [ 23F5D28378A160352BA8F817BD8C71CB ] C:\Windows\System32\drivers\dxgkrnl.sys
10:50:16.0588 3720 C:\Windows\System32\drivers\dxgkrnl.sys - ok
10:50:16.0595 3720 [ D458D1C7F1D49869000668E3C3BB0D4D ] C:\Windows\System32\drivers\dxgmms1.sys
10:50:16.0595 3720 C:\Windows\System32\drivers\dxgmms1.sys - ok
10:50:16.0604 3720 [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys
10:50:16.0604 3720 C:\Windows\System32\drivers\agilevpn.sys - ok
10:50:16.0610 3720 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] C:\Windows\System32\drivers\CompositeBus.sys
10:50:16.0611 3720 C:\Windows\System32\drivers\CompositeBus.sys - ok
10:50:16.0620 3720 [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys
10:50:16.0620 3720 C:\Windows\System32\drivers\rasl2tp.sys - ok
10:50:16.0627 3720 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys
10:50:16.0627 3720 C:\Windows\System32\drivers\ndistapi.sys - ok
10:50:16.0635 3720 [ 38FBE267E7E6983311179230FACB1017 ] C:\Windows\System32\drivers\ndiswan.sys
10:50:16.0635 3720 C:\Windows\System32\drivers\ndiswan.sys - ok
10:50:16.0644 3720 [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys
10:50:16.0644 3720 C:\Windows\System32\drivers\raspppoe.sys - ok
10:50:16.0652 3720 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys
10:50:16.0652 3720 C:\Windows\System32\drivers\raspptp.sys - ok
10:50:16.0659 3720 [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys
10:50:16.0659 3720 C:\Windows\System32\drivers\rassstp.sys - ok
10:50:16.0666 3720 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys
10:50:16.0666 3720 C:\Windows\System32\drivers\mouclass.sys - ok
10:50:16.0676 3720 [ 5DCEF0C32BE0F33277326586FA503689 ] C:\Windows\System32\drivers\ks.sys
10:50:16.0676 3720 C:\Windows\System32\drivers\ks.sys - ok
10:50:16.0684 3720 [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys
10:50:16.0685 3720 C:\Windows\System32\drivers\swenum.sys - ok
10:50:16.0692 3720 [ D295BED4B898F0FD999FCFA9B32B071B ] C:\Windows\System32\drivers\umbus.sys
10:50:16.0692 3720 C:\Windows\System32\drivers\umbus.sys - ok
10:50:16.0699 3720 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] C:\Windows\System32\drivers\usbhub.sys
10:50:16.0699 3720 C:\Windows\System32\drivers\usbhub.sys - ok
10:50:16.0707 3720 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] C:\Windows\System32\drivers\ndproxy.sys
10:50:16.0707 3720 C:\Windows\System32\drivers\ndproxy.sys - ok
10:50:16.0714 3720 [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys
10:50:16.0714 3720 C:\Windows\System32\drivers\drmk.sys - ok
10:50:16.0722 3720 [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys
10:50:16.0722 3720 C:\Windows\System32\drivers\portcls.sys - ok
10:50:16.0729 3720 [ 4E38A2883DF3BA382A59132B3E7D709E ] C:\Windows\System32\drivers\RTKVHDA.sys
10:50:16.0729 3720 C:\Windows\System32\drivers\RTKVHDA.sys - ok
10:50:16.0738 3720 [ F88A52EB62019D6A62FDD9E08034DBD8 ] C:\Windows\System32\autochk.exe
10:50:16.0738 3720 C:\Windows\System32\autochk.exe - ok
10:50:16.0745 3720 [ 853AB2F2A2267FE90D1D4E9B0C8CF314 ] C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
10:50:16.0745 3720 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe - ok
10:50:16.0753 3720 [ 3FA61EF87E49FFACE4ED58C4F1A98EB1 ] C:\Program Files\AVG\AVG10\avglogx.dll
10:50:16.0753 3720 C:\Program Files\AVG\AVG10\avglogx.dll - ok
10:50:16.0761 3720 [ 1A3579ECEE56C4D4D32204D8C667CA6C ] C:\PROGRA~1\AVG\AVG10\avgchjwx.dll
10:50:16.0761 3720 C:\PROGRA~1\AVG\AVG10\avgchjwx.dll - ok
10:50:16.0769 3720 [ 39D78C0A52A365FB0221BB37A754C9E1 ] C:\PROGRA~1\AVG\AVG10\avgclitx.dll
10:50:16.0769 3720 C:\PROGRA~1\AVG\AVG10\avgclitx.dll - ok
10:50:16.0773 3720 [ E0E0B180CFA3B1A1322AC4AEA5FFBEBF ] C:\PROGRA~1\AVG\AVG10\avgrsx.exe
10:50:16.0773 3720 C:\PROGRA~1\AVG\AVG10\avgrsx.exe - ok
10:50:16.0780 3720 [ 43B6BD4F2702A4704DCB02172E7B6C30 ] C:\PROGRA~1\AVG\AVG10\avgcorex.dll
10:50:16.0780 3720 C:\PROGRA~1\AVG\AVG10\avgcorex.dll - ok
10:50:16.0788 3720 [ 1E9839FD8F51E4836A219ABCBDCBEA6B ] C:\Program Files\AVG\AVG10\avgcertx.dll
10:50:16.0788 3720 C:\Program Files\AVG\AVG10\avgcertx.dll - ok
10:50:16.0795 3720 [ DB359D68D8B5D7E1C0A1961916BBA905 ] C:\Program Files\AVG\AVG10\avgchclx.dll
10:50:16.0795 3720 C:\Program Files\AVG\AVG10\avgchclx.dll - ok
10:50:16.0803 3720 [ 6C26122F1931D4D7810240F32DDCE890 ] C:\Windows\System32\drivers\hidparse.sys
10:50:16.0803 3720 C:\Windows\System32\drivers\hidparse.sys - ok
10:50:16.0810 3720 [ 7CAAF4AF453EF3582FEF65DD72CAA0AA ] C:\Windows\System32\drivers\dc3d.sys
10:50:16.0810 3720 C:\Windows\System32\drivers\dc3d.sys - ok
10:50:16.0818 3720 [ 931A1DF1520ABC6E84BA4A75E6957025 ] C:\Windows\System32\drivers\hidclass.sys
10:50:16.0818 3720 C:\Windows\System32\drivers\hidclass.sys - ok
10:50:16.0826 3720 [ 5787196F32D043572EC6565C0EF1B8E0 ] C:\Windows\System32\drivers\usbd.sys
10:50:16.0826 3720 C:\Windows\System32\drivers\usbd.sys - ok
10:50:16.0835 3720 [ 10C19F8290891AF023EAEC0832E1EB4D ] C:\Windows\System32\drivers\hidusb.sys
10:50:16.0835 3720 C:\Windows\System32\drivers\hidusb.sys - ok
10:50:16.0842 3720 [ EF2B9A14EC5DD74ADE3417FAF1B45E16 ] C:\Windows\System32\drivers\nuidfltr.sys
10:50:16.0842 3720 C:\Windows\System32\drivers\nuidfltr.sys - ok
10:50:16.0849 3720 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] C:\Windows\System32\drivers\mouhid.sys
10:50:16.0849 3720 C:\Windows\System32\drivers\mouhid.sys - ok
10:50:16.0859 3720 [ 60A044879C4FA76314494F5FDDC43B93 ] C:\Windows\System32\drivers\point32.sys
10:50:16.0859 3720 C:\Windows\System32\drivers\point32.sys - ok
10:50:16.0866 3720 [ 59B8716084597C9D6D7165835C8479C1 ] C:\Windows\System32\drivers\RTSTOR.sys
10:50:16.0866 3720 C:\Windows\System32\drivers\RTSTOR.sys - ok
10:50:16.0875 3720 [ B17ADBBBDC97148D28F995F32C380F2E ] C:\Windows\System32\iertutil.dll
10:50:16.0875 3720 C:\Windows\System32\iertutil.dll - ok
10:50:16.0882 3720 [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll
10:50:16.0882 3720 C:\Windows\System32\lpk.dll - ok
10:50:16.0890 3720 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
10:50:16.0890 3720 C:\Windows\System32\sechost.dll - ok
10:50:16.0897 3720 [ E87F5393F7D8CE2FACC4DFF703531392 ] C:\Windows\System32\gdi32.dll
10:50:16.0897 3720 C:\Windows\System32\gdi32.dll - ok
10:50:16.0906 3720 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll
10:50:16.0906 3720 C:\Windows\System32\psapi.dll - ok
10:50:16.0912 3720 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\System32\setupapi.dll
10:50:16.0912 3720 C:\Windows\System32\setupapi.dll - ok
10:50:16.0921 3720 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\System32\shlwapi.dll
10:50:16.0921 3720 C:\Windows\System32\shlwapi.dll - ok
10:50:16.0927 3720 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\System32\Wldap32.dll
10:50:16.0927 3720 C:\Windows\System32\Wldap32.dll - ok
10:50:16.0935 3720 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\System32\oleaut32.dll
10:50:16.0936 3720 C:\Windows\System32\oleaut32.dll - ok
10:50:16.0943 3720 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
10:50:16.0943 3720 C:\Windows\System32\msctf.dll - ok
10:50:16.0952 3720 [ 4A8E2F20809CC161107FAA94F6CF2685 ] C:\Windows\System32\imm32.dll
10:50:16.0952 3720 C:\Windows\System32\imm32.dll - ok
10:50:16.0958 3720 [ F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 ] C:\Windows\System32\user32.dll
10:50:16.0958 3720 C:\Windows\System32\user32.dll - ok
10:50:16.0965 3720 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\System32\usp10.dll
10:50:16.0965 3720 C:\Windows\System32\usp10.dll - ok
10:50:16.0974 3720 [ E570CBD732848438EAC574EB3442A2A8 ] C:\Windows\System32\kernel32.dll
10:50:16.0974 3720 C:\Windows\System32\kernel32.dll - ok
10:50:16.0981 3720 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll
10:50:16.0981 3720 C:\Windows\System32\normaliz.dll - ok
10:50:16.0990 3720 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\System32\ws2_32.dll
10:50:16.0990 3720 C:\Windows\System32\ws2_32.dll - ok
10:50:16.0996 3720 [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll
10:50:16.0996 3720 C:\Windows\System32\clbcatq.dll - ok
10:50:17.0004 3720 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\System32\shell32.dll
10:50:17.0004 3720 C:\Windows\System32\shell32.dll - ok
10:50:17.0011 3720 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\System32\advapi32.dll
10:50:17.0011 3720 C:\Windows\System32\advapi32.dll - ok
10:50:17.0019 3720 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\System32\ole32.dll
10:50:17.0019 3720 C:\Windows\System32\ole32.dll - ok
10:50:17.0024 3720 [ 6400774E903729ADD0A62A24A334EE56 ] C:\Windows\System32\rpcrt4.dll
10:50:17.0024 3720 C:\Windows\System32\rpcrt4.dll - ok
10:50:17.0031 3720 [ 75A97A2C060E72AB49E071E08C7DD2BA ] C:\Windows\System32\wininet.dll
10:50:17.0031 3720 C:\Windows\System32\wininet.dll - ok
10:50:17.0039 3720 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\System32\comdlg32.dll
10:50:17.0040 3720 C:\Windows\System32\comdlg32.dll - ok
10:50:17.0047 3720 [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
10:50:17.0047 3720 C:\Windows\System32\difxapi.dll - ok
10:50:17.0055 3720 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\System32\msvcrt.dll
10:50:17.0055 3720 C:\Windows\System32\msvcrt.dll - ok
10:50:17.0063 3720 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll
10:50:17.0063 3720 C:\Windows\System32\nsi.dll - ok
10:50:17.0071 3720 [ 667981F2E7C26275F0694B58EEE303B9 ] C:\Windows\System32\urlmon.dll
10:50:17.0071 3720 C:\Windows\System32\urlmon.dll - ok
10:50:17.0078 3720 [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
10:50:17.0078 3720 C:\Windows\System32\devobj.dll - ok
10:50:17.0086 3720 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\System32\imagehlp.dll
10:50:17.0086 3720 C:\Windows\System32\imagehlp.dll - ok
10:50:17.0093 3720 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\System32\comctl32.dll
10:50:17.0093 3720 C:\Windows\System32\comctl32.dll - ok
10:50:17.0101 3720 [ 1295338CFE6F249823EF9BC8D4368A84 ] C:\Windows\System32\crypt32.dll
10:50:17.0101 3720 C:\Windows\System32\crypt32.dll - ok
10:50:17.0109 3720 [ A9F8E23C1FC00190376B11FFAD9DE6C6 ] C:\Windows\System32\KernelBase.dll
10:50:17.0109 3720 C:\Windows\System32\KernelBase.dll - ok
10:50:17.0115 3720 [ A7D79E9F660340AB20CD73F12910985F ] C:\Windows\System32\wintrust.dll
10:50:17.0115 3720 C:\Windows\System32\wintrust.dll - ok
10:50:17.0123 3720 [ 3FFAEA12666E565FF51BF2FCA674F543 ] C:\Windows\System32\cfgmgr32.dll
10:50:17.0123 3720 C:\Windows\System32\cfgmgr32.dll - ok
10:50:17.0130 3720 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\System32\msasn1.dll
10:50:17.0130 3720 C:\Windows\System32\msasn1.dll - ok
10:50:17.0138 3720 [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
10:50:17.0139 3720 C:\Windows\System32\drivers\dxapi.sys - ok
10:50:17.0145 3720 [ A36F22FB7A78A0591DA3A6E0783825E7 ] C:\Windows\System32\win32k.sys
10:50:17.0145 3720 C:\Windows\System32\win32k.sys - ok
10:50:17.0152 3720 [ 6C062EA09313872D2235027EF7A4554E ] C:\Windows\System32\csrsrv.dll
10:50:17.0153 3720 C:\Windows\System32\csrsrv.dll - ok
10:50:17.0161 3720 [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
10:50:17.0161 3720 C:\Windows\System32\csrss.exe - ok
10:50:17.0168 3720 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\System32\basesrv.dll
10:50:17.0169 3720 C:\Windows\System32\basesrv.dll - ok
10:50:17.0175 3720 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\System32\winsrv.dll
10:50:17.0175 3720 C:\Windows\System32\winsrv.dll - ok
10:50:17.0182 3720 [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
10:50:17.0182 3720 C:\Windows\System32\drivers\monitor.sys - ok
10:50:17.0191 3720 [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
10:50:17.0191 3720 C:\Windows\System32\tsddd.dll - ok
10:50:17.0198 3720 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
10:50:17.0198 3720 C:\Windows\System32\sxssrv.dll - ok
10:50:17.0208 3720 [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
10:50:17.0208 3720 C:\Windows\System32\wininit.exe - ok
10:50:17.0213 3720 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
10:50:17.0213 3720 C:\Windows\System32\profapi.dll - ok
10:50:17.0221 3720 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
10:50:17.0221 3720 C:\Windows\System32\atl.dll - ok
10:50:17.0229 3720 [ CAEF9CD6C10B1017E2C298D849CD31DB ] C:\Windows\System32\cdd.dll
10:50:17.0229 3720 C:\Windows\System32\cdd.dll - ok
10:50:17.0236 3720 [ 357B990A4249D7F7485B230C0CC8825A ] C:\Windows\System32\KBDUS.DLL
10:50:17.0236 3720 C:\Windows\System32\KBDUS.DLL - ok
10:50:17.0244 3720 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\System32\RpcRtRemote.dll
10:50:17.0244 3720 C:\Windows\System32\RpcRtRemote.dll - ok
10:50:17.0252 3720 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\System32\winmm.dll
10:50:17.0252 3720 C:\Windows\System32\winmm.dll - ok
10:50:17.0259 3720 [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
10:50:17.0259 3720 C:\Windows\System32\WlS0WndH.dll - ok
10:50:17.0266 3720 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
10:50:17.0266 3720 C:\Windows\System32\cryptbase.dll - ok
10:50:17.0271 3720 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\System32\sxs.dll
10:50:17.0271 3720 C:\Windows\System32\sxs.dll - ok
10:50:17.0278 3720 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\System32\apphelp.dll
10:50:17.0278 3720 C:\Windows\System32\apphelp.dll - ok
