Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TR/Crypt.XPACK.gen


  • This topic is locked This topic is locked
64 replies to this topic

#1 doh102

doh102

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 30 January 2013 - 07:23 PM

Greetings.

I am not entirely sure what is wrong with the computer, or whether or not the performance issues I am experiencing (freezing) is due to this malware, but my Avira has been popping up constantly with different variations of the same message. The location of the file often changes, but Avira will say that I am infected with the TR/Crypt.XPACK.gen trojan.

I tried to do research on this, and also tried to run malwarebytes to take care of the issue. Nothing has stopped Avira from yelling at me though. I am unsure as to whether or not this is actually the trojan or not, and what damage it can do, but I'd like to be safe and get rid of whatever is causing this. Thank you in advance for your time.

Joe

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Run by Gummy Joe at 19:05:16 on 2013-01-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.264 [GMT -5:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.toshiba.com/search
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - c:\program files\smart technologies\education software\win32\NotebookPlugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [sbsdk-server] "c:\program files\smart technologies\education software\sbsdk-server\NodeLauncher.exe"
mRun: [SMART Board Tools] "c:\program files\smart technologies\education software\SMARTBoardTools.exe"
mRun: [SMART Ink] "c:\program files\smart technologies\education software\SMARTInk.exe" -a
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\gummyj~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\gummy joe\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: cinemanow.com
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
Trusted Zone: sonic.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EA0ABCAB-C840-4C44-AA13-5A9874976BBA} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gummy joe\application data\mozilla\firefox\profiles\998kq8k8.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\gummy joe\application data\mozilla\firefox\profiles\998kq8k8.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npRNowPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-13 36552]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-10-13 85280]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-10-13 109344]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-13 83944]
R2 RoxioNow Service;RoxioNow Service;c:\program files\roxio\roxionow player\RNowSvc.exe [2011-8-2 590336]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-30 40776]
S2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\education software\UCService.exe [2012-10-24 994304]
S3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2012-8-21 122752]
.
=============== File Associations ===============
.
ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music engine\YahooMusicEngine.exe" -play "%1"
ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music engine\YahooMusicEngine.exe" -play "%1"
.
=============== Created Last 30 ================
.
2013-01-30 23:36:50 81920 ----a-w- c:\windows\system32\Startup.cpl
2013-01-30 23:32:54 -------- d-----w- c:\program files\CCleaner
2013-01-30 23:21:17 -------- d-----w- c:\windows\pss
2013-01-30 11:14:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-30 04:37:24 -------- d-----w- c:\program files\HitmanPro
2013-01-30 04:37:07 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-01-30 03:34:12 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-29 02:46:07 168 ----a-w- c:\documents and settings\gummy joe\local settings\application data\wsr27zt32.dll
2013-01-15 03:19:33 -------- d-----w- c:\documents and settings\gummy joe\local settings\application data\PCHealth
2013-01-09 23:03:04 -------- d-----w- c:\program files\Dropbox
.
==================== Find3M ====================
.
2013-01-30 06:11:59 247808 ----a-w- c:\windows\system32\syncapp.exe
2013-01-30 06:10:57 323584 ----a-w- c:\windows\system32\Prounstl.exe
2013-01-30 06:09:57 248320 ----a-w- c:\windows\system32\migpwd.exe
2013-01-30 06:08:45 360448 ----a-w- c:\windows\system32\diskpart.exe
2013-01-30 06:08:44 283648 ----a-w- c:\windows\system32\diantz.exe
2013-01-30 06:08:43 279552 ----a-w- c:\windows\system32\dfrgfat.exe
2013-01-30 06:08:42 221696 ----a-w- c:\windows\system32\defrag.exe
2013-01-30 06:08:41 5265408 ----a-w- c:\windows\system32\davinci.scr
2013-01-30 06:08:38 331776 ----a-w- c:\windows\system32\cscript.exe
2013-01-30 06:04:56 552960 ----a-w- c:\windows\RtlUpd.exe
2013-01-30 06:04:55 9907200 ----a-w- c:\windows\RTLCPL.exe
2013-01-30 06:04:52 15887872 ----a-w- c:\windows\RTHDCPL.exe
2013-01-30 06:04:34 343040 ----a-w- c:\windows\regedit.exe
2013-01-30 06:04:31 347136 ----a-w- c:\windows\pchealth\uploadlb\binaries\uploadm.exe
2013-01-30 06:04:08 231936 ----a-w- c:\windows\pchealth\helpctr\binaries\notiflag.exe
2013-01-30 06:04:07 366592 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2013-01-30 06:04:07 215040 ----a-w- c:\windows\pchealth\helpctr\binaries\hscupd.exe
2013-01-30 06:04:06 941056 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2013-01-30 06:04:06 296448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2013-01-30 06:04:05 965632 ----a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2013-01-30 06:02:05 2338816 ----a-w- c:\windows\MicCal.exe
2013-01-30 06:02:03 219648 ----a-w- c:\windows\kb913800.exe
2013-01-30 06:02:01 503296 ----a-w- c:\windows\IsUninst.exe
2013-01-30 05:59:28 294912 ----a-w- c:\windows\DLA.EXE
2013-01-30 05:59:25 241664 ----a-w- c:\windows\cfdemo.scr
2013-01-30 05:12:37 1230336 ----a-w- c:\windows\explorer.exe
2013-01-29 17:20:02 311296 ----a-w- c:\windows\system32\calc.exe
2013-01-29 03:13:22 307200 ----a-w- c:\windows\system32\cselect.exe
2013-01-29 02:45:52 339968 ----a-w- c:\windows\system32\mobsync.exe
2013-01-29 02:44:43 421376 ----a-w- c:\windows\system32\dmadmin.exe
2013-01-09 03:02:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 23:02:45 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-15 02:06:25 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
.
============= FINISH: 19:11:25.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 PM

Posted 30 January 2013 - 08:37 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 doh102

doh102
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 30 January 2013 - 10:11 PM

I am unable to locate the "repair your computer" option from the boot menu. I have the following:

Safe Mode
Safe Mode With Networking
Safe Mode With Command Prompt

Enable Boot Logging
Enable VGA Mode
Last KNown GOod Configuration
Directory Services Restore Mode
Debugging Mode
Disable Automatic Restart on system Failure

Start Windows Normally
Reboot
Return to OS Choices Menu

Please advise

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 PM

Posted 30 January 2013 - 10:13 PM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 doh102

doh102
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 30 January 2013 - 11:19 PM

TDSS:

22:28:08.0968 3576 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:28:11.0109 3576 ============================================================
22:28:11.0109 3576 Current date / time: 2013/01/30 22:28:11.0109
22:28:11.0109 3576 SystemInfo:
22:28:11.0109 3576
22:28:11.0109 3576 OS Version: 5.1.2600 ServicePack: 3.0
22:28:11.0109 3576 Product type: Workstation
22:28:11.0109 3576 ComputerName: JOEY
22:28:11.0109 3576 UserName: Gummy Joe
22:28:11.0109 3576 Windows directory: C:\WINDOWS
22:28:11.0109 3576 System windows directory: C:\WINDOWS
22:28:11.0109 3576 Processor architecture: Intel x86
22:28:11.0109 3576 Number of processors: 2
22:28:11.0109 3576 Page size: 0x1000
22:28:11.0109 3576 Boot type: Normal boot
22:28:11.0109 3576 ============================================================
22:28:16.0140 3576 BG loaded
22:28:18.0390 3576 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:28:18.0500 3576 ============================================================
22:28:18.0500 3576 \Device\Harddisk0\DR0:
22:28:18.0500 3576 MBR partitions:
22:28:18.0500 3576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB9D35E2
22:28:18.0500 3576 ============================================================
22:28:18.0625 3576 C: <-> \Device\Harddisk0\DR0\Partition1
22:28:18.0640 3576 ============================================================
22:28:18.0671 3576 Initialize success
22:28:18.0671 3576 ============================================================
22:30:32.0257 4052 ============================================================
22:30:32.0257 4052 Scan started
22:30:32.0257 4052 Mode: Manual; SigCheck; TDLFS;
22:30:32.0257 4052 ============================================================
22:30:33.0726 4052 ================ Scan system memory ========================
22:30:33.0726 4052 System memory - ok
22:30:33.0726 4052 ================ Scan services =============================
22:30:33.0913 4052 Abiosdsk - ok
22:30:33.0913 4052 abp480n5 - ok
22:30:33.0976 4052 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:30:36.0805 4052 ACPI - ok
22:30:36.0852 4052 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:30:37.0102 4052 ACPIEC - ok
22:30:37.0102 4052 adpu160m - ok
22:30:37.0195 4052 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:30:37.0399 4052 aec - ok
22:30:37.0461 4052 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:30:37.0539 4052 AegisP ( UnsignedFile.Multi.Generic ) - warning
22:30:37.0539 4052 AegisP - detected UnsignedFile.Multi.Generic (1)
22:30:37.0586 4052 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:30:37.0664 4052 AFD - ok
22:30:37.0758 4052 [ B3192376C7A3814B5341EFC2202022F8 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:30:38.0008 4052 AgereSoftModem - ok
22:30:38.0024 4052 Aha154x - ok
22:30:38.0024 4052 aic78u2 - ok
22:30:38.0039 4052 aic78xx - ok
22:30:38.0086 4052 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:30:38.0321 4052 Alerter - ok
22:30:38.0321 4052 AliIde - ok
22:30:38.0336 4052 amsint - ok
22:30:38.0493 4052 [ D89562A6AE8E07A457452E5B5560EB43 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:30:38.0586 4052 AntiVirSchedulerService - ok
22:30:38.0633 4052 [ E953EB70B3C4F0BA108C35D45420B86B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:30:38.0696 4052 AntiVirService - ok
22:30:38.0743 4052 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:30:38.0977 4052 AppMgmt - ok
22:30:39.0024 4052 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:30:39.0274 4052 Arp1394 - ok
22:30:39.0290 4052 asc - ok
22:30:39.0290 4052 asc3350p - ok
22:30:39.0305 4052 asc3550 - ok
22:30:39.0321 4052 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
22:30:39.0368 4052 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
22:30:39.0368 4052 ASCTRM - detected UnsignedFile.Multi.Generic (1)
22:30:39.0477 4052 aspnet_state - ok
22:30:39.0508 4052 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:30:39.0712 4052 AsyncMac - ok
22:30:39.0727 4052 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:30:39.0884 4052 atapi - ok
22:30:39.0899 4052 Atdisk - ok
22:30:39.0930 4052 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:30:40.0149 4052 Atmarpc - ok
22:30:40.0196 4052 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:30:40.0384 4052 AudioSrv - ok
22:30:40.0446 4052 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:30:40.0665 4052 audstub - ok
22:30:40.0681 4052 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:30:40.0931 4052 avgntflt - ok
22:30:40.0962 4052 [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:30:40.0993 4052 avipbb - ok
22:30:41.0009 4052 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:30:41.0071 4052 avkmgr - ok
22:30:41.0103 4052 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:30:41.0337 4052 Beep - ok
22:30:41.0384 4052 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:30:41.0681 4052 BITS - ok
22:30:41.0728 4052 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:30:41.0821 4052 Browser - ok
22:30:41.0853 4052 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:30:42.0072 4052 cbidf2k - ok
22:30:42.0072 4052 cd20xrnt - ok
22:30:42.0103 4052 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:30:42.0306 4052 Cdaudio - ok
22:30:42.0337 4052 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:30:42.0525 4052 Cdfs - ok
22:30:42.0556 4052 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:30:42.0728 4052 Cdrom - ok
22:30:42.0790 4052 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
22:30:42.0853 4052 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
22:30:42.0853 4052 CFSvcs - detected UnsignedFile.Multi.Generic (1)
22:30:42.0853 4052 Changer - ok
22:30:42.0900 4052 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:30:43.0072 4052 CiSvc - ok
22:30:43.0103 4052 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:30:43.0259 4052 CmBatt - ok
22:30:43.0259 4052 CmdIde - ok
22:30:43.0259 4052 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:30:43.0462 4052 Compbatt - ok
22:30:43.0462 4052 COMSysApp - ok
22:30:43.0478 4052 Cpqarray - ok
22:30:43.0525 4052 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:30:43.0728 4052 CryptSvc - ok
22:30:43.0728 4052 dac2w2k - ok
22:30:43.0744 4052 dac960nt - ok
22:30:43.0806 4052 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:30:43.0978 4052 DcomLaunch - ok
22:30:44.0041 4052 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:30:44.0275 4052 Dhcp - ok
22:30:44.0306 4052 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:30:44.0494 4052 Disk - ok
22:30:44.0541 4052 [ EE4325BECEF51B8C32B4329097E4F301 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:30:44.0572 4052 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
22:30:44.0572 4052 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
22:30:44.0619 4052 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:30:44.0666 4052 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
22:30:44.0666 4052 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
22:30:44.0697 4052 [ 1E6C6597833A04C2157BE7B39EA92CE1 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
22:30:44.0775 4052 DLADResN ( UnsignedFile.Multi.Generic ) - warning
22:30:44.0775 4052 DLADResN - detected UnsignedFile.Multi.Generic (1)
22:30:44.0775 4052 [ 752376E109A090970BFA9722F0F40B03 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:30:44.0869 4052 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
22:30:44.0869 4052 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
22:30:44.0869 4052 [ 62EE7902E74B90BF1CCC4643FC6C07A7 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:30:44.0947 4052 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
22:30:44.0947 4052 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
22:30:44.0963 4052 [ 5C220124C5AFEAEE84A9BB89D685C17B ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:30:45.0010 4052 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
22:30:45.0010 4052 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
22:30:45.0072 4052 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:30:45.0103 4052 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
22:30:45.0103 4052 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
22:30:45.0150 4052 [ 4EBB78D9BBF072119363B35B9B3E518F ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:30:45.0213 4052 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
22:30:45.0213 4052 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
22:30:45.0229 4052 [ 333B770E52D2CEA7BD86391120466E43 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:30:45.0291 4052 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
22:30:45.0291 4052 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
22:30:45.0291 4052 dmadmin - ok
22:30:45.0400 4052 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:30:45.0729 4052 dmboot - ok
22:30:45.0729 4052 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:30:45.0947 4052 dmio - ok
22:30:46.0010 4052 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:30:46.0229 4052 dmload - ok
22:30:46.0260 4052 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:30:46.0432 4052 dmserver - ok
22:30:46.0479 4052 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:30:46.0698 4052 DMusic - ok
22:30:46.0744 4052 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:30:46.0916 4052 Dnscache - ok
22:30:47.0010 4052 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:30:47.0245 4052 Dot3svc - ok
22:30:47.0260 4052 dpti2o - ok
22:30:47.0291 4052 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:30:47.0526 4052 drmkaud - ok
22:30:47.0604 4052 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:30:47.0667 4052 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
22:30:47.0667 4052 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
22:30:47.0667 4052 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:30:47.0745 4052 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
22:30:47.0745 4052 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
22:30:47.0807 4052 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
22:30:47.0838 4052 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - warning
22:30:47.0838 4052 DVD-RAM_Service - detected UnsignedFile.Multi.Generic (1)
22:30:47.0901 4052 [ 2646883E6DD867CD872D5B51B6036710 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:30:47.0995 4052 E100B - ok
22:30:48.0026 4052 [ E1FA10ED8F9F700C1BE1EAE05A80EF57 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:30:48.0073 4052 e1express - ok
22:30:48.0135 4052 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:30:48.0323 4052 EapHost - ok
22:30:48.0432 4052 [ 8301243BDE5B6CD316D79C0191D50D9A ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
22:30:48.0479 4052 ehRecvr - ok
22:30:48.0495 4052 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
22:30:48.0589 4052 ehSched - ok
22:30:48.0620 4052 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:30:48.0807 4052 ERSvc - ok
22:30:48.0854 4052 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:30:49.0011 4052 Eventlog - ok
22:30:49.0089 4052 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:30:49.0151 4052 EventSystem - ok
22:30:49.0245 4052 [ 56DED3ADE453272E6A0AD582D945D1A4 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
22:30:49.0354 4052 EvtEng ( UnsignedFile.Multi.Generic ) - warning
22:30:49.0354 4052 EvtEng - detected UnsignedFile.Multi.Generic (1)
22:30:49.0401 4052 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:30:49.0698 4052 Fastfat - ok
22:30:49.0745 4052 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:30:49.0870 4052 FastUserSwitchingCompatibility - ok
22:30:49.0964 4052 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
22:30:50.0136 4052 Fax - ok
22:30:50.0167 4052 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:30:50.0386 4052 Fdc - ok
22:30:50.0417 4052 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:30:50.0620 4052 Fips - ok
22:30:50.0636 4052 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:30:50.0824 4052 Flpydisk - ok
22:30:50.0839 4052 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:30:50.0995 4052 FltMgr - ok
22:30:51.0011 4052 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:30:51.0214 4052 Fs_Rec - ok
22:30:51.0246 4052 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:30:51.0496 4052 Ftdisk - ok
22:30:51.0511 4052 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:30:51.0683 4052 Gpc - ok
22:30:51.0714 4052 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:30:51.0855 4052 HDAudBus - ok
22:30:51.0980 4052 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:30:52.0168 4052 helpsvc - ok
22:30:52.0168 4052 HidServ - ok
22:30:52.0215 4052 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:30:52.0511 4052 hkmsvc - ok
22:30:52.0527 4052 hpn - ok
22:30:52.0605 4052 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:30:52.0683 4052 HTTP - ok
22:30:52.0715 4052 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:30:52.0918 4052 HTTPFilter - ok
22:30:52.0918 4052 i2omgmt - ok
22:30:52.0918 4052 i2omp - ok
22:30:52.0949 4052 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:30:53.0137 4052 i8042prt - ok
22:30:53.0246 4052 [ BC1F1FF8D5800398937966CDB0A97FDC ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:30:53.0480 4052 ialm - ok
22:30:53.0527 4052 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:30:53.0730 4052 Imapi - ok
22:30:53.0840 4052 [ EAE5C3CF2BAA2BF229DC9C07BF45163D ] ImapiService C:\WINDOWS\system32\imapi.exe
22:30:53.0934 4052 ImapiService ( UnsignedFile.Multi.Generic ) - warning
22:30:53.0934 4052 ImapiService - detected UnsignedFile.Multi.Generic (1)
22:30:53.0934 4052 ini910u - ok
22:30:54.0262 4052 [ B12A9FC49CD2765A43829D834F518AED ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:30:54.0871 4052 IntcAzAudAddService - ok
22:30:54.0887 4052 IntelIde - ok
22:30:54.0934 4052 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:30:55.0137 4052 intelppm - ok
22:30:55.0168 4052 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:30:55.0371 4052 Ip6Fw - ok
22:30:55.0403 4052 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:30:55.0606 4052 IpFilterDriver - ok
22:30:55.0637 4052 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:30:55.0778 4052 IpInIp - ok
22:30:55.0840 4052 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:30:56.0044 4052 IpNat - ok
22:30:56.0059 4052 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:30:56.0262 4052 IPSec - ok
22:30:56.0309 4052 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:30:56.0465 4052 IRENUM - ok
22:30:56.0512 4052 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:30:56.0716 4052 isapnp - ok
22:30:56.0762 4052 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
22:30:56.0825 4052 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
22:30:56.0825 4052 Iviaspi - detected UnsignedFile.Multi.Generic (1)
22:30:56.0966 4052 [ 6D0A34B650DB6D4BDD4BD086C46211BC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:30:57.0091 4052 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - warning
22:30:57.0091 4052 JavaQuickStarterService - detected UnsignedFile.Multi.Generic (1)
22:30:57.0138 4052 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:30:57.0356 4052 Kbdclass - ok
22:30:57.0403 4052 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:30:57.0591 4052 kmixer - ok
22:30:57.0622 4052 [ 00C1EA8DECF810B8ECCB5C5A8186A96E ] KR10N C:\WINDOWS\system32\drivers\KR10N.sys
22:30:57.0747 4052 KR10N - ok
22:30:57.0825 4052 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:30:57.0888 4052 KSecDD - ok
22:30:57.0935 4052 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:30:58.0060 4052 lanmanserver - ok
22:30:58.0075 4052 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:30:58.0216 4052 lanmanworkstation - ok
22:30:58.0216 4052 lbrtfdc - ok
22:30:58.0294 4052 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:30:58.0544 4052 LmHosts - ok
22:30:58.0575 4052 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
22:30:58.0622 4052 MBAMSwissArmy - ok
22:30:58.0669 4052 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
22:30:58.0732 4052 meiudf ( UnsignedFile.Multi.Generic ) - warning
22:30:58.0732 4052 meiudf - detected UnsignedFile.Multi.Generic (1)
22:30:58.0763 4052 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:30:58.0950 4052 Messenger - ok
22:30:59.0013 4052 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
22:30:59.0060 4052 MHN ( UnsignedFile.Multi.Generic ) - warning
22:30:59.0060 4052 MHN - detected UnsignedFile.Multi.Generic (1)
22:30:59.0091 4052 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:30:59.0138 4052 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
22:30:59.0138 4052 MHNDRV - detected UnsignedFile.Multi.Generic (1)
22:30:59.0169 4052 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:30:59.0357 4052 mnmdd - ok
22:30:59.0404 4052 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:30:59.0576 4052 Modem - ok
22:30:59.0591 4052 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:30:59.0763 4052 Mouclass - ok
22:30:59.0794 4052 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:30:59.0998 4052 MountMgr - ok
22:31:00.0123 4052 [ 68A6C2D9E58C8E21FF85CBF372A307B2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:31:00.0169 4052 MozillaMaintenance ( UnsignedFile.Multi.Generic ) - warning
22:31:00.0169 4052 MozillaMaintenance - detected UnsignedFile.Multi.Generic (1)
22:31:00.0185 4052 mraid35x - ok
22:31:00.0216 4052 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:31:00.0420 4052 MRxDAV - ok
22:31:00.0466 4052 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:31:00.0638 4052 MRxSmb - ok
22:31:00.0701 4052 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:31:00.0888 4052 MSDTC - ok
22:31:00.0904 4052 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:31:01.0138 4052 Msfs - ok
22:31:01.0138 4052 MSIServer - ok
22:31:01.0201 4052 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:31:01.0388 4052 MSKSSRV - ok
22:31:01.0404 4052 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:31:01.0592 4052 MSPCLOCK - ok
22:31:01.0639 4052 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:31:01.0826 4052 MSPQM - ok
22:31:01.0857 4052 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:31:01.0998 4052 mssmbios - ok
22:31:02.0029 4052 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:31:02.0107 4052 Mup - ok