10:50:17.0286 3720 [ 81951F51E318AECC2D68559E47485CC4 ] C:\Windows\System32\lsass.exe
10:50:17.0286 3720 C:\Windows\System32\lsass.exe - ok
10:50:17.0293 3720 [ 8AEA9A37C1A3565A204D37C5E72AB791 ] C:\Windows\System32\lsm.exe
10:50:17.0293 3720 C:\Windows\System32\lsm.exe - ok
10:50:17.0301 3720 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe
10:50:17.0302 3720 C:\Windows\System32\services.exe - ok
10:50:17.0309 3720 [ E361AE3010EA4B3123DAB5BDAE21798F ] C:\Windows\System32\sspisrv.dll
10:50:17.0309 3720 C:\Windows\System32\sspisrv.dll - ok
10:50:17.0315 3720 [ C95CA687D32DDAB1C91E1122E80D5E16 ] C:\Windows\System32\lsasrv.dll
10:50:17.0315 3720 C:\Windows\System32\lsasrv.dll - ok
10:50:17.0323 3720 [ 4A054C853031616D161A84BECF281F47 ] C:\Windows\System32\sspicli.dll
10:50:17.0323 3720 C:\Windows\System32\sspicli.dll - ok
10:50:17.0330 3720 [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
10:50:17.0330 3720 C:\Windows\System32\sysntfy.dll - ok
10:50:17.0338 3720 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
10:50:17.0338 3720 C:\Windows\System32\wmsgapi.dll - ok
10:50:17.0345 3720 [ 245F4691314F42D4D1BC06442F0B2086 ] C:\Windows\System32\samsrv.dll
10:50:17.0345 3720 C:\Windows\System32\samsrv.dll - ok
10:50:17.0352 3720 [ 250AA41DE690561AF1282D598914564C ] C:\Windows\System32\scesrv.dll
10:50:17.0352 3720 C:\Windows\System32\scesrv.dll - ok
10:50:17.0360 3720 [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
10:50:17.0360 3720 C:\Windows\System32\scext.dll - ok
10:50:17.0369 3720 [ 69678722290C78D5D7198C60B5A4E3E8 ] C:\Windows\System32\secur32.dll
10:50:17.0369 3720 C:\Windows\System32\secur32.dll - ok
10:50:17.0375 3720 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
10:50:17.0375 3720 C:\Windows\System32\cryptdll.dll - ok
10:50:17.0382 3720 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\System32\srvcli.dll
10:50:17.0382 3720 C:\Windows\System32\srvcli.dll - ok
10:50:17.0391 3720 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
10:50:17.0391 3720 C:\Windows\System32\wevtapi.dll - ok
10:50:17.0398 3720 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
10:50:17.0398 3720 C:\Windows\System32\authz.dll - ok
10:50:17.0406 3720 [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
10:50:17.0406 3720 C:\Windows\System32\bcrypt.dll - ok
10:50:17.0414 3720 [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
10:50:17.0415 3720 C:\Windows\System32\cngaudit.dll - ok
10:50:17.0423 3720 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\System32\ncrypt.dll
10:50:17.0423 3720 C:\Windows\System32\ncrypt.dll - ok
10:50:17.0429 3720 [ 6D13E1406F50C66E2A95D97F22C47560 ] C:\Windows\System32\winlogon.exe
10:50:17.0429 3720 C:\Windows\System32\winlogon.exe - ok
10:50:17.0437 3720 [ FD1D6C73E6333BE727CBCC6054247654 ] C:\Windows\System32\drivers\TsUsbFlt.sys
10:50:17.0437 3720 C:\Windows\System32\drivers\TsUsbFlt.sys - ok
10:50:17.0445 3720 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\System32\winsta.dll
10:50:17.0445 3720 C:\Windows\System32\winsta.dll - ok
10:50:17.0452 3720 [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
10:50:17.0452 3720 C:\Windows\System32\msprivs.dll - ok
10:50:17.0459 3720 [ E343CABBD8D600ABAF3F11625D33B3D0 ] C:\Windows\System32\netjoin.dll
10:50:17.0459 3720 C:\Windows\System32\netjoin.dll - ok
10:50:17.0466 3720 [ ED4649A28AFE0B3DB93C3198BA48E34E ] C:\Windows\System32\atmfd.dll
10:50:17.0466 3720 C:\Windows\System32\atmfd.dll - ok
10:50:17.0475 3720 [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
10:50:17.0475 3720 C:\Windows\System32\negoexts.dll - ok
10:50:17.0482 3720 [ 2F4348DC0D06A0EBA5F5C4CB435790C1 ] C:\Windows\System32\kerberos.dll
10:50:17.0482 3720 C:\Windows\System32\kerberos.dll - ok
10:50:17.0490 3720 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
10:50:17.0491 3720 C:\Windows\System32\cryptsp.dll - ok
10:50:17.0497 3720 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\System32\mswsock.dll
10:50:17.0497 3720 C:\Windows\System32\mswsock.dll - ok
10:50:17.0507 3720 [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\System32\msv1_0.dll
10:50:17.0507 3720 C:\Windows\System32\msv1_0.dll - ok
10:50:17.0513 3720 [ C1809B9907ADEDAF16F50C894100883B ] C:\Windows\System32\netlogon.dll
10:50:17.0513 3720 C:\Windows\System32\netlogon.dll - ok
10:50:17.0521 3720 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
10:50:17.0521 3720 C:\Windows\System32\wship6.dll - ok
10:50:17.0526 3720 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\System32\dnsapi.dll
10:50:17.0526 3720 C:\Windows\System32\dnsapi.dll - ok
10:50:17.0532 3720 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\System32\logoncli.dll
10:50:17.0533 3720 C:\Windows\System32\logoncli.dll - ok
10:50:17.0542 3720 [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\System32\schannel.dll
10:50:17.0542 3720 C:\Windows\System32\schannel.dll - ok
10:50:17.0548 3720 [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
10:50:17.0548 3720 C:\Windows\System32\wdigest.dll - ok
10:50:17.0556 3720 [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
10:50:17.0557 3720 C:\Windows\System32\pku2u.dll - ok
10:50:17.0564 3720 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
10:50:17.0564 3720 C:\Windows\System32\rsaenh.dll - ok
10:50:17.0571 3720 [ D29E45078CF4020CE0AAC82EC652D1EA ] C:\Windows\System32\TSpkg.dll
10:50:17.0571 3720 C:\Windows\System32\TSpkg.dll - ok
10:50:17.0579 3720 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
10:50:17.0579 3720 C:\Windows\System32\bcryptprimitives.dll - ok
10:50:17.0586 3720 [ 93723774872D9FB903266A46ED1E0BC2 ] C:\Windows\System32\LIVESSP.DLL
10:50:17.0587 3720 C:\Windows\System32\LIVESSP.DLL - ok
10:50:17.0594 3720 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\System32\credssp.dll
10:50:17.0594 3720 C:\Windows\System32\credssp.dll - ok
10:50:17.0602 3720 [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
10:50:17.0602 3720 C:\Windows\System32\efslsaext.dll - ok
10:50:17.0610 3720 [ 8124944EC89D6A1815E4E53F5B96AAF4 ] C:\Windows\System32\scecli.dll
10:50:17.0610 3720 C:\Windows\System32\scecli.dll - ok
10:50:17.0616 3720 [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
10:50:17.0616 3720 C:\Windows\System32\ubpm.dll - ok
10:50:17.0625 3720 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
10:50:17.0625 3720 C:\Windows\System32\svchost.exe - ok
10:50:17.0632 3720 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] C:\Windows\System32\umpnpmgr.dll
10:50:17.0632 3720 C:\Windows\System32\umpnpmgr.dll - ok
10:50:17.0640 3720 [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
10:50:17.0640 3720 C:\Windows\System32\devrtl.dll - ok
10:50:17.0647 3720 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
10:50:17.0647 3720 C:\Windows\System32\SPInf.dll - ok
10:50:17.0655 3720 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\System32\userenv.dll
10:50:17.0655 3720 C:\Windows\System32\userenv.dll - ok
10:50:17.0661 3720 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
10:50:17.0661 3720 C:\Windows\System32\gpapi.dll - ok
10:50:17.0669 3720 [ F87D30E72E03D579A5199CCB3831D6EA ] C:\Windows\System32\umpo.dll
10:50:17.0669 3720 C:\Windows\System32\umpo.dll - ok
10:50:17.0677 3720 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
10:50:17.0677 3720 C:\Windows\System32\pcwum.dll - ok
10:50:17.0685 3720 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
10:50:17.0685 3720 C:\Windows\System32\powrprof.dll - ok
10:50:17.0692 3720 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
10:50:17.0692 3720 C:\Windows\System32\drivers\luafv.sys - ok
10:50:17.0698 3720 [ E714A1C0354636837E20CCBF00888EE7 ] C:\Windows\System32\drivers\WUDFPf.sys
10:50:17.0698 3720 C:\Windows\System32\drivers\WUDFPf.sys - ok
10:50:17.0707 3720 [ 387DC341E2AED29EB8F67B6EE53BB43B ] C:\Windows\System32\nvvsvc.exe
10:50:17.0707 3720 C:\Windows\System32\nvvsvc.exe - ok
10:50:17.0713 3720 [ 7660F01D3B38ACA1747E397D21D790AF ] C:\Windows\System32\rpcss.dll
10:50:17.0714 3720 C:\Windows\System32\rpcss.dll - ok
10:50:17.0722 3720 [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
10:50:17.0722 3720 C:\Windows\System32\RpcEpMap.dll - ok
10:50:17.0729 3720 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
10:50:17.0729 3720 C:\Windows\System32\wshqos.dll - ok
10:50:17.0737 3720 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
10:50:17.0737 3720 C:\Windows\System32\WSHTCPIP.DLL - ok
10:50:17.0745 3720 [ 60404D612FDE353D73C818D3905A5D76 ] C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
10:50:17.0745 3720 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe - ok
10:50:17.0754 3720 [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
10:50:17.0754 3720 C:\Windows\System32\FirewallAPI.dll - ok
10:50:17.0761 3720 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
10:50:17.0761 3720 C:\Windows\System32\version.dll - ok
10:50:17.0770 3720 [ 3EF0D8AB08385AAB5802E773511A2E6A ] C:\Windows\System32\LogonUI.exe
10:50:17.0770 3720 C:\Windows\System32\LogonUI.exe - ok
10:50:17.0774 3720 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\System32\netapi32.dll
10:50:17.0774 3720 C:\Windows\System32\netapi32.dll - ok
10:50:17.0782 3720 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\System32\netutils.dll
10:50:17.0782 3720 C:\Windows\System32\netutils.dll - ok
10:50:17.0791 3720 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\System32\wkscli.dll
10:50:17.0791 3720 C:\Windows\System32\wkscli.dll - ok
10:50:17.0798 3720 [ 1D7C80E6DCF76B88D2F02499124F6D67 ] C:\Program Files\COMODO\COMODO Internet Security\framework.dll
10:50:17.0798 3720 C:\Program Files\COMODO\COMODO Internet Security\framework.dll - ok
10:50:17.0806 3720 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\System32\fltLib.dll
10:50:17.0806 3720 C:\Windows\System32\fltLib.dll - ok
10:50:17.0813 3720 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\System32\dbghelp.dll
10:50:17.0813 3720 C:\Windows\System32\dbghelp.dll - ok
10:50:17.0821 3720 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\System32\oleacc.dll
10:50:17.0821 3720 C:\Windows\System32\oleacc.dll - ok
10:50:17.0828 3720 [ CDD35C1CE1EBFE80C055691CDC8DF443 ] C:\Windows\System32\authui.dll
10:50:17.0828 3720 C:\Windows\System32\authui.dll - ok
10:50:17.0835 3720 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\System32\winspool.drv
10:50:17.0835 3720 C:\Windows\System32\winspool.drv - ok
10:50:17.0844 3720 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
10:50:17.0844 3720 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
10:50:17.0852 3720 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
10:50:17.0852 3720 C:\Windows\System32\rasapi32.dll - ok
10:50:17.0859 3720 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
10:50:17.0859 3720 C:\Windows\System32\rasman.dll - ok
10:50:17.0866 3720 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\System32\cryptui.dll
10:50:17.0866 3720 C:\Windows\System32\cryptui.dll - ok
10:50:17.0874 3720 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
10:50:17.0874 3720 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
10:50:17.0881 3720 [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\System32\shacct.dll
10:50:17.0881 3720 C:\Windows\System32\shacct.dll - ok
10:50:17.0889 3720 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
10:50:17.0889 3720 C:\Windows\System32\samlib.dll - ok
10:50:17.0895 3720 [ 6316957BB3431DFB06BFFA98C0F1926E ] C:\Windows\System32\cryptnet.dll
10:50:17.0896 3720 C:\Windows\System32\cryptnet.dll - ok
10:50:17.0903 3720 [ 06E771AA596B8761107AB57E99F128D7 ] C:\Windows\System32\cryptsvc.dll
10:50:17.0903 3720 C:\Windows\System32\cryptsvc.dll - ok
10:50:17.0911 3720 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\System32\propsys.dll
10:50:17.0911 3720 C:\Windows\System32\propsys.dll - ok
10:50:17.0919 3720 [ D5027280776312E08B1755DE49B2B588 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav
10:50:17.0919 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav - ok
10:50:17.0926 3720 [ 8AF0C987D33FA43369A3DCA471E62C58 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\first.cav
10:50:17.0926 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\first.cav - ok
10:50:17.0933 3720 [ EEC2AD48F0944B2CCC2F793F963094E3 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\pe32.cav
10:50:17.0933 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\pe32.cav - ok
10:50:17.0942 3720 [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
10:50:17.0942 3720 C:\Windows\System32\uxtheme.dll - ok
10:50:17.0950 3720 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
10:50:17.0950 3720 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
10:50:17.0960 3720 [ 44AE212FB698DDC6738D13DEFD70B6B5 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\dosmz.cav
10:50:17.0960 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\dosmz.cav - ok
10:50:17.0967 3720 [ C08DF6A13F27E7AB01329172F37A111D ] C:\Program Files\COMODO\COMODO Internet Security\scanners\heur.cav
10:50:17.0967 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\heur.cav - ok
10:50:17.0976 3720 [ FC9B7C5E23182896ECC7F1AB8C757F06 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav
10:50:17.0976 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav - ok
10:50:17.0983 3720 [ 8DE3F70DED29F42A4D3835BFE81444CE ] C:\Program Files\COMODO\COMODO Internet Security\scanners\pe.cav
10:50:17.0983 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\pe.cav - ok
10:50:17.0991 3720 [ 820D4360EA36FC982D704BA70C357986 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll
10:50:17.0992 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll - ok
10:50:17.0998 3720 [ 0B57D498D388A1DC66D425ABF5578455 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll
10:50:17.0999 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll - ok
10:50:18.0008 3720 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
10:50:18.0008 3720 C:\Windows\System32\dui70.dll - ok
10:50:18.0014 3720 [ FCC8F25A5F5A4D6BD57D917DB7A00D78 ] C:\Windows\System32\crtdll.dll
10:50:18.0014 3720 C:\Windows\System32\crtdll.dll - ok
10:50:18.0022 3720 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
10:50:18.0022 3720 C:\Windows\System32\duser.dll - ok
10:50:18.0026 3720 [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\System32\SndVolSSO.dll
10:50:18.0026 3720 C:\Windows\System32\SndVolSSO.dll - ok
10:50:18.0033 3720 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
10:50:18.0033 3720 C:\Windows\System32\dwmapi.dll - ok
10:50:18.0042 3720 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
10:50:18.0042 3720 C:\Windows\System32\hid.dll - ok
10:50:18.0048 3720 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\System32\MMDevAPI.dll
10:50:18.0048 3720 C:\Windows\System32\MMDevAPI.dll - ok
10:50:18.0056 3720 [ 703FFD301AB900B047337C5D40FD6F96 ] C:\Windows\System32\olepro32.dll
10:50:18.0056 3720 C:\Windows\System32\olepro32.dll - ok
10:50:18.0063 3720 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
10:50:18.0063 3720 C:\Windows\System32\wsock32.dll - ok
10:50:18.0072 3720 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\System32\xmllite.dll
10:50:18.0072 3720 C:\Windows\System32\xmllite.dll - ok
10:50:18.0079 3720 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\System32\odbc32.dll
10:50:18.0079 3720 C:\Windows\System32\odbc32.dll - ok
10:50:18.0086 3720 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\System32\oledlg.dll
10:50:18.0086 3720 C:\Windows\System32\oledlg.dll - ok
10:50:18.0094 3720 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\System32\odbcint.dll
10:50:18.0094 3720 C:\Windows\System32\odbcint.dll - ok
10:50:18.0102 3720 [ 126B75D50756FE204283D418AE1A66DF ] C:\Windows\System32\msvcirt.dll
10:50:18.0102 3720 C:\Windows\System32\msvcirt.dll - ok
10:50:18.0109 3720 [ 241E015DD809CFB23242F890B1FC575B ] C:\Windows\System32\wevtsvc.dll
10:50:18.0109 3720 C:\Windows\System32\wevtsvc.dll - ok
10:50:18.0116 3720 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\System32\WindowsCodecs.dll
10:50:18.0116 3720 C:\Windows\System32\WindowsCodecs.dll - ok
10:50:18.0124 3720 [ 808AABDF9337312195CAFF76D1804786 ] C:\Windows\System32\ws2help.dll
10:50:18.0124 3720 C:\Windows\System32\ws2help.dll - ok
10:50:18.0131 3720 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
10:50:18.0131 3720 C:\Windows\System32\msimg32.dll - ok
10:50:18.0140 3720 [ 5343A19C618BC515CEB1695586C6C137 ] C:\Windows\System32\msvbvm60.dll
10:50:18.0140 3720 C:\Windows\System32\msvbvm60.dll - ok
10:50:18.0148 3720 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\System32\mscoree.dll
10:50:18.0148 3720 C:\Windows\System32\mscoree.dll - ok
10:50:18.0156 3720 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
10:50:18.0156 3720 C:\Windows\System32\winbrand.dll - ok
10:50:18.0163 3720 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
10:50:18.0163 3720 C:\Windows\System32\ntmarta.dll - ok
10:50:18.0171 3720 [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
10:50:18.0171 3720 C:\Windows\System32\VaultCredProvider.dll - ok
10:50:18.0179 3720 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\System32\wtsapi32.dll
10:50:18.0179 3720 C:\Windows\System32\wtsapi32.dll - ok
10:50:18.0187 3720 [ FFE81BC03801A54010FECF031C6CCFAD ] C:\Program Files\COMODO\COMODO Internet Security\scanners\unsfx.cav
10:50:18.0187 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\unsfx.cav - ok
10:50:18.0194 3720 [ 05BF975CA428E04B462FB90841B37C95 ] C:\Windows\System32\SmartcardCredentialProvider.dll
10:50:18.0194 3720 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
10:50:18.0202 3720 [ CADEFAC453040E370A1BDFF3973BE00D ] C:\Windows\System32\profsvc.dll
10:50:18.0202 3720 C:\Windows\System32\profsvc.dll - ok
10:50:18.0210 3720 [ 1E4F749FFF3EFD6DD4A0EC06EBFB93C9 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\unpack.cav
10:50:18.0211 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\unpack.cav - ok
10:50:18.0219 3720 [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
10:50:18.0219 3720 C:\Windows\System32\adtschema.dll - ok
10:50:18.0226 3720 [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
10:50:18.0226 3720 C:\Windows\System32\BioCredProv.dll - ok
10:50:18.0232 3720 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\System32\credui.dll
10:50:18.0232 3720 C:\Windows\System32\credui.dll - ok
10:50:18.0241 3720 [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
10:50:18.0241 3720 C:\Windows\System32\winbio.dll - ok
10:50:18.0248 3720 [ 9C7228ECC09C17EA400FE6E2EF6C727B ] C:\Program Files\COMODO\COMODO Internet Security\scanners\unarch.cav
10:50:18.0248 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\unarch.cav - ok
10:50:18.0256 3720 [ 276462E1FF89982ADA626594526A4C85 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\gunpack.cav
10:50:18.0256 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\gunpack.cav - ok
10:50:18.0263 3720 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
10:50:18.0263 3720 C:\Windows\System32\netprofm.dll - ok
10:50:18.0272 3720 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\System32\samcli.dll
10:50:18.0272 3720 C:\Windows\System32\samcli.dll - ok
10:50:18.0279 3720 [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
10:50:18.0279 3720 C:\Windows\System32\vaultcli.dll - ok
10:50:18.0282 3720 [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
10:50:18.0282 3720 C:\Windows\System32\certCredProvider.dll - ok
10:50:18.0291 3720 [ EFDA8576B2BA177AE3DF78B29EA0C45B ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDCREDPROV.DLL
10:50:18.0291 3720 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDCREDPROV.DLL - ok
10:50:18.0298 3720 [ 16935C98FF639D185086A3529B1F2067 ] C:\Windows\System32\wlansvc.dll
10:50:18.0298 3720 C:\Windows\System32\wlansvc.dll - ok
10:50:18.0307 3720 [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
10:50:18.0307 3720 C:\Windows\System32\drivers\fltMgr.sys - ok
10:50:18.0315 3720 [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
10:50:18.0315 3720 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
10:50:18.0323 3720 [ 211C96F9B052E422E08403AF5D650A2D ] C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav
10:50:18.0323 3720 C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav - ok
10:50:18.0332 3720 [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
10:50:18.0332 3720 C:\Windows\System32\PSHED.DLL - ok
10:50:18.0341 3720 [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
10:50:18.0341 3720 C:\Windows\System32\rasplap.dll - ok
10:50:18.0348 3720 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\System32\wscapi.dll
10:50:18.0348 3720 C:\Windows\System32\wscapi.dll - ok
10:50:18.0356 3720 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\System32\wscisvif.dll
10:50:18.0356 3720 C:\Windows\System32\wscisvif.dll - ok
10:50:18.0362 3720 [ 1319CD4619E96B156911CA3897563EBC ] C:\Windows\System32\ci.dll
10:50:18.0363 3720 C:\Windows\System32\ci.dll - ok
10:50:18.0370 3720 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\System32\rtutils.dll
10:50:18.0370 3720 C:\Windows\System32\rtutils.dll - ok
10:50:18.0377 3720 [ FD049C25A168D3DE310D9207B7B6367B ] C:\Windows\System32\UIAutomationCore.dll
10:50:18.0378 3720 C:\Windows\System32\UIAutomationCore.dll - ok
10:50:18.0386 3720 [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
10:50:18.0386 3720 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
10:50:18.0393 3720 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] C:\Windows\System32\audiosrv.dll
10:50:18.0393 3720 C:\Windows\System32\audiosrv.dll - ok
10:50:18.0400 3720 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
10:50:18.0400 3720 C:\Windows\System32\avrt.dll - ok
10:50:18.0408 3720 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\System32\dsound.dll
10:50:18.0408 3720 C:\Windows\System32\dsound.dll - ok
10:50:18.0415 3720 [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
10:50:18.0415 3720 C:\Windows\System32\mmcss.dll - ok
10:50:18.0423 3720 [ F68194F74350D4A2ADE98961E33F884C ] C:\Windows\System32\audiodg.exe
10:50:18.0423 3720 C:\Windows\System32\audiodg.exe - ok
10:50:18.0430 3720 [ E897EAF5ED6BA41E081060C9B447A673 ] C:\Windows\System32\gpsvc.dll
10:50:18.0430 3720 C:\Windows\System32\gpsvc.dll - ok
10:50:18.0439 3720 [ 104A1070E90F1C530328E69B49718841 ] C:\Windows\System32\nlaapi.dll
10:50:18.0439 3720 C:\Windows\System32\nlaapi.dll - ok
10:50:18.0445 3720 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
10:50:18.0445 3720 C:\Windows\System32\themeservice.dll - ok
10:50:18.0453 3720 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
10:50:18.0453 3720 C:\Windows\System32\dsrole.dll - ok
10:50:18.0460 3720 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
10:50:18.0460 3720 C:\Windows\System32\slc.dll - ok
10:50:18.0466 3720 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
10:50:18.0466 3720 C:\Windows\System32\es.dll - ok
10:50:18.0475 3720 [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
10:50:18.0475 3720 C:\Windows\System32\comres.dll - ok
10:50:18.0481 3720 [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
10:50:18.0481 3720 C:\Windows\System32\Sens.dll - ok
10:50:18.0491 3720 [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
10:50:18.0491 3720 C:\Windows\System32\uxsms.dll - ok
10:50:18.0498 3720 [ 9FBCFD7E88A7ACE0E94456504895DD7F ] C:\Windows\System32\WUDFPlatform.dll
10:50:18.0498 3720 C:\Windows\System32\WUDFPlatform.dll - ok
10:50:18.0506 3720 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] C:\Windows\System32\WUDFSvc.dll
10:50:18.0506 3720 C:\Windows\System32\WUDFSvc.dll - ok
10:50:18.0514 3720 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
10:50:18.0514 3720 C:\Windows\System32\drivers\lltdio.sys - ok
10:50:18.0526 3720 [ D8A65DAFB3EB41CBB622745676FCD072 ] C:\Windows\System32\drivers\ndisuio.sys
10:50:18.0526 3720 C:\Windows\System32\drivers\ndisuio.sys - ok
10:50:18.0529 3720 [ 26384429FCD85D83746F63E798AB1480 ] C:\Windows\System32\drivers\nwifi.sys
10:50:18.0529 3720 C:\Windows\System32\drivers\nwifi.sys - ok
10:50:18.0537 3720 [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
10:50:18.0537 3720 C:\Windows\System32\drivers\rspndr.sys - ok
10:50:18.0546 3720 [ E9E01EB683C132F7FA27CD607B8A2B63 ] C:\Windows\System32\dhcpcore.dll
10:50:18.0547 3720 C:\Windows\System32\dhcpcore.dll - ok
10:50:18.0554 3720 [ 33EF4861F19A0736B11314AAD9AE28D0 ] C:\Windows\System32\dnsrslvr.dll
10:50:18.0554 3720 C:\Windows\System32\dnsrslvr.dll - ok
10:50:18.0562 3720 [ 8600142FA91C1B96367D3300AD0F3F3A ] C:\Windows\System32\eapsvc.dll
10:50:18.0562 3720 C:\Windows\System32\eapsvc.dll - ok
10:50:18.0569 3720 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\System32\FWPUCLNT.DLL
10:50:18.0570 3720 C:\Windows\System32\FWPUCLNT.DLL - ok
10:50:18.0577 3720 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\System32\IPHLPAPI.DLL
10:50:18.0577 3720 C:\Windows\System32\IPHLPAPI.DLL - ok
10:50:18.0584 3720 [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\System32\keyiso.dll
10:50:18.0584 3720 C:\Windows\System32\keyiso.dll - ok
10:50:18.0592 3720 [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
10:50:18.0592 3720 C:\Windows\System32\lmhsvc.dll - ok
10:50:18.0599 3720 [ D2A937964199F647B1C3BC435712E5D9 ] C:\Windows\System32\nrpsrv.dll
10:50:18.0599 3720 C:\Windows\System32\nrpsrv.dll - ok
10:50:18.0607 3720 [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
10:50:18.0607 3720 C:\Windows\System32\nsisvc.dll - ok
10:50:18.0614 3720 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
10:50:18.0614 3720 C:\Windows\System32\winnsi.dll - ok
10:50:18.0622 3720 [ 9A892B3439884C62B04718F0303A49E9 ] C:\Windows\System32\eapphost.dll
10:50:18.0622 3720 C:\Windows\System32\eapphost.dll - ok
10:50:18.0628 3720 [ 990A58A0B01720E419B55EFC5FF387F8 ] C:\Windows\System32\dhcpcore6.dll
10:50:18.0628 3720 C:\Windows\System32\dhcpcore6.dll - ok
10:50:18.0636 3720 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
10:50:18.0636 3720 C:\Windows\System32\dhcpcsvc.dll - ok
10:50:18.0643 3720 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\System32\dhcpcsvc6.dll
10:50:18.0643 3720 C:\Windows\System32\dhcpcsvc6.dll - ok
10:50:18.0650 3720 [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
10:50:18.0650 3720 C:\Windows\System32\dnsext.dll - ok
10:50:18.0658 3720 [ D33E95C0A2754061233B58DC41F8094C ] C:\Windows\System32\umb.dll
10:50:18.0658 3720 C:\Windows\System32\umb.dll - ok
10:50:18.0665 3720 [ 3C9035085141162416A0DD34DBF3F3C1 ] C:\Windows\System32\wlanmsm.dll
10:50:18.0665 3720 C:\Windows\System32\wlanmsm.dll - ok
10:50:18.0674 3720 [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\System32\onex.dll
10:50:18.0674 3720 C:\Windows\System32\onex.dll - ok
10:50:18.0680 3720 [ 20C06A50DFC097E134BC6FA8444CA9BC ] C:\Windows\System32\wlansec.dll