22:31:02.0201 4052 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:31:02.0404 4052 napagent - ok
22:31:02.0451 4052 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:31:02.0639 4052 NDIS - ok
22:31:02.0701 4052 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:31:02.0779 4052 NdisTapi - ok
22:31:02.0826 4052 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:31:03.0061 4052 Ndisuio - ok
22:31:03.0076 4052 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:31:03.0280 4052 NdisWan - ok
22:31:03.0326 4052 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:31:03.0420 4052 NDProxy - ok
22:31:03.0451 4052 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:31:03.0639 4052 NetBIOS - ok
22:31:03.0686 4052 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:31:03.0889 4052 NetBT - ok
22:31:03.0936 4052 [ 3D82930478036AF2A70431D068F8F3F1 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:31:04.0014 4052 NetDDE ( UnsignedFile.Multi.Generic ) - warning
22:31:04.0014 4052 NetDDE - detected UnsignedFile.Multi.Generic (1)
22:31:04.0030 4052 [ 3D82930478036AF2A70431D068F8F3F1 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:31:04.0030 4052 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
22:31:04.0030 4052 NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
22:31:04.0092 4052 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
22:31:04.0108 4052 Netdevio ( UnsignedFile.Multi.Generic ) - warning
22:31:04.0108 4052 Netdevio - detected UnsignedFile.Multi.Generic (1)
22:31:04.0170 4052 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:31:04.0327 4052 Netlogon - ok
22:31:04.0374 4052 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:31:04.0608 4052 Netman - ok
22:31:04.0639 4052 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:31:04.0858 4052 NIC1394 - ok
22:31:04.0936 4052 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:31:05.0077 4052 Nla - ok
22:31:05.0092 4052 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:31:05.0327 4052 Npfs - ok
22:31:05.0389 4052 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:31:05.0655 4052 Ntfs - ok
22:31:05.0671 4052 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:31:05.0811 4052 NtLmSsp - ok
22:31:05.0890 4052 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:31:06.0140 4052 NtmsSvc - ok
22:31:06.0186 4052 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:31:06.0405 4052 Null - ok
22:31:06.0437 4052 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:31:06.0624 4052 NwlnkFlt - ok
22:31:06.0640 4052 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:31:06.0827 4052 NwlnkFwd - ok
22:31:06.0843 4052 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:31:06.0999 4052 ohci1394 - ok
22:31:07.0030 4052 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
22:31:07.0202 4052 Parport - ok
22:31:07.0202 4052 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:31:07.0390 4052 PartMgr - ok
22:31:07.0421 4052 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:31:07.0609 4052 ParVdm - ok
22:31:07.0609 4052 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:31:07.0781 4052 PCI - ok
22:31:07.0796 4052 PCIDump - ok
22:31:07.0796 4052 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:31:07.0968 4052 PCIIde - ok
22:31:07.0999 4052 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:31:08.0203 4052 Pcmcia - ok
22:31:08.0203 4052 PDCOMP - ok
22:31:08.0218 4052 PDFRAME - ok
22:31:08.0218 4052 PDRELI - ok
22:31:08.0234 4052 PDRFRAME - ok
22:31:08.0234 4052 perc2 - ok
22:31:08.0249 4052 perc2hib - ok
22:31:08.0281 4052 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
22:31:08.0312 4052 Pfc ( UnsignedFile.Multi.Generic ) - warning
22:31:08.0312 4052 Pfc - detected UnsignedFile.Multi.Generic (1)
22:31:08.0343 4052 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:31:08.0406 4052 PlugPlay - ok
22:31:08.0406 4052 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:31:08.0546 4052 PolicyAgent - ok
22:31:08.0625 4052 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:31:08.0843 4052 PptpMiniport - ok
22:31:08.0843 4052 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:31:08.0984 4052 ProtectedStorage - ok
22:31:08.0984 4052 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:31:09.0156 4052 PSched - ok
22:31:09.0187 4052 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:31:09.0359 4052 Ptilink - ok
22:31:09.0390 4052 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:31:09.0406 4052 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:31:09.0406 4052 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:31:09.0406 4052 ql1080 - ok
22:31:09.0422 4052 Ql10wnt - ok
22:31:09.0422 4052 ql12160 - ok
22:31:09.0437 4052 ql1240 - ok
22:31:09.0437 4052 ql1280 - ok
22:31:09.0453 4052 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:31:09.0609 4052 RasAcd - ok
22:31:09.0640 4052 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:31:09.0812 4052 RasAuto - ok
22:31:09.0844 4052 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:31:10.0047 4052 Rasl2tp - ok
22:31:10.0109 4052 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:31:10.0266 4052 RasMan - ok
22:31:10.0312 4052 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:31:10.0484 4052 RasPppoe - ok
22:31:10.0516 4052 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:31:10.0719 4052 Raspti - ok
22:31:10.0734 4052 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:31:10.0922 4052 Rdbss - ok
22:31:10.0953 4052 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:31:11.0156 4052 RDPCDD - ok
22:31:11.0219 4052 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:31:11.0422 4052 rdpdr - ok
22:31:11.0453 4052 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:31:11.0563 4052 RDPWD - ok
22:31:11.0610 4052 [ 27C043D41BDC179F7BAB1BF3AB34CB5A ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:31:11.0719 4052 RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
22:31:11.0719 4052 RDSessMgr - detected UnsignedFile.Multi.Generic (1)
22:31:11.0735 4052 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:31:11.0953 4052 redbook - ok
22:31:12.0032 4052 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:31:12.0250 4052 RemoteAccess - ok
22:31:12.0297 4052 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:31:12.0532 4052 RemoteRegistry - ok
22:31:12.0641 4052 [ 1D21258693B23B6E9803291234BE9FDA ] RoxioNow Service C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
22:31:12.0797 4052 RoxioNow Service ( UnsignedFile.Multi.Generic ) - warning
22:31:12.0797 4052 RoxioNow Service - detected UnsignedFile.Multi.Generic (1)
22:31:12.0829 4052 [ 080DE9E9DDB75D69B37F8B885053F70E ] RpcLocator C:\WINDOWS\system32\locator.exe
22:31:12.0860 4052 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
22:31:12.0860 4052 RpcLocator - detected UnsignedFile.Multi.Generic (1)
22:31:12.0891 4052 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:31:13.0001 4052 RpcSs - ok
22:31:13.0063 4052 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:31:13.0329 4052 RSVP - ok
22:31:13.0454 4052 [ 6C5155CC0E805C7BE6028BFF7AC14524 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
22:31:13.0594 4052 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
22:31:13.0594 4052 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
22:31:13.0626 4052 [ 1CC074E0D48383D4E9BFFC6A26C2A58A ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:31:13.0688 4052 s24trans ( UnsignedFile.Multi.Generic ) - warning
22:31:13.0688 4052 s24trans - detected UnsignedFile.Multi.Generic (1)
22:31:13.0704 4052 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:31:13.0876 4052 SamSs - ok
22:31:13.0891 4052 [ E23BDF62E421DC5F982F4D8192B55EF2 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:31:13.0923 4052 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
22:31:13.0923 4052 SCardSvr - detected UnsignedFile.Multi.Generic (1)
22:31:13.0985 4052 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:31:14.0173 4052 Schedule - ok
22:31:14.0266 4052 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:31:14.0423 4052 sdbus - ok
22:31:14.0454 4052 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:31:14.0626 4052 Secdrv - ok
22:31:14.0657 4052 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:31:14.0860 4052 seclogon - ok
22:31:14.0892 4052 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:31:15.0048 4052 SENS - ok
22:31:15.0079 4052 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
22:31:15.0251 4052 Serial - ok
22:31:15.0282 4052 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
22:31:15.0485 4052 sffdisk - ok
22:31:15.0517 4052 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
22:31:15.0657 4052 sffp_sd - ok
22:31:15.0704 4052 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:31:15.0845 4052 Sfloppy - ok
22:31:15.0892 4052 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:31:15.0939 4052 ShellHWDetection - ok
22:31:15.0954 4052 Simbad - ok
22:31:16.0189 4052 [ 8F3A1C5A8C99FA24621AB2BBFA4D0B6C ] SMART Board Service C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
22:31:16.0830 4052 SMART Board Service ( UnsignedFile.Multi.Generic ) - warning
22:31:16.0830 4052 SMART Board Service - detected UnsignedFile.Multi.Generic (1)
22:31:16.0939 4052 [ BA547A45B33CEDAF42FCEDD0E3BE7F43 ] SMART Display Controller C:\Program Files\SMART Technologies\Education Software\UCService.exe
22:31:17.0236 4052 SMART Display Controller ( UnsignedFile.Multi.Generic ) - warning
22:31:17.0236 4052 SMART Display Controller - detected UnsignedFile.Multi.Generic (1)
22:31:17.0236 4052 Sparrow - ok
22:31:17.0298 4052 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:31:17.0517 4052 splitter - ok
22:31:17.0548 4052 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:31:17.0658 4052 Spooler - ok
22:31:17.0689 4052 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:31:17.0924 4052 sr - ok
22:31:18.0002 4052 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:31:18.0236 4052 srservice - ok
22:31:18.0330 4052 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:31:18.0439 4052 Srv - ok
22:31:18.0455 4052 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:31:18.0705 4052 SSDPSRV - ok
22:31:18.0736 4052 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:31:18.0799 4052 ssmdrv - ok
22:31:18.0846 4052 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:31:19.0064 4052 stisvc - ok
22:31:19.0096 4052 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:31:19.0283 4052 swenum - ok
22:31:19.0314 4052 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:31:19.0502 4052 swmidi - ok
22:31:19.0502 4052 SwPrv - ok
22:31:19.0518 4052 symc810 - ok
22:31:19.0518 4052 symc8xx - ok
22:31:19.0533 4052 sym_hi - ok
22:31:19.0533 4052 sym_u3 - ok
22:31:19.0627 4052 [ E295FFFFF3AAF9A6A40B29497901908F ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:31:19.0705 4052 SynTP - ok
22:31:19.0736 4052 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:31:19.0908 4052 sysaudio - ok
22:31:19.0955 4052 [ 4392BE44E362D11411F2B697AD465E77 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:31:20.0002 4052 SysmonLog ( UnsignedFile.Multi.Generic ) - warning
22:31:20.0002 4052 SysmonLog - detected UnsignedFile.Multi.Generic (1)
22:31:20.0080 4052 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:31:20.0268 4052 TapiSrv - ok
22:31:20.0330 4052 [ 3A5C2093C61CE9F9FECDE4737A122BD5 ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
22:31:20.0408 4052 TAPPSRV ( UnsignedFile.Multi.Generic ) - warning
22:31:20.0408 4052 TAPPSRV - detected UnsignedFile.Multi.Generic (1)
22:31:20.0471 4052 [ 7147B0575BCC93A6AB7D5C90F47C0B9F ] tbiosdrv C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
22:31:20.0549 4052 tbiosdrv - ok
22:31:20.0612 4052 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:31:20.0737 4052 Tcpip - ok
22:31:20.0799 4052 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:31:21.0018 4052 TDPIPE - ok
22:31:21.0034 4052 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:31:21.0221 4052 TDTCP - ok
22:31:21.0252 4052 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:31:21.0409 4052 TermDD - ok
22:31:21.0518 4052 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:31:21.0737 4052 TermService - ok
22:31:21.0768 4052 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:31:21.0799 4052 Themes - ok
22:31:21.0878 4052 [ 244CFBFFDEFB77F3DF571A8CD108FC06 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
22:31:21.0956 4052 tifm21 - ok
22:31:22.0034 4052 [ 44D91121A8FFCB342BFD742BDF160448 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:31:22.0112 4052 TlntSvr ( UnsignedFile.Multi.Generic ) - warning
22:31:22.0112 4052 TlntSvr - detected UnsignedFile.Multi.Generic (1)
22:31:22.0128 4052 TosIde - ok
22:31:22.0143 4052 [ CC069342EE0EAE55B32A0AE99CF6185C ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
22:31:22.0253 4052 tosrfec ( UnsignedFile.Multi.Generic ) - warning
22:31:22.0253 4052 tosrfec - detected UnsignedFile.Multi.Generic (1)
22:31:22.0315 4052 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:31:22.0550 4052 TrkWks - ok
22:31:22.0596 4052 [ 676DB15DDF2E0FF6EC03068DEA428B8B ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
22:31:22.0659 4052 TVALD ( UnsignedFile.Multi.Generic ) - warning
22:31:22.0659 4052 TVALD - detected UnsignedFile.Multi.Generic (1)
22:31:22.0722 4052 [ CC6763889198EF975B143D49789BCFA9 ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
22:31:22.0753 4052 Tvs ( UnsignedFile.Multi.Generic ) - warning
22:31:22.0753 4052 Tvs - detected UnsignedFile.Multi.Generic (1)
22:31:22.0784 4052 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:31:23.0034 4052 Udfs - ok
22:31:23.0050 4052 ultra - ok
22:31:23.0128 4052 [ C1142A03A62FEB74FDE51483789233EC ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
22:31:23.0190 4052 UMWdf ( UnsignedFile.Multi.Generic ) - warning
22:31:23.0190 4052 UMWdf - detected UnsignedFile.Multi.Generic (1)
22:31:23.0269 4052 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:31:23.0472 4052 Update - ok
22:31:23.0519 4052 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:31:23.0753 4052 upnphost - ok
22:31:23.0816 4052 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:31:23.0956 4052 UPS - ok
22:31:23.0987 4052 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:31:24.0191 4052 usbehci - ok
22:31:24.0238 4052 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:31:24.0409 4052 usbhub - ok
22:31:24.0425 4052 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:31:24.0644 4052 USBSTOR - ok
22:31:24.0691 4052 [ F9288B919EA3065AD65F33D971604696 ] USBTINSP C:\WINDOWS\system32\DRIVERS\tinspusb.sys
22:31:24.0800 4052 USBTINSP - ok
22:31:24.0831 4052 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:31:25.0019 4052 usbuhci - ok
22:31:25.0035 4052 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:31:25.0191 4052 VgaSave - ok
22:31:25.0191 4052 ViaIde - ok
22:31:25.0238 4052 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:31:25.0410 4052 VolSnap - ok
22:31:25.0472 4052 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
22:31:25.0628 4052 W32Time - ok
22:31:25.0816 4052 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
22:31:25.0988 4052 w39n51 - ok
22:31:26.0019 4052 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:31:26.0269 4052 Wanarp - ok
22:31:26.0300 4052 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:31:26.0441 4052 wanatw - ok
22:31:26.0441 4052 WDICA - ok
22:31:26.0472 4052 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:31:26.0722 4052 wdmaud - ok
22:31:26.0785 4052 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:31:27.0035 4052 WebClient - ok
22:31:27.0144 4052 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:31:27.0363 4052 winmgmt - ok
22:31:27.0394 4052 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:31:27.0504 4052 WmdmPmSN - ok
22:31:27.0598 4052 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:31:27.0738 4052 Wmi - ok
22:31:27.0785 4052 [ 00E21708158E1F0166C643986AA23709 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:31:27.0863 4052 WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
22:31:27.0863 4052 WmiApSrv - detected UnsignedFile.Multi.Generic (1)
22:31:27.0926 4052 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:31:28.0145 4052 wuauserv - ok
22:31:28.0207 4052 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:31:28.0551 4052 WZCSVC - ok
22:31:28.0582 4052 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:31:28.0785 4052 xmlprov - ok