10:50:18.0680 3720 C:\Windows\System32\wlansec.dll - ok
10:50:18.0687 3720 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
10:50:18.0687 3720 C:\Windows\System32\eappcfg.dll - ok
10:50:18.0695 3720 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
10:50:18.0695 3720 C:\Windows\System32\eappprxy.dll - ok
10:50:18.0703 3720 [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
10:50:18.0704 3720 C:\Windows\System32\UXInit.dll - ok
10:50:18.0712 3720 [ C1585EAA67C37A05BF6F93726FAFC069 ] C:\Windows\System32\l2gpstore.dll
10:50:18.0712 3720 C:\Windows\System32\l2gpstore.dll - ok
10:50:18.0719 3720 [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\System32\WinSCard.dll
10:50:18.0720 3720 C:\Windows\System32\WinSCard.dll - ok
10:50:18.0728 3720 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
10:50:18.0728 3720 C:\Windows\System32\wlanutil.dll - ok
10:50:18.0736 3720 [ 749F9795F01C35EEBE100A87D82B9681 ] C:\Windows\System32\wlgpclnt.dll
10:50:18.0736 3720 C:\Windows\System32\wlgpclnt.dll - ok
10:50:18.0743 3720 [ D9A9702E43A5859896F34898D5FD3FEC ] C:\Windows\System32\msxml6.dll
10:50:18.0743 3720 C:\Windows\System32\msxml6.dll - ok
10:50:18.0750 3720 [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\System32\shsvcs.dll
10:50:18.0750 3720 C:\Windows\System32\shsvcs.dll - ok
10:50:18.0758 3720 [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\System32\vssapi.dll
10:50:18.0758 3720 C:\Windows\System32\vssapi.dll - ok
10:50:18.0764 3720 [ 1FF7E4F548C7C372C804938F0D5B36AE ] C:\Windows\System32\netcfgx.dll
10:50:18.0764 3720 C:\Windows\System32\netcfgx.dll - ok
10:50:18.0773 3720 [ A04BB13F8A72F8B6E8B4071723E4E336 ] C:\Windows\System32\schedsvc.dll
10:50:18.0773 3720 C:\Windows\System32\schedsvc.dll - ok
10:50:18.0780 3720 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
10:50:18.0780 3720 C:\Windows\System32\imageres.dll - ok
10:50:18.0784 3720 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] C:\Windows\System32\drivers\vwifimp.sys
10:50:18.0784 3720 C:\Windows\System32\drivers\vwifimp.sys - ok
10:50:18.0793 3720 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
10:50:18.0793 3720 C:\Windows\System32\ktmw32.dll - ok
10:50:18.0799 3720 [ 1C3E8371377E988B683797A132EFFE1B ] C:\Windows\System32\taskcomp.dll
10:50:18.0799 3720 C:\Windows\System32\taskcomp.dll - ok
10:50:18.0808 3720 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
10:50:18.0808 3720 C:\Windows\System32\vsstrace.dll - ok
10:50:18.0814 3720 [ 871917B07A141BFF43D76D8844D48106 ] C:\Windows\System32\drivers\http.sys
10:50:18.0815 3720 C:\Windows\System32\drivers\http.sys - ok
10:50:18.0823 3720 [ 9AEA093B8F9C37CF45538382CABA2475 ] C:\Windows\System32\spoolsv.exe
10:50:18.0823 3720 C:\Windows\System32\spoolsv.exe - ok
10:50:18.0830 3720 [ E6D90DC604F407B3B5E0FD285E46B2A0 ] C:\Windows\System32\fveapi.dll
10:50:18.0830 3720 C:\Windows\System32\fveapi.dll - ok
10:50:18.0838 3720 [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
10:50:18.0838 3720 C:\Windows\System32\fvecerts.dll - ok
10:50:18.0846 3720 [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
10:50:18.0846 3720 C:\Windows\System32\tbs.dll - ok
10:50:18.0853 3720 [ 7E0AB74553476622FB6AE36F73D97D35 ] C:\Windows\System32\drivers\fastfat.sys
10:50:18.0853 3720 C:\Windows\System32\drivers\fastfat.sys - ok
10:50:18.0861 3720 [ 8F0DA2889F4F6702DE5BD2E97E57453A ] C:\Windows\System32\nvsvc.dll
10:50:18.0861 3720 C:\Windows\System32\nvsvc.dll - ok
10:50:18.0870 3720 [ E2D56AE1D40E3725084054CD8E9CFBB1 ] C:\Windows\System32\wiarpc.dll
10:50:18.0870 3720 C:\Windows\System32\wiarpc.dll - ok
10:50:18.0877 3720 [ 8B07449DF931F30BD19AED1F26A453B9 ] C:\Windows\System32\nvapi.dll
10:50:18.0877 3720 C:\Windows\System32\nvapi.dll - ok
10:50:18.0883 3720 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] C:\Windows\System32\drivers\bowser.sys
10:50:18.0884 3720 C:\Windows\System32\drivers\bowser.sys - ok
10:50:18.0892 3720 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] C:\Windows\System32\drivers\srvnet.sys
10:50:18.0892 3720 C:\Windows\System32\drivers\srvnet.sys - ok
10:50:18.0899 3720 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] C:\Windows\System32\drivers\mrxsmb.sys
10:50:18.0899 3720 C:\Windows\System32\drivers\mrxsmb.sys - ok
10:50:18.0907 3720 [ 6D17A4791ACA19328C685D256349FEFC ] C:\Windows\System32\drivers\mrxsmb10.sys
10:50:18.0907 3720 C:\Windows\System32\drivers\mrxsmb10.sys - ok
10:50:18.0914 3720 [ B81F204D146000BE76651A50670A5E9E ] C:\Windows\System32\drivers\mrxsmb20.sys
10:50:18.0914 3720 C:\Windows\System32\drivers\mrxsmb20.sys - ok
10:50:18.0922 3720 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] C:\Windows\System32\drivers\srv2.sys
10:50:18.0922 3720 C:\Windows\System32\drivers\srv2.sys - ok
10:50:18.0929 3720 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] C:\Windows\System32\drivers\srv.sys
10:50:18.0929 3720 C:\Windows\System32\drivers\srv.sys - ok
10:50:18.0936 3720 [ 58405E4F68BA8E4057C6E914F326ABA2 ] C:\Windows\System32\wkssvc.dll
10:50:18.0936 3720 C:\Windows\System32\wkssvc.dll - ok
10:50:18.0945 3720 [ 560512DDCCDE258AF47EF1F06002970B ] C:\Windows\System32\nvcpl.dll
10:50:18.0945 3720 C:\Windows\System32\nvcpl.dll - ok
10:50:18.0953 3720 [ D64AF876D53ECA3668BB97B51B4E70AB ] C:\Windows\System32\srvsvc.dll
10:50:18.0953 3720 C:\Windows\System32\srvsvc.dll - ok
10:50:18.0959 3720 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] C:\Windows\System32\browser.dll
10:50:18.0959 3720 C:\Windows\System32\browser.dll - ok
10:50:18.0966 3720 [ AE9898D5600A232CD8AE3298692162E5 ] C:\Windows\System32\clusapi.dll
10:50:18.0966 3720 C:\Windows\System32\clusapi.dll - ok
10:50:18.0974 3720 [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
10:50:18.0975 3720 C:\Windows\System32\netmsg.dll - ok
10:50:18.0981 3720 [ 89E783711AF91AF09E1EF30EF3107446 ] C:\Windows\System32\sscore.dll
10:50:18.0981 3720 C:\Windows\System32\sscore.dll - ok
10:50:18.0989 3720 [ 2AF094C822BD6094F14A8E85FB51D52A ] C:\Windows\System32\resutils.dll
10:50:18.0989 3720 C:\Windows\System32\resutils.dll - ok
10:50:18.0996 3720 [ ADC420616C501B45D26C0FD3EF1E54E4 ] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:50:18.0996 3720 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe - ok
10:50:19.0005 3720 [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
10:50:19.0005 3720 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
10:50:19.0012 3720 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
10:50:19.0012 3720 C:\Windows\System32\drivers\parport.sys - ok
10:50:19.0020 3720 [ C69DBFA61FE3DEA653A9B83C3A2B052B ] C:\Program Files\Bonjour\mdnsNSP.dll
10:50:19.0020 3720 C:\Program Files\Bonjour\mdnsNSP.dll - ok
10:50:19.0027 3720 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
10:50:19.0027 3720 C:\Windows\System32\rasadhlp.dll - ok
10:50:19.0031 3720 [ 3927397AC60D943DAF8808AFFED582B7 ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:50:19.0031 3720 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
10:50:19.0039 3720 [ 7548C242D95CBFF76908360AD629C09F ] C:\Program Files\Common Files\ArcSoft\Bin\ArcCon.dll
10:50:19.0039 3720 C:\Program Files\Common Files\ArcSoft\Bin\ArcCon.dll - ok
10:50:19.0047 3720 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\System32\msi.dll
10:50:19.0047 3720 C:\Windows\System32\msi.dll - ok
10:50:19.0056 3720 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
10:50:19.0056 3720 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
10:50:19.0064 3720 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:50:19.0064 3720 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
10:50:19.0073 3720 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
10:50:19.0074 3720 C:\Windows\System32\dllhost.exe - ok
10:50:19.0080 3720 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
10:50:19.0080 3720 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
10:50:19.0089 3720 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
10:50:19.0089 3720 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
10:50:19.0096 3720 [ DDDD1D04D5F4360371BC99C7C476F70D ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
10:50:19.0096 3720 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
10:50:19.0104 3720 [ BC485253D079F28BA398294465D13A21 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
10:50:19.0105 3720 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
10:50:19.0112 3720 [ 7CAAC9543318A1EE9056859F073A00DA ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
10:50:19.0112 3720 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
10:50:19.0120 3720 [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
10:50:19.0120 3720 C:\Windows\System32\IDStore.dll - ok
10:50:19.0127 3720 [ 7FA8BA5A780E4757964AC9D4238302B9 ] C:\Windows\System32\taskhost.exe
10:50:19.0128 3720 C:\Windows\System32\taskhost.exe - ok
10:50:19.0137 3720 [ C9680F06E51DB8B9A0772C20F3E10DB6 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
10:50:19.0137 3720 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
10:50:19.0144 3720 [ 554BD99F802FCC7BFE7FA7102384A2D2 ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
10:50:19.0144 3720 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
10:50:19.0150 3720 [ 3CA2BB895E204478C7A4C9BAF70970CE ] C:\Windows\System32\AtBroker.exe
10:50:19.0150 3720 C:\Windows\System32\AtBroker.exe - ok
10:50:19.0160 3720 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
10:50:19.0160 3720 C:\Windows\System32\mpr.dll - ok
10:50:19.0166 3720 [ 4F2659160AFCCA990305816946F69407 ] C:\Windows\System32\taskeng.exe
10:50:19.0166 3720 C:\Windows\System32\taskeng.exe - ok
10:50:19.0175 3720 [ 74AF6AA2E8B3180AADAE5FE8813CB1CD ] C:\Windows\System32\localspl.dll
10:50:19.0175 3720 C:\Windows\System32\localspl.dll - ok
10:50:19.0182 3720 [ 61AC3EFDFACFDD3F0F11DD4FD4044223 ] C:\Windows\System32\userinit.exe
10:50:19.0182 3720 C:\Windows\System32\userinit.exe - ok
10:50:19.0190 3720 [ F64A630C746DCEFB640FE724F911D317 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
10:50:19.0190 3720 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
10:50:19.0197 3720 [ 629181C26A78EB66B0B4E774E5AC2882 ] C:\Windows\System32\spoolss.dll
10:50:19.0197 3720 C:\Windows\System32\spoolss.dll - ok
10:50:19.0204 3720 [ 39C821EF59F82FF6CDCCA768E5E36BBE ] C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
10:50:19.0204 3720 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll - ok
10:50:19.0212 3720 [ 6D59EC87391A45019D95841AF590D890 ] C:\Windows\System32\E_FLBEGA.DLL
10:50:19.0213 3720 C:\Windows\System32\E_FLBEGA.DLL - ok
10:50:19.0221 3720 [ 126F8331BD023178C7F0EF2F5EDE16B3 ] C:\Windows\System32\FXSMON.dll
10:50:19.0221 3720 C:\Windows\System32\FXSMON.dll - ok
10:50:19.0228 3720 [ 6FE5C4B61EC85D746ADFA9FFF8C2AC58 ] C:\Windows\System32\HPZ3LLHN.DLL
10:50:19.0228 3720 C:\Windows\System32\HPZ3LLHN.DLL - ok
10:50:19.0234 3720 [ 03CF941D031F30272D3063E5A4D686F5 ] C:\Windows\System32\PrintIsolationProxy.dll
10:50:19.0234 3720 C:\Windows\System32\PrintIsolationProxy.dll - ok
10:50:19.0244 3720 [ B390C1D825C7687493BEDE237C6C2F25 ] C:\Windows\System32\tcpmon.dll
10:50:19.0244 3720 C:\Windows\System32\tcpmon.dll - ok
10:50:19.0251 3720 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\System32\snmpapi.dll
10:50:19.0251 3720 C:\Windows\System32\snmpapi.dll - ok
10:50:19.0261 3720 [ 6357E2B68753A1F5CF4A68A25C4FD14A ] C:\Windows\System32\wsnmp32.dll
10:50:19.0261 3720 C:\Windows\System32\wsnmp32.dll - ok
10:50:19.0267 3720 [ 7319102526BD11B45FD66335CF90CA12 ] C:\Windows\System32\HotStartUserAgent.dll
10:50:19.0267 3720 C:\Windows\System32\HotStartUserAgent.dll - ok
10:50:19.0276 3720 [ 923CDD30092DB73EC4A0EBCDDD16C686 ] C:\Windows\System32\usbmon.dll
10:50:19.0276 3720 C:\Windows\System32\usbmon.dll - ok
10:50:19.0283 3720 [ A8EB761DE499242BECF153B2B34F020E ] C:\Windows\System32\WSDMon.dll
10:50:19.0283 3720 C:\Windows\System32\WSDMon.dll - ok
10:50:19.0288 3720 [ 3075B86A8EE385CADA46F69386430FCF ] C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
10:50:19.0288 3720 C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll - ok
10:50:19.0295 3720 [ 73F6C5223F7E9B5780DD4A6C30FCF569 ] C:\Windows\System32\WSDApi.dll
10:50:19.0295 3720 C:\Windows\System32\WSDApi.dll - ok
10:50:19.0303 3720 [ DB846EECA70EE9D2E2FF31147C57B0F4 ] C:\Windows\System32\webservices.dll
10:50:19.0303 3720 C:\Windows\System32\webservices.dll - ok
10:50:19.0311 3720 [ 608E159EC424C6B54D04ABFDF2E8F8B0 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
10:50:19.0311 3720 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll - ok
10:50:19.0317 3720 [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\System32\fundisc.dll
10:50:19.0317 3720 C:\Windows\System32\fundisc.dll - ok
10:50:19.0326 3720 [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\System32\fdPnp.dll
10:50:19.0326 3720 C:\Windows\System32\fdPnp.dll - ok
10:50:19.0333 3720 [ 801DECF3A583C270E5C398FCD082E3DD ] C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
10:50:19.0333 3720 C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL - ok
10:50:19.0342 3720 [ CD72C6406BA561BED6D42CB145E55307 ] C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
10:50:19.0342 3720 C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll - ok
10:50:19.0349 3720 [ BE3953C7DAE4ECC89134CF64A903F8ED ] C:\Windows\System32\win32spl.dll
10:50:19.0349 3720 C:\Windows\System32\win32spl.dll - ok
10:50:19.0357 3720 [ D27DDE7E0444C7F1819F958469EB7D93 ] C:\Windows\System32\inetpp.dll
10:50:19.0357 3720 C:\Windows\System32\inetpp.dll - ok
10:50:19.0364 3720 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\System32\cscapi.dll
10:50:19.0364 3720 C:\Windows\System32\cscapi.dll - ok
10:50:19.0372 3720 [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
10:50:19.0372 3720 C:\Windows\System32\dwm.exe - ok
10:50:19.0379 3720 [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
10:50:19.0379 3720 C:\Windows\System32\PlaySndSrv.dll - ok
10:50:19.0386 3720 [ 497E59D9F01C6F247E72222A61835119 ] C:\Windows\System32\dwmcore.dll
10:50:19.0387 3720 C:\Windows\System32\dwmcore.dll - ok
10:50:19.0394 3720 [ 754AFC50022C95DA7C86B7020DB78136 ] C:\Windows\System32\dwmredir.dll
10:50:19.0394 3720 C:\Windows\System32\dwmredir.dll - ok
10:50:19.0401 3720 [ F788B51100D0F40EA176798CCE954A1A ] C:\Windows\System32\drivers\AVGIDSShim.sys
10:50:19.0401 3720 C:\Windows\System32\drivers\AVGIDSShim.sys - ok
10:50:19.0410 3720 [ FC2BC51120A945F7C70376495E4E7737 ] C:\Program Files\AVG\AVG10\avgwdsvc.exe
10:50:19.0410 3720 C:\Program Files\AVG\AVG10\avgwdsvc.exe - ok
10:50:19.0416 3720 [ 2DE90400A63818FA38C4C5C9ADB166BF ] C:\Windows\System32\d3d10_1.dll
10:50:19.0416 3720 C:\Windows\System32\d3d10_1.dll - ok
10:50:19.0425 3720 [ 9C36A3CA80F9B204C670336D344F5DF8 ] C:\Windows\System32\d3d10_1core.dll
10:50:19.0425 3720 C:\Windows\System32\d3d10_1core.dll - ok
10:50:19.0432 3720 [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
10:50:19.0432 3720 C:\Windows\System32\MsCtfMonitor.dll - ok
10:50:19.0442 3720 [ 56CEED370508F69A1BA04939BD1BADDA ] C:\Windows\System32\msutb.dll
10:50:19.0442 3720 C:\Windows\System32\msutb.dll - ok
10:50:19.0449 3720 [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\System32\dxgi.dll
10:50:19.0449 3720 C:\Windows\System32\dxgi.dll - ok
10:50:19.0457 3720 [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\System32\TSChannel.dll
10:50:19.0457 3720 C:\Windows\System32\TSChannel.dll - ok
10:50:19.0463 3720 [ 8B88EBBB05A0E56B7DCC708498C02B3E ] C:\Windows\explorer.exe
10:50:19.0463 3720 C:\Windows\explorer.exe - ok
10:50:19.0472 3720 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
10:50:19.0472 3720 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
10:50:19.0480 3720 [ F832F1505AD8B83474BD9A5B1B985E01 ] C:\Program Files\Bonjour\mDNSResponder.exe
10:50:19.0480 3720 C:\Program Files\Bonjour\mDNSResponder.exe - ok
10:50:19.0487 3720 [ 54AF46DC37E63E1E85EB619033953309 ] C:\Windows\System32\d3d10level9.dll
10:50:19.0487 3720 C:\Windows\System32\d3d10level9.dll - ok
10:50:19.0495 3720 [ A0BEF0D84308F45B1BC3196665D18EC9 ] C:\Windows\System32\nvd3dum.dll
10:50:19.0495 3720 C:\Windows\System32\nvd3dum.dll - ok
10:50:19.0503 3720 [ CE62652689462E14ED8C5D87FA34A28B ] C:\Program Files\AVG\AVG10\avgwd.dll
10:50:19.0503 3720 C:\Program Files\AVG\AVG10\avgwd.dll - ok
10:50:19.0510 3720 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
10:50:19.0510 3720 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
10:50:19.0517 3720 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
10:50:19.0518 3720 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
10:50:19.0526 3720 [ C6E6F5ED8CAAEACB04A8E43F539DF300 ] C:\Program Files\AVG\AVG10\avgcfgx.dll
10:50:19.0526 3720 C:\Program Files\AVG\AVG10\avgcfgx.dll - ok
10:50:19.0534 3720 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\System32\ExplorerFrame.dll
10:50:19.0534 3720 C:\Windows\System32\ExplorerFrame.dll - ok
10:50:19.0544 3720 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\System32\mstask.dll
10:50:19.0544 3720 C:\Windows\System32\mstask.dll - ok
10:50:19.0550 3720 [ 2100560AF3F7F2948F2676E44DFB4ECF ] C:\Windows\System32\uDWM.dll
10:50:19.0550 3720 C:\Windows\System32\uDWM.dll - ok
10:50:19.0559 3720 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
10:50:19.0559 3720 C:\Windows\System32\EhStorShell.dll - ok
10:50:19.0566 3720 [ FB8C6A46EAF7585D2CA8583C4C9A8EDF ] C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
10:50:19.0566 3720 C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL - ok
10:50:19.0574 3720 [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\System32\esent.dll
10:50:19.0574 3720 C:\Windows\System32\esent.dll - ok
10:50:19.0581 3720 [ 6D7FEA5353AE646167E91152F1D9BE89 ] C:\Program Files\AVG\AVG10\avgcslx.dll
10:50:19.0581 3720 C:\Program Files\AVG\AVG10\avgcslx.dll - ok
10:50:19.0589 3720 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] C:\Windows\System32\dps.dll
10:50:19.0589 3720 C:\Windows\System32\dps.dll - ok
10:50:19.0596 3720 [ EC6A73CD8413F68655E5E0B99C415A21 ] C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
10:50:19.0597 3720 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE - ok
10:50:19.0604 3720 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\System32\taskschd.dll
10:50:19.0604 3720 C:\Windows\System32\taskschd.dll - ok
10:50:19.0613 3720 [ 89F5770AD1E9D9CEF93D00303135EC33 ] C:\Windows\System32\ntprint.dll
10:50:19.0613 3720 C:\Windows\System32\ntprint.dll - ok
10:50:19.0621 3720 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
10:50:19.0621 3720 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
10:50:19.0630 3720 [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
10:50:19.0630 3720 C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
10:50:19.0638 3720 [ E9901A7E569C4156FDA69F5C9356B8ED ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF
10:50:19.0638 3720 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok
10:50:19.0646 3720 [ DE81240BD5476BB8AA2261349AB32FF8 ] C:\Program Files\AVG\AVG10\avgamnot.dll
10:50:19.0646 3720 C:\Program Files\AVG\AVG10\avgamnot.dll - ok
10:50:19.0654 3720 [ 8F2E5F841DF279C41FA011E8F2E945BC ] C:\Program Files\AVG\AVG10\avgidpsdkx.dll
10:50:19.0654 3720 C:\Program Files\AVG\AVG10\avgidpsdkx.dll - ok
10:50:19.0660 3720 [ E8A6413CE73FD6C7586F27443A3171C8 ] C:\Program Files\AVG\AVG10\avgnsx.exe
10:50:19.0660 3720 C:\Program Files\AVG\AVG10\avgnsx.exe - ok
10:50:19.0667 3720 [ 04DA8CE286070477EF33925615520E6F ] C:\Program Files\AVG\AVG10\avgemcx.exe
10:50:19.0667 3720 C:\Program Files\AVG\AVG10\avgemcx.exe - ok
10:50:19.0676 3720 [ 96EC140D8EC76556A3651987B7102F92 ] C:\Program Files\AVG\AVG10\avgsched.dll
10:50:19.0676 3720 C:\Program Files\AVG\AVG10\avgsched.dll - ok
10:50:19.0683 3720 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll
10:50:19.0683 3720 C:\Windows\System32\SensApi.dll - ok
10:50:19.0691 3720 [ 676CCC08D9E9A3F4CA39CB04E97048DF ] C:\PROGRA~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
10:50:19.0691 3720 C:\PROGRA~1\MICROS~2\Office14\1033\GrooveIntlResource.dll - ok
10:50:19.0698 3720 [ 80AEC7987F4F315DC8B65FA1A42FF554 ] C:\Program Files\AVG\AVG10\avgwdwsc.dll
10:50:19.0698 3720 C:\Program Files\AVG\AVG10\avgwdwsc.dll - ok
10:50:19.0706 3720 [ 2ED30BA450FBA5D11F38A2D98179EBC9 ] C:\Windows\System32\RpcNs4.dll
10:50:19.0706 3720 C:\Windows\System32\RpcNs4.dll - ok
10:50:19.0714 3720 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
10:50:19.0714 3720 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE - ok
10:50:19.0721 3720 [ 7B162F044B225FE0CF25CACB5F05B07E ] C:\Windows\System32\conhost.exe
10:50:19.0722 3720 C:\Windows\System32\conhost.exe - ok
10:50:19.0729 3720 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\System32\ntshrui.dll
10:50:19.0729 3720 C:\Windows\System32\ntshrui.dll - ok
10:50:19.0737 3720 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
10:50:19.0737 3720 C:\Windows\System32\IconCodecService.dll - ok
10:50:19.0743 3720 [ 32E15ECF5854F5610BC895490BC3246A ] C:\Windows\System32\ieframe.dll
10:50:19.0743 3720 C:\Windows\System32\ieframe.dll - ok
10:50:19.0751 3720 [ 5E8E869E1342308752A37A2C90CCA79D ] C:\Windows\System32\mshtml.dll
10:50:19.0751 3720 C:\Windows\System32\mshtml.dll - ok
10:50:19.0759 3720 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] C:\Windows\System32\FDResPub.dll
10:50:19.0759 3720 C:\Windows\System32\FDResPub.dll - ok
10:50:19.0765 3720 [ 75EA62927355189876081EF863064982 ] C:\Windows\System32\ncsi.dll
10:50:19.0765 3720 C:\Windows\System32\ncsi.dll - ok
10:50:19.0774 3720 [ 912084381D30D8B89EC4E293053F4710 ] C:\Windows\System32\nlasvc.dll
10:50:19.0774 3720 C:\Windows\System32\nlasvc.dll - ok
10:50:19.0781 3720 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\System32\winhttp.dll
10:50:19.0781 3720 C:\Windows\System32\winhttp.dll - ok
10:50:19.0785 3720 [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
10:50:19.0785 3720 C:\Windows\System32\drivers\PEAuth.sys - ok
10:50:19.0794 3720 [ 16A252022535B680046F6E34E136D378 ] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:50:19.0794 3720 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - ok
10:50:19.0801 3720 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\System32\webio.dll
10:50:19.0801 3720 C:\Windows\System32\webio.dll - ok
10:50:19.0811 3720 [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
10:50:19.0811 3720 C:\Windows\System32\ssdpapi.dll - ok
10:50:19.0817 3720 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
10:50:19.0817 3720 C:\Windows\System32\drivers\secdrv.sys - ok
10:50:19.0826 3720 [ CCA24162E055C3714CE5A88B100C64ED ] C:\Windows\System32\drivers\tcpipreg.sys
10:50:19.0826 3720 C:\Windows\System32\drivers\tcpipreg.sys - ok
10:50:19.0832 3720 [ 36650D618CA34C9D357DFD3D89B2C56F ] C:\Windows\System32\sysmain.dll
10:50:19.0833 3720 C:\Windows\System32\sysmain.dll - ok
10:50:19.0840 3720 [ E1FB3706030FB4578A0D72C2FC3689E4 ] C:\Windows\System32\wiaservc.dll
10:50:19.0840 3720 C:\Windows\System32\wiaservc.dll - ok
10:50:19.0848 3720 [ B087F2B901570F6EF62F6C2E01A480F3 ] C:\Windows\System32\wiatrace.dll
10:50:19.0848 3720 C:\Windows\System32\wiatrace.dll - ok
10:50:19.0856 3720 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll
10:50:19.0856 3720 C:\Windows\System32\trkwks.dll - ok
10:50:19.0862 3720 [ 55187FD710E27D5095D10A472C8BAF1C ] C:\Windows\System32\w32time.dll
10:50:19.0862 3720 C:\Windows\System32\w32time.dll - ok
10:50:19.0870 3720 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
10:50:19.0870 3720 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE - ok
10:50:19.0878 3720 [ BC9D70133D8DAE53BA7600F61F21533D ] C:\Windows\System32\config\SYSTEM~1\1511242.dll
10:50:19.0878 3720 C:\Windows\System32\config\SYSTEM~1\1511242.dll - ok
10:50:19.0887 3720 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL
10:50:19.0887 3720 C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL - ok
10:50:19.0893 3720 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\System32\wer.dll
10:50:19.0895 3720 C:\Windows\System32\wer.dll - ok
10:50:19.0901 3720 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:50:19.0901 3720 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe - ok
10:50:19.0909 3720 [ 9C17DCD6DDFEB1A012544FAF4F2789F6 ] C:\Windows\AppPatch\AcGenral.dll
10:50:19.0909 3720 C:\Windows\AppPatch\AcGenral.dll - ok
10:50:19.0915 3720 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\System32\msxml3.dll
10:50:19.0916 3720 C:\Windows\System32\msxml3.dll - ok
10:50:19.0924 3720 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
10:50:19.0924 3720 C:\Windows\System32\msacm32.dll - ok
10:50:19.0930 3720 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
10:50:19.0931 3720 C:\Windows\System32\sfc.dll - ok
10:50:19.0938 3720 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
10:50:19.0938 3720 C:\Windows\System32\sfc_os.dll - ok
10:50:19.0945 3720 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
10:50:19.0945 3720 C:\Windows\System32\wbem\wbemprox.dll - ok
10:50:19.0956 3720 [ 9C879E1C3B27085FB46EFECCD7120D51 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
10:50:19.0956 3720 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE - ok
10:50:19.0963 3720 [ FA0685CC51DE5CFD804E7DEAA6488E0E ] C:\Windows\System32\drivers\AVGIDSFilter.sys
10:50:19.0963 3720 C:\Windows\System32\drivers\AVGIDSFilter.sys - ok
10:50:19.0971 3720 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\System32\wbemcomn.dll
10:50:19.0971 3720 C:\Windows\System32\wbemcomn.dll - ok
10:50:19.0979 3720 [ B9ACB889BA1E0561868C025F95D63E25 ] C:\Windows\System32\drivers\AVGIDSDriver.sys
10:50:19.0979 3720 C:\Windows\System32\drivers\AVGIDSDriver.sys - ok
10:50:19.0987 3720 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\System32\dssenh.dll
10:50:19.0987 3720 C:\Windows\System32\dssenh.dll - ok
10:50:19.0995 3720 [ 27115A53347FD0E36229C4DB532DD43E ] C:\Program Files\AVG\AVG10\avgxpl.dll
10:50:19.0995 3720 C:\Program Files\AVG\AVG10\avgxpl.dll - ok
10:50:20.0004 3720 [ 7A0F6A3E0E41425B9BA54616B482668A ] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
10:50:20.0004 3720 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe - ok
10:50:20.0012 3720 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
10:50:20.0012 3720 C:\Windows\System32\mlang.dll - ok
10:50:20.0018 3720 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\System32\msimtf.dll
10:50:20.0018 3720 C:\Windows\System32\msimtf.dll - ok
10:50:20.0027 3720 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\System32\msls31.dll
10:50:20.0027 3720 C:\Windows\System32\msls31.dll - ok
10:50:20.0033 3720 [ 9F179DA6BF972F2B8B7F90978D02D719 ] C:\Windows\System32\jscript9.dll
10:50:20.0033 3720 C:\Windows\System32\jscript9.dll - ok
10:50:20.0042 3720 [ 35CEDE6439FF0D8903223A0817FFE46C ] C:\Windows\System32\d2d1.dll