22:31:28.0785 4052 ================ Scan global ===============================
22:31:28.0848 4052 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:31:28.0895 4052 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:31:28.0957 4052 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:31:28.0989 4052 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:31:29.0004 4052 [Global] - ok
22:31:29.0004 4052 ================ Scan MBR ==================================
22:31:29.0020 4052 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
22:31:30.0051 4052 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:31:30.0051 4052 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:31:30.0051 4052 ================ Scan VBR ==================================
22:31:30.0067 4052 [ 60D0754BA88499A4B0E52141C37AD5EF ] \Device\Harddisk0\DR0\Partition1
22:31:30.0067 4052 \Device\Harddisk0\DR0\Partition1 - ok
22:31:30.0067 4052 ================ Scan active images ========================
22:31:30.0067 4052 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
22:31:30.0067 4052 C:\WINDOWS\system32\drivers\intelppm.sys - ok
22:31:30.0067 4052 [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\cmbatt.sys
22:31:30.0067 4052 C:\WINDOWS\system32\drivers\cmbatt.sys - ok
22:31:30.0083 4052 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
22:31:30.0083 4052 C:\WINDOWS\system32\drivers\videoprt.sys - ok
22:31:30.0083 4052 [ BC1F1FF8D5800398937966CDB0A97FDC ] C:\WINDOWS\system32\drivers\ialmnt5.sys
22:31:30.0083 4052 C:\WINDOWS\system32\drivers\ialmnt5.sys - ok
22:31:30.0098 4052 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
22:31:30.0098 4052 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
22:31:30.0098 4052 [ B1F126E7E28877106D60E6FF3998D033 ] C:\WINDOWS\system32\drivers\w39n51.sys
22:31:30.0098 4052 C:\WINDOWS\system32\drivers\w39n51.sys - ok
22:31:30.0114 4052 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
22:31:30.0114 4052 C:\WINDOWS\system32\drivers\usbport.sys - ok
22:31:30.0114 4052 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
22:31:30.0114 4052 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
22:31:30.0114 4052 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
22:31:30.0114 4052 C:\WINDOWS\system32\drivers\usbehci.sys - ok
22:31:30.0129 4052 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
22:31:30.0129 4052 C:\WINDOWS\system32\drivers\nic1394.sys - ok
22:31:30.0129 4052 [ 244CFBFFDEFB77F3DF571A8CD108FC06 ] C:\WINDOWS\system32\drivers\tifm21.sys
22:31:30.0129 4052 C:\WINDOWS\system32\drivers\tifm21.sys - ok
22:31:30.0145 4052 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] C:\WINDOWS\system32\drivers\sdbus.sys
22:31:30.0145 4052 C:\WINDOWS\system32\drivers\sdbus.sys - ok
22:31:30.0145 4052 [ 2646883E6DD867CD872D5B51B6036710 ] C:\WINDOWS\system32\drivers\e100b325.sys
22:31:30.0145 4052 C:\WINDOWS\system32\drivers\e100b325.sys - ok
22:31:30.0145 4052 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
22:31:30.0161 4052 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
22:31:30.0161 4052 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
22:31:30.0161 4052 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
22:31:30.0161 4052 [ E295FFFFF3AAF9A6A40B29497901908F ] C:\WINDOWS\system32\drivers\SynTP.sys
22:31:30.0161 4052 C:\WINDOWS\system32\drivers\SynTP.sys - ok
22:31:30.0176 4052 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
22:31:30.0176 4052 C:\WINDOWS\system32\drivers\usbd.sys - ok
22:31:30.0176 4052 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] C:\WINDOWS\system32\drivers\DLACDBHM.SYS
22:31:30.0176 4052 C:\WINDOWS\system32\drivers\DLACDBHM.SYS - ok
22:31:30.0192 4052 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
22:31:30.0192 4052 C:\WINDOWS\system32\drivers\imapi.sys - ok
22:31:30.0192 4052 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] C:\WINDOWS\system32\drivers\iviaspi.sys
22:31:30.0192 4052 C:\WINDOWS\system32\drivers\iviaspi.sys - ok
22:31:30.0192 4052 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
22:31:30.0192 4052 C:\WINDOWS\system32\drivers\mouclass.sys - ok
22:31:30.0208 4052 [ 444F122E68DB44C0589227781F3C8B3F ] C:\WINDOWS\system32\drivers\pfc.sys
22:31:30.0208 4052 C:\WINDOWS\system32\drivers\pfc.sys - ok
22:31:30.0208 4052 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
22:31:30.0208 4052 C:\WINDOWS\system32\drivers\cdrom.sys - ok
22:31:30.0223 4052 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
22:31:30.0223 4052 C:\WINDOWS\system32\drivers\ks.sys - ok
22:31:30.0223 4052 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
22:31:30.0223 4052 C:\WINDOWS\system32\drivers\audstub.sys - ok
22:31:30.0223 4052 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
22:31:30.0223 4052 C:\WINDOWS\system32\drivers\redbook.sys - ok
22:31:30.0239 4052 [ 4011A07B10A320E2F227C4572C468184 ] C:\WINDOWS\system32\drivers\TSXT_kern_i386.sys
22:31:30.0239 4052 C:\WINDOWS\system32\drivers\TSXT_kern_i386.sys - ok
22:31:30.0239 4052 [ 2CB38F49F130B4B923652BC499D18C75 ] C:\WINDOWS\system32\drivers\WOWHD_kern_i386.sys
22:31:30.0239 4052 C:\WINDOWS\system32\drivers\WOWHD_kern_i386.sys - ok
22:31:30.0255 4052 [ 0C0004CED8A90D09E6A59BD389CA6799 ] C:\WINDOWS\system32\drivers\CSIIDecoder_kern_i386.sys
22:31:30.0255 4052 C:\WINDOWS\system32\drivers\CSIIDecoder_kern_i386.sys - ok
22:31:30.0255 4052 [ CC6763889198EF975B143D49789BCFA9 ] C:\WINDOWS\system32\drivers\Tvs.sys
22:31:30.0255 4052 C:\WINDOWS\system32\drivers\Tvs.sys - ok
22:31:30.0270 4052 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
22:31:30.0270 4052 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
22:31:30.0270 4052 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
22:31:30.0270 4052 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
22:31:30.0270 4052 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
22:31:30.0270 4052 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
22:31:30.0286 4052 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
22:31:30.0286 4052 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
22:31:30.0286 4052 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
22:31:30.0286 4052 C:\WINDOWS\system32\drivers\tdi.sys - ok
22:31:30.0301 4052 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
22:31:30.0301 4052 C:\WINDOWS\system32\drivers\psched.sys - ok
22:31:30.0301 4052 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
22:31:30.0301 4052 C:\WINDOWS\system32\drivers\raspptp.sys - ok
22:31:30.0317 4052 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
22:31:30.0317 4052 C:\WINDOWS\system32\drivers\msgpc.sys - ok
22:31:30.0317 4052 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
22:31:30.0317 4052 C:\WINDOWS\system32\drivers\ptilink.sys - ok
22:31:30.0317 4052 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
22:31:30.0317 4052 C:\WINDOWS\system32\drivers\raspti.sys - ok
22:31:30.0333 4052 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
22:31:30.0333 4052 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
22:31:30.0333 4052 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
22:31:30.0333 4052 C:\WINDOWS\system32\drivers\swenum.sys - ok
22:31:30.0348 4052 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
22:31:30.0348 4052 C:\WINDOWS\system32\drivers\termdd.sys - ok
22:31:30.0364 4052 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
22:31:30.0364 4052 C:\WINDOWS\system32\drivers\update.sys - ok
22:31:30.0364 4052 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
22:31:30.0364 4052 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
22:31:30.0380 4052 [ 676DB15DDF2E0FF6EC03068DEA428B8B ] C:\WINDOWS\system32\drivers\NBSMI.sys
22:31:30.0380 4052 C:\WINDOWS\system32\drivers\NBSMI.sys - ok
22:31:30.0380 4052 [ 7147B0575BCC93A6AB7D5C90F47C0B9F ] C:\WINDOWS\system32\drivers\tbiosdrv.sys
22:31:30.0380 4052 C:\WINDOWS\system32\drivers\tbiosdrv.sys - ok
22:31:30.0380 4052 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
22:31:30.0380 4052 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
22:31:30.0395 4052 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
22:31:30.0395 4052 C:\WINDOWS\system32\drivers\drmk.sys - ok
22:31:30.0395 4052 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
22:31:30.0395 4052 C:\WINDOWS\system32\drivers\portcls.sys - ok
22:31:30.0411 4052 [ B12A9FC49CD2765A43829D834F518AED ] C:\WINDOWS\system32\drivers\RtkHDAud.Sys
22:31:30.0411 4052 C:\WINDOWS\system32\drivers\RtkHDAud.Sys - ok
22:31:30.0411 4052 [ B3192376C7A3814B5341EFC2202022F8 ] C:\WINDOWS\system32\drivers\AGRSM.sys
22:31:30.0411 4052 C:\WINDOWS\system32\drivers\AGRSM.sys - ok
22:31:30.0411 4052 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
22:31:30.0411 4052 C:\WINDOWS\system32\drivers\modem.sys - ok
22:31:30.0426 4052 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
22:31:30.0426 4052 C:\WINDOWS\system32\drivers\usbhub.sys - ok
22:31:30.0426 4052 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
22:31:30.0426 4052 C:\WINDOWS\system32\drivers\fdc.sys - ok
22:31:30.0426 4052 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
22:31:30.0426 4052 C:\WINDOWS\system32\drivers\beep.sys - ok
22:31:30.0442 4052 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
22:31:30.0442 4052 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
22:31:30.0442 4052 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
22:31:30.0442 4052 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
22:31:30.0458 4052 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
22:31:30.0458 4052 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
22:31:30.0458 4052 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
22:31:30.0458 4052 C:\WINDOWS\system32\drivers\null.sys - ok
22:31:30.0473 4052 [ 7EE0852AE8907689DF25049DCD2342E8 ] C:\WINDOWS\system32\drivers\DLARTL_N.SYS
22:31:30.0473 4052 C:\WINDOWS\system32\drivers\DLARTL_N.SYS - ok
22:31:30.0473 4052 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
22:31:30.0473 4052 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
22:31:30.0473 4052 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
22:31:30.0473 4052 C:\WINDOWS\system32\drivers\vga.sys - ok
22:31:30.0489 4052 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] C:\WINDOWS\system32\drivers\meiudf.sys
22:31:30.0489 4052 C:\WINDOWS\system32\drivers\meiudf.sys - ok
22:31:30.0489 4052 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
22:31:30.0489 4052 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
22:31:30.0505 4052 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] C:\WINDOWS\system32\drivers\udfs.sys
22:31:30.0505 4052 C:\WINDOWS\system32\drivers\udfs.sys - ok
22:31:30.0505 4052 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
22:31:30.0505 4052 C:\WINDOWS\system32\drivers\msfs.sys - ok
22:31:30.0505 4052 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
22:31:30.0505 4052 C:\WINDOWS\system32\drivers\npfs.sys - ok
22:31:30.0520 4052 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
22:31:30.0520 4052 C:\WINDOWS\system32\drivers\ipsec.sys - ok
22:31:30.0520 4052 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
22:31:30.0520 4052 C:\WINDOWS\system32\drivers\rasacd.sys - ok
22:31:30.0536 4052 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
22:31:30.0536 4052 C:\WINDOWS\system32\drivers\tcpip.sys - ok
22:31:30.0536 4052 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
22:31:30.0536 4052 C:\WINDOWS\system32\drivers\netbt.sys - ok
22:31:30.0536 4052 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
22:31:30.0536 4052 C:\WINDOWS\system32\drivers\afd.sys - ok
22:31:30.0551 4052 [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
22:31:30.0551 4052 C:\WINDOWS\system32\drivers\arp1394.sys - ok
22:31:30.0551 4052 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
22:31:30.0551 4052 C:\WINDOWS\system32\drivers\wanarp.sys - ok
22:31:30.0567 4052 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
22:31:30.0567 4052 C:\WINDOWS\system32\drivers\netbios.sys - ok
22:31:30.0567 4052 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
22:31:30.0567 4052 C:\WINDOWS\system32\drivers\rdbss.sys - ok
22:31:30.0567 4052 [ A36EE93698802CD899F98BFD553D8185 ] C:\WINDOWS\system32\drivers\ssmdrv.sys
22:31:30.0567 4052 C:\WINDOWS\system32\drivers\ssmdrv.sys - ok
22:31:30.0583 4052 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
22:31:30.0583 4052 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
22:31:30.0583 4052 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
22:31:30.0583 4052 C:\WINDOWS\system32\drivers\fips.sys - ok
22:31:30.0583 4052 [ FFB78D74E1EA5F811341A6E7AC547A46 ] C:\WINDOWS\system32\drivers\avkmgr.sys
22:31:30.0583 4052 C:\WINDOWS\system32\drivers\avkmgr.sys - ok
22:31:30.0598 4052 [ 0189056DDBF23C7DEF09D2B5999C5405 ] C:\WINDOWS\system32\drivers\avipbb.sys
22:31:30.0598 4052 C:\WINDOWS\system32\drivers\avipbb.sys - ok
22:31:30.0598 4052 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
22:31:30.0598 4052 C:\WINDOWS\system32\ntdll.dll - ok
22:31:30.0614 4052 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
22:31:30.0614 4052 C:\WINDOWS\system32\smss.exe - ok
22:31:30.0614 4052 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
22:31:30.0614 4052 C:\WINDOWS\system32\autochk.exe - ok
22:31:30.0614 4052 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
22:31:30.0614 4052 C:\WINDOWS\system32\sfcfiles.dll - ok
22:31:30.0630 4052 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
22:31:30.0630 4052 C:\WINDOWS\system32\drivers\wmilib.sys - ok
22:31:30.0630 4052 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
22:31:30.0630 4052 C:\WINDOWS\system32\drivers\atapi.sys - ok
22:31:30.0645 4052 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
22:31:30.0645 4052 C:\WINDOWS\system32\drivers\dxapi.sys - ok
22:31:30.0645 4052 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
22:31:30.0645 4052 C:\WINDOWS\system32\watchdog.sys - ok
22:31:30.0645 4052 [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys
22:31:30.0645 4052 C:\WINDOWS\system32\win32k.sys - ok
22:31:30.0661 4052 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:31:30.0661 4052 C:\WINDOWS\system32\basesrv.dll - ok
22:31:30.0661 4052 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
22:31:30.0661 4052 C:\WINDOWS\system32\csrsrv.dll - ok
22:31:30.0676 4052 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
22:31:30.0676 4052 C:\WINDOWS\system32\csrss.exe - ok
22:31:30.0676 4052 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
22:31:30.0676 4052 C:\WINDOWS\system32\gdi32.dll - ok
22:31:30.0676 4052 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:31:30.0676 4052 C:\WINDOWS\system32\winsrv.dll - ok
22:31:30.0692 4052 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
22:31:30.0692 4052 C:\WINDOWS\system32\kernel32.dll - ok
22:31:30.0692 4052 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
22:31:30.0692 4052 C:\WINDOWS\system32\user32.dll - ok
22:31:30.0692 4052 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
22:31:30.0692 4052 C:\WINDOWS\system32\drivers\dxg.sys - ok
22:31:30.0708 4052 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
22:31:30.0708 4052 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
22:31:30.0708 4052 [ E48A1F1D2153B23C9FA748497481983A ] C:\WINDOWS\system32\ialmrnt5.dll
22:31:30.0708 4052 C:\WINDOWS\system32\ialmrnt5.dll - ok
22:31:30.0723 4052 [ 67590ABADF4462C4F5BE4669C820B01F ] C:\WINDOWS\system32\ialmdnt5.dll
22:31:30.0723 4052 C:\WINDOWS\system32\ialmdnt5.dll - ok
22:31:30.0723 4052 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
22:31:30.0723 4052 C:\WINDOWS\system32\vga.dll - ok
22:31:30.0739 4052 [ AA9C9CC5EF64EA815825939AA1BD61F6 ] C:\WINDOWS\system32\ialmdev5.dll
22:31:30.0739 4052 C:\WINDOWS\system32\ialmdev5.dll - ok
22:31:30.0739 4052 [ 16BC0BB683140792806446F6E19BEAB8 ] C:\WINDOWS\system32\ialmdd5.dll
22:31:30.0739 4052 C:\WINDOWS\system32\ialmdd5.dll - ok
22:31:30.0739 4052 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
22:31:30.0739 4052 C:\WINDOWS\system32\winlogon.exe - ok
22:31:30.0755 4052 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
22:31:30.0755 4052 C:\WINDOWS\system32\advapi32.dll - ok
22:31:30.0755 4052 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
22:31:30.0755 4052 C:\WINDOWS\system32\rpcrt4.dll - ok
22:31:30.0755 4052 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
22:31:30.0755 4052 C:\WINDOWS\system32\authz.dll - ok
22:31:30.0770 4052 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
22:31:30.0770 4052 C:\WINDOWS\system32\msvcrt.dll - ok
22:31:30.0770 4052 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
22:31:30.0770 4052 C:\WINDOWS\system32\secur32.dll - ok
22:31:30.0786 4052 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
22:31:30.0786 4052 C:\WINDOWS\system32\crypt32.dll - ok
22:31:30.0786 4052 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
22:31:30.0786 4052 C:\WINDOWS\system32\msasn1.dll - ok
22:31:30.0786 4052 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
22:31:30.0786 4052 C:\WINDOWS\system32\nddeapi.dll - ok
22:31:30.0802 4052 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
22:31:30.0802 4052 C:\WINDOWS\system32\netapi32.dll - ok
22:31:30.0802 4052 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
22:31:30.0802 4052 C:\WINDOWS\system32\profmap.dll - ok
22:31:30.0817 4052 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
22:31:30.0817 4052 C:\WINDOWS\system32\userenv.dll - ok
22:31:30.0817 4052 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
22:31:30.0817 4052 C:\WINDOWS\system32\psapi.dll - ok
22:31:30.0817 4052 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
22:31:30.0817 4052 C:\WINDOWS\system32\regapi.dll - ok
22:31:30.0833 4052 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
22:31:30.0833 4052 C:\WINDOWS\system32\setupapi.dll - ok
22:31:30.0833 4052 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
22:31:30.0833 4052 C:\WINDOWS\system32\version.dll - ok
22:31:30.0848 4052 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
22:31:30.0848 4052 C:\WINDOWS\system32\winsta.dll - ok
22:31:30.0848 4052 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
22:31:30.0848 4052 C:\WINDOWS\system32\wintrust.dll - ok
22:31:30.0848 4052 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
22:31:30.0848 4052 C:\WINDOWS\system32\imagehlp.dll - ok
22:31:30.0864 4052 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
22:31:30.0864 4052 C:\WINDOWS\system32\ws2help.dll - ok
22:31:30.0864 4052 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
22:31:30.0864 4052 C:\WINDOWS\system32\ws2_32.dll - ok
22:31:30.0880 4052 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
22:31:30.0880 4052 C:\WINDOWS\system32\kbdus.dll - ok
22:31:30.0880 4052 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
22:31:30.0880 4052 C:\WINDOWS\system32\msgina.dll - ok
22:31:30.0880 4052 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
22:31:30.0880 4052 C:\WINDOWS\system32\comctl32.dll - ok
22:31:30.0895 4052 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
22:31:30.0895 4052 C:\WINDOWS\system32\odbc32.dll - ok
22:31:30.0895 4052 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
22:31:30.0895 4052 C:\WINDOWS\system32\comdlg32.dll - ok
22:31:30.0911 4052 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
22:31:30.0911 4052 C:\WINDOWS\system32\shell32.dll - ok
22:31:30.0911 4052 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
22:31:30.0911 4052 C:\WINDOWS\system32\shlwapi.dll - ok
22:31:30.0927 4052 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
22:31:30.0927 4052 C:\WINDOWS\system32\sxs.dll - ok
22:31:30.0927 4052 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
22:31:30.0927 4052 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
22:31:30.0927 4052 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
22:31:30.0927 4052 C:\WINDOWS\system32\odbcint.dll - ok
22:31:30.0942 4052 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
22:31:30.0942 4052 C:\WINDOWS\system32\sfc.dll - ok
22:31:30.0942 4052 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
22:31:30.0942 4052 C:\WINDOWS\system32\sfc_os.dll - ok
22:31:30.0942 4052 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
22:31:30.0942 4052 C:\WINDOWS\system32\shsvcs.dll - ok
22:31:30.0958 4052 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
22:31:30.0958 4052 C:\WINDOWS\system32\ole32.dll - ok
22:31:30.0958 4052 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
22:31:30.0958 4052 C:\WINDOWS\system32\apphelp.dll - ok
22:31:30.0973 4052 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
22:31:30.0973 4052 C:\WINDOWS\system32\lsasrv.dll - ok
22:31:30.0973 4052 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
22:31:30.0973 4052 C:\WINDOWS\system32\lsass.exe - ok
22:31:30.0973 4052 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
22:31:30.0973 4052 C:\WINDOWS\system32\msvcp60.dll - ok
22:31:30.0989 4052 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
22:31:30.0989 4052 C:\WINDOWS\system32\ncobjapi.dll - ok
22:31:30.0989 4052 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:31:30.0989 4052 C:\WINDOWS\system32\services.exe - ok
22:31:30.0989 4052 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
22:31:30.0989 4052 C:\WINDOWS\system32\scesrv.dll - ok
22:31:31.0005 4052 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
22:31:31.0005 4052 C:\WINDOWS\system32\umpnpmgr.dll - ok
22:31:31.0005 4052 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
22:31:31.0005 4052 C:\WINDOWS\system32\mpr.dll - ok
22:31:31.0020 4052 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
22:31:31.0020 4052 C:\WINDOWS\AppPatch\acadproc.dll - ok
22:31:31.0020 4052 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
22:31:31.0020 4052 C:\WINDOWS\system32\dnsapi.dll - ok
22:31:31.0020 4052 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
22:31:31.0020 4052 C:\WINDOWS\system32\ntdsapi.dll - ok
22:31:31.0036 4052 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
22:31:31.0036 4052 C:\WINDOWS\system32\shimeng.dll - ok
22:31:31.0036 4052 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
22:31:31.0036 4052 C:\WINDOWS\system32\wldap32.dll - ok
22:31:31.0052 4052 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
22:31:31.0052 4052 C:\WINDOWS\system32\samlib.dll - ok
22:31:31.0052 4052 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
22:31:31.0052 4052 C:\WINDOWS\system32\samsrv.dll - ok
22:31:31.0052 4052 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
22:31:31.0052 4052 C:\WINDOWS\system32\cryptdll.dll - ok
22:31:31.0067 4052 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
22:31:31.0067 4052 C:\WINDOWS\AppPatch\acgenral.dll - ok
22:31:31.0067 4052 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
22:31:31.0067 4052 C:\WINDOWS\system32\oleaut32.dll - ok
22:31:31.0083 4052 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
22:31:31.0083 4052 C:\WINDOWS\system32\winmm.dll - ok
22:31:31.0083 4052 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
22:31:31.0083 4052 C:\WINDOWS\system32\msacm32.dll - ok
22:31:31.0083 4052 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
22:31:31.0083 4052 C:\WINDOWS\system32\uxtheme.dll - ok
22:31:31.0098 4052 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
22:31:31.0098 4052 C:\WINDOWS\system32\digest.dll - ok
22:31:31.0098 4052 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
22:31:31.0098 4052 C:\WINDOWS\system32\msapsspc.dll - ok
22:31:31.0098 4052 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
22:31:31.0098 4052 C:\WINDOWS\system32\msvcrt40.dll - ok
22:31:31.0114 4052 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
22:31:31.0114 4052 C:\WINDOWS\system32\schannel.dll - ok
22:31:31.0114 4052 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
22:31:31.0114 4052 C:\WINDOWS\system32\msnsspc.dll - ok
22:31:31.0130 4052 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
22:31:31.0130 4052 C:\WINDOWS\system32\msprivs.dll - ok
22:31:31.0130 4052 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
22:31:31.0130 4052 C:\WINDOWS\system32\kerberos.dll - ok
22:31:31.0130 4052 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
22:31:31.0145 4052 C:\WINDOWS\system32\msv1_0.dll - ok
22:31:31.0145 4052 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
22:31:31.0145 4052 C:\WINDOWS\system32\iphlpapi.dll - ok
22:31:31.0145 4052 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
22:31:31.0145 4052 C:\WINDOWS\system32\netlogon.dll - ok
22:31:31.0161 4052 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
22:31:31.0161 4052 C:\WINDOWS\system32\w32time.dll - ok
22:31:31.0161 4052 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
22:31:31.0161 4052 C:\WINDOWS\system32\rsaenh.dll - ok
22:31:31.0161 4052 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
22:31:31.0161 4052 C:\WINDOWS\system32\wdigest.dll - ok
22:31:31.0177 4052 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
22:31:31.0177 4052 C:\WINDOWS\system32\winscard.dll - ok
22:31:31.0177 4052 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
22:31:31.0177 4052 C:\WINDOWS\system32\wtsapi32.dll - ok
22:31:31.0192 4052 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
22:31:31.0192 4052 C:\WINDOWS\system32\scecli.dll - ok
22:31:31.0192 4052 [ A5C175039B1D6D85D0E79F5855828E4D ] C:\WINDOWS\system32\drivers\avgntflt.sys
22:31:31.0192 4052 C:\WINDOWS\system32\drivers\avgntflt.sys - ok
22:31:31.0192 4052 [ B4869D320428CDC5EC4D7F5E808E99B5 ] C:\WINDOWS\system32\drivers\DRVNDDM.SYS
22:31:31.0192 4052 C:\WINDOWS\system32\drivers\DRVNDDM.SYS - ok
22:31:31.0208 4052 [ 1E6C6597833A04C2157BE7B39EA92CE1 ] C:\WINDOWS\system32\DLA\DLADResN.SYS
22:31:31.0208 4052 C:\WINDOWS\system32\DLA\DLADResN.SYS - ok
22:31:31.0208 4052 [ 752376E109A090970BFA9722F0F40B03 ] C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:31:31.0208 4052 C:\WINDOWS\system32\DLA\DLAIFS_M.SYS - ok
22:31:31.0223 4052 [ EE4325BECEF51B8C32B4329097E4F301 ] C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:31:31.0223 4052 C:\WINDOWS\system32\DLA\DLABOIOM.SYS - ok
22:31:31.0223 4052 [ 62EE7902E74B90BF1CCC4643FC6C07A7 ] C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:31:31.0223 4052 C:\WINDOWS\system32\DLA\DLAOPIOM.SYS - ok
22:31:31.0223 4052 [ 5C220124C5AFEAEE84A9BB89D685C17B ] C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:31:31.0223 4052 C:\WINDOWS\system32\DLA\DLAPoolM.SYS - ok
22:31:31.0239 4052 [ 4EBB78D9BBF072119363B35B9B3E518F ] C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:31:31.0239 4052 C:\WINDOWS\system32\DLA\DLAUDFAM.SYS - ok
22:31:31.0239 4052 [ 333B770E52D2CEA7BD86391120466E43 ] C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:31:31.0239 4052 C:\WINDOWS\system32\DLA\DLAUDF_M.SYS - ok
22:31:31.0255 4052 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
22:31:31.0255 4052 C:\WINDOWS\system32\svchost.exe - ok
22:31:31.0255 4052 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
22:31:31.0255 4052 C:\WINDOWS\system32\ntmarta.dll - ok
22:31:31.0255 4052 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
22:31:31.0255 4052 C:\WINDOWS\system32\rpcss.dll - ok
22:31:31.0270 4052 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
22:31:31.0270 4052 C:\WINDOWS\system32\xpsp2res.dll - ok
22:31:31.0270 4052 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
22:31:31.0270 4052 C:\WINDOWS\system32\eventlog.dll - ok
22:31:31.0270 4052 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
22:31:31.0270 4052 C:\WINDOWS\system32\hnetcfg.dll - ok
22:31:31.0286 4052 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
22:31:31.0286 4052 C:\WINDOWS\system32\mswsock.dll - ok
22:31:31.0286 4052 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
22:31:31.0286 4052 C:\WINDOWS\system32\wshtcpip.dll - ok
22:31:31.0302 4052 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
22:31:31.0302 4052 C:\WINDOWS\system32\rasadhlp.dll - ok
22:31:31.0302 4052 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
22:31:31.0302 4052 C:\WINDOWS\system32\winrnr.dll - ok
22:31:31.0302 4052 [ 12DAFD934641DCF61E446313BC261EC2 ] C:\WINDOWS\system32\drivers\AegisP.sys
22:31:31.0302 4052 C:\WINDOWS\system32\drivers\AegisP.sys - ok
22:31:31.0317 4052 [ 1CC074E0D48383D4E9BFFC6A26C2A58A ] C:\WINDOWS\system32\drivers\s24trans.sys
22:31:31.0317 4052 C:\WINDOWS\system32\drivers\s24trans.sys - ok
22:31:31.0317 4052 [ 56DED3ADE453272E6A0AD582D945D1A4 ] C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
22:31:31.0317 4052 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - ok
22:31:31.0333 4052 [ 1175911E055430E3119F06812E1FA8B8 ] C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll
22:31:31.0333 4052 C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll - ok
22:31:31.0333 4052 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
22:31:31.0333 4052 C:\WINDOWS\system32\winspool.drv - ok
22:31:31.0333 4052 [ F9F696AB4F62D0281ED6380B50C0BDB0 ] C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll
22:31:31.0333 4052 C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll - ok
22:31:31.0349 4052 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
22:31:31.0349 4052 C:\WINDOWS\system32\atl.dll - ok
22:31:31.0349 4052 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
22:31:31.0349 4052 C:\WINDOWS\system32\clbcatq.dll - ok
22:31:31.0364 4052 [ 6C5155CC0E805C7BE6028BFF7AC14524 ] C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
22:31:31.0364 4052 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - ok
22:31:31.0364 4052 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
22:31:31.0364 4052 C:\WINDOWS\system32\comres.dll - ok
22:31:31.0364 4052 [ 2133B82CD52F1B62CDEA633769819A60 ] C:\Program Files\Common Files\System\ado\msado15.dll
22:31:31.0364 4052 C:\Program Files\Common Files\System\ado\msado15.dll - ok
22:31:31.0380 4052 [ 2CA3BDA4EDB557F8426EE46650D2C441 ] C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
22:31:31.0380 4052 C:\Program Files\Intel\Wireless\Bin\Libeay32.dll - ok
22:31:31.0380 4052 [ 01F0CBEB457CAE7EF0CA52C7CCA5B0E8 ] C:\WINDOWS\system32\msdart.dll
22:31:31.0380 4052 C:\WINDOWS\system32\msdart.dll - ok
22:31:31.0395 4052 [ DC095DB6D468CB5B653E05F865487E57 ] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
22:31:31.0395 4052 C:\Program Files\Common Files\System\Ole DB\oledb32.dll - ok
22:31:31.0395 4052 [ F86A2C7C279C746D5C5E06941ED4C337 ] C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
22:31:31.0395 4052 C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - ok
22:31:31.0395 4052 [ 1ED4C96EC76C3DDFCABD7644DA23F4B6 ] C:\Program Files\Common Files\System\Ole DB\msdasql.dll
22:31:31.0395 4052 C:\Program Files\Common Files\System\Ole DB\msdasql.dll - ok
22:31:31.0411 4052 [ 73BAFFA0B02320690CDC606241078CE4 ] C:\Program Files\Common Files\System\Ole DB\msdatl3.dll
22:31:31.0411 4052 C:\Program Files\Common Files\System\Ole DB\msdatl3.dll - ok
22:31:31.0411 4052 [ 8985FCECE06A74017E23DDD093E34D4E ] C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll
22:31:31.0411 4052 C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll - ok
22:31:31.0427 4052 [ 18697C1FDBE751AE52DD4EDB3E9025F9 ] C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
22:31:31.0427 4052 C:\Program Files\Intel\Wireless\Bin\IntStngs.dll - ok
22:31:31.0427 4052 [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
22:31:31.0427 4052 C:\WINDOWS\system32\mfc42.dll - ok
22:31:31.0427 4052 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
22:31:31.0427 4052 C:\WINDOWS\system32\wsock32.dll - ok
22:31:31.0442 4052 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
22:31:31.0442 4052 C:\WINDOWS\system32\comsvcs.dll - ok
22:31:31.0442 4052 [ F5FCF2B4068DDE641D16BF4B2E877C95 ] C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
22:31:31.0442 4052 C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll - ok
22:31:31.0458 4052 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
22:31:31.0458 4052 C:\WINDOWS\system32\clusapi.dll - ok
22:31:31.0458 4052 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
22:31:31.0458 4052 C:\WINDOWS\system32\colbact.dll - ok
22:31:31.0458 4052 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
22:31:31.0458 4052 C:\WINDOWS\system32\mtxclu.dll - ok
22:31:31.0474 4052 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
22:31:31.0474 4052 C:\WINDOWS\system32\netcfgx.dll - ok
22:31:31.0474 4052 [ 1B05DCC75FBB903A17E3E0DDAEA8D508 ] C:\WINDOWS\system32\odbcjt32.dll
22:31:31.0474 4052 C:\WINDOWS\system32\odbcjt32.dll - ok
22:31:31.0489 4052 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
22:31:31.0489 4052 C:\WINDOWS\system32\resutils.dll - ok
22:31:31.0489 4052 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
22:31:31.0489 4052 C:\WINDOWS\system32\cscdll.dll - ok
22:31:31.0489 4052 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
22:31:31.0489 4052 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
22:31:31.0505 4052 [ BC718EC80245205B6051CAC27BCC0A3C ] C:\WINDOWS\system32\logonui.exe
22:31:31.0505 4052 C:\WINDOWS\system32\logonui.exe - ok
22:31:31.0505 4052 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
22:31:31.0505 4052 C:\WINDOWS\system32\dimsntfy.dll - ok
22:31:31.0520 4052 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] C:\WINDOWS\system32\drivers\Netdevio.sys
22:31:31.0520 4052 C:\WINDOWS\system32\drivers\Netdevio.sys - ok
22:31:31.0520 4052 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
22:31:31.0520 4052 C:\WINDOWS\system32\dhcpcsvc.dll - ok
22:31:31.0520 4052 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
22:31:31.0520 4052 C:\WINDOWS\system32\duser.dll - ok

22:31:31.0536 4052 [ 9E70016C950B1F8FDEAA6F067E2E25A8 ] C:\WINDOWS\system32\msjet40.dll
22:31:31.0536 4052 C:\WINDOWS\system32\msjet40.dll - ok
22:31:31.0536 4052 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
22:31:31.0536 4052 C:\WINDOWS\system32\wlnotify.dll - ok
22:31:31.0536 4052 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
22:31:31.0536 4052 C:\WINDOWS\system32\msimg32.dll - ok
22:31:31.0552 4052 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
22:31:31.0552 4052 C:\WINDOWS\system32\oleacc.dll - ok
22:31:31.0552 4052 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
22:31:31.0552 4052 C:\WINDOWS\system32\dnsrslvr.dll - ok
22:31:31.0567 4052 [ AFDC647D16B285B9AE6140335B3B3255 ] C:\WINDOWS\system32\mswstr10.dll
22:31:31.0567 4052 C:\WINDOWS\system32\mswstr10.dll - ok
22:31:31.0567 4052 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
22:31:31.0567 4052 C:\WINDOWS\system32\lmhsvc.dll - ok
22:31:31.0567 4052 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
22:31:31.0567 4052 C:\WINDOWS\system32\wzcsvc.dll - ok
22:31:31.0583 4052 [ 5CE275CDC5FFB77B1EC29DBDFE4B6689 ] C:\WINDOWS\system32\odbcji32.dll
22:31:31.0583 4052 C:\WINDOWS\system32\odbcji32.dll - ok
22:31:31.0583 4052 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
22:31:31.0583 4052 C:\WINDOWS\system32\eapolqec.dll - ok
22:31:31.0583 4052 [ 7E2B58CE8C4013287371667880B1080D ] C:\WINDOWS\system32\msjint40.dll
22:31:31.0583 4052 C:\WINDOWS\system32\msjint40.dll - ok
22:31:31.0599 4052 [ 0D14F07B29FBF0D750AA2495DD72B968 ] C:\WINDOWS\system32\msjter40.dll
22:31:31.0599 4052 C:\WINDOWS\system32\msjter40.dll - ok
22:31:31.0599 4052 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
22:31:31.0599 4052 C:\WINDOWS\system32\qutil.dll - ok
22:31:31.0614 4052 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
22:31:31.0614 4052 C:\WINDOWS\system32\rtutils.dll - ok
22:31:31.0614 4052 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
22:31:31.0614 4052 C:\WINDOWS\system32\wmi.dll - ok
22:31:31.0614 4052 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
22:31:31.0614 4052 C:\WINDOWS\system32\dot3api.dll - ok
22:31:31.0630 4052 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
22:31:31.0630 4052 C:\WINDOWS\system32\esent.dll - ok
22:31:31.0630 4052 [ 2C288AA87E4723AC9FF4D76A192EC3F8 ] C:\WINDOWS\system32\odbccp32.dll
22:31:31.0630 4052 C:\WINDOWS\system32\odbccp32.dll - ok
22:31:31.0645 4052 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
22:31:31.0645 4052 C:\WINDOWS\system32\shgina.dll - ok
22:31:31.0645 4052 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
22:31:31.0645 4052 C:\WINDOWS\system32\rastls.dll - ok
22:31:31.0645 4052 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
22:31:31.0645 4052 C:\WINDOWS\system32\cryptui.dll - ok
22:31:31.0661 4052 [ 142CEDECAE89E372EE347681C3FBB257 ] C:\Program Files\Common Files\System\msadc\msadce.dll
22:31:31.0661 4052 C:\Program Files\Common Files\System\msadc\msadce.dll - ok
22:31:31.0661 4052 [ E3C6062F89195673F7C9D629F4CAEE47 ] C:\WINDOWS\system32\wininet.dll
22:31:31.0661 4052 C:\WINDOWS\system32\wininet.dll - ok
22:31:31.0677 4052 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
22:31:31.0677 4052 C:\WINDOWS\system32\mprapi.dll - ok
22:31:31.0677 4052 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
22:31:31.0677 4052 C:\WINDOWS\system32\activeds.dll - ok
22:31:31.0677 4052 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
22:31:31.0677 4052 C:\WINDOWS\system32\adsldpc.dll - ok
22:31:31.0692 4052 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
22:31:31.0692 4052 C:\WINDOWS\system32\rasapi32.dll - ok
22:31:31.0692 4052 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
22:31:31.0692 4052 C:\WINDOWS\system32\rasman.dll - ok
22:31:31.0708 4052 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
22:31:31.0708 4052 C:\WINDOWS\system32\tapi32.dll - ok
22:31:31.0708 4052 [ 81E9041DAC0983AACE5C8920AF73D64E ] C:\Program Files\Common Files\System\msadc\msadcer.dll
22:31:31.0708 4052 C:\Program Files\Common Files\System\msadc\msadcer.dll - ok
22:31:31.0708 4052 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
22:31:31.0708 4052 C:\WINDOWS\system32\riched20.dll - ok
22:31:31.0724 4052 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
22:31:31.0724 4052 C:\WINDOWS\system32\mlang.dll - ok
22:31:31.0724 4052 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
22:31:31.0724 4052 C:\WINDOWS\system32\raschap.dll - ok
22:31:31.0739 4052 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
22:31:31.0739 4052 C:\WINDOWS\system32\wzcsapi.dll - ok
22:31:31.0739 4052 [ 566382CA5F2C41FEAEEEFAC908F1EB92 ] C:\WINDOWS\system32\xmlprovi.dll
22:31:31.0739 4052 C:\WINDOWS\system32\xmlprovi.dll - ok
22:31:31.0739 4052 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
22:31:31.0739 4052 C:\WINDOWS\system32\schedsvc.dll - ok
22:31:31.0755 4052 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
22:31:31.0755 4052 C:\WINDOWS\system32\msidle.dll - ok
22:31:31.0755 4052 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
22:31:31.0755 4052 C:\WINDOWS\system32\spoolsv.exe - ok
22:31:31.0770 4052 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
22:31:31.0770 4052 C:\WINDOWS\system32\audiosrv.dll - ok
22:31:31.0770 4052 [ D89562A6AE8E07A457452E5B5560EB43 ] C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:31:31.0770 4052 C:\Program Files\Avira\AntiVir Desktop\sched.exe - ok
22:31:31.0770 4052 [ BC83108B18756547013ED443B8CDB31B ] C:\WINDOWS\system32\msvcp100.dll
22:31:31.0770 4052 C:\WINDOWS\system32\msvcp100.dll - ok
22:31:31.0786 4052 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\WINDOWS\system32\msvcr100.dll
22:31:31.0786 4052 C:\WINDOWS\system32\msvcr100.dll - ok
22:31:31.0786 4052 [ 6EC65C9134D01878EA83F68D0152F58C ] C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
22:31:31.0786 4052 C:\Program Files\Avira\AntiVir Desktop\grdcore.dll - ok
22:31:31.0802 4052 [ 83626CD26490E20A21CED2D2ECC5B730 ] C:\Program Files\Avira\AntiVir Desktop\scewxmlw.dll
22:31:31.0802 4052 C:\Program Files\Avira\AntiVir Desktop\scewxmlw.dll - ok
22:31:31.0802 4052 [ 39B8DC5494F1BC4EB6DA7135A223C3F9 ] C:\Program Files\Avira\AntiVir Desktop\cfglib.dll
22:31:31.0802 4052 C:\Program Files\Avira\AntiVir Desktop\cfglib.dll - ok
22:31:31.0802 4052 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
22:31:31.0802 4052 C:\WINDOWS\system32\wkssvc.dll - ok
22:31:31.0817 4052 [ 8E532E1D3E9B7F511B3B87756576EAC2 ] C:\Program Files\Avira\AntiVir Desktop\gpipc.dll
22:31:31.0817 4052 C:\Program Files\Avira\AntiVir Desktop\gpipc.dll - ok
22:31:31.0817 4052 [ 82C97C0835EDA73693639DEE5FF73551 ] C:\Program Files\Avira\AntiVir Desktop\gpgen.dll
22:31:31.0817 4052 C:\Program Files\Avira\AntiVir Desktop\gpgen.dll - ok
22:31:31.0833 4052 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
22:31:31.0833 4052 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
22:31:31.0833 4052 [ 4D5264F9650D87D566490DD4204FC2F1 ] C:\Program Files\Avira\AntiVir Desktop\gpschd.dll
22:31:31.0833 4052 C:\Program Files\Avira\AntiVir Desktop\gpschd.dll - ok
22:31:31.0833 4052 [ ECE0DE598297D3814E9891FC49D5BD59 ] C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll
22:31:31.0833 4052 C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll - ok
22:31:31.0849 4052 [ C725A69DB7E462FB0F2E84E3B7E83C4C ] C:\Program Files\Avira\AntiVir Desktop\schedr.dll
22:31:31.0849 4052 C:\Program Files\Avira\AntiVir Desktop\schedr.dll - ok
22:31:31.0849 4052 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
22:31:31.0849 4052 C:\WINDOWS\system32\webclnt.dll - ok
22:31:31.0864 4052 [ D920BBCBBECFF1081871E84826ADA2C0 ] C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
22:31:31.0864 4052 C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll - ok
22:31:31.0864 4052 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
22:31:31.0864 4052 C:\WINDOWS\system32\drivers\serial.sys - ok
22:31:31.0864 4052 [ E953EB70B3C4F0BA108C35D45420B86B ] C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:31:31.0864 4052 C:\Program Files\Avira\AntiVir Desktop\avguard.exe - ok
22:31:31.0880 4052 [ D880831279ED91F9A4190A2DB9539EA9 ] C:\WINDOWS\system32\drivers\asctrm.sys
22:31:31.0880 4052 C:\WINDOWS\system32\drivers\asctrm.sys - ok
22:31:31.0880 4052 [ 3CB0CC8879956C187E87E18634EE5164 ] C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
22:31:31.0880 4052 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - ok
22:31:31.0896 4052 [ 3B6C054AB0CB4EA03B184DC39E0EC28C ] C:\Program Files\TOSHIBA\ConfigFree\NDSAPI.dll
22:31:31.0896 4052 C:\Program Files\TOSHIBA\ConfigFree\NDSAPI.dll - ok
22:31:31.0896 4052 [ F04DF4C91F03A7DAAB3CC4B061F5F8A5 ] C:\Program Files\Avira\AntiVir Desktop\gpgrd.dll
22:31:31.0896 4052 C:\Program Files\Avira\AntiVir Desktop\gpgrd.dll - ok
22:31:31.0911 4052 [ 05E97E1B4A2793B3451DAA903A031877 ] C:\Program Files\TOSHIBA\ConfigFree\IpAdrSet.dll
22:31:31.0911 4052 C:\Program Files\TOSHIBA\ConfigFree\IpAdrSet.dll - ok
22:31:31.0911 4052 [ AF2292ABEB5466D48EF8BFA7992A50AE ] C:\Program Files\Avira\AntiVir Desktop\gpavgio.dll
22:31:31.0911 4052 C:\Program Files\Avira\AntiVir Desktop\gpavgio.dll - ok
22:31:31.0911 4052 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
22:31:31.0911 4052 C:\WINDOWS\system32\rasdlg.dll - ok
22:31:31.0927 4052 [ 49E836F597F13803D6AD27C1ADA56198 ] C:\Program Files\Avira\AntiVir Desktop\gpgui.dll
22:31:31.0927 4052 C:\Program Files\Avira\AntiVir Desktop\gpgui.dll - ok
22:31:31.0927 4052 [ DC5F2903158E3B1F0DFE0EEBB4501997 ] C:\Program Files\Avira\AntiVir Desktop\gplegacy.dll
22:31:31.0927 4052 C:\Program Files\Avira\AntiVir Desktop\gplegacy.dll - ok
22:31:31.0927 4052 [ AE886E90CE0DE063DAA747B351F41C91 ] C:\Program Files\Avira\AntiVir Desktop\gpgavid.dll
22:31:31.0927 4052 C:\Program Files\Avira\AntiVir Desktop\gpgavid.dll - ok
22:31:31.0942 4052 [ 8F9F50F3810672AC36503B72A0B1808A ] C:\Program Files\Avira\AntiVir Desktop\libdb44.dll
22:31:31.0942 4052 C:\Program Files\Avira\AntiVir Desktop\libdb44.dll - ok
22:31:31.0942 4052 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] C:\WINDOWS\system32\cisvc.exe
22:31:31.0942 4052 C:\WINDOWS\system32\cisvc.exe - ok
22:31:31.0958 4052 [ 43E4758953F454090CAD65C303796ED5 ] C:\WINDOWS\system32\query.dll
22:31:31.0958 4052 C:\WINDOWS\system32\query.dll - ok
22:31:31.0958 4052 [ 4382BE35AEED19E6F7797347333EE988 ] C:\Program Files\Avira\AntiVir Desktop\gpgenrep.dll
22:31:31.0958 4052 C:\Program Files\Avira\AntiVir Desktop\gpgenrep.dll - ok
22:31:31.0958 4052 [ 4922409BDB159C5E5CA0F8F3703B059A ] C:\Program Files\Avira\AntiVir Desktop\onlcfg.dll
22:31:31.0958 4052 C:\Program Files\Avira\AntiVir Desktop\onlcfg.dll - ok
22:31:31.0974 4052 [ 29D717B151303045830E72B53FEFE73E ] C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll
22:31:31.0974 4052 C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll - ok
22:31:31.0974 4052 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
22:31:31.0974 4052 C:\WINDOWS\system32\dmserver.dll - ok
22:31:31.0989 4052 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] C:\WINDOWS\system32\DVDRAMSV.exe
22:31:31.0989 4052 C:\WINDOWS\system32\DVDRAMSV.exe - ok
22:31:31.0989 4052 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
22:31:31.0989 4052 C:\WINDOWS\system32\drivers\cdfs.sys - ok
22:31:31.0989 4052 [ 02F4111F129B9910EF1AA4F33F62FD2A ] C:\Program Files\Avira\AntiVir Desktop\avipc.dll
22:31:31.0989 4052 C:\Program Files\Avira\AntiVir Desktop\avipc.dll - ok
22:31:32.0005 4052 [ 8301243BDE5B6CD316D79C0191D50D9A ] C:\WINDOWS\ehome\ehrecvr.exe
22:31:32.0005 4052 C:\WINDOWS\ehome\ehrecvr.exe - ok
22:31:32.0005 4052 [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
22:31:32.0005 4052 C:\WINDOWS\system32\faultrep.dll - ok
22:31:32.0021 4052 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
22:31:32.0021 4052 C:\WINDOWS\system32\cryptsvc.dll - ok
22:31:32.0021 4052 [ 6D280BC969218AE4A72180F907C32913 ] C:\WINDOWS\ehome\ehTrace.dll
22:31:32.0021 4052 C:\WINDOWS\ehome\ehTrace.dll - ok
22:31:32.0021 4052 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
22:31:32.0021 4052 C:\WINDOWS\system32\certcli.dll - ok
22:31:32.0036 4052 [ 5654A65F73DCD5B3CC0C84E3F3C58043 ] C:\Program Files\Avira\AntiVir Desktop\avgio.dll
22:31:32.0036 4052 C:\Program Files\Avira\AntiVir Desktop\avgio.dll - ok
22:31:32.0036 4052 [ A53243709439AC2A4C216B817F8D7411 ] C:\WINDOWS\ehome\ehSched.exe
22:31:32.0036 4052 C:\WINDOWS\ehome\ehSched.exe - ok
22:31:32.0036 4052 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
22:31:32.0036 4052 C:\WINDOWS\system32\fltlib.dll - ok
22:31:32.0052 4052 [ 6B9117167660873D3CEDC719EE914105 ] C:\Program Files\Avira\AntiVir Desktop\aecore.dll
22:31:32.0052 4052 C:\Program Files\Avira\AntiVir Desktop\aecore.dll - ok
22:31:32.0052 4052 [ D8189B7966DFB524558294FEFF0BEA70 ] C:\Program Files\Avira\AntiVir Desktop\avpref.dll
22:31:32.0052 4052 C:\Program Files\Avira\AntiVir Desktop\avpref.dll - ok
22:31:32.0067 4052 [ E75A782A8C218D03A0AF54325132BC70 ] C:\Program Files\Avira\AntiVir Desktop\aevdf.dll
22:31:32.0067 4052 C:\Program Files\Avira\AntiVir Desktop\aevdf.dll - ok
22:31:32.0067 4052 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
22:31:32.0067 4052 C:\WINDOWS\system32\ersvc.dll - ok
22:31:32.0067 4052 [ 3C902B5FBF23D8A239D114F6F9243734 ] C:\Program Files\Avira\AntiVir Desktop\aescript.dll
22:31:32.0067 4052 C:\Program Files\Avira\AntiVir Desktop\aescript.dll - ok
22:31:32.0083 4052 [ 64605B72B605DEDE66D38E3D7094E73B ] C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
22:31:32.0083 4052 C:\Program Files\Avira\AntiVir Desktop\aesbx.dll - ok
22:31:32.0083 4052 [ 9CAEE2820D405F643C2768AD4E9CBFFE ] C:\Program Files\Avira\AntiVir Desktop\aescn.dll
22:31:32.0083 4052 C:\Program Files\Avira\AntiVir Desktop\aescn.dll - ok
22:31:32.0099 4052 [ 0D99DC04793237418386656339F4D79C ] C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
22:31:32.0099 4052 C:\Program Files\Avira\AntiVir Desktop\aerdl.dll - ok
22:31:32.0099 4052 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
22:31:32.0099 4052 C:\WINDOWS\system32\drivers\http.sys - ok
22:31:32.0099 4052 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
22:31:32.0099 4052 C:\WINDOWS\system32\es.dll - ok
22:31:32.0114 4052 [ 9C27C528D7A95443F64EBC7528531267 ] C:\Program Files\Avira\AntiVir Desktop\aepack.dll
22:31:32.0114 4052 C:\Program Files\Avira\AntiVir Desktop\aepack.dll - ok
22:31:32.0114 4052 [ 8D4CC7ED1EF309487345757C7A9B2C9F ] C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
22:31:32.0114 4052 C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll - ok
22:31:32.0130 4052 [ 67FBC95D865539D2E3A2140FEA784EF4 ] C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
22:31:32.0130 4052 C:\Program Files\Avira\AntiVir Desktop\aeheur.dll - ok
22:31:32.0130 4052 [ 900ACDAD5D357BB26A571DCA1FD6AD36 ] C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
22:31:32.0130 4052 C:\Program Files\Avira\AntiVir Desktop\aehelp.dll - ok
22:31:32.0130 4052 [ EBC7922063E65EDAB8A7D2BF6418D239 ] C:\Program Files\Avira\AntiVir Desktop\aeexp.dll
22:31:32.0130 4052 C:\Program Files\Avira\AntiVir Desktop\aeexp.dll - ok
22:31:32.0146 4052 [ 3E22E96D7C97B74971B579357E4D4182 ] C:\Program Files\Avira\AntiVir Desktop\aegen.dll
22:31:32.0146 4052 C:\Program Files\Avira\AntiVir Desktop\aegen.dll - ok
22:31:32.0146 4052 [ CD7B65E600B8EBC91B292C1AC9EC1215 ] C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
22:31:32.0146 4052 C:\Program Files\Avira\AntiVir Desktop\aeemu.dll - ok
22:31:32.0161 4052 [ 434049E557861645FA160F3035025F51 ] C:\Program Files\Avira\AntiVir Desktop\aebb.dll
22:31:32.0161 4052 C:\Program Files\Avira\AntiVir Desktop\aebb.dll - ok
22:31:32.0161 4052 [ 926AFC4848FF3297BB264333BF51E21F ] C:\WINDOWS\system32\sbe.dll
22:31:32.0161 4052 C:\WINDOWS\system32\sbe.dll - ok
22:31:32.0161 4052 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
22:31:32.0161 4052 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
22:31:32.0177 4052 [ 91DCD979FFED13AB6F6E6B085A43525E ] C:\WINDOWS\system32\msvidctl.dll
22:31:32.0177 4052 C:\WINDOWS\system32\msvidctl.dll - ok
22:31:32.0177 4052 [ 34FFB6ABA2DA398BB33422E1E9275BA9 ] C:\WINDOWS\system32\quartz.dll
22:31:32.0177 4052 C:\WINDOWS\system32\quartz.dll - ok
22:31:32.0192 4052 [ AA5E22854F56C68148EB3345DBD62970 ] C:\WINDOWS\system32\devenum.dll
22:31:32.0192 4052 C:\WINDOWS\system32\devenum.dll - ok
22:31:32.0192 4052 [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll
22:31:32.0192 4052 C:\WINDOWS\system32\msdmo.dll - ok
22:31:32.0192 4052 [ EAE5C3CF2BAA2BF229DC9C07BF45163D ] C:\WINDOWS\system32\imapi.exe
22:31:32.0192 4052 C:\WINDOWS\system32\imapi.exe - ok
22:31:32.0208 4052 [ 6D0A34B650DB6D4BDD4BD086C46211BC ] C:\Program Files\Java\jre7\bin\jqs.exe
22:31:32.0208 4052 C:\Program Files\Java\jre7\bin\jqs.exe - ok
22:31:32.0208 4052 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
22:31:32.0208 4052 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
22:31:32.0208 4052 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
22:31:32.0208 4052 C:\WINDOWS\system32\spoolss.dll - ok
22:31:32.0224 4052 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
22:31:32.0224 4052 C:\WINDOWS\system32\pdh.dll - ok
22:31:32.0224 4052 [ 06F2AEA1065838AAE394553063CDF28E ] C:\WINDOWS\system32\crtdll.dll
22:31:32.0224 4052 C:\WINDOWS\system32\crtdll.dll - ok
22:31:32.0239 4052 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
22:31:32.0239 4052 C:\WINDOWS\system32\odbcbcp.dll - ok
22:31:32.0239 4052 [ A14D324C50EB71FB480DDD60481D0C04 ] C:\WINDOWS\system32\pstorec.dll
22:31:32.0239 4052 C:\WINDOWS\system32\pstorec.dll - ok
22:31:32.0239 4052 [ 68A6C2D9E58C8E21FF85CBF372A307B2 ] C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:31:32.0239 4052 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe - ok
22:31:32.0255 4052 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
22:31:32.0255 4052 C:\WINDOWS\system32\srvsvc.dll - ok
22:31:32.0255 4052 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
22:31:32.0255 4052 C:\WINDOWS\system32\netmsg.dll - ok
22:31:32.0271 4052 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
22:31:32.0271 4052 C:\WINDOWS\system32\drivers\srv.sys - ok
22:31:32.0271 4052 [ DF6950E24B6B25E718C96BA4D46F1456 ] C:\WINDOWS\system32\msiexec.exe
22:31:32.0271 4052 C:\WINDOWS\system32\msiexec.exe - ok
22:31:32.0271 4052 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
22:31:32.0271 4052 C:\WINDOWS\system32\msi.dll - ok
22:31:32.0286 4052 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
22:31:32.0286 4052 C:\WINDOWS\system32\ipsecsvc.dll - ok
22:31:32.0286 4052 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
22:31:32.0286 4052 C:\WINDOWS\system32\oakley.dll - ok
22:31:32.0302 4052 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
22:31:32.0302 4052 C:\WINDOWS\system32\psbase.dll - ok
22:31:32.0302 4052 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
22:31:32.0302 4052 C:\WINDOWS\system32\pstorsvc.dll - ok
22:31:32.0302 4052 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
22:31:32.0302 4052 C:\WINDOWS\system32\winipsec.dll - ok
22:31:32.0317 4052 [ 27C043D41BDC179F7BAB1BF3AB34CB5A ] C:\WINDOWS\system32\sessmgr.exe
22:31:32.0317 4052 C:\WINDOWS\system32\sessmgr.exe - ok
22:31:32.0317 4052 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
22:31:32.0317 4052 C:\WINDOWS\system32\dssenh.dll - ok
22:31:32.0333 4052 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
22:31:32.0333 4052 C:\WINDOWS\system32\mstlsapi.dll - ok
22:31:32.0333 4052 [ 1D21258693B23B6E9803291234BE9FDA ] C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
22:31:32.0333 4052 C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe - ok
22:31:32.0333 4052 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
22:31:32.0333 4052 C:\WINDOWS\system32\regsvc.dll - ok
22:31:32.0349 4052 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
22:31:32.0349 4052 C:\WINDOWS\system32\seclogon.dll - ok
22:31:32.0380 4052 [ 8F3A1C5A8C99FA24621AB2BBFA4D0B6C ] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
22:31:32.0380 4052 C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe - ok
22:31:32.0380 4052 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
22:31:32.0380 4052 C:\WINDOWS\system32\sens.dll - ok
22:31:32.0380 4052 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
22:31:32.0380 4052 C:\WINDOWS\system32\powrprof.dll - ok
22:31:32.0396 4052 [ 69E2F4A84AC8E1A7BB4D8D1F9A59343A ] C:\Program Files\SMART Technologies\Education Software\SBSDK-vc100-mt-11.0.2.dll
22:31:32.0396 4052 C:\Program Files\SMART Technologies\Education Software\SBSDK-vc100-mt-11.0.2.dll - ok
22:31:32.0396 4052 [ F03FCB28A568C0A528CF64CAFC161126 ] C:\WINDOWS\WinSxS\x86_smarttech.ms.vc100.crt_9ca15c999435ee05_1.0.1.0_x-ww_8798010c\msvcp100.dll
22:31:32.0396 4052 C:\WINDOWS\WinSxS\x86_smarttech.ms.vc100.crt_9ca15c999435ee05_1.0.1.0_x-ww_8798010c\msvcp100.dll - ok
22:31:32.0411 4052 [ EF7DBB66B26B691A06C8F58F88FA7D1C ] C:\WINDOWS\WinSxS\x86_smarttech.ms.vc100.crt_9ca15c999435ee05_1.0.1.0_x-ww_8798010c\msvcr100.dll
22:31:32.0411 4052 C:\WINDOWS\WinSxS\x86_smarttech.ms.vc100.crt_9ca15c999435ee05_1.0.1.0_x-ww_8798010c\msvcr100.dll - ok
22:31:32.0411 4052 [ 5164F77BAB3D76AD0607973177131B3B ] C:\WINDOWS\WinSxS\x86_smarttech.ziparchive.vc100.3.1_9ca15c999435ee05_1.0.1.0_x-ww_dc59ac78\ZipArchive.dll
22:31:32.0411 4052 C:\WINDOWS\WinSxS\x86_smarttech.ziparchive.vc100.3.1_9ca15c999435ee05_1.0.1.0_x-ww_dc59ac78\ZipArchive.dll - ok
22:31:32.0411 4052 [ F9CACB7BE6E8D09DD317959D04787F41 ] C:\WINDOWS\WinSxS\x86_smarttech.openssl.0.9.8_9ca15c999435ee05_1.0.1.0_x-ww_d56396d4\Libeay32.dll
22:31:32.0411 4052 C:\WINDOWS\WinSxS\x86_smarttech.openssl.0.9.8_9ca15c999435ee05_1.0.1.0_x-ww_d56396d4\Libeay32.dll - ok
22:31:32.0427 4052 [ 62A9B35C335A85311DC1280568CE9D89 ] C:\WINDOWS\system32\safrslv.dll
22:31:32.0427 4052 C:\WINDOWS\system32\safrslv.dll - ok
22:31:32.0427 4052 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
22:31:32.0427 4052 C:\WINDOWS\system32\hid.dll - ok
22:31:32.0443 4052 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
22:31:32.0443 4052 C:\WINDOWS\system32\cfgmgr32.dll - ok
22:31:32.0443 4052 [ BA547A45B33CEDAF42FCEDD0E3BE7F43 ] C:\Program Files\SMART Technologies\Education Software\UCService.exe
22:31:32.0443 4052 C:\Program Files\SMART Technologies\Education Software\UCService.exe - ok
22:31:32.0443 4052 [ E9A16637A9BDD2A2029B43798E0D389B ] C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtNetwork4.dll
22:31:32.0443 4052 C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtNetwork4.dll - ok
22:31:32.0458 4052 [ 893F9E43BA38477D8C0CC921F3AA1779 ] C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtCore4.dll
22:31:32.0458 4052 C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtCore4.dll - ok
22:31:32.0458 4052 [ 374A3FCA984744A9D701524BB745C946 ] C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtGui4.dll
22:31:32.0458 4052 C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtGui4.dll - ok