10:50:20.0042 3720 C:\Windows\System32\d2d1.dll - ok
10:50:20.0049 3720 [ A29D734F650F958424743BE3BAA052C8 ] C:\Windows\System32\DWrite.dll
10:50:20.0049 3720 C:\Windows\System32\DWrite.dll - ok
10:50:20.0057 3720 [ CFF3F66119D13EC1065CACDBCE6D6F2D ] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\avgcslex.dll
10:50:20.0057 3720 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\avgcslex.dll - ok
10:50:20.0064 3720 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
10:50:20.0064 3720 C:\Windows\System32\linkinfo.dll - ok
10:50:20.0071 3720 [ 19BC13711AC403FEB830522E4831701B ] C:\Windows\System32\gameux.dll
10:50:20.0071 3720 C:\Windows\System32\gameux.dll - ok
10:50:20.0079 3720 [ FB1959012294D6AD43E5304DF65E3C26 ] C:\Windows\System32\appinfo.dll
10:50:20.0079 3720 C:\Windows\System32\appinfo.dll - ok
10:50:20.0087 3720 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] C:\Windows\System32\FntCache.dll
10:50:20.0087 3720 C:\Windows\System32\FntCache.dll - ok
10:50:20.0094 3720 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll
10:50:20.0094 3720 C:\Windows\System32\wdi.dll - ok
10:50:20.0100 3720 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] C:\Windows\System32\hidserv.dll
10:50:20.0100 3720 C:\Windows\System32\hidserv.dll - ok
10:50:20.0109 3720 [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll
10:50:20.0109 3720 C:\Windows\System32\perftrack.dll - ok
10:50:20.0116 3720 [ AA53356D60AF47EACC85BC617A4F3F66 ] C:\Windows\System32\wpdbusenum.dll
10:50:20.0116 3720 C:\Windows\System32\wpdbusenum.dll - ok
10:50:20.0124 3720 [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
10:50:20.0124 3720 C:\Windows\System32\aepic.dll - ok
10:50:20.0131 3720 [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll
10:50:20.0131 3720 C:\Windows\System32\Apphlpdm.dll - ok
10:50:20.0138 3720 [ ECF036299AA554B5E0455262857B39D0 ] C:\Windows\System32\diagperf.dll
10:50:20.0139 3720 C:\Windows\System32\diagperf.dll - ok
10:50:20.0147 3720 [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\System32\PortableDeviceApi.dll
10:50:20.0147 3720 C:\Windows\System32\PortableDeviceApi.dll - ok
10:50:20.0156 3720 [ 43B18040C01F0A03EBFF6ACC3D72FD8A ] C:\Windows\System32\pcadm.dll
10:50:20.0156 3720 C:\Windows\System32\pcadm.dll - ok
10:50:20.0164 3720 [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll
10:50:20.0164 3720 C:\Windows\System32\pnpts.dll - ok
10:50:20.0173 3720 [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
10:50:20.0173 3720 C:\Windows\System32\pcasvc.dll - ok
10:50:20.0181 3720 [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll
10:50:20.0181 3720 C:\Windows\System32\radardt.dll - ok
10:50:20.0189 3720 [ F0016853FA3F38F55FD868FF74C0359B ] C:\Windows\System32\wdiasqmmodule.dll
10:50:20.0189 3720 C:\Windows\System32\wdiasqmmodule.dll - ok
10:50:20.0196 3720 [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
10:50:20.0197 3720 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
10:50:20.0204 3720 [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
10:50:20.0204 3720 C:\Windows\System32\aeevts.dll - ok
10:50:20.0212 3720 [ 1023EE888C9B47178C5293ED5336AB69 ] C:\Windows\System32\drivers\WUDFRd.sys
10:50:20.0212 3720 C:\Windows\System32\drivers\WUDFRd.sys - ok
10:50:20.0221 3720 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\System32\runonce.exe
10:50:20.0221 3720 C:\Windows\System32\runonce.exe - ok
10:50:20.0228 3720 [ 311A281F5199EC39711017530DC06B64 ] C:\Windows\System32\WUDFHost.exe
10:50:20.0228 3720 C:\Windows\System32\WUDFHost.exe - ok
10:50:20.0234 3720 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll
10:50:20.0234 3720 C:\Windows\System32\aelupsvc.dll - ok
10:50:20.0243 3720 [ 78B7A3BDA25C90DAA50D36A56A8D1351 ] C:\Windows\System32\d3d10warp.dll
10:50:20.0244 3720 C:\Windows\System32\d3d10warp.dll - ok
10:50:20.0250 3720 [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll
10:50:20.0250 3720 C:\Windows\System32\dimsjob.dll - ok
10:50:20.0258 3720 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
10:50:20.0258 3720 C:\Windows\System32\npmproxy.dll - ok
10:50:20.0265 3720 [ 7E57B6D3D74CB9EF3055BA4E89F038D4 ] C:\Windows\System32\Macromed\Flash\Flash32_11_5_502_146.ocx
10:50:20.0266 3720 C:\Windows\System32\Macromed\Flash\Flash32_11_5_502_146.ocx - ok
10:50:20.0274 3720 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\System32\cmd.exe
10:50:20.0274 3720 C:\Windows\System32\cmd.exe - ok
10:50:20.0280 3720 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\System32\mscms.dll
10:50:20.0280 3720 C:\Windows\System32\mscms.dll - ok
10:50:20.0287 3720 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\System32\shdocvw.dll
10:50:20.0287 3720 C:\Windows\System32\shdocvw.dll - ok
10:50:20.0292 3720 [ 8549E6ABF8B270CC10C31B480239E116 ] C:\Windows\System32\WUDFx.dll
10:50:20.0292 3720 C:\Windows\System32\WUDFx.dll - ok
10:50:20.0299 3720 [ 7ABBDC3B08950992D218FA1E52D52A96 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
10:50:20.0299 3720 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
10:50:20.0307 3720 [ 0F416E23DD2EB4DEBE70608020CFD283 ] C:\Windows\System32\WMVCORE.DLL
10:50:20.0307 3720 C:\Windows\System32\WMVCORE.DLL - ok
10:50:20.0314 3720 [ A7DD56261518373F70F23079EB3CD0A2 ] C:\Windows\System32\WMASF.DLL
10:50:20.0314 3720 C:\Windows\System32\WMASF.DLL - ok
10:50:20.0321 3720 [ 81490FDAE27F0082E5CC2DC78DCA96FA ] C:\Windows\System32\PortableDeviceClassExtension.dll
10:50:20.0321 3720 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
10:50:20.0330 3720 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
10:50:20.0330 3720 C:\Windows\System32\PortableDeviceTypes.dll - ok
10:50:20.0338 3720 [ 5E7A2CF7719161C5E6C0E47D67AD45AE ] C:\Windows\System32\vbscript.dll
10:50:20.0339 3720 C:\Windows\System32\vbscript.dll - ok
10:50:20.0345 3720 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
10:50:20.0345 3720 C:\Windows\System32\NapiNSP.dll - ok
10:50:20.0351 3720 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
10:50:20.0351 3720 C:\Windows\System32\pnrpnsp.dll - ok
10:50:20.0360 3720 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
10:50:20.0360 3720 C:\Windows\System32\winrnr.dll - ok
10:50:20.0367 3720 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Randy\AppData\Local\Temp\1B140A41-0BA5-40D2-A5A8-54D5F07FE560.exe
10:50:20.0367 3720 C:\Users\Randy\AppData\Local\Temp\1B140A41-0BA5-40D2-A5A8-54D5F07FE560.exe - ok
10:50:20.0376 3720 [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\System32\cabinet.dll
10:50:20.0376 3720 C:\Windows\System32\cabinet.dll - ok
10:50:20.0383 3720 [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\System32\p2pcollab.dll
10:50:20.0383 3720 C:\Windows\System32\p2pcollab.dll - ok
10:50:20.0391 3720 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] C:\Windows\System32\QAGENTRT.DLL
10:50:20.0391 3720 C:\Windows\System32\QAGENTRT.DLL - ok
10:50:20.0398 3720 [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2 ] C:\Windows\System32\fveui.dll
10:50:20.0398 3720 C:\Windows\System32\fveui.dll - ok
10:50:20.0407 3720 [ 370E6FB6F6FF1B3DAC7F1182AC493BB6 ] C:\Windows\System32\oleres.dll
10:50:20.0407 3720 C:\Windows\System32\oleres.dll - ok
10:50:20.0413 3720 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
10:50:20.0413 3720 C:\Windows\System32\ie4uinit.exe - ok
10:50:20.0421 3720 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
10:50:20.0421 3720 C:\Windows\System32\iedkcs32.dll - ok
10:50:20.0428 3720 [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\System32\timedate.cpl
10:50:20.0428 3720 C:\Windows\System32\timedate.cpl - ok
10:50:20.0437 3720 [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\System32\actxprxy.dll
10:50:20.0438 3720 C:\Windows\System32\actxprxy.dll - ok
10:50:20.0444 3720 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll
10:50:20.0444 3720 C:\Windows\System32\msiltcfg.dll - ok
10:50:20.0450 3720 [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\System32\msftedit.dll
10:50:20.0450 3720 C:\Windows\System32\msftedit.dll - ok
10:50:20.0459 3720 [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
10:50:20.0459 3720 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
10:50:20.0466 3720 [ 2A39F32E0067CBF221611FE1FA8C6D8F ] C:\Windows\System32\DeviceCenter.dll
10:50:20.0466 3720 C:\Windows\System32\DeviceCenter.dll - ok
10:50:20.0474 3720 [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\System32\thumbcache.dll
10:50:20.0474 3720 C:\Windows\System32\thumbcache.dll - ok
10:50:20.0480 3720 [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\System32\networkexplorer.dll
10:50:20.0480 3720 C:\Windows\System32\networkexplorer.dll - ok
10:50:20.0489 3720 [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\System32\davclnt.dll
10:50:20.0489 3720 C:\Windows\System32\davclnt.dll - ok
10:50:20.0496 3720 [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\System32\drprov.dll
10:50:20.0496 3720 C:\Windows\System32\drprov.dll - ok
10:50:20.0504 3720 [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\System32\ntlanman.dll
10:50:20.0504 3720 C:\Windows\System32\ntlanman.dll - ok
10:50:20.0511 3720 [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\System32\davhlpr.dll
10:50:20.0511 3720 C:\Windows\System32\davhlpr.dll - ok
10:50:20.0516 3720 [ 339DFA98DDDA7DDF735CE21C82E6F1DD ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
10:50:20.0516 3720 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe - ok
10:50:20.0523 3720 [ 744D030AB2C90A6390B98DB00058C678 ] C:\Windows\RtHDVCpl.exe
10:50:20.0523 3720 C:\Windows\RtHDVCpl.exe - ok
10:50:20.0531 3720 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\System32\wdmaud.drv
10:50:20.0531 3720 C:\Windows\System32\wdmaud.drv - ok
10:50:20.0540 3720 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\System32\AudioSes.dll
10:50:20.0540 3720 C:\Windows\System32\AudioSes.dll - ok
10:50:20.0544 3720 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
10:50:20.0544 3720 C:\Windows\System32\ksuser.dll - ok
10:50:20.0552 3720 [ 697E07302EC965393ABC85AD5C2C8D53 ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
10:50:20.0552 3720 C:\Program Files\Microsoft IntelliPoint\ipoint.exe - ok
10:50:20.0562 3720 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll
10:50:20.0562 3720 C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll - ok
10:50:20.0571 3720 [ 251F10B000F0A032D00399D706DF3BBA ] C:\Program Files\Microsoft IntelliType Pro\itype.exe
10:50:20.0572 3720 C:\Program Files\Microsoft IntelliType Pro\itype.exe - ok
10:50:20.0578 3720 [ 0853879FEC576059DF393A2B3747DDDA ] C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
10:50:20.0578 3720 C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll - ok
10:50:20.0585 3720 [ 06105D08927E3498B3D380CBF0688E78 ] C:\Program Files\AVG\AVG10\avgtray.exe
10:50:20.0585 3720 C:\Program Files\AVG\AVG10\avgtray.exe - ok
10:50:20.0593 3720 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
10:50:20.0593 3720 C:\Windows\System32\msacm32.drv - ok
10:50:20.0600 3720 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
10:50:20.0600 3720 C:\Windows\System32\midimap.dll - ok
10:50:20.0608 3720 [ 901AA7A38CE13F14B6BBEC38C0595698 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
10:50:20.0609 3720 C:\Program Files\Microsoft Office\Office14\BCSSync.exe - ok
10:50:20.0615 3720 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
10:50:20.0615 3720 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll - ok
10:50:20.0624 3720 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10:50:20.0624 3720 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
10:50:20.0631 3720 [ 98A078F838A70F84E1BD490D7C7675F4 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
10:50:20.0631 3720 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
10:50:20.0638 3720 [ A7DC47DBBE3C0384BA719DC4188AFA7E ] C:\Windows\ehome\ehtray.exe
10:50:20.0638 3720 C:\Windows\ehome\ehtray.exe - ok
10:50:20.0646 3720 [ 6DA7C93AB37B4A204BFCAE9FA07FF48D ] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
10:50:20.0646 3720 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe - ok
10:50:20.0657 3720 [ C335EC1182AC10B188705554E0BC1186 ] C:\Windows\System32\msvfw32.dll
10:50:20.0657 3720 C:\Windows\System32\msvfw32.dll - ok
10:50:20.0665 3720 [ DCCA4B04AF87E52EF9EAA2190E06CBAC ] C:\Program Files\Windows Sidebar\sidebar.exe
10:50:20.0665 3720 C:\Program Files\Windows Sidebar\sidebar.exe - ok
10:50:20.0673 3720 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
10:50:20.0673 3720 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL - ok
10:50:20.0680 3720 [ 127CD00925C1A2B759765C5B9600DE30 ] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
10:50:20.0680 3720 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe - ok
10:50:20.0687 3720 [ 199F9ADDB1C1E633169B9F6CB40D7724 ] C:\Program Files\AVG\AVG10\avglngx.dll
10:50:20.0687 3720 C:\Program Files\AVG\AVG10\avglngx.dll - ok
10:50:20.0695 3720 [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll
10:50:20.0695 3720 C:\Windows\System32\AudioEng.dll - ok
10:50:20.0702 3720 [ 2F0EAAF91FC7A5C70D1F4BE9B18A1CF5 ] C:\Windows\System32\StikyNot.exe
10:50:20.0703 3720 C:\Windows\System32\StikyNot.exe - ok
10:50:20.0712 3720 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft IntelliType Pro\SQMAPI.dll
10:50:20.0712 3720 C:\Program Files\Microsoft IntelliType Pro\SQMAPI.dll - ok
10:50:20.0719 3720 [ AD0FA09387389726C6C7C65E3F3B16A2 ] C:\Program Files\Microsoft IntelliType Pro\dpgmkb.dll