22:31:32.0458 4052 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
22:31:32.0458 4052 C:\WINDOWS\system32\imm32.dll - ok
22:31:32.0474 4052 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
22:31:32.0474 4052 C:\WINDOWS\system32\srsvc.dll - ok
22:31:32.0474 4052 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
22:31:32.0474 4052 C:\WINDOWS\system32\ssdpsrv.dll - ok
22:31:32.0474 4052 [ 3A5C2093C61CE9F9FECDE4737A122BD5 ] C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
22:31:32.0474 4052 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe - ok
22:31:32.0489 4052 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
22:31:32.0489 4052 C:\WINDOWS\system32\tapisrv.dll - ok
22:31:32.0489 4052 [ 0D8095DDDEB6F0C1BC7BB5C2ECC52A06 ] C:\Program Files\SMART Technologies\Education Software\UCServiceWgt.exe
22:31:32.0489 4052 C:\Program Files\SMART Technologies\Education Software\UCServiceWgt.exe - ok
22:31:32.0505 4052 [ 44D91121A8FFCB342BFD742BDF160448 ] C:\WINDOWS\system32\tlntsvr.exe
22:31:32.0505 4052 C:\WINDOWS\system32\tlntsvr.exe - ok
22:31:32.0505 4052 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
22:31:32.0505 4052 C:\WINDOWS\system32\ntlsapi.dll - ok
22:31:32.0505 4052 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
22:31:32.0521 4052 C:\WINDOWS\system32\trkwks.dll - ok
22:31:32.0521 4052 [ 00E21708158E1F0166C643986AA23709 ] C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:31:32.0521 4052 C:\WINDOWS\system32\wbem\wmiapsrv.exe - ok
22:31:32.0521 4052 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
22:31:32.0521 4052 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
22:31:32.0536 4052 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
22:31:32.0536 4052 C:\WINDOWS\system32\vssapi.dll - ok
22:31:32.0536 4052 [ 6358C181BF021970A897C1FAB0ECF5D2 ] C:\WINDOWS\system32\loadperf.dll
22:31:32.0536 4052 C:\WINDOWS\system32\loadperf.dll - ok
22:31:32.0536 4052 [ FBDB9D0935B9907B809B381FDDF1627F ] C:\WINDOWS\system32\regsvr32.exe
22:31:32.0536 4052 C:\WINDOWS\system32\regsvr32.exe - ok
22:31:32.0552 4052 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
22:31:32.0552 4052 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
22:31:32.0552 4052 [ EB7494ECFE01B70B83E781EEB8F88C8A ] C:\WINDOWS\system32\wbem\wmiapres.dll
22:31:32.0552 4052 C:\WINDOWS\system32\wbem\wmiapres.dll - ok
22:31:32.0568 4052 [ D29C95972DCFF4BEFE6D436519C1D9A5 ] C:\WINDOWS\system32\dmadmin.exe
22:31:32.0568 4052 C:\WINDOWS\system32\dmadmin.exe - ok
22:31:32.0568 4052 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
22:31:32.0568 4052 C:\WINDOWS\system32\wuaueng.dll - ok
22:31:32.0568 4052 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
22:31:32.0568 4052 C:\WINDOWS\system32\wuauserv.dll - ok
22:31:32.0583 4052 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
22:31:32.0583 4052 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
22:31:32.0583 4052 [ 3B548248A510EC24C8E46EA7D013E225 ] C:\WINDOWS\system32\dmutil.dll
22:31:32.0583 4052 C:\WINDOWS\system32\dmutil.dll - ok
22:31:32.0599 4052 [ 1F82BA9A2B2E6C8F62AD6EFB08D5DC2C ] C:\WINDOWS\system32\osuninst.dll
22:31:32.0599 4052 C:\WINDOWS\system32\osuninst.dll - ok
22:31:32.0599 4052 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
22:31:32.0599 4052 C:\WINDOWS\system32\cabinet.dll - ok
22:31:32.0599 4052 [ 94010103AFA6BA4D85A94008152BBF28 ] C:\WINDOWS\system32\tlntsvrp.dll
22:31:32.0599 4052 C:\WINDOWS\system32\tlntsvrp.dll - ok
22:31:32.0614 4052 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
22:31:32.0614 4052 C:\WINDOWS\system32\winhttp.dll - ok
22:31:32.0614 4052 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
22:31:32.0614 4052 C:\WINDOWS\system32\mspatcha.dll - ok
22:31:32.0614 4052 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
22:31:32.0614 4052 C:\WINDOWS\system32\browser.dll - ok
22:31:32.0630 4052 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
22:31:32.0630 4052 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
22:31:32.0630 4052 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
22:31:32.0630 4052 C:\WINDOWS\system32\wbem\esscli.dll - ok
22:31:32.0646 4052 [ E97D6A8684466DF94FF3BC24FB787A07 ] C:\WINDOWS\system32\fxssvc.exe
22:31:32.0646 4052 C:\WINDOWS\system32\fxssvc.exe - ok
22:31:32.0646 4052 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
22:31:32.0646 4052 C:\WINDOWS\system32\wbem\fastprox.dll - ok
22:31:32.0646 4052 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
22:31:32.0646 4052 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
22:31:32.0661 4052 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
22:31:32.0661 4052 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
22:31:32.0661 4052 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
22:31:32.0661 4052 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
22:31:32.0677 4052 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
22:31:32.0677 4052 C:\WINDOWS\system32\wups.dll - ok
22:31:32.0677 4052 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
22:31:32.0677 4052 C:\WINDOWS\system32\wups2.dll - ok
22:31:32.0677 4052 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
22:31:32.0677 4052 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
22:31:32.0693 4052 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
22:31:32.0693 4052 C:\WINDOWS\system32\credui.dll - ok
22:31:32.0693 4052 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
22:31:32.0693 4052 C:\WINDOWS\system32\wbem\wbemess.dll - ok
22:31:32.0693 4052 [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
22:31:32.0693 4052 C:\WINDOWS\system32\fxsevent.dll - ok
22:31:32.0708 4052 [ 1144EF6B4BB72E33B41912AE1AE4F97A ] C:\WINDOWS\system32\fxstiff.dll
22:31:32.0708 4052 C:\WINDOWS\system32\fxstiff.dll - ok
22:31:32.0708 4052 [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll
22:31:32.0708 4052 C:\WINDOWS\system32\fxsapi.dll - ok
22:31:32.0724 4052 [ 74E3F622653467D7A3CE5EC64AF8E3DD ] C:\WINDOWS\system32\wuauclt.exe
22:31:32.0724 4052 C:\WINDOWS\system32\wuauclt.exe - ok
22:31:32.0724 4052 [ C78B65EF6624A52C218C01CF0300A347 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
22:31:32.0724 4052 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
22:31:32.0724 4052 [ 095122AA583F3DDEA7D752FB6379EE36 ] C:\Program Files\Avira\AntiVir Desktop\avwinll.dll
22:31:32.0724 4052 C:\Program Files\Avira\AntiVir Desktop\avwinll.dll - ok
22:31:32.0739 4052 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
22:31:32.0739 4052 C:\WINDOWS\system32\localspl.dll - ok
22:31:32.0739 4052 [ 47D136CDECE6BD28316118B37E1DC78E ] C:\WINDOWS\system32\BuEMonNT.dll
22:31:32.0739 4052 C:\WINDOWS\system32\BuEMonNT.dll - ok
22:31:32.0755 4052 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
22:31:32.0755 4052 C:\WINDOWS\system32\cnbjmon.dll - ok
22:31:32.0755 4052 [ 83DD627DA16D28737855713D47D4E856 ] C:\WINDOWS\system32\BiImgUser.dll
22:31:32.0755 4052 C:\WINDOWS\system32\BiImgUser.dll - ok
22:31:32.0755 4052 [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
22:31:32.0755 4052 C:\WINDOWS\system32\fxsmon.dll - ok
22:31:32.0771 4052 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\WINDOWS\system32\msonpmon.dll
22:31:32.0771 4052 C:\WINDOWS\system32\msonpmon.dll - ok
22:31:32.0771 4052 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
22:31:32.0771 4052 C:\WINDOWS\system32\pjlmon.dll - ok
22:31:32.0771 4052 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
22:31:32.0771 4052 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll - ok
22:31:32.0786 4052 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
22:31:32.0786 4052 C:\WINDOWS\system32\tcpmon.dll - ok
22:31:32.0786 4052 [ 4872275A99BD55A92C43BAE8C51FB3C8 ] C:\WINDOWS\system32\TBTMon.dll
22:31:32.0786 4052 C:\WINDOWS\system32\TBTMon.dll - ok
22:31:32.0802 4052 [ 960F6D3CD9A1BA6435D7AADD102B297F ] C:\WINDOWS\system32\wbem\wmiprov.dll
22:31:32.0802 4052 C:\WINDOWS\system32\wbem\wmiprov.dll - ok
22:31:32.0802 4052 [ 353DE1DEFD41B1E4A1B668320135200B ] C:\WINDOWS\system32\TosBtHcrpAPI.dll
22:31:32.0802 4052 C:\WINDOWS\system32\TosBtHcrpAPI.dll - ok
22:31:32.0802 4052 [ 3A7DAAB953164E0DFC07EAAF01499D79 ] C:\WINDOWS\system32\TosBtAPI.dll
22:31:32.0802 4052 C:\WINDOWS\system32\TosBtAPI.dll - ok
22:31:32.0818 4052 [ F0AB1904969B2F88E8061C4DF43FA43C ] C:\WINDOWS\system32\TosBdAPI.dll
22:31:32.0818 4052 C:\WINDOWS\system32\TosBdAPI.dll - ok
22:31:32.0818 4052 [ A27378D30D5208F1F0B6706B9FED22C2 ] C:\WINDOWS\system32\tbtmon98Language.dll
22:31:32.0818 4052 C:\WINDOWS\system32\tbtmon98Language.dll - ok
22:31:32.0818 4052 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
22:31:32.0818 4052 C:\WINDOWS\system32\usbmon.dll - ok
22:31:32.0833 4052 [ 080690E99AED0BBD31CC1FDD5A27A6E9 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\BuEProNT.dll
22:31:32.0833 4052 C:\WINDOWS\system32\spool\prtprocs\w32x86\BuEProNT.dll - ok
22:31:32.0833 4052 [ 58E13A2292839321D3CDC918D5A4F5AE ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
22:31:32.0833 4052 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
22:31:32.0849 4052 [ F348280907B38FDBDB3CEF55D456E149 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
22:31:32.0849 4052 C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll - ok
22:31:32.0849 4052 [ 08E09429070908FFEB301A64000A24C8 ] C:\Program Files\Avira\AntiVir Desktop\avesvc.dll
22:31:32.0849 4052 C:\Program Files\Avira\AntiVir Desktop\avesvc.dll - ok
22:31:32.0849 4052 [ 7250E1044C3F3A2B217BA8CF2CE801FA ] C:\Program Files\Avira\AntiVir Desktop\avesvcr.dll
22:31:32.0849 4052 C:\Program Files\Avira\AntiVir Desktop\avesvcr.dll - ok
22:31:32.0864 4052 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
22:31:32.0864 4052 C:\WINDOWS\system32\win32spl.dll - ok
22:31:32.0864 4052 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
22:31:32.0864 4052 C:\WINDOWS\system32\netrap.dll - ok
22:31:32.0880 4052 [ 012727ECED83BECEED1A61E93808CE86 ] C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
22:31:32.0880 4052 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe - ok
22:31:32.0880 4052 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
22:31:32.0880 4052 C:\WINDOWS\system32\inetpp.dll - ok
22:31:32.0880 4052 [ 5196F79A7CD1778777374578918364FE ] C:\Program Files\Avira\AntiVir Desktop\avreg.dll
22:31:32.0880 4052 C:\Program Files\Avira\AntiVir Desktop\avreg.dll - ok
22:31:32.0896 4052 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
22:31:32.0896 4052 C:\WINDOWS\system32\shfolder.dll - ok
22:31:32.0896 4052 [ 0CE5F8AE9C371A965D17E3F2ED134809 ] C:\WINDOWS\system32\fxst30.dll
22:31:32.0896 4052 C:\WINDOWS\system32\fxst30.dll - ok
22:31:32.0911 4052 [ 2D583E2844FDD592D1629EB6B10E5702 ] C:\WINDOWS\system32\fxsroute.dll
22:31:32.0911 4052 C:\WINDOWS\system32\fxsroute.dll - ok
22:31:32.0911 4052 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
22:31:32.0911 4052 C:\WINDOWS\system32\unimdm.tsp - ok
22:31:32.0911 4052 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
22:31:32.0911 4052 C:\WINDOWS\system32\uniplat.dll - ok
22:31:32.0927 4052 [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
22:31:32.0927 4052 C:\WINDOWS\system32\unimdmat.dll - ok
22:31:32.0927 4052 [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
22:31:32.0927 4052 C:\WINDOWS\system32\modemui.dll - ok
22:31:32.0943 4052 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
22:31:32.0943 4052 C:\WINDOWS\system32\kmddsp.tsp - ok
22:31:32.0943 4052 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
22:31:32.0943 4052 C:\WINDOWS\system32\ndptsp.tsp - ok
22:31:32.0943 4052 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
22:31:32.0943 4052 C:\WINDOWS\system32\ipconf.tsp - ok
22:31:32.0943 4052 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
22:31:32.0943 4052 C:\WINDOWS\system32\h323.tsp - ok
22:31:32.0958 4052 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
22:31:32.0958 4052 C:\WINDOWS\system32\hidphone.tsp - ok
22:31:32.0958 4052 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
22:31:32.0958 4052 C:\WINDOWS\system32\perfos.dll - ok
22:31:32.0974 4052 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
22:31:32.0974 4052 C:\WINDOWS\system32\perfdisk.dll - ok
22:31:32.0974 4052 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
22:31:32.0974 4052 C:\WINDOWS\system32\rasmans.dll - ok
22:31:32.0974 4052 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
22:31:32.0974 4052 C:\WINDOWS\system32\rastapi.dll - ok
22:31:32.0990 4052 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
22:31:32.0990 4052 C:\WINDOWS\system32\rasppp.dll - ok
22:31:32.0990 4052 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
22:31:32.0990 4052 C:\WINDOWS\system32\rasqec.dll - ok
22:31:33.0005 4052 [ A21C2A8E47D40FCC40A2B1573E666A53 ] C:\Program Files\Java\jre7\bin\awt.dll
22:31:33.0005 4052 C:\Program Files\Java\jre7\bin\awt.dll - ok
22:31:33.0005 4052 [ 966CD21542A62F9AB237D84C451CC137 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
22:31:33.0005 4052 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
22:31:33.0005 4052 [ 90760987BCCCF34D05EF6093EC278A96 ] C:\Program Files\Java\jre7\bin\dcpr.dll
22:31:33.0005 4052 C:\Program Files\Java\jre7\bin\dcpr.dll - ok
22:31:33.0021 4052 [ D2D31D7A394A70040FCAC5F54A130FBA ] C:\Program Files\Java\jre7\bin\deploy.dll
22:31:33.0021 4052 C:\Program Files\Java\jre7\bin\deploy.dll - ok
22:31:33.0021 4052 [ C09775FEB73BDF16BB87A509C5FF12AD ] C:\Program Files\Java\jre7\bin\fontmanager.dll
22:31:33.0021 4052 C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
22:31:33.0021 4052 [ B98F28229D292B99FF449FF3647F31BA ] C:\Program Files\Java\jre7\bin\java.dll
22:31:33.0021 4052 C:\Program Files\Java\jre7\bin\java.dll - ok
22:31:33.0036 4052 [ BAF2446D786CA60CDBAA972A337FCF35 ] C:\Program Files\Java\jre7\bin\javaw.exe
22:31:33.0036 4052 C:\Program Files\Java\jre7\bin\javaw.exe - ok
22:31:33.0036 4052 [ 0384126B913AC2E090804C642302945E ] C:\Program Files\Java\jre7\bin\jp2native.dll
22:31:33.0036 4052 C:\Program Files\Java\jre7\bin\jp2native.dll - ok
22:31:33.0052 4052 [ CB91CCFA95601066772A004550B55A85 ] C:\Program Files\Java\jre7\bin\jpeg.dll
22:31:33.0052 4052 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
22:31:33.0052 4052 [ 2E4A927544CDA0279501AA757FFFB538 ] C:\Program Files\Java\jre7\bin\net.dll
22:31:33.0052 4052 C:\Program Files\Java\jre7\bin\net.dll - ok
22:31:33.0052 4052 [ 805766A11E747A44C7C5FBD7F26E9001 ] C:\Program Files\Java\jre7\bin\nio.dll
22:31:33.0052 4052 C:\Program Files\Java\jre7\bin\nio.dll - ok
22:31:33.0068 4052 [ 2D168A9627CFCE9C5AC20A90E54D66D4 ] C:\Program Files\Java\jre7\bin\verify.dll
22:31:33.0068 4052 C:\Program Files\Java\jre7\bin\verify.dll - ok
22:31:33.0068 4052 [ 9D54D4A8C18081F398FEC0D839340542 ] C:\Program Files\Java\jre7\bin\zip.dll
22:31:33.0068 4052 C:\Program Files\Java\jre7\bin\zip.dll - ok
22:31:33.0083 4052 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
22:31:33.0083 4052 C:\WINDOWS\system32\termsrv.dll - ok
22:31:33.0083 4052 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
22:31:33.0083 4052 C:\WINDOWS\system32\icaapi.dll - ok
22:31:33.0083 4052 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
22:31:33.0083 4052 C:\WINDOWS\system32\wbem\ncprov.dll - ok
22:31:33.0099 4052 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
22:31:33.0099 4052 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
22:31:33.0099 4052 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
22:31:33.0099 4052 C:\WINDOWS\system32\cscui.dll - ok
22:31:33.0099 4052 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
22:31:33.0099 4052 C:\WINDOWS\system32\msxml3.dll - ok
22:31:33.0115 4052 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
22:31:33.0115 4052 C:\WINDOWS\system32\dpcdll.dll - ok
22:31:33.0115 4052 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
22:31:33.0115 4052 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
22:31:33.0130 4052 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
22:31:33.0130 4052 C:\WINDOWS\system32\wdmaud.drv - ok
22:31:33.0130 4052 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
22:31:33.0130 4052 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
22:31:33.0146 4052 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
22:31:33.0146 4052 C:\WINDOWS\system32\drivers\splitter.sys - ok
22:31:33.0146 4052 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
22:31:33.0146 4052 C:\WINDOWS\system32\drivers\aec.sys - ok
22:31:33.0146 4052 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
22:31:33.0146 4052 C:\WINDOWS\system32\drivers\swmidi.sys - ok
22:31:33.0161 4052 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
22:31:33.0161 4052 C:\WINDOWS\system32\drivers\dmusic.sys - ok
22:31:33.0161 4052 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
22:31:33.0161 4052 C:\WINDOWS\system32\drivers\kmixer.sys - ok
22:31:33.0161 4052 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
22:31:33.0161 4052 C:\WINDOWS\system32\userinit.exe - ok
22:31:33.0177 4052 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
22:31:33.0177 4052 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
22:31:33.0177 4052 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
22:31:33.0177 4052 C:\WINDOWS\system32\msacm32.drv - ok
22:31:33.0193 4052 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
22:31:33.0193 4052 C:\WINDOWS\system32\midimap.dll - ok
22:31:33.0193 4052 [ 874AB67113DE4FED2709876558F9B778 ] C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe
22:31:33.0193 4052 C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe - ok
22:31:33.0193 4052 [ EFE1933DE8BE108E23F9D78FE02DCA4C ] C:\WINDOWS\explorer.exe
22:31:33.0193 4052 C:\WINDOWS\explorer.exe - ok
22:31:33.0208 4052 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
22:31:33.0208 4052 C:\WINDOWS\system32\oledlg.dll - ok
22:31:33.0208 4052 [ 3FB23A33267123AD64CCA4A284E85624 ] C:\WINDOWS\system32\browseui.dll
22:31:33.0208 4052 C:\WINDOWS\system32\browseui.dll - ok
22:31:33.0208 4052 [ 2877FA0BE5B45E8A6A5A54C77B9B4DB9 ] C:\WINDOWS\system32\shdocvw.dll
22:31:33.0208 4052 C:\WINDOWS\system32\shdocvw.dll - ok
22:31:33.0224 4052 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
22:31:33.0224 4052 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
22:31:33.0224 4052 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
22:31:33.0224 4052 C:\WINDOWS\system32\wbem\framedyn.dll - ok
22:31:33.0224 4052 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
22:31:33.0224 4052 C:\WINDOWS\system32\security.dll - ok
22:31:33.0240 4052 [ D1F4EF194A129726FBF30E2F514824AA ] C:\Documents and Settings\Gummy Joe\Application Data\Dropbox\bin\DropboxExt.17.dll
22:31:33.0240 4052 C:\Documents and Settings\Gummy Joe\Application Data\Dropbox\bin\DropboxExt.17.dll - ok
22:31:33.0240 4052 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
22:31:33.0240 4052 C:\WINDOWS\system32\dbghelp.dll - ok
22:31:33.0255 4052 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
22:31:33.0255 4052 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
22:31:33.0255 4052 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
22:31:33.0255 4052 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
22:31:33.0255 4052 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
22:31:33.0255 4052 C:\WINDOWS\system32\desk.cpl - ok
22:31:33.0271 4052 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
22:31:33.0271 4052 C:\WINDOWS\system32\themeui.dll - ok
22:31:33.0271 4052 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
22:31:33.0271 4052 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
22:31:33.0271 4052 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
22:31:33.0271 4052 C:\WINDOWS\system32\actxprxy.dll - ok
22:31:33.0286 4052 [ 5951565A53AEF39C958EB11C6101D365 ] C:\WINDOWS\system32\urlmon.dll
22:31:33.0286 4052 C:\WINDOWS\system32\urlmon.dll - ok
22:31:33.0286 4052 [ 806C36DE1295674DB0750771D1759923 ] C:\WINDOWS\system32\cmd.exe
22:31:33.0286 4052 C:\WINDOWS\system32\cmd.exe - ok
22:31:33.0302 4052 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
22:31:33.0302 4052 C:\WINDOWS\system32\cryptnet.dll - ok
22:31:33.0302 4052 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
22:31:33.0302 4052 C:\WINDOWS\system32\sensapi.dll - ok
22:31:33.0302 4052 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
22:31:33.0302 4052 C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
22:31:33.0318 4052 [ BE852D6AD0A67EE9DD28C6F95E5896E1 ] C:\Program Files\Mozilla Firefox\mozglue.dll
22:31:33.0318 4052 C:\Program Files\Mozilla Firefox\mozglue.dll - ok
22:31:33.0318 4052 [ F9CF7ED9F44176962D182B80AE0C66D4 ] C:\Program Files\Mozilla Firefox\mozsqlite3.dll
22:31:33.0318 4052 C:\Program Files\Mozilla Firefox\mozsqlite3.dll - ok
22:31:33.0333 4052 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\GUMMYJ~1\LOCALS~1\Temp\7598FDF1-B4A3-4506-B742-C3016278C2E9.exe
22:31:33.0333 4052 C:\DOCUME~1\GUMMYJ~1\LOCALS~1\Temp\7598FDF1-B4A3-4506-B742-C3016278C2E9.exe - ok
22:31:33.0333 4052 [ E147BE4E597F75E015146401E7E82A5B ] C:\Program Files\Roxio\RoxioNow Player\RNowUtils.dll
22:31:33.0333 4052 C:\Program Files\Roxio\RoxioNow Player\RNowUtils.dll - ok
22:31:33.0333 4052 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
22:31:33.0333 4052 C:\WINDOWS\system32\linkinfo.dll - ok
22:31:33.0349 4052 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
22:31:33.0349 4052 C:\WINDOWS\system32\ntshrui.dll - ok
22:31:33.0349 4052 [ 4177CBF269F0575E0C26F5D4B6928F5D ] C:\Program Files\Roxio\RoxioNow Player\DownloadMgr.dll
22:31:33.0349 4052 C:\Program Files\Roxio\RoxioNow Player\DownloadMgr.dll - ok
22:31:33.0365 4052 [ 48B110498C039129BFEB32F447A71DB6 ] C:\Program Files\Roxio\RoxioNow Player\Download.dll
22:31:33.0365 4052 C:\Program Files\Roxio\RoxioNow Player\Download.dll - ok
22:31:33.0365 4052 [ 2035CB439DC19ADBBF1B63FE50A5949D ] C:\WINDOWS\system32\verclsid.exe
22:31:33.0365 4052 C:\WINDOWS\system32\verclsid.exe - ok
22:31:33.0365 4052 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\97297111.sys
22:31:33.0365 4052 C:\WINDOWS\system32\drivers\97297111.sys - ok
22:31:33.0380 4052 [ E535E0A413655208D7180154150881C6 ] C:\WINDOWS\system32\webcheck.dll
22:31:33.0380 4052 C:\WINDOWS\system32\webcheck.dll - ok
22:31:33.0380 4052 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
22:31:33.0380 4052 C:\WINDOWS\system32\stobject.dll - ok
22:31:33.0396 4052 [ CE232810F63E5759024BA0877B6FD1B4 ] C:\WINDOWS\system32\wmp.dll
22:31:33.0396 4052 C:\WINDOWS\system32\wmp.dll - ok
22:31:33.0396 4052 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
22:31:33.0396 4052 C:\WINDOWS\system32\batmeter.dll - ok
22:31:33.0396 4052 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
22:31:33.0396 4052 C:\WINDOWS\system32\netshell.dll - ok
22:31:33.0411 4052 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
22:31:33.0411 4052 C:\WINDOWS\system32\dot3dlg.dll - ok
22:31:33.0411 4052 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
22:31:33.0411 4052 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
22:31:33.0411 4052 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
22:31:33.0427 4052 C:\WINDOWS\system32\onex.dll - ok
22:31:33.0427 4052 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
22:31:33.0427 4052 C:\WINDOWS\system32\eappcfg.dll - ok
22:31:33.0427 4052 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
22:31:33.0427 4052 C:\WINDOWS\system32\eappprxy.dll - ok
22:31:33.0443 4052 [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll
22:31:33.0443 4052 C:\WINDOWS\system32\msvfw32.dll - ok
22:31:33.0443 4052 [ DE7ADBA97297AB81C6E11652AFFFD674 ] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
22:31:33.0443 4052 C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe - ok
22:31:33.0443 4052 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
22:31:33.0443 4052 C:\WINDOWS\system32\netman.dll - ok
22:31:33.0458 4052 [ FC554C13105AD3FA35AB49943DF021B2 ] C:\WINDOWS\system32\TDispVol.exe
22:31:33.0458 4052 C:\WINDOWS\system32\TDispVol.exe - ok
22:31:33.0458 4052 [ 58D794455A6CEA851D13274224E42730 ] C:\WINDOWS\system32\igfxtray.exe
22:31:33.0458 4052 C:\WINDOWS\system32\igfxtray.exe - ok
22:31:33.0474 4052 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
22:31:33.0474 4052 C:\WINDOWS\system32\upnp.dll - ok
22:31:33.0474 4052 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
22:31:33.0474 4052 C:\WINDOWS\system32\ssdpapi.dll - ok
22:31:33.0474 4052 [ E822BA2DB5811E6C8491E24C710D3455 ] C:\WINDOWS\system32\hkcmd.exe
22:31:33.0474 4052 C:\WINDOWS\system32\hkcmd.exe - ok
22:31:33.0490 4052 [ 55EA5AF68B92B69F3FD73433BC3D8935 ] C:\WINDOWS\system32\hccutils.dll
22:31:33.0490 4052 C:\WINDOWS\system32\hccutils.dll - ok
22:31:33.0490 4052 [ 2738657127E7C3D08399D3943D0C5C0E ] C:\WINDOWS\system32\igfxpers.exe
22:31:33.0490 4052 C:\WINDOWS\system32\igfxpers.exe - ok
22:31:33.0490 4052 [ 7A21E06385E748E9CB0252F1BBC493F1 ] C:\WINDOWS\ehome\ehtray.exe
22:31:33.0490 4052 C:\WINDOWS\ehome\ehtray.exe - ok
22:31:33.0505 4052 [ 5441B66A3078D14EAEE5010589BB77F4 ] C:\WINDOWS\system32\igfxsrvc.exe
22:31:33.0505 4052 C:\WINDOWS\system32\igfxsrvc.exe - ok
22:31:33.0505 4052 [ 7C1FD305FAC8B3BC86E1A6ED9E847127 ] C:\Program Files\TOSHIBA\TOSHIBA Controls\TBtnCommon.dll
22:31:33.0505 4052 C:\Program Files\TOSHIBA\TOSHIBA Controls\TBtnCommon.dll - ok
22:31:33.0521 4052 [ 8BC8D3441885F83DC71384001A0A089D ] C:\WINDOWS\system32\TCtrlCommon.dll
22:31:33.0521 4052 C:\WINDOWS\system32\TCtrlCommon.dll - ok
22:31:33.0521 4052 [ 2C0970FBC5A9FB5633B8D80671B3B5C9 ] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
22:31:33.0521 4052 C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe - ok
22:31:33.0521 4052 [ D6F1C921C78DF6C9CE5E4F5BB7C2A408 ] C:\WINDOWS\system32\TCtrlIO.dll
22:31:33.0521 4052 C:\WINDOWS\system32\TCtrlIO.dll - ok
22:31:33.0537 4052 [ 3736ACD4D19D362BFCA07DFF29CA50A9 ] C:\WINDOWS\system32\igfxsrvc.dll
22:31:33.0537 4052 C:\WINDOWS\system32\igfxsrvc.dll - ok
22:31:33.0537 4052 [ 41DBC61A675C45F13D09003E4759E2C7 ] C:\WINDOWS\system32\igfxdev.dll
22:31:33.0537 4052 C:\WINDOWS\system32\igfxdev.dll - ok
22:31:33.0552 4052 [ 4D6DB07701665441A5F2A8DA7BD5E198 ] C:\WINDOWS\system32\igfxres.dll
22:31:33.0552 4052 C:\WINDOWS\system32\igfxres.dll - ok
22:31:33.0552 4052 [ A0DD90B394C3C87B5E992C27256C49DD ] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
22:31:33.0552 4052 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - ok
22:31:33.0552 4052 [ 9E8043C72F8B6ADA2B4C10827BB547B1 ] C:\WINDOWS\system32\wmploc.dll
22:31:33.0552 4052 C:\WINDOWS\system32\wmploc.dll - ok
22:31:33.0568 4052 [ 6D90FEF482199636057F06F7414345AC ] C:\WINDOWS\system32\igfxress.dll
22:31:33.0568 4052 C:\WINDOWS\system32\igfxress.dll - ok
22:31:33.0568 4052 [ 53DCD7CEF78CC06692400B339336233B ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
22:31:33.0568 4052 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
22:31:33.0568 4052 [ 64B33CC5BF131DEF2721394CF9B3F8ED ] C:\WINDOWS\system32\msvbvm60.dll
22:31:33.0568 4052 C:\WINDOWS\system32\msvbvm60.dll - ok
22:31:33.0583 4052 [ 01C2AFC20B6EABDBEEDD42EE872A9284 ] C:\WINDOWS\system32\SynCOM.dll
22:31:33.0583 4052 C:\WINDOWS\system32\SynCOM.dll - ok
22:31:33.0583 4052 [ 9AADC0456686350358F1E9C2F4FC5636 ] C:\WINDOWS\system32\DLLVGA.dll
22:31:33.0583 4052 C:\WINDOWS\system32\DLLVGA.dll - ok
22:31:33.0599 4052 [ DA81A1034E0D0D2A75037C10A9BB5523 ] C:\WINDOWS\system32\TCMSVR.dll
22:31:33.0599 4052 C:\WINDOWS\system32\TCMSVR.dll - ok
22:31:33.0599 4052 [ EEBD2EF58E2DAEE344FE04494EDD8247 ] C:\WINDOWS\system32\SynTPAPI.dll
22:31:33.0599 4052 C:\WINDOWS\system32\SynTPAPI.dll - ok
22:31:33.0599 4052 [ F74C8AB9F489518613C60A94ADCAB00F ] C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
22:31:33.0599 4052 C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll - ok
22:31:33.0615 4052 [ 47AF6F1C5BB854376B164C574CCEF481 ] C:\Program Files\Synaptics\SynTP\Toshiba.exe
22:31:33.0615 4052 C:\Program Files\Synaptics\SynTP\Toshiba.exe - ok
22:31:33.0615 4052 [ 4D1A9857C58B57C4292883E7E353D487 ] C:\Program Files\Roxio\RoxioNow Player\CNDevSynch.dll
22:31:33.0615 4052 C:\Program Files\Roxio\RoxioNow Player\CNDevSynch.dll - ok
22:31:33.0615 4052 [ 33FBA26946FB3BF16294561C97B35E76 ] C:\Program Files\ltmoh\ltmoh.exe
22:31:33.0615 4052 C:\Program Files\ltmoh\ltmoh.exe - ok
22:31:33.0630 4052 [ 5D999BF519415D1C8EE0B97FF6A254DB ] C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
22:31:33.0630 4052 C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL - ok
22:31:33.0630 4052 [ 6794505A0D24E972AD6605BC96D10AEC ] C:\WINDOWS\system32\MSWMDM.dll
22:31:33.0630 4052 C:\WINDOWS\system32\MSWMDM.dll - ok
22:31:33.0646 4052 [ 8080A4EB2994EDDBF2B4C2E0CE87C9F6 ] C:\Program Files\ltmoh\mohapi.dll
22:31:33.0646 4052 C:\Program Files\ltmoh\mohapi.dll - ok
22:31:33.0646 4052 [ F2B869D0B4B765F573BB7B7F80B09DC3 ] C:\WINDOWS\agrsmmsg.exe
22:31:33.0646 4052 C:\WINDOWS\agrsmmsg.exe - ok
22:31:33.0646 4052 [ F1596B4720E67B478357C21682D8163A ] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
22:31:33.0646 4052 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe - ok
22:31:33.0662 4052 [ 442FDE6EFE79B2D251FFA4E8E1C7462A ] C:\WINDOWS\system32\TDispVol.dll
22:31:33.0662 4052 C:\WINDOWS\system32\TDispVol.dll - ok
22:31:33.0662 4052 [ 0544108FA6859BEF5F29137F2FBCBA22 ] C:\Program Files\TOSHIBA\ConfigFree\CFWAN.dll
22:31:33.0662 4052 C:\Program Files\TOSHIBA\ConfigFree\CFWAN.dll - ok
22:31:33.0677 4052 [ 1EED0DB049AE78039E0A4A62A5BDD6EC ] C:\WINDOWS\system32\WMVCore.dll
22:31:33.0677 4052 C:\WINDOWS\system32\WMVCore.dll - ok
22:31:33.0677 4052 [ 74387D88985987ACDF294CCA1622640E ] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
22:31:33.0677 4052 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe - ok
22:31:33.0677 4052 [ 0F0F5B564C5A3C9B38A6220230252567 ] C:\WINDOWS\ehome\ehProxy.dll
22:31:33.0677 4052 C:\WINDOWS\ehome\ehProxy.dll - ok
22:31:33.0693 4052 [ 16CF9274A50212F116557BCE8C3696DE ] C:\Program Files\TOSHIBA\Tvs\TvsCtrl.dll
22:31:33.0693 4052 C:\Program Files\TOSHIBA\Tvs\TvsCtrl.dll - ok
22:31:33.0693 4052 [ 060090C882B05E15A21090FAC0C4ECA4 ] C:\Program Files\TOSHIBA\ConfigFree\NDSNLS.dll
22:31:33.0693 4052 C:\Program Files\TOSHIBA\ConfigFree\NDSNLS.dll - ok
22:31:33.0693 4052 [ FC695DB7FC72FFE0B628227434FA53C2 ] C:\WINDOWS\system32\wmasf.dll
22:31:33.0693 4052 C:\WINDOWS\system32\wmasf.dll - ok
22:31:33.0708 4052 [ 74ED6C7EDF2B5508B25B890454AC7B35 ] C:\Program Files\TOSHIBA\ConfigFree\CFUPNP.dll
22:31:33.0708 4052 C:\Program Files\TOSHIBA\ConfigFree\CFUPNP.dll - ok
22:31:33.0708 4052 [ 5186927C4F740FB6D683BBB406DCC4D5 ] C:\Program Files\TOSHIBA\ConfigFree\CFP2API.dll
22:31:33.0708 4052 C:\Program Files\TOSHIBA\ConfigFree\CFP2API.dll - ok
22:31:33.0724 4052 [ F88259E28C954C73F1E7394BA6B55CDC ] C:\Program Files\TOSHIBA\ConfigFree\OpenProp.dll
22:31:33.0724 4052 C:\Program Files\TOSHIBA\ConfigFree\OpenProp.dll - ok
22:31:33.0724 4052 [ 36431DF1B4820D8B251716FAC9B24FD7 ] C:\WINDOWS\system32\WMDMLOG.dll
22:31:33.0724 4052 C:\WINDOWS\system32\WMDMLOG.dll - ok
22:31:33.0724 4052 [ 537EF7C19C8F698FCE42CAAE76E1110F ] C:\Program Files\TOSHIBA\Tvs\TvsRes.dll
22:31:33.0724 4052 C:\Program Files\TOSHIBA\Tvs\TvsRes.dll - ok
22:31:33.0740 4052 [ 969C576FB09ADD794D17CA5C067B947B ] C:\WINDOWS\system32\WMDMPS.dll
22:31:33.0740 4052 C:\WINDOWS\system32\WMDMPS.dll - ok
22:31:33.0740 4052 [ F0B5C19113F5F63FD2D27FD299754C4D ] C:\WINDOWS\system32\MsPMSP.dll
22:31:33.0740 4052 C:\WINDOWS\system32\MsPMSP.dll - ok
22:31:33.0740 4052 [ CB3FCD0E9AD434BD952D235A804CF188 ] C:\WINDOWS\system32\cewmdm.dll
22:31:33.0740 4052 C:\WINDOWS\system32\cewmdm.dll - ok
22:31:33.0755 4052 [ 6FA4AC2BEB85510B78DE1816F894C376 ] C:\Program Files\TOSHIBA\ConfigFree\NDSParts.dll
22:31:33.0755 4052 C:\Program Files\TOSHIBA\ConfigFree\NDSParts.dll - ok
22:31:33.0755 4052 [ 1812D1BB1FAD95017C613F927EAC8147 ] C:\WINDOWS\system32\TPSMain.exe
22:31:33.0755 4052 C:\WINDOWS\system32\TPSMain.exe - ok
22:31:33.0771 4052 [ 07703E373D6559BF4E1A52A3AEB2F121 ] C:\Program Files\TOSHIBA\ConfigFree\QCDPJ.dll
22:31:33.0771 4052 C:\Program Files\TOSHIBA\ConfigFree\QCDPJ.dll - ok
22:31:33.0771 4052 [ E174EB26F6E9F73A6E376D0FB45F78B3 ] C:\WINDOWS\system32\wpdsp.dll
22:31:33.0771 4052 C:\WINDOWS\system32\wpdsp.dll - ok
22:31:33.0771 4052 [ 021E0887AE43636F583E649AFEB3C767 ] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
22:31:33.0771 4052 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe - ok
22:31:33.0787 4052 [ 9C099E32096932B4ED89F824C176A0C5 ] C:\Program Files\TOSHIBA\ConfigFree\VENAPI.dll
22:31:33.0787 4052 C:\Program Files\TOSHIBA\ConfigFree\VENAPI.dll - ok
22:31:33.0787 4052 [ A37D62DE00A61D8637F5EBEE3ACF8C3D ] C:\WINDOWS\system32\wdfapi.dll
22:31:33.0787 4052 C:\WINDOWS\system32\wdfapi.dll - ok
22:31:33.0802 4052 [ E3A9C76AD9192C82F80326ECDDA21C34 ] C:\WINDOWS\system32\DLA\DLACTRLW.EXE
22:31:33.0802 4052 C:\WINDOWS\system32\DLA\DLACTRLW.EXE - ok
22:31:33.0802 4052 [ AA3B46A596D957CE2BD73FEED91C1B94 ] C:\WINDOWS\system32\wpdtrace.dll
22:31:33.0802 4052 C:\WINDOWS\system32\wpdtrace.dll - ok
22:31:33.0802 4052 [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
22:31:33.0802 4052 C:\WINDOWS\system32\riched32.dll - ok
22:31:33.0818 4052 [ FA8D59CD0B55A489A3CF237ACF6F3D46 ] C:\TOSHIBA\IVP\ISM\pinger.exe
22:31:33.0818 4052 C:\TOSHIBA\IVP\ISM\pinger.exe - ok
22:31:33.0818 4052 [ B5A5231BBB443092AFB8A33EF7AEAEB2 ] C:\WINDOWS\system32\shdoclc.dll
22:31:33.0818 4052 C:\WINDOWS\system32\shdoclc.dll - ok
22:31:33.0818 4052 [ 4C45075E9C876B290449172B6FA3E0CD ] C:\WINDOWS\system32\DLAAPI_W.DLL
22:31:33.0818 4052 C:\WINDOWS\system32\DLAAPI_W.DLL - ok
22:31:33.0833 4052 [ AA193BBD6472E43DE2C4E13E91B98C9F ] C:\WINDOWS\system32\DLA\DLACResW.DLL
22:31:33.0833 4052 C:\WINDOWS\system32\DLA\DLACResW.DLL - ok
22:31:33.0833 4052 [ 5A6ACFF04D39D4C16F1FF52682C3B1B0 ] C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
22:31:33.0833 4052 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe - ok
22:31:33.0849 4052 [ 956E82018BDE84F8B34E3B79AB0040D4 ] C:\WINDOWS\system32\CpuPerf.dll
22:31:33.0849 4052 C:\WINDOWS\system32\CpuPerf.dll - ok
22:31:33.0849 4052 [ 3C81D43BDCBC7F29B8F34211E8A3655E ] C:\WINDOWS\system32\TPSMainCtl.dll
22:31:33.0849 4052 C:\WINDOWS\system32\TPSMainCtl.dll - ok
22:31:33.0849 4052 [ 60EBCAB1E439D82D6BFE9D7857062BC1 ] C:\WINDOWS\system32\TPSTrace.dll
22:31:33.0849 4052 C:\WINDOWS\system32\TPSTrace.dll - ok
22:31:33.0865 4052 [ 43AF30653047EB2EC5DD89127B1D8811 ] C:\WINDOWS\system32\TPeculiarity.dll
22:31:33.0865 4052 C:\WINDOWS\system32\TPeculiarity.dll - ok
22:31:33.0865 4052 [ B54320E8D6C07A6D69FF17E6EF8C3301 ] C:\WINDOWS\system32\TPwrReg.dll
22:31:33.0865 4052 C:\WINDOWS\system32\TPwrReg.dll - ok
22:31:33.0880 4052 [ D4F670221B085638BFB4FE8361CBB38B ] C:\WINDOWS\system32\mshtml.dll
22:31:33.0880 4052 C:\WINDOWS\system32\mshtml.dll - ok
22:31:33.0880 4052 [ 1822A66A82433F83195B170592F8A7D8 ] C:\WINDOWS\system32\TPSBattM.exe
22:31:33.0880 4052 C:\WINDOWS\system32\TPSBattM.exe - ok
22:31:33.0896 4052 [ D4830448B45CDD45F4285DC6E152764F ] C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
22:31:33.0896 4052 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe - ok
22:31:33.0896 4052 [ D69CC05CB48A63FAE91FA2BA4E012912 ] C:\WINDOWS\system32\TPwrCfg.dll
22:31:33.0896 4052 C:\WINDOWS\system32\TPwrCfg.dll - ok
22:31:33.0896 4052 [ DFAFB7D7D4E774B15B363F9A0E317D5B ] C:\WINDOWS\system32\msls31.dll
22:31:33.0896 4052 C:\WINDOWS\system32\msls31.dll - ok
22:31:33.0912 4052 [ 55C4F3ECB21CADBE4F637F163F32878E ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
22:31:33.0912 4052 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe - ok
22:31:33.0912 4052 [ F3DE10AABD5C7A1A186C9966F037D0C0 ] C:\WINDOWS\system32\mfc100u.dll
22:31:33.0912 4052 C:\WINDOWS\system32\mfc100u.dll - ok
22:31:33.0927 4052 [ 90A9B542C9300E540864D9FE1C42A130 ] C:\WINDOWS\system32\fxsst.dll
22:31:33.0927 4052 C:\WINDOWS\system32\fxsst.dll - ok
22:31:33.0927 4052 [ 2A2C442F00B45E01D4C882EEA69A01BC ] C:\WINDOWS\system32\mfc100enu.dll
22:31:33.0927 4052 C:\WINDOWS\system32\mfc100enu.dll - ok
22:31:33.0927 4052 [ 29BA3CF2D7133586F67D087C5E494E7D ] C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
22:31:33.0927 4052 C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll - ok
22:31:33.0943 4052 [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\msimtf.dll
22:31:33.0943 4052 C:\WINDOWS\system32\msimtf.dll - ok
22:31:33.0943 4052 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
22:31:33.0943 4052 C:\WINDOWS\system32\msctf.dll - ok
22:31:33.0958 4052 [ B087EEA25747C87942DC37E426DD37C3 ] C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
22:31:33.0958 4052 C:\Program Files\Avira\AntiVir Desktop\rcimage.dll - ok
22:31:33.0958 4052 [ 7A0289B48F7F96C6DF65CC3CA8E5B700 ] C:\Program Files\Avira\AntiVir Desktop\ccguard.dll
22:31:33.0958 4052 C:\Program Files\Avira\AntiVir Desktop\ccguard.dll - ok
22:31:33.0958 4052 [ 334EEF94D49FBC97ADFBD9E9D63E0269 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
22:31:33.0958 4052 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
22:31:33.0974 4052 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
22:31:33.0974 4052 C:\WINDOWS\system32\olepro32.dll - ok
22:31:33.0974 4052 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
22:31:33.0974 4052 C:\WINDOWS\system32\ctfmon.exe - ok
22:31:33.0974 4052 [ 0ED8F17F620942BE311D8C2EB4A688A1 ] C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll
22:31:33.0974 4052 C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll - ok
22:31:33.0990 4052 [ 332F6EF90E6E257A5F84272964C59746 ] C:\Program Files\Intel\Wireless\Bin\DbEngine.dll
22:31:33.0990 4052 C:\Program Files\Intel\Wireless\Bin\DbEngine.dll - ok
22:31:33.0990 4052 [ D83C6B696759A652BC746D0158B3D216 ] C:\Program Files\Intel\Wireless\Bin\MurocApi.dll
22:31:33.0990 4052 C:\Program Files\Intel\Wireless\Bin\MurocApi.dll - ok
22:31:34.0005 4052 [ BC16F9AED00313E3B10DB3CE9E713711 ] C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll
22:31:34.0005 4052 C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll - ok
22:31:34.0005 4052 [ F54D83E31EA5CA6CA6C30FEC7387EFDC ] C:\Program Files\Avira\AntiVir Desktop\ccgrdrc.dll
22:31:34.0005 4052 C:\Program Files\Avira\AntiVir Desktop\ccgrdrc.dll - ok
22:31:34.0005 4052 [ 65A9495A436F5402BC1C467E1B926C27 ] C:\WINDOWS\winhlp32.exe
22:31:34.0005 4052 C:\WINDOWS\winhlp32.exe - ok
22:31:34.0021 4052 [ 271D5498DF24D11F01B2CC639ED6A4B1 ] C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll
22:31:34.0021 4052 C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll - ok
22:31:34.0021 4052 [ F7B098A08EFCF4AB4247264C0AC225D2 ] C:\WINDOWS\system32\jscript.dll
22:31:34.0021 4052 C:\WINDOWS\system32\jscript.dll - ok
22:31:34.0037 4052 [ 458C9A3E593605136718EE74B46FB0FB ] C:\Program Files\Avira\AntiVir Desktop\ccgrdw.dll
22:31:34.0037 4052 C:\Program Files\Avira\AntiVir Desktop\ccgrdw.dll - ok
22:31:34.0037 4052 [ B3F9454F9143C23C3ABDBCA7F0014604 ] C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe
22:31:34.0037 4052 C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe - ok
22:31:34.0037 4052 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
22:31:34.0037 4052 C:\WINDOWS\system32\msutb.dll - ok
22:31:34.0052 4052 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
22:31:34.0052 4052 C:\WINDOWS\ime\sptip.dll - ok
22:31:34.0052 4052 [ DCAAB58260F4EC2E29C3E714A269F150 ] C:\Program Files\Avira\AntiVir Desktop\ccwgrd.dll
22:31:34.0052 4052 C:\Program Files\Avira\AntiVir Desktop\ccwgrd.dll - ok
22:31:34.0052 4052 [ 0285194A134B44BA48F6129FFD6026A0 ] C:\Program Files\Avira\AntiVir Desktop\ccwgrdrc.dll
22:31:34.0052 4052 C:\Program Files\Avira\AntiVir Desktop\ccwgrdrc.dll - ok
22:31:34.0068 4052 [ 120BF3219210748556F90B39855A59D7 ] C:\Program Files\Avira\AntiVir Desktop\ccwgrdw.dll
22:31:34.0068 4052 C:\Program Files\Avira\AntiVir Desktop\ccwgrdw.dll - ok
22:31:34.0068 4052 [ 967131647AFDC7B8CC072F74D0D4B281 ] C:\Program Files\Avira\AntiVir Desktop\ccgen.dll
22:31:34.0068 4052 C:\Program Files\Avira\AntiVir Desktop\ccgen.dll - ok
22:31:34.0084 4052 [ A3C6D5CCCCFC5DE82517608A20DE919E ] C:\Program Files\Avira\AntiVir Desktop\ccgenrc.dll
22:31:34.0084 4052 C:\Program Files\Avira\AntiVir Desktop\ccgenrc.dll - ok
22:31:34.0084 4052 [ 131902B08B1528E68E4A3DC7F85645B8 ] C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
22:31:34.0084 4052 C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll - ok
22:31:34.0084 4052 [ E7D6F0AFFB7833396B6EE75E2C06F5BB ] C:\Program Files\Avira\AntiVir Desktop\ccupdrc.dll
22:31:34.0084 4052 C:\Program Files\Avira\AntiVir Desktop\ccupdrc.dll - ok
22:31:34.0099 4052 [ 373CA64063413D6E57A98B301ABA5172 ] C:\Program Files\Avira\AntiVir Desktop\cclic.dll
22:31:34.0099 4052 C:\Program Files\Avira\AntiVir Desktop\cclic.dll - ok
22:31:34.0099 4052 [ 0335FD5493864EAC41785FA92C3D5E1D ] C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
22:31:34.0099 4052 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe - ok
22:31:34.0115 4052 [ 8AFDF673724F41683EC8723B081E550F ] C:\Program Files\Avira\AntiVir Desktop\cclicrc.dll
22:31:34.0115 4052 C:\Program Files\Avira\AntiVir Desktop\cclicrc.dll - ok
22:31:34.0115 4052 [ 89CC6A9F8FB804303817FFF01F93DAA2 ] C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
22:31:34.0115 4052 C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll - ok
22:31:34.0115 4052 [ F3C128870D4BF1293E028C17FC507E7D ] C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
22:31:34.0115 4052 C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe - ok
22:31:34.0130 4052 [ A4DD6C951201F5AA105EEF561BEAA342 ] C:\WINDOWS\system32\imgutil.dll
22:31:34.0130 4052 C:\WINDOWS\system32\imgutil.dll - ok
22:31:34.0130 4052 [ 95BA11D12E661058560577BE37A2F6A9 ] C:\Program Files\Avira\AntiVir Desktop\ccmsgrc.dll
22:31:34.0130 4052 C:\Program Files\Avira\AntiVir Desktop\ccmsgrc.dll - ok
22:31:34.0130 4052 [ C230562517FEE2FC4B472CD9B84E5BCB ] C:\WINDOWS\system32\pngfilt.dll
22:31:34.0130 4052 C:\WINDOWS\system32\pngfilt.dll - ok
22:31:34.0146 4052 [ 3218BC1F85F49FE2A0E73B1CC6AECD7A ] C:\Program Files\Avira\AntiVir Desktop\ccmainrc.dll
22:31:34.0146 4052 C:\Program Files\Avira\AntiVir Desktop\ccmainrc.dll - ok
22:31:34.0146 4052 [ E538EF5F87D35F344A1AC6A609093AA0 ] C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
22:31:34.0146 4052 C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe - ok
22:31:34.0162 4052 [ D8CF04E65081018CF3379B0FC02FFCBB ] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
22:31:34.0162 4052 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe - ok
22:31:34.0162 4052 [ 7AA09D937F0B77241D42310FACFF762E ] C:\PROGRA~1\Intel\Wireless\Bin\acAuth.dll
22:31:34.0162 4052 C:\PROGRA~1\Intel\Wireless\Bin\acAuth.dll - ok
22:31:34.0162 4052 [ 489A05416A58822995F5C03F235D3786 ] C:\PROGRA~1\Intel\Wireless\Bin\C1XStngs.dll
22:31:34.0162 4052 C:\PROGRA~1\Intel\Wireless\Bin\C1XStngs.dll - ok
22:31:34.0177 4052 [ 6DAF61E973FFCC4F62DE2AA8B5C044A2 ] C:\PROGRA~1\Intel\Wireless\Bin\LSAWRAPI.DLL
22:31:34.0177 4052 C:\PROGRA~1\Intel\Wireless\Bin\LSAWRAPI.DLL - ok
22:31:34.0177 4052 [ C2F51897E8BB86000E30575E25256878 ] C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll
22:31:34.0177 4052 C:\Program Files\Avira\AntiVir Desktop\ccupdw.dll - ok
22:31:34.0193 4052 [ 1ECAD6CDB2CEE77C847BF579482B3270 ] C:\PROGRA~1\Intel\Wireless\Bin\acCTA.dll
22:31:34.0193 4052 C:\PROGRA~1\Intel\Wireless\Bin\acCTA.dll - ok
22:31:34.0193 4052 [ AD1DDD48EEDED0B2A1EA52F38F754BB9 ] C:\WINDOWS\WinSxS\x86_smarttech.ms.mfc.vc100_9ca15c999435ee05_1.0.1.0_x-ww_7a516011\mfc100u.dll
22:31:34.0193 4052 C:\WINDOWS\WinSxS\x86_smarttech.ms.mfc.vc100_9ca15c999435ee05_1.0.1.0_x-ww_7a516011\mfc100u.dll - ok
22:31:34.0193 4052 [ F3B0AC8A0C792544BF56999ABDB25F0C ] C:\WINDOWS\system32\dxtrans.dll
22:31:34.0193 4052 C:\WINDOWS\system32\dxtrans.dll - ok
22:31:34.0209 4052 [ A47F6A13202AA54541CA46D6CED79F5F ] C:\WINDOWS\system32\ddrawex.dll
22:31:34.0209 4052 C:\WINDOWS\system32\ddrawex.dll - ok
22:31:34.0209 4052 [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
22:31:34.0209 4052 C:\WINDOWS\system32\ddraw.dll - ok
22:31:34.0224 4052 [ A1EAC66F172CB2F71A41F540E35E8600 ] C:\Program Files\Messenger\msmsgs.exe
22:31:34.0224 4052 C:\Program Files\Messenger\msmsgs.exe - ok
22:31:34.0224 4052 [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
22:31:34.0224 4052 C:\WINDOWS\system32\dciman32.dll - ok
22:31:34.0224 4052 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
22:31:34.0224 4052 C:\WINDOWS\system32\msisip.dll - ok
22:31:34.0240 4052 [ BFB8225B54B9DFB2B4A556546C47F59D ] C:\Program Files\Avira\AntiVir Desktop\cclicw.dll
22:31:34.0240 4052 C:\Program Files\Avira\AntiVir Desktop\cclicw.dll - ok
22:31:34.0240 4052 [ 128DD9AF8640DBCC711940903C8B554F ] C:\WINDOWS\system32\mscoree.dll
22:31:34.0240 4052 C:\WINDOWS\system32\mscoree.dll - ok
22:31:34.0255 4052 [ DFCB1315ED6C0AC8741EE6F2FBDD32F1 ] C:\WINDOWS\WinSxS\x86_smarttech.hwr.vc100.1.0_37a8c5fef6a21868_1.0.7.0_x-ww_d16cd3eb\HWR-vc100-mt.dll
22:31:34.0255 4052 C:\WINDOWS\WinSxS\x86_smarttech.hwr.vc100.1.0_37a8c5fef6a21868_1.0.7.0_x-ww_d16cd3eb\HWR-vc100-mt.dll - ok
22:31:34.0255 4052 [ 3B7A6E0BF0878DFF55D74DCC77183557 ] C:\WINDOWS\WinSxS\x86_smarttech.localization.vc100.1.0_37a8c5fef6a21868_1.0.6.0_x-ww_5da502de\Localization-vc100-mt.dll
22:31:34.0255 4052 C:\WINDOWS\WinSxS\x86_smarttech.localization.vc100.1.0_37a8c5fef6a21868_1.0.6.0_x-ww_5da502de\Localization-vc100-mt.dll - ok
22:31:34.0255 4052 [ 26E55DB78AA353DE5F4509AB5D7F6B63 ] C:\Program Files\SMART Technologies\Education Software\SBSDK-vc100-mt-10.8-tools.dll
22:31:34.0255 4052 C:\Program Files\SMART Technologies\Education Software\SBSDK-vc100-mt-10.8-tools.dll - ok
22:31:34.0271 4052 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
22:31:34.0271 4052 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
22:31:34.0271 4052 [ F64FD5C7FEF7FC25CBA37974FF3584D7 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll
22:31:34.0271 4052 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
22:31:34.0287 4052 [ 80BA3D3B669EEDCE5BB9D061F1A0BDD0 ] C:\WINDOWS\WinSxS\x86_smarttech.boostdatetime.vc100.1.44_9ca15c999435ee05_1.0.1.0_x-ww_c41aee2c\boost_date_time-vc100-mt-1_44.dll
22:31:34.0287 4052 C:\WINDOWS\WinSxS\x86_smarttech.boostdatetime.vc100.1.44_9ca15c999435ee05_1.0.1.0_x-ww_c41aee2c\boost_date_time-vc100-mt-1_44.dll - ok
22:31:34.0287 4052 [ E11424013B85CB91868E11B6FC4BD809 ] C:\WINDOWS\WinSxS\x86_smarttech.boostthread.vc100.1.44_9ca15c999435ee05_1.0.1.0_x-ww_223d02ca\boost_thread-vc100-mt-1_44.dll
22:31:34.0287 4052 C:\WINDOWS\WinSxS\x86_smarttech.boostthread.vc100.1.44_9ca15c999435ee05_1.0.1.0_x-ww_223d02ca\boost_thread-vc100-mt-1_44.dll - ok
22:31:34.0287 4052 [ 55E1494789E7605666713440D176E486 ] C:\WINDOWS\WinSxS\x86_smarttech.icu.vc100.3.8_9ca15c999435ee05_1.0.1.0_x-ww_a4a09a3b\icuuc38.dll
22:31:34.0287 4052 C:\WINDOWS\WinSxS\x86_smarttech.icu.vc100.3.8_9ca15c999435ee05_1.0.1.0_x-ww_a4a09a3b\icuuc38.dll - ok
22:31:34.0302 4052 [ 7FACB452456EF5C053AF3EE4B228FE0D ] C:\WINDOWS\system32\xpob2res.dll
22:31:34.0302 4052 C:\WINDOWS\system32\xpob2res.dll - ok
22:31:34.0302 4052 [ FAB6996A6D452F9940F043F4B95BE0F4 ] C:\WINDOWS\WinSxS\x86_smarttech.icu.vc100.3.8_9ca15c999435ee05_1.0.1.0_x-ww_a4a09a3b\icudt38.dll
22:31:34.0302 4052 C:\WINDOWS\WinSxS\x86_smarttech.icu.vc100.3.8_9ca15c999435ee05_1.0.1.0_x-ww_a4a09a3b\icudt38.dll - ok
22:31:34.0302 4052 [ 2FF96BFE76A04775FC80B425A964A893 ] C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
22:31:34.0302 4052 C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe - ok
22:31:34.0318 4052 [ FB8B75D3BE728E4D41C19AFBA339151E ] C:\WINDOWS\system32\dxtmsft.dll
22:31:34.0318 4052 C:\WINDOWS\system32\dxtmsft.dll - ok
22:31:34.0318 4052 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
22:31:34.0318 4052 C:\WINDOWS\system32\wshext.dll - ok
22:31:34.0334 4052 [ E9AF8B12CFFC04C0F4399ED8E4D3826E ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
22:31:34.0334 4052 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
22:31:34.0334 4052 [ 5648152AD2CCAB0265EAB9711755F484 ] C:\WINDOWS\system32\RAMASST.exe
22:31:34.0334 4052 C:\WINDOWS\system32\RAMASST.exe - ok
22:31:34.0334 4052 [ 49F718E619B0314351DC5458C3957BDE ] C:\Program Files\Roxio\RoxioNow Player\RNowControl.dll
22:31:34.0334 4052 C:\Program Files\Roxio\RoxioNow Player\RNowControl.dll - ok
22:31:34.0349 4052 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
22:31:34.0349 4052 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
22:31:34.0349 4052 [ 2C5BA148BA7936D9BB6BB1F4945BA469 ] C:\Documents and Settings\Gummy Joe\Application Data\Dropbox\bin\Dropbox.exe
22:31:34.0349 4052 C:\Documents and Settings\Gummy Joe\Application Data\Dropbox\bin\Dropbox.exe - ok
22:31:34.0365 4052 [ BD7BD4E342AB3AB84C1441AA76213605 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
22:31:34.0365 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll - ok
22:31:34.0365 4052 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
22:31:34.0365 4052 C:\WINDOWS\system32\drprov.dll - ok
22:31:34.0365 4052 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
22:31:34.0365 4052 C:\WINDOWS\system32\ntlanman.dll - ok
22:31:34.0380 4052 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
22:31:34.0380 4052 C:\WINDOWS\system32\netui0.dll - ok
22:31:34.0380 4052 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
22:31:34.0380 4052 C:\WINDOWS\system32\netui1.dll - ok
22:31:34.0396 4052 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
22:31:34.0396 4052 C:\WINDOWS\system32\davclnt.dll - ok
22:31:34.0396 4052 [ D1032C70976A139A71BF4245972C0BC1 ] C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
22:31:34.0396 4052 C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node - ok
22:31:34.0396 4052 [ 1986443C2F2C0E2A18E908DD241BF84D ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll
22:31:34.0396 4052 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll - ok
22:31:34.0412 4052 [ DF7B0779DCBF3500D2B2D0DF090C0EED ] C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK-vc100-mt-11.0.2.dll
22:31:34.0412 4052 C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK-vc100-mt-11.0.2.dll - ok
22:31:34.0412 4052 [ 7D69C583DC724A8EB688D6ADCC3D73A6 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
22:31:34.0412 4052 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - ok
22:31:34.0427 4052 [ 82E1FF067A74BF3EC61D1962AD9335BC ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
22:31:34.0427 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll - ok
22:31:34.0427 4052 [ DAA19F5ECE17866DEE20A1693B5C96E7 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
22:31:34.0427 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll - ok
22:31:34.0427 4052 [ 632782278073199D664554D39170FC06 ] C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
22:31:34.0427 4052 C:\Program Files\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node - ok
22:31:34.0443 4052 [ FB8C856098127274DA7D62BCB952E6D6 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
22:31:34.0443 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll - ok
22:31:34.0443 4052 [ 3D91F8F9601B904AAAF18E02FDB9FEB7 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
22:31:34.0443 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll - ok
22:31:34.0443 4052 [ 8AE3AE43DA1A8CB8DFD2169F57B88868 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
22:31:34.0443 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll - ok
22:31:34.0459 4052 [ 1CF5D6405EAC53CE36E206A05CF162E2 ] C:\Program Files\SMART Technologies\Education Software\SMARTInkBase.dll
22:31:34.0459 4052 C:\Program Files\SMART Technologies\Education Software\SMARTInkBase.dll - ok
22:31:34.0459 4052 [ EBC6332093AEC6A4FBF2C3919D03877A ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
22:31:34.0459 4052 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll - ok
22:31:34.0474 4052 [ 56D16A44691C0337DD0EF3F3008A9977 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
22:31:34.0474 4052 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll - ok
22:31:34.0474 4052 [ 9383D302F0D95DB0802308CF250727F3 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
22:31:34.0474 4052 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll - ok
22:31:34.0490 4052 [ 7B1028A754BB63BBFC75B6A94C3F47E5 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
22:31:34.0490 4052 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll - ok
22:31:34.0490 4052 [ C82B48F7692B3037242F9D34F121681D ] C:\Program Files\SMART Technologies\Education Software\libUsageTracking.dll
22:31:34.0490 4052 C:\Program Files\SMART Technologies\Education Software\libUsageTracking.dll - ok
22:31:34.0490 4052 [ 294E1D24CED78C545E46ABC88B88A729 ] C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
22:31:34.0490 4052 C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe - ok
22:31:34.0505 4052 [ 9E389A586D9CFC2AD9E73ECE4FE97881 ] C:\Program Files\SMART Technologies\Education Software\SMARTInkOfficeOverlay.dll
22:31:34.0505 4052 C:\Program Files\SMART Technologies\Education Software\SMARTInkOfficeOverlay.dll - ok
22:31:34.0505 4052 [ EC52999D0D2E374981C0D033748AF2A6 ] C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
22:31:34.0505 4052 C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe - ok
22:31:34.0521 4052 [ 19348207EADADF20555601D4513793D5 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
22:31:34.0521 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll - ok
22:31:34.0521 4052 [ 77D17E48F4999EC725C37A83CF80F498 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7c73ac0ffec7d226ca3dac70df184f18\System.ServiceModel.ni.dll
22:31:34.0521 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7c73ac0ffec7d226ca3dac70df184f18\System.ServiceModel.ni.dll - ok
22:31:34.0521 4052 [ 3FDCD4B976AF5FF4B345CB5CDBF19490 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
22:31:34.0521 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll - ok
22:31:34.0537 4052 [ 2D035877D6658C12B70ED978BAF7B3EC ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
22:31:34.0537 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll - ok
22:31:34.0537 4052 [ 61D0C49534CB2466D7221893BD505282 ] C:\Program Files\SMART Technologies\Education Software\Office\SBSDKProxyCommon.dll
22:31:34.0537 4052 C:\Program Files\SMART Technologies\Education Software\Office\SBSDKProxyCommon.dll - ok
22:31:34.0537 4052 [ B80A7EF1A81EBE75356EB6DD28F0C495 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ba4bc24df463a622c0e918d8c49672ed\SMDiagnostics.ni.dll
22:31:34.0537 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ba4bc24df463a622c0e918d8c49672ed\SMDiagnostics.ni.dll - ok
22:31:34.0552 4052 [ 0BAC2D0E37475652B94DCE79BAD2D5D7 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f56869ede7c0fddb751c39e050dd62a8\System.Runtime.DurableInstancing.ni.dll
22:31:34.0552 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f56869ede7c0fddb751c39e050dd62a8\System.Runtime.DurableInstancing.ni.dll - ok
22:31:34.0552 4052 [ 7FD5DA8145C09858AC201D4A29DF242D ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
22:31:34.0552 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll - ok
22:31:34.0568 4052 [ 73D67A7F55A6438F10E35F16D47ABA29 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
22:31:34.0568 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll - ok
22:31:34.0568 4052 [ 6FC15976FC91AE0C5C668EEAA60E6DBF ] C:\Program Files\SMART Technologies\Education Software\SMARTInkWindowTracker.dll
22:31:34.0568 4052 C:\Program Files\SMART Technologies\Education Software\SMARTInkWindowTracker.dll - ok
22:31:34.0584 4052 [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
22:31:34.0584 4052 C:\WINDOWS\system32\d3d9.dll - ok
22:31:34.0584 4052 [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
22:31:34.0584 4052 C:\WINDOWS\system32\d3d8thk.dll - ok
22:31:34.0584 4052 [ 43A7E2E6AA09B318602408BAB9F3E287 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
22:31:34.0584 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll - ok
22:31:34.0599 4052 [ 2E46EEFCD0405F8A2FC4399D98402CE4 ] C:\Program Files\SMART Technologies\Education Software\Office\SBSDKComWrapper-wink.dll
22:31:34.0599 4052 C:\Program Files\SMART Technologies\Education Software\Office\SBSDKComWrapper-wink.dll - ok
22:31:34.0599 4052 [ F243E38AEB426D04DBF921D3AC06FACB ] C:\Program Files\SMART Technologies\Education Software\Office\SBSDK-vc100-mt-11.0.0-ink.dll
22:31:34.0599 4052 C:\Program Files\SMART Technologies\Education Software\Office\SBSDK-vc100-mt-11.0.0-ink.dll - ok
22:31:34.0599 4052 [ 454BB157720B2E4469109ED9C81392F7 ] C:\Program Files\SMART Technologies\Education Software\UsageTrackingInterface-vc100-mt.dll
22:31:34.0599 4052 C:\Program Files\SMART Technologies\Education Software\UsageTrackingInterface-vc100-mt.dll - ok
22:31:34.0615 4052 [ A3E0DA62AAF25551046921C8D57FDAD0 ] C:\Program Files\SMART Technologies\Education Software\SBSDK-vc100-mt-11.0.0-ink.dll
22:31:34.0615 4052 C:\Program Files\SMART Technologies\Education Software\SBSDK-vc100-mt-11.0.0-ink.dll - ok
22:31:34.0615 4052 [ 7A114BF6C0D6B163B77508378373F3D8 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9db486997d651f0646a089ff6cfb605e\System.Runtime.Serialization.ni.dll
22:31:34.0615 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9db486997d651f0646a089ff6cfb605e\System.Runtime.Serialization.ni.dll - ok
22:31:34.0631 4052 [ 5F63E2B2A72E1E6448123E0920D31530 ] C:\WINDOWS\system32\windowscodecs.dll
22:31:34.0631 4052 C:\WINDOWS\system32\windowscodecs.dll - ok
22:31:34.0631 4052 [ 58EC3C662CBB3318A53B7E817FC7B751 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a0204aa75b8665f3c674ff18eebbf13f\System.IdentityModel.ni.dll
22:31:34.0631 4052 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a0204aa75b8665f3c674ff18eebbf13f\System.IdentityModel.ni.dll - ok
22:31:34.0631 4052 [ A71B89F4F6C01477FDDB2B8022B6E2CE ] C:\Program Files\SMART Technologies\Education Software\SMARTInkSBSDKConnector.dll
22:31:34.0631 4052 C:\Program Files\SMART Technologies\Education Software\SMARTInkSBSDKConnector.dll - ok
22:31:34.0646 4052 [ B53AC8E4FD9A50574B57688250F5A6DB ] C:\Program Files\SMART Technologies\Education Software\SMARTInkOverlayBase.dll
22:31:34.0646 4052 C:\Program Files\SMART Technologies\Education Software\SMARTInkOverlayBase.dll - ok
22:31:34.0646 4052 [ C205C30530EA5DEAE83BCA5E10D64688 ] C:\Program Files\SMART Technologies\Education Software\SMARTInkComms.dll
22:31:34.0646 4052 C:\Program Files\SMART Technologies\Education Software\SMARTInkComms.dll - ok
22:31:34.0662 4052 [ AF6FBACC57469E4BACAD83E811FF7E43 ] C:\Program Files\SMART Technologies\Education Software\SBSDKComWrapper-wink.dll
22:31:34.0662 4052 C:\Program Files\SMART Technologies\Education Software\SBSDKComWrapper-wink.dll - ok
22:31:34.0662 4052 [ 8F4298C462A29D20B533E03D0CA88DC1 ] C:\Program Files\SMART Technologies\Education Software\SMARTInkDefaultOverlay.dll
22:31:34.0662 4052 C:\Program Files\SMART Technologies\Education Software\SMARTInkDefaultOverlay.dll - ok
22:31:34.0662 4052 [ 3DCA860967C90B8DBF316484AB7B1777 ] C:\Program Files\SMART Technologies\Education Software\SMARTInkToolbar.dll
22:31:34.0662 4052 C:\Program Files\SMART Technologies\Education Software\SMARTInkToolbar.dll - ok
22:31:34.0677 4052 [ 0330C83F1AF36760D7C9DF402A987227 ] C:\Program Files\SMART Technologies\Education Software\SMARTInkBrowserOverlay.dll
22:31:34.0677 4052 C:\Program Files\SMART Technologies\Education Software\SMARTInkBrowserOverlay.dll - ok
22:31:34.0677 4052 [ E719E1735BAC16A3AAF50086B2E61915 ] C:\Program Files\SMART Technologies\Education Software\SMARTNotes.dll
22:31:34.0677 4052 C:\Program Files\SMART Technologies\Education Software\SMARTNotes.dll - ok
22:31:34.0693 4052 [ C076CC397A68D6C84CA469F674F6FBEB ] C:\Program Files\SMART Technologies\Education Software\SMARTInkAcetateLayer.dll
22:31:34.0693 4052 C:\Program Files\SMART Technologies\Education Software\SMARTInkAcetateLayer.dll - ok
22:31:34.0693 4052 [ 5118A9CCB82D207A0522EF7154DDE74F ] C:\Program Files\SMART Technologies\Education Software\SPUWrapper-vc100-mt.dll
22:31:34.0693 4052 C:\Program Files\SMART Technologies\Education Software\SPUWrapper-vc100-mt.dll - ok
22:31:34.0693 4052 [ 18F45EA4644A4726485D71BC8AC42D22 ] C:\Program Files\Common Files\SMART Technologies\MyScript2\engine\MyScriptEngine.dll
22:31:34.0693 4052 C:\Program Files\Common Files\SMART Technologies\MyScript2\engine\MyScriptEngine.dll - ok
22:31:34.0709 4052 [ 26F76715ECAE86E15DC86ECE70CAD1AF ] C:\Program Files\Common Files\SMART Technologies\MyScript2\engine\MyScriptHWR.dll
22:31:34.0709 4052 C:\Program Files\Common Files\SMART Technologies\MyScript2\engine\MyScriptHWR.dll - ok
22:31:34.0709 4052 ============================================================
22:31:34.0709 4052 Scan finished
22:31:34.0709 4052 ============================================================
22:31:34.0849 3672 Detected object count: 45
22:31:34.0849 3672 Actual detected object count: 45
22:34:16.0136 3672 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0136 3672 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0136 3672 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0136 3672 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0152 3672 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0152 3672 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0152 3672 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0152 3672 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0152 3672 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0152 3672 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0152 3672 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0152 3672 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0152 3672 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0152 3672 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0152 3672 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0152 3672 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0168 3672 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0168 3672 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0168 3672 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0168 3672 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0168 3672 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0168 3672 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0168 3672 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0168 3672 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0168 3672 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0168 3672 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0168 3672 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0168 3672 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0183 3672 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0183 3672 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0183 3672 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0183 3672 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0183 3672 ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0183 3672 ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0183 3672 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0183 3672 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0183 3672 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0183 3672 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0183 3672 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0183 3672 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0199 3672 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0199 3672 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0199 3672 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0199 3672 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0199 3672 MozillaMaintenance ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0199 3672 MozillaMaintenance ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0199 3672 NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0199 3672 NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0199 3672 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0199 3672 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0199 3672 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0199 3672 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0215 3672 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0215 3672 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0215 3672 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0215 3672 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0215 3672 RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0215 3672 RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0215 3672 RoxioNow Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0215 3672 RoxioNow Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0215 3672 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0215 3672 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0215 3672 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0215 3672 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0230 3672 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0230 3672 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0230 3672 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0230 3672 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0230 3672 SMART Board Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0230 3672 SMART Board Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0230 3672 SMART Display Controller ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0230 3672 SMART Display Controller ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0230 3672 SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0230 3672 SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0230 3672 TAPPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0230 3672 TAPPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0246 3672 TlntSvr ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0246 3672 TlntSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0246 3672 tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0246 3672 tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0246 3672 TVALD ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0246 3672 TVALD ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0246 3672 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0246 3672 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0246 3672 UMWdf ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0246 3672 UMWdf ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0246 3672 WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:16.0246 3672 WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:16.0262 3672 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:34:16.0262 3672 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:34:43.0096 3540 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-30 22:42:08
-----------------------------
22:42:08.808 OS Version: Windows 5.1.2600 Service Pack 3
22:42:08.808 Number of processors: 2 586 0xE08
22:42:08.808 ComputerName: JOEY UserName:
22:42:09.542 Initialize success
22:47:27.130 AVAST engine defs: 13013000
22:47:42.993 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:47:42.993 Disk 0 Vendor: FUJITSU_MHV2100BH_PL 00000029 Size: 95396MB BusType: 3
22:47:43.024 Disk 0 MBR read successfully
22:47:43.024 Disk 0 MBR scan
22:47:44.321 Disk 0 Windows XP default MBR code
22:47:44.352 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95142 MB offset 63
22:47:44.727 Disk 0 Partition 2 00 88 Linux plaintext AKr' 251 MB offset 194852385
22:47:45.024 Disk 0 scanning sectors +195366465
22:47:45.634 Disk 0 scanning C:\WINDOWS\system32\drivers
22:48:19.187 Service scanning
22:48:50.646 Modules scanning
22:48:58.022 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
22:48:59.507 Disk 0 trace - called modules:
22:48:59.522 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:48:59.538 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f85ab8]
22:48:59.538 3 CLASSPNP.SYS[f779efd7] -> nt!IofCallDriver -> \Device\0000007f[0x86f5b030]
22:48:59.538 5 ACPI.sys[f76c7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86ef6940]
22:49:01.570 AVAST engine scan C:\WINDOWS
22:49:14.963 File: C:\WINDOWS\SoundMan.exe **INFECTED** Win32:Vitro
22:49:16.885 AVAST engine scan C:\WINDOWS\system32
22:49:29.200 File: C:\WINDOWS\system32\calc.exe **INFECTED** Win32:Malware-gen
22:50:33.258 File: C:\WINDOWS\system32\fltmc.exe **INFECTED** Win32:Vitro
22:58:27.096 AVAST engine scan C:\WINDOWS\system32\drivers
23:00:21.540 AVAST engine scan C:\Documents and Settings\Gummy Joe
23:09:18.301 AVAST engine scan C:\Documents and Settings\All Users
23:10:50.831 Scan finished successfully
23:11:10.850 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gummy Joe\Desktop\MBR.dat"
23:11:10.865 The log file has been saved successfully to "C:\Documents and Settings\Gummy Joe\Desktop\aswMBR.txt"