10:50:20.0719 3720 C:\Program Files\Microsoft IntelliType Pro\dpgmkb.dll - ok
10:50:20.0729 3720 [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll
10:50:20.0729 3720 C:\Windows\System32\AUDIOKSE.dll - ok
10:50:20.0739 3720 [ 043FE3C9088BEADC6A9FFC033C84F20F ] C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
10:50:20.0739 3720 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - ok
10:50:20.0746 3720 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
10:50:20.0746 3720 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
10:50:20.0754 3720 [ 6FB1F09540950B9FC8649C278BE2128F ] C:\Program Files\Microsoft IntelliPoint\ipres.dll
10:50:20.0755 3720 C:\Program Files\Microsoft IntelliPoint\ipres.dll - ok
10:50:20.0761 3720 [ 5AA4DF6CD3C96086955064BEC1CD0C9B ] C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
10:50:20.0761 3720 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
10:50:20.0768 3720 [ 0661BF92249C1129B78026D972774221 ] C:\Windows\System32\RtkAPO.dll
10:50:20.0769 3720 C:\Windows\System32\RtkAPO.dll - ok
10:50:20.0777 3720 [ AF4DC6348884A5636F439FC6CE93A8DC ] C:\Program Files\AVG\AVG10\avgabout.dll
10:50:20.0777 3720 C:\Program Files\AVG\AVG10\avgabout.dll - ok
10:50:20.0784 3720 [ BFD20BBD92D20D020503ED8C7F377451 ] C:\Program Files\Microsoft IntelliPoint\srres.dll
10:50:20.0784 3720 C:\Program Files\Microsoft IntelliPoint\srres.dll - ok
10:50:20.0793 3720 [ 6F08658203ABFD7A64C0B33D60EFDFDB ] C:\Program Files\Microsoft IntelliType Pro\itres.dll
10:50:20.0793 3720 C:\Program Files\Microsoft IntelliType Pro\itres.dll - ok
10:50:20.0797 3720 [ 1D5AF557826A823F15A077147B5FA299 ] C:\Program Files\Microsoft IntelliType Pro\srres.dll
10:50:20.0797 3720 C:\Program Files\Microsoft IntelliType Pro\srres.dll - ok
10:50:20.0804 3720 [ 61B12427CCBF5512E3439664C00D5FCD ] C:\Program Files\AVG\AVG10\avguires.dll
10:50:20.0804 3720 C:\Program Files\AVG\AVG10\avguires.dll - ok
10:50:20.0812 3720 [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\System32\stobject.dll
10:50:20.0812 3720 C:\Windows\System32\stobject.dll - ok
10:50:20.0819 3720 [ 4E30ED3E551E867ADD1C8D58F5EDD9DF ] C:\Windows\System32\WMALFXGFXDSP.dll
10:50:20.0819 3720 C:\Windows\System32\WMALFXGFXDSP.dll - ok
10:50:20.0827 3720 [ 81ADBC4E31A721AEF23251A952049BA2 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
10:50:20.0827 3720 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
10:50:20.0834 3720 [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\System32\batmeter.dll
10:50:20.0834 3720 C:\Windows\System32\batmeter.dll - ok
10:50:20.0843 3720 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
10:50:20.0843 3720 C:\Windows\System32\mfplat.dll - ok
10:50:20.0850 3720 [ BE2C8B7B33386EE0613ED922341F67AB ] C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
10:50:20.0850 3720 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe - ok
10:50:20.0858 3720 [ 1717BFACDB2939D5C79C7F855BB3CF60 ] C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
10:50:20.0858 3720 C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe - ok
10:50:20.0865 3720 [ 81E7E920312D372CF57A817049AC7C76 ] C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
10:50:20.0865 3720 C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL - ok
10:50:20.0873 3720 [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\System32\rundll32.exe
10:50:20.0873 3720 C:\Windows\System32\rundll32.exe - ok
10:50:20.0882 3720 [ 350A0C2CC411A6B0982604C8893C3E93 ] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
10:50:20.0882 3720 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe - ok
10:50:20.0890 3720 [ 20DC6DCAEB3C750C54C2A09CA044C8DA ] C:\Program Files\Yahoo!\Messenger\YImage.dll
10:50:20.0890 3720 C:\Program Files\Yahoo!\Messenger\YImage.dll - ok
10:50:20.0898 3720 [ FC19F3D46E21EF65EEA990B8AF2076F6 ] C:\Program Files\Microsoft Office\Office14\1033\ONINTL.DLL
10:50:20.0898 3720 C:\Program Files\Microsoft Office\Office14\1033\ONINTL.DLL - ok
10:50:20.0905 3720 [ 38A683644592E99FAF0D1882EC014C3B ] C:\Program Files\Yahoo!\Messenger\ylog.dll
10:50:20.0905 3720 C:\Program Files\Yahoo!\Messenger\ylog.dll - ok
10:50:20.0914 3720 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\System32\riched20.dll
10:50:20.0914 3720 C:\Windows\System32\riched20.dll - ok
10:50:20.0921 3720 [ 1C76918D565613AB583E3C4D62828E10 ] C:\Program Files\Microsoft IntelliType Pro\dpgcmd.dll
10:50:20.0922 3720 C:\Program Files\Microsoft IntelliType Pro\dpgcmd.dll - ok
10:50:20.0930 3720 [ F400694D7D2785F60133C20F7F2F4F7A ] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
10:50:20.0930 3720 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac - ok
10:50:20.0938 3720 [ 4778CFCC920BF5CAB4B0C26316A103F4 ] C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll
10:50:20.0939 3720 C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll - ok
10:50:20.0947 3720 [ E295326C79DB2CD4CC1DD5A929490109 ] C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll
10:50:20.0947 3720 C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll - ok
10:50:20.0954 3720 [ 4907E4EE2D59EA7743EE2690A84D90FF ] C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
10:50:20.0955 3720 C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe - ok
10:50:20.0962 3720 [ 21F84D93D9D9FBF3B1474D8F3673F280 ] C:\Program Files\AVG\AVG10\avgui.exe
10:50:20.0962 3720 C:\Program Files\AVG\AVG10\avgui.exe - ok
10:50:20.0968 3720 [ 83E624D0986FA920AFB69EB71D79942D ] C:\Program Files\Yahoo!\Messenger\nspr4.dll
10:50:20.0968 3720 C:\Program Files\Yahoo!\Messenger\nspr4.dll - ok
10:50:20.0977 3720 [ ADB0C499E90EAAFB0FC4FE031CF3F87F ] C:\Program Files\Yahoo!\Messenger\yui.dll
10:50:20.0977 3720 C:\Program Files\Yahoo!\Messenger\yui.dll - ok
10:50:20.0984 3720 [ 27FC75229EEE367D4C0E643C108A90FA ] C:\Windows\System32\LocationApi.dll
10:50:20.0984 3720 C:\Windows\System32\LocationApi.dll - ok
10:50:20.0992 3720 [ D6626C93BF7F557839C028D32247F910 ] C:\Windows\System32\SensorsApi.dll
10:50:20.0993 3720 C:\Windows\System32\SensorsApi.dll - ok
10:50:20.0999 3720 [ 0DCA6A11D09D4C2CBE6B898B897EA915 ] C:\Windows\System32\UIAnimation.dll
10:50:20.0999 3720 C:\Windows\System32\UIAnimation.dll - ok
10:50:21.0008 3720 [ D845C1F78D22E9D4278C9DF280CFC89B ] C:\Program Files\Microsoft IntelliType Pro\Components\Commands\DPGHnt\DPGHnt.dll
10:50:21.0008 3720 C:\Program Files\Microsoft IntelliType Pro\Components\Commands\DPGHnt\DPGHnt.dll - ok
10:50:21.0015 3720 [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\System32\SearchIndexer.exe
10:50:21.0015 3720 C:\Windows\System32\SearchIndexer.exe - ok
10:50:21.0023 3720 [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\System32\wdscore.dll
10:50:21.0023 3720 C:\Windows\System32\wdscore.dll - ok
10:50:21.0030 3720 [ 4752A325E7CA1CADFCAAB831E6CF4587 ] C:\Program Files\Yahoo!\Messenger\ymsglite.dll
10:50:21.0030 3720 C:\Program Files\Yahoo!\Messenger\ymsglite.dll - ok
10:50:21.0038 3720 [ CA493A92DA9880B6F1A89C3DBD54BA5B ] C:\Windows\System32\dxtrans.dll
10:50:21.0038 3720 C:\Windows\System32\dxtrans.dll - ok
10:50:21.0045 3720 [ BAB9EF9A340113666F678AA2474904B6 ] C:\Windows\System32\ddrawex.dll
10:50:21.0046 3720 C:\Windows\System32\ddrawex.dll - ok
10:50:21.0052 3720 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\System32\ddraw.dll
10:50:21.0052 3720 C:\Windows\System32\ddraw.dll - ok
10:50:21.0061 3720 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\System32\dciman32.dll
10:50:21.0061 3720 C:\Windows\System32\dciman32.dll - ok
10:50:21.0067 3720 [ 4312DEBDACBE338F0B90E7F08E7672BE ] C:\Windows\System32\dxtmsft.dll
10:50:21.0067 3720 C:\Windows\System32\dxtmsft.dll - ok
10:50:21.0077 3720 [ E52C84483710797C56D72A751275A3A8 ] C:\Program Files\Yahoo!\Messenger\YHTTP.dll
10:50:21.0077 3720 C:\Program Files\Yahoo!\Messenger\YHTTP.dll - ok
10:50:21.0083 3720 [ 6B2EC6A02B6CC3D60662210083AE62BD ] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
10:50:21.0083 3720 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe - ok
10:50:21.0091 3720 [ A238CE7CE547499629F8C80F43DD56FA ] C:\Program Files\Yahoo!\Messenger\RGX.dll
10:50:21.0091 3720 C:\Program Files\Yahoo!\Messenger\RGX.dll - ok
10:50:21.0099 3720 [ 2572E1F0254E2267E97DE1B15D099EC4 ] C:\Windows\System32\d3d10.dll
10:50:21.0099 3720 C:\Windows\System32\d3d10.dll - ok
10:50:21.0109 3720 [ 368B2BEE3F88BFB883D2C74A258DE6F6 ] C:\Windows\AppPatch\AcLayers.dll
10:50:21.0109 3720 C:\Windows\AppPatch\AcLayers.dll - ok
10:50:21.0116 3720 [ 11E16C171F97D389A2E8BC1C3560EC34 ] C:\Program Files\Yahoo!\Messenger\YCPSSL.dll
10:50:21.0116 3720 C:\Program Files\Yahoo!\Messenger\YCPSSL.dll - ok
10:50:21.0125 3720 [ 885A585519842651F9F7F42C620B48E7 ] C:\Program Files\Yahoo!\Messenger\yalertcenterM.dll
10:50:21.0125 3720 C:\Program Files\Yahoo!\Messenger\yalertcenterM.dll - ok
10:50:21.0131 3720 [ 547F78746F20901C770E8653B242217C ] C:\Windows\System32\d3d10core.dll
10:50:21.0131 3720 C:\Windows\System32\d3d10core.dll - ok
10:50:21.0139 3720 [ 529BBCE8CC06E6A90286850851D9FE3B ] C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
10:50:21.0139 3720 C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe - ok
10:50:21.0147 3720 [ 455D14F7F7455FEE0886BA545F0E6617 ] C:\Program Files\Yahoo!\Messenger\ymdm_audio.dll
10:50:21.0147 3720 C:\Program Files\Yahoo!\Messenger\ymdm_audio.dll - ok
10:50:21.0155 3720 [ E1C1197D2202843F1CBAFB449851C7F5 ] C:\Program Files\Windows Sidebar\wlsrvc.dll
10:50:21.0155 3720 C:\Program Files\Windows Sidebar\wlsrvc.dll - ok
10:50:21.0163 3720 [ 76EF51AB610C80348CA7990788D57EB8 ] C:\Program Files\Yahoo!\Messenger\rmc_audio.dll
10:50:21.0163 3720 C:\Program Files\Yahoo!\Messenger\rmc_audio.dll - ok
10:50:21.0171 3720 [ 5E500CA6FC0F961EDB076CD63E6491D5 ] C:\Program Files\Microsoft Office\Office14\CLVIEW.EXE
10:50:21.0171 3720 C:\Program Files\Microsoft Office\Office14\CLVIEW.EXE - ok
10:50:21.0178 3720 [ 87D233EC2D421BF2C9F193177B8AD0A0 ] C:\Program Files\Yahoo!\Messenger\ymdm_video.dll
10:50:21.0179 3720 C:\Program Files\Yahoo!\Messenger\ymdm_video.dll - ok
10:50:21.0185 3720 [ C1F9A46A92D6E2A452C4252599573A0A ] C:\Program Files\Yahoo!\Messenger\core_video.dll
10:50:21.0185 3720 C:\Program Files\Yahoo!\Messenger\core_video.dll - ok
10:50:21.0194 3720 [ 5A8EBF167F36A7C0D6E9BDD027D55EEB ] C:\Program Files\DVD Maker\DVDMaker.exe
10:50:21.0194 3720 C:\Program Files\DVD Maker\DVDMaker.exe - ok
10:50:21.0200 3720 [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\System32\d3d9.dll
10:50:21.0200 3720 C:\Windows\System32\d3d9.dll - ok
10:50:21.0209 3720 [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\System32\tquery.dll
10:50:21.0209 3720 C:\Windows\System32\tquery.dll - ok
10:50:21.0215 3720 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\System32\d3d8thk.dll
10:50:21.0215 3720 C:\Windows\System32\d3d8thk.dll - ok
10:50:21.0224 3720 [ 05E07A93F6920323B0B4732953C5ECB4 ] C:\Program Files\Yahoo!\Messenger\pcre.dll
10:50:21.0225 3720 C:\Program Files\Yahoo!\Messenger\pcre.dll - ok
10:50:21.0231 3720 [ ADB8B36E65C10755E3DDC87F13BB7097 ] C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
10:50:21.0231 3720 C:\Program Files\Microsoft Office\Office14\EXCEL.EXE - ok
10:50:21.0239 3720 [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\System32\mssrch.dll
10:50:21.0239 3720 C:\Windows\System32\mssrch.dll - ok
10:50:21.0247 3720 [ F40DD3104A3D5CDB708D66D5AA8C3A00 ] C:\Program Files\Yahoo!\Messenger\ConnectionWizard.dll
10:50:21.0247 3720 C:\Program Files\Yahoo!\Messenger\ConnectionWizard.dll - ok
10:50:21.0255 3720 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\System32\msidle.dll
10:50:21.0255 3720 C:\Windows\System32\msidle.dll - ok
10:50:21.0262 3720 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\System32\mssprxy.dll
10:50:21.0262 3720 C:\Windows\System32\mssprxy.dll - ok
10:50:21.0272 3720 [ 487F44B08EFEAF5AD087878357B9403D ] C:\Windows\System32\pdh.dll
10:50:21.0272 3720 C:\Windows\System32\pdh.dll - ok
10:50:21.0279 3720 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\System32\en-US\tquery.dll.mui
10:50:21.0279 3720 C:\Windows\System32\en-US\tquery.dll.mui - ok
10:50:21.0285 3720 [ D7826A7440444F40E0406CF37FD2FA88 ] C:\Program Files\Mozilla Firefox\firefox.exe
10:50:21.0285 3720 C:\Program Files\Mozilla Firefox\firefox.exe - ok
10:50:21.0295 3720 [ D2AE56CEAFD824CA022164A79FCB2F5C ] C:\Program Files\Java\jre6\bin\java.exe
10:50:21.0295 3720 C:\Program Files\Java\jre6\bin\java.exe - ok
10:50:21.0302 3720 [ 341F4BCBF7D474AB85938F41A5DA44A5 ] C:\Program Files\Nero\KM\KwikMedia.exe
10:50:21.0302 3720 C:\Program Files\Nero\KM\KwikMedia.exe - ok
10:50:21.0307 3720 [ 8F9401FEA49AE62A83A728342997764A ] C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
10:50:21.0307 3720 C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe - ok
10:50:21.0314 3720 [ 8C90D08E4596FF963B46D45441F6C55D ] C:\Program Files\Microsoft Office\Office14\OIS.EXE
10:50:21.0314 3720 C:\Program Files\Microsoft Office\Office14\OIS.EXE - ok
10:50:21.0323 3720 [ 2D9FEC12CD335999A37E101E3E7C9156 ] C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
10:50:21.0323 3720 C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE - ok
10:50:21.0331 3720 [ 391DDA05D6299F09FF41B4339FB963EC ] C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
10:50:21.0331 3720 C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE - ok
10:50:21.0338 3720 [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\System32\prnfldr.dll
10:50:21.0338 3720 C:\Windows\System32\prnfldr.dll - ok
10:50:21.0345 3720 [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\System32\fdProxy.dll
10:50:21.0345 3720 C:\Windows\System32\fdProxy.dll - ok
10:50:21.0352 3720 [ 752F8E96BAB993517838315508FB82CB ] C:\Windows\System32\perfproc.dll
10:50:21.0352 3720 C:\Windows\System32\perfproc.dll - ok
10:50:21.0361 3720 [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\System32\perfos.dll
10:50:21.0361 3720 C:\Windows\System32\perfos.dll - ok
10:50:21.0367 3720 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\System32\provsvc.dll
10:50:21.0367 3720 C:\Windows\System32\provsvc.dll - ok
10:50:21.0375 3720 [ ADDB05C93272A62606599B24730BD645 ] C:\Windows\System32\DXP.dll
10:50:21.0375 3720 C:\Windows\System32\DXP.dll - ok
10:50:21.0382 3720 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
10:50:21.0382 3720 C:\Windows\System32\Syncreg.dll - ok
10:50:21.0391 3720 [ F8F03D206F7D5811D630349A23E9B9B9 ] C:\Windows\ehome\ehSSO.dll
10:50:21.0391 3720 C:\Windows\ehome\ehSSO.dll - ok
10:50:21.0397 3720 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\34469634.sys
10:50:21.0397 3720 C:\Windows\System32\drivers\34469634.sys - ok
10:50:21.0410 3720 [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\System32\netshell.dll
10:50:21.0410 3720 C:\Windows\System32\netshell.dll - ok
10:50:21.0416 3720 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
10:50:21.0416 3720 C:\Windows\System32\AltTab.dll - ok
10:50:21.0422 3720 [ 9A4841A0CE83A768F7A5F4BA97DE02B5 ] C:\Program Files\Mozilla Firefox\plugin-container.exe
10:50:21.0422 3720 C:\Program Files\Mozilla Firefox\plugin-container.exe - ok
10:50:21.0430 3720 [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\System32\WPDShServiceObj.dll
10:50:21.0430 3720 C:\Windows\System32\WPDShServiceObj.dll - ok
10:50:21.0438 3720 [ EC3D1A16E221E6B27850FDD278EB6929 ] C:\Program Files\QuickTime\QuickTimePlayer.exe
10:50:21.0438 3720 C:\Program Files\QuickTime\QuickTimePlayer.exe - ok
10:50:21.0445 3720 [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\System32\pnidui.dll
10:50:21.0445 3720 C:\Windows\System32\pnidui.dll - ok
10:50:21.0452 3720 [ 454633EF0CF0B2057BFEB465D0407B15 ] C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
10:50:21.0452 3720 C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe - ok
10:50:21.0461 3720 [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\System32\QUTIL.DLL
10:50:21.0461 3720 C:\Windows\System32\QUTIL.DLL - ok
10:50:21.0467 3720 [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\System32\srchadmin.dll
10:50:21.0468 3720 C:\Windows\System32\srchadmin.dll - ok
10:50:21.0476 3720 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
10:50:21.0477 3720 C:\Windows\System32\webcheck.dll - ok
10:50:21.0483 3720 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
10:50:21.0483 3720 C:\Windows\System32\netman.dll - ok
10:50:21.0491 3720 [ 99B6CE3840F5AD5C4B13B666249AA467 ] C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
10:50:21.0491 3720 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe - ok
10:50:21.0498 3720 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
10:50:21.0499 3720 C:\Windows\System32\rasdlg.dll - ok
10:50:21.0506 3720 [ 34EBD4FF6A24D86BB4716D6AFCC1A89B ] C:\Program Files\Apple Software Update\SoftwareUpdate.exe
10:50:21.0506 3720 C:\Program Files\Apple Software Update\SoftwareUpdate.exe - ok
10:50:21.0514 3720 [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\System32\mprapi.dll
10:50:21.0514 3720 C:\Windows\System32\mprapi.dll - ok
10:50:21.0522 3720 [ BFF948019509B5BF3F9B6CEED2E2B8E3 ] C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
10:50:21.0522 3720 C:\Program Files\Microsoft Office\Office14\WINWORD.EXE - ok
10:50:21.0529 3720 [ 04B88428A872390D235BE52D38A9D4EF ] C:\Windows\System32\dot3api.dll
10:50:21.0529 3720 C:\Windows\System32\dot3api.dll - ok
10:50:21.0535 3720 [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\System32\SyncCenter.dll
10:50:21.0535 3720 C:\Windows\System32\SyncCenter.dll - ok
10:50:21.0544 3720 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
10:50:21.0544 3720 C:\Windows\System32\wlanhlp.dll - ok
10:50:21.0551 3720 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
10:50:21.0551 3720 C:\Windows\System32\wlanapi.dll - ok
10:50:21.0561 3720 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
10:50:21.0561 3720 C:\Windows\System32\hnetcfg.dll - ok
10:50:21.0565 3720 [ 11297489589597CE66FF22F856184DFA ] C:\Program Files\Windows Live\installer\wlsettings.exe
10:50:21.0565 3720 C:\Program Files\Windows Live\installer\wlsettings.exe - ok
10:50:21.0573 3720 [ A00D5FBFABBF281FD059BB0CDA55B6E8 ] C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
10:50:21.0573 3720 C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe - ok
10:50:21.0582 3720 [ A80C173AC5C75706BB74AE4D78F2A53D ] C:\Program Files\Windows Media Player\wmplayer.exe
10:50:21.0582 3720 C:\Program Files\Windows Media Player\wmplayer.exe - ok
10:50:21.0590 3720 [ 027D0500A592CAED765B9E450129D89E ] C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
10:50:21.0590 3720 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe - ok
10:50:21.0597 3720 [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\System32\imapi2.dll
10:50:21.0597 3720 C:\Windows\System32\imapi2.dll - ok
10:50:21.0605 3720 [ 38A2418E86A1DB0C808B6A03185D0B2C ] C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll
10:50:21.0605 3720 C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll - ok
10:50:21.0612 3720 [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\System32\hgcpl.dll
10:50:21.0612 3720 C:\Windows\System32\hgcpl.dll - ok
10:50:21.0619 3720 [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\System32\bthprops.cpl
10:50:21.0619 3720 C:\Windows\System32\bthprops.cpl - ok
10:50:21.0628 3720 [ F3222C893BD2F5821A0179E5C71E88FB ] C:\Windows\System32\fdPHost.dll
10:50:21.0628 3720 C:\Windows\System32\fdPHost.dll - ok
10:50:21.0635 3720 [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
10:50:21.0635 3720 C:\Windows\System32\FXSST.dll - ok
10:50:21.0644 3720 [ DE6F4B7E62FDE776F3DE8E5FB5A05C48 ] C:\Windows\System32\fdWSD.dll
10:50:21.0644 3720 C:\Windows\System32\fdWSD.dll - ok
10:50:21.0651 3720 [ 674611721264013DB169EC12AFC9C3B6 ] C:\Windows\System32\fdSSDP.dll
10:50:21.0651 3720 C:\Windows\System32\fdSSDP.dll - ok
10:50:21.0660 3720 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
10:50:21.0660 3720 C:\Windows\System32\FXSAPI.dll - ok
10:50:21.0669 3720 [ 251C417A4DE9031FFE72A111DC6A41CE ] C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll
10:50:21.0669 3720 C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll - ok
10:50:21.0678 3720 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
10:50:21.0678 3720 C:\Windows\System32\FXSRESM.dll - ok
10:50:21.0684 3720 [ 967EA5B213E9984CBE270205DF37755B ] C:\Windows\System32\FXSSVC.exe
10:50:21.0684 3720 C:\Windows\System32\FXSSVC.exe - ok
10:50:21.0693 3720 [ 6581B52E133CC6D00661C58968C7E212 ] C:\Windows\System32\SearchFolder.dll
10:50:21.0693 3720 C:\Windows\System32\SearchFolder.dll - ok
10:50:21.0700 3720 [ 6A1E8DEB746912DF47CF651E138401D7 ] C:\Windows\System32\StructuredQuery.dll
10:50:21.0700 3720 C:\Windows\System32\StructuredQuery.dll - ok
10:50:21.0708 3720 [ 68563AC389F92EE79F1C714288BA1DCE ] C:\Windows\System32\imgutil.dll
10:50:21.0708 3720 C:\Windows\System32\imgutil.dll - ok
10:50:21.0712 3720 ============================================================
10:50:21.0712 3720 Scan finished
10:50:21.0712 3720 ============================================================
10:50:21.0726 3508 Detected object count: 5
10:50:21.0726 3508 Actual detected object count: 5
10:51:52.0104 3508 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:51:52.0104 3508 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:51:52.0110 3508 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
10:51:52.0110 3508 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:51:52.0113 3508 Winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
10:51:52.0113 3508 Winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:51:52.0953 3508 \Device\Harddisk0\DR0\# - copied to quarantine
10:51:52.0955 3508 \Device\Harddisk0\DR0 - copied to quarantine
10:51:52.0977 3508 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:51:52.0987 3508 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:51:52.0991 3508 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:51:53.0010 3508 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:51:53.0017 3508 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:51:53.0019 3508 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:51:53.0024 3508 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:51:53.0027 3508 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:51:53.0030 3508 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:51:53.0034 3508 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:51:53.0037 3508 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:51:53.0039 3508 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:51:53.0067 3508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:51:53.0068 3508 \Device\Harddisk0\DR0 - ok
10:51:53.0667 3508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:51:53.0667 3508 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:51:53.0668 3508 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:52:03.0113 3292 Deinitialize success

#15 captn ron

captn ron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 02 February 2013 - 02:17 PM

ComboFix:

ComboFix 13-02-02.05 - Randy 02/02/2013 11:09:11.1.2 - x86
Running from: c:\users\Randy\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2421151.js
c:\programdata\2421151.pad
c:\windows\system32\config\systemprofile\1511242.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-02 16:20 . 2013-02-02 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-02 15:51 . 2013-02-02 15:51 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-02 01:41 . 2013-02-02 01:41 -------- d-----w- C:\FRST
2013-01-28 14:07 . 2013-01-28 14:07 -------- d-----w- c:\programdata\AVG January 2013 Campaign
2013-01-27 02:39 . 2013-01-27 02:39 -------- d-----w- c:\windows\Sun
2013-01-24 13:17 . 2013-01-24 13:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-24 13:17 . 2013-01-24 13:17 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 19:24 . 2012-04-13 21:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 19:24 . 2012-03-05 23:46 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-14 21:49 . 2011-12-24 20:18 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 09:47 . 2012-11-12 09:47 255968 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-01-27 23:10 . 2013-01-27 23:10 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-12-14 824232]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
BigFix.lnk - c:\program files\BigFix\bigfix.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Users^Randy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-08-01 08:48 2345592 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ButtonMonitor]
2007-05-11 05:55 53248 ----a-w- c:\program files\IOI\ButtonMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2010-02-03 15:05 1800464 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus NX400 Series]
2007-12-17 05:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEGA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
2008-01-19 03:37 40072 ----a-w- c:\windows\SMINST\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-10-31 04:35 4702208 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-10-11 03:04 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-12-14 10:42 144784 ----a-w- c:\program files\Java\jre1.6.0_04\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
.
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 19:24]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-04 22:34]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-04 22:34]
.
2013-01-28 c:\windows\Tasks\ROC_REG_JAN.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-28 21:16]
.
2013-01-28 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-28 21:16]
.
2012-11-10 c:\windows\Tasks\User_Feed_Synchronization-{00A376C3-AD2D-4CA8-A2C9-079D83CC9AB0}.job
- c:\windows\system32\msfeedssync.exe [2011-08-07 16:51]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5668E
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\p3ic464a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
SafeBoot-01131098.sys
SafeBoot-30128044.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-WinPatrol - c:\program files\BillP Studios\WinPatrol\winpatrol.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a0,5b,1b,99,a5,c1,cd,01
.
[HKEY_USERS\S-1-5-21-211023370-562865107-2750974251-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-211023370-562865107-2750974251-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-211023370-562865107-2750974251-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-211023370-562865107-2750974251-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-02-02 11:27:42 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-02 16:27
.
Pre-Run: 187,474,915,328 bytes free
Post-Run: 188,755,329,024 bytes free
.
- - End Of File - - E9E71876388F25E39673C5B23646AB97




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users