#6 doh102

doh102
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 30 January 2013 - 11:22 PM

Do I begin the next two scans?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 PM

Posted 30 January 2013 - 11:31 PM

there was a copy and paste error on my part - that is why so many scans it did not hurt anything and I did get some extra info from it



go ahead and run the next two scans now and send me the report
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 doh102

doh102
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 30 January 2013 - 11:41 PM

# AdwCleaner v2.109 - Logfile created 01/30/2013 at 23:39:20
# Updated 26/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Gummy Joe - JOEY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Gummy Joe\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Program Files\Viewpoint

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Documents and Settings\Gummy Joe\Application Data\Mozilla\Firefox\Profiles\998kq8k8.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Abbie\Application Data\Mozilla\Firefox\Profiles\r6tn2cle.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Loser\Application Data\Mozilla\Firefox\Profiles\u9d3awon.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2117 octets] - [30/01/2013 23:39:20]

########## EOF - C:\AdwCleaner[R1].txt - [2177 octets] ##########

#9 doh102

doh102
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 30 January 2013 - 11:46 PM

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Gummy Joe [Admin rights]
Mode : Remove -- Date : 01/30/2013 23:45:12
| ARK || MBR |

Bad processes : 1
[SUSP PATH] aswMBR.exe -- C:\Documents and Settings\Gummy Joe\Desktop\aswMBR.exe -> KILLED [TermProc]

Registry Entries : 0

Particular Files / Folders:

Driver : [LOADED]
SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Unknown @ 0xF7DDBDD4)
SSDT[41] : NtCreateKey @ 0x80578ABE -> HOOKED (Unknown @ 0xF7DDBD8E)
SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (Unknown @ 0xF7DDBDDE)
SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0xF7DDBD84)
SSDT[63] : NtDeleteKey @ 0x80599777 -> HOOKED (Unknown @ 0xF7DDBD93)
SSDT[65] : NtDeleteValueKey @ 0x80598396 -> HOOKED (Unknown @ 0xF7DDBD9D)
SSDT[68] : NtDuplicateObject @ 0x8057F195 -> HOOKED (Unknown @ 0xF7DDBDCF)
SSDT[98] : NtLoadKey @ 0x805D5235 -> HOOKED (Unknown @ 0xF7DDBDA2)
SSDT[122] : NtOpenProcess @ 0x8057F942 -> HOOKED (Unknown @ 0xF7DDBD70)
SSDT[128] : NtOpenThread @ 0x805E4817 -> HOOKED (Unknown @ 0xF7DDBD75)
SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Unknown @ 0xF7DDBDF7)
SSDT[193] : NtReplaceKey @ 0x806571D6 -> HOOKED (Unknown @ 0xF7DDBDAC)
SSDT[200] : NtRequestWaitReplyPort @ 0x8057D143 -> HOOKED (Unknown @ 0xF7DDBDE8)
SSDT[204] : NtRestoreKey @ 0x80656D6D -> HOOKED (Unknown @ 0xF7DDBDA7)
SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0xF7DDBDE3)
SSDT[237] : NtSetSecurityObject @ 0x8059DDD3 -> HOOKED (Unknown @ 0xF7DDBDED)
SSDT[247] : NtSetValueKey @ 0x80580090 -> HOOKED (Unknown @ 0xF7DDBD98)
SSDT[255] : NtSystemDebugControl @ 0x80651AA1 -> HOOKED (Unknown @ 0xF7DDBDF2)
SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (Unknown @ 0xF7DDBD7F)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7DDBE06)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7DDBE0B)

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: FUJITSU MHV2100BH PL +++++
--- User ---
[MBR] 168808cdf877503c1f826d1c647c4cb9
[BSP] 13f38c10e3324d95c4a885d1f31458b4 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95142 Mo
3 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 194852385 | Size: 251 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01302013_02d2345.txt >>
RKreport[1]_S_01302013_02d2343.txt ; RKreport[2]_D_01302013_02d2345.txt

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 PM

Posted 30 January 2013 - 11:49 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 doh102

doh102
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 31 January 2013 - 08:47 PM

This is probably an obvious question, but I ran the last scans (aswmbr) and it found some things. You instructions did not tell me to do anything, but was I supposed to ask aswmbr to fix anything it found? Same goes for the combofix I am about to do. If it finds errors, am I asking it to fix them, or just get your the log?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 PM

Posted 31 January 2013 - 09:01 PM

going to use combofix to clear them out after you send me the first report
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 doh102

doh102
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 31 January 2013 - 09:56 PM

hmmm, it scanned for quite a while. Said it was finding infected files and attempting to restore. I left it to run, and came back, and the program was finished. There was no dialogue boxes/logs/etc. It was at the user login screen, so i logged in. None of my icons will show up for any user now. Not sure how to proceed

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 PM

Posted 31 January 2013 - 10:11 PM

Hello

I want you to rerun combofix but this time I want you to run it in safe mode and see if it completes but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 doh102

doh102
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 31 January 2013 - 10:41 PM

Computer is not as "Freezy" but avira is still going crazy.

ComboFix 13-01-31.03 - Gummy Joe 01/31/2013 20:53:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.534 [GMT -5:00]
Running from: c:\documents and settings\Gummy Joe\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Abbie\WINDOWS
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Gummy Joe\Application Data\Microsoft\~DFK9bf5c41.tmp
c:\documents and settings\Gummy Joe\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Gummy Joe\Application Data\Microsoft\bass.dll
c:\documents and settings\Gummy Joe\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Gummy Joe\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Gummy Joe\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Gummy Joe\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Gummy Joe\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Gummy Joe\Application Data\Mozilla\Firefox\Profiles\998kq8k8.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
c:\documents and settings\Gummy Joe\Application Data\Mozilla\Firefox\Profiles\998kq8k8.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome.manifest
c:\documents and settings\Gummy Joe\Application Data\Mozilla\Firefox\Profiles\998kq8k8.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome\content.jar
c:\documents and settings\Gummy Joe\Application Data\Mozilla\Firefox\Profiles\998kq8k8.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\components\red.js
c:\documents and settings\Gummy Joe\Application Data\Mozilla\Firefox\Profiles\998kq8k8.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\install.rdf
c:\documents and settings\Gummy Joe\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Gummy Joe\Local Settings\Application Data\wsr27zt32.dll
c:\documents and settings\Gummy Joe\WINDOWS
c:\documents and settings\Loser\WINDOWS
c:\program files\Realtek\InstallShield\Alcmtr.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
c:\windows\explorer.exe . . . is infected!!
.
Infected copy of c:\windows\regedit.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051935.exe
.
Infected copy of c:\windows\slrundll.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052141.exe
.
Infected copy of c:\windows\ehome\ehRec.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051874.exe
.
Infected copy of c:\windows\inf\unregmp2.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051884.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v1.0.3705\gacutil.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051897.exe
.
Infected copy of c:\windows\msagent\agentsvr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051925.exe
.
Infected copy of c:\windows\mui\muisetup.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051926.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\helpctr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051928.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\HelpHost.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051929.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\helpsvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051930.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\hscupd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051931.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\msconfig.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051932.exe
.
Infected copy of c:\windows\pchealth\helpctr\binaries\notiflag.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051933.exe
.
Infected copy of c:\windows\pchealth\UploadLB\Binaries\uploadm.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0051934.exe
.
Infected copy of c:\windows\system32\accwiz.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049546.exe
.
Infected copy of c:\windows\system32\ahui.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052147.exe
.
Infected copy of c:\windows\system32\asr_fmt.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052148.exe
.
Infected copy of c:\windows\system32\asr_pfu.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052149.exe
.
Infected copy of c:\windows\system32\at.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052150.exe
.
Infected copy of c:\windows\system32\blastcln.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052151.exe
.
Infected copy of c:\windows\system32\bootcfg.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052152.exe
.
Infected copy of c:\windows\system32\calc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP217\A0050756.exe
.
Infected copy of c:\windows\system32\charmap.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049555.exe
.
Infected copy of c:\windows\system32\cipher.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052155.exe
.
Infected copy of c:\windows\system32\cleanmgr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049556.exe
.
Infected copy of c:\windows\system32\clipbrd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052156.exe
.
Infected copy of c:\windows\system32\cmd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049530.exe
.
Infected copy of c:\windows\system32\cmdl32.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052157.exe
.
Infected copy of c:\windows\system32\cmmon32.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052158.exe
.
Infected copy of c:\windows\system32\cmstp.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052159.exe
.
Infected copy of c:\windows\system32\cscript.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052161.exe
.
Infected copy of c:\windows\system32\defrag.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052163.exe
.
Infected copy of c:\windows\system32\dfrgfat.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052164.exe
.
Infected copy of c:\windows\system32\dfrgntfs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052165.exe
.
Infected copy of c:\windows\system32\diantz.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052166.exe
.
Infected copy of c:\windows\system32\diskpart.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052167.exe
.
Infected copy of c:\windows\system32\dmadmin.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049509.exe
.
Infected copy of c:\windows\system32\dplaysvr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052192.exe
.
Infected copy of c:\windows\system32\dpnsvr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052193.exe
.
Infected copy of c:\windows\system32\dpvsetup.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052194.exe
.
Infected copy of c:\windows\system32\driverquery.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052195.exe
.
Infected copy of c:\windows\system32\drwtsn32.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052197.exe
.
Infected copy of c:\windows\system32\dwwin.exe was found and disinfected
Restored copy from - c:\windows\I386\DRW\DWWIN.EXE
.
Infected copy of c:\windows\system32\dxdiag.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052199.exe
.
Infected copy of c:\windows\system32\eudcedit.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052200.exe
.
Infected copy of c:\windows\system32\eventcreate.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052201.exe
.
Infected copy of c:\windows\system32\eventtriggers.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052202.exe
.
Infected copy of c:\windows\system32\fltmc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052205.exe
.
Infected copy of c:\windows\system32\freecell.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049564.exe
.
Infected copy of c:\windows\system32\fsquirt.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052206.exe
.
Infected copy of c:\windows\system32\ftp.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052207.exe
.
Infected copy of c:\windows\system32\fxsclnt.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049547.exe
.
Infected copy of c:\windows\system32\fxscover.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049548.exe
.
Infected copy of c:\windows\system32\fxssend.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049549.exe
.
Infected copy of c:\windows\system32\getmac.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052208.exe
.
Infected copy of c:\windows\system32\gpresult.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052209.exe
.
Infected copy of c:\windows\system32\gpupdate.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052210.exe
.
Infected copy of c:\windows\system32\grpconv.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052211.exe
.
Infected copy of c:\windows\system32\ie4uinit.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052213.exe
.
Infected copy of c:\windows\system32\iexpress.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052214.exe
.
Infected copy of c:\windows\system32\imapi.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049511.exe
.
Infected copy of c:\windows\system32\ipconfig.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052219.exe
.
Infected copy of c:\windows\system32\ipsec6.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052220.exe
.
Infected copy of c:\windows\system32\ipv6.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052221.exe
.
Infected copy of c:\windows\system32\ipxroute.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052222.exe
.
Infected copy of c:\windows\system32\lnkstub.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052226.exe
.
Infected copy of c:\windows\system32\locator.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049517.exe
.
Infected copy of c:\windows\system32\logagent.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052227.exe
.
Infected copy of c:\windows\system32\logman.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052228.exe
.
Infected copy of c:\windows\system32\logonui.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052229.exe
.
Infected copy of c:\windows\system32\magnify.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049525.exe
.
Infected copy of c:\windows\system32\mmcperf.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052233.exe
.
Infected copy of c:\windows\system32\mobsync.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049532.exe
.
Infected copy of c:\windows\system32\mplay32.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052234.exe
.
Infected copy of c:\windows\system32\mpnotify.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052235.exe
.
c:\windows\system32\mqbkup.exe . . . is infected!!
.
c:\windows\system32\mqtgsvc.exe . . . is infected!!
.
Infected copy of c:\windows\system32\mshearts.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049565.exe
.
Infected copy of c:\windows\system32\mshta.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052239.exe
.
Infected copy of c:\windows\system32\msiexec.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049513.exe
.
Infected copy of c:\windows\system32\mspaint.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049552.exe
.
Infected copy of c:\windows\system32\mstsc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049553.exe
.
Infected copy of c:\windows\system32\napstat.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052241.exe
.
Infected copy of c:\windows\system32\narrator.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049526.exe
.
Infected copy of c:\windows\system32\net.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052243.exe
.
Infected copy of c:\windows\system32\net1.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052244.exe
.
Infected copy of c:\windows\system32\netdde.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049514.exe
.
Infected copy of c:\windows\system32\netsetup.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052245.exe
.
Infected copy of c:\windows\system32\netstat.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052246.exe
.
Infected copy of c:\windows\system32\nslookup.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052248.exe
.
Infected copy of c:\windows\system32\ntbackup.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049554.exe
.
Infected copy of c:\windows\system32\ntsd.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052249.exe
.
Infected copy of c:\windows\system32\ntvdm.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052250.exe
.
Infected copy of c:\windows\system32\nwscript.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052251.exe
.
Infected copy of c:\windows\system32\odbcconf.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052252.exe
.
Infected copy of c:\windows\system32\openfiles.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052254.exe
.
Infected copy of c:\windows\system32\osk.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049527.exe
.
Infected copy of c:\windows\system32\packager.exe was found and disinfected
Restored copy from - c:\windows\$NtUninstallKB2584146$\packager.exe
.
Infected copy of c:\windows\system32\ping6.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052256.exe
.
Infected copy of c:\windows\system32\powercfg.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052257.exe
.
Infected copy of c:\windows\system32\proquota.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052259.exe
.
Infected copy of c:\windows\system32\rasphone.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052263.exe
.
Infected copy of c:\windows\system32\rcp.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052264.exe
.
Infected copy of c:\windows\system32\rdpclip.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052265.exe
.
Infected copy of c:\windows\system32\rdshost.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052266.exe
.
Infected copy of c:\windows\system32\rexec.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052268.exe
.
Infected copy of c:\windows\system32\routemon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052269.exe
.
Infected copy of c:\windows\system32\rsh.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052270.exe
.
Infected copy of c:\windows\system32\rsmsink.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052271.exe
.
Infected copy of c:\windows\system32\rsmui.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052272.exe
.
Infected copy of c:\windows\system32\rsnotify.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052273.exe
.
Infected copy of c:\windows\system32\rsopprov.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052274.exe
.
Infected copy of c:\windows\system32\rtcshare.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052275.exe
.
Infected copy of c:\windows\system32\runonce.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052276.exe
.
Infected copy of c:\windows\system32\scardsvr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049519.exe
.
Infected copy of c:\windows\system32\sdbinst.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052277.exe
.
Infected copy of c:\windows\system32\sessmgr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049518.exe
.
Infected copy of c:\windows\system32\sethc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052278.exe
.
Infected copy of c:\windows\system32\setup.exe was found and disinfected
Restored copy from - c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SETUP.EXE
.
Infected copy of c:\windows\system32\shrpubw.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052280.exe
.
Infected copy of c:\windows\system32\slserv.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052282.exe
.
Infected copy of c:\windows\system32\smlogsvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049521.exe
.
Infected copy of c:\windows\system32\sndrec32.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049550.exe
.
Infected copy of c:\windows\system32\sndvol32.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049551.exe
.
Infected copy of c:\windows\system32\sol.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049567.exe
.
Infected copy of c:\windows\system32\sort.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052284.exe
.
Infected copy of c:\windows\system32\spider.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049568.exe
.
Infected copy of c:\windows\system32\syncapp.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052291.exe
.
Infected copy of c:\windows\system32\syskey.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052292.exe
.
Infected copy of c:\windows\system32\sysocmgr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052293.exe
.
Infected copy of c:\windows\system32\systeminfo.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052294.exe
.
Infected copy of c:\windows\system32\taskkill.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052295.exe
.
Infected copy of c:\windows\system32\tasklist.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052296.exe
.
Infected copy of c:\windows\system32\taskmgr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052297.exe
.
Infected copy of c:\windows\system32\tcpsvcs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052298.exe
.
Infected copy of c:\windows\system32\telnet.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052299.exe
.
Infected copy of c:\windows\system32\tlntsess.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052300.exe
.
Infected copy of c:\windows\system32\tlntsvr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049522.exe
.
Infected copy of c:\windows\system32\tracerpt.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052303.exe
.
Infected copy of c:\windows\system32\tracert6.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052304.exe
.
Infected copy of c:\windows\system32\upnpcont.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052306.exe
.
Infected copy of c:\windows\system32\usrmlnka.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052311.exe
.
Infected copy of c:\windows\system32\usrprbda.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052312.exe
.
Infected copy of c:\windows\system32\usrshuta.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052313.exe
.
Infected copy of c:\windows\system32\verifier.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052316.exe
.
Infected copy of c:\windows\system32\w32tm.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052317.exe
.
Infected copy of c:\windows\system32\wextract.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052325.exe
.
Infected copy of c:\windows\system32\wiaacmgr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052326.exe
.
Infected copy of c:\windows\system32\winchat.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052327.exe
.
Infected copy of c:\windows\system32\winmine.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049566.exe
.
Infected copy of c:\windows\system32\wscript.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052330.exe
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052331.exe
.
Infected copy of c:\windows\system32\wuauclt1.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052332.exe
.
Infected copy of c:\windows\system32\Com\comrepl.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052160.exe
.
Infected copy of c:\windows\system32\npp\nppagent.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052247.exe
.
Infected copy of c:\windows\system32\oobe\oobebaln.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052253.exe
.
Infected copy of c:\windows\system32\Restore\rstrui.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049559.exe
.
Infected copy of c:\windows\system32\Restore\srdiag.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052267.exe
.
Infected copy of c:\windows\system32\usmt\migload.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052308.exe
.
Infected copy of c:\windows\system32\usmt\migwiz.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049557.exe
.
Infected copy of c:\windows\system32\usmt\migwiza.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052309.exe
.
Infected copy of c:\windows\system32\wbem\mofcomp.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052318.exe
.
Infected copy of c:\windows\system32\wbem\scrcons.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052319.exe
.
Infected copy of c:\windows\system32\wbem\wbemtest.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052320.exe
.
Infected copy of c:\windows\system32\wbem\winmgmt.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052321.exe
.
Infected copy of c:\windows\system32\wbem\wmiadap.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052322.exe
.
Infected copy of c:\windows\system32\wbem\wmiapsrv.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP216\A0049524.exe
.
Infected copy of c:\windows\system32\wbem\wmic.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052323.exe
.
Infected copy of c:\windows\system32\wbem\wmiprvse.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP218\A0052324.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-01 to 2013-02-01 )))))))))))))))))))))))))))))))
.
.
2013-01-30 23:36 . 2002-12-29 06:14 81920 ----a-w- c:\windows\system32\Startup.cpl
2013-01-30 23:32 . 2013-01-31 01:36 -------- d-----w- c:\program files\CCleaner
2013-01-30 11:14 . 2013-01-30 11:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-30 04:37 . 2013-01-30 13:26 -------- d-----w- c:\program files\HitmanPro
2013-01-30 04:37 . 2013-01-30 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-01-30 03:34 . 2013-01-30 03:34 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-24 23:16 . 2013-01-24 23:16 -------- d-----w- c:\documents and settings\Loser\Application Data\SMART Technologies
2013-01-15 03:19 . 2013-01-15 03:19 -------- d-----w- c:\documents and settings\Gummy Joe\Local Settings\Application Data\PCHealth
2013-01-09 23:03 . 2013-01-09 23:03 -------- d-----w- c:\program files\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-01 03:23 . 2006-02-15 14:03 339968 ----a-w- c:\windows\system32\mobsync.exe
2013-02-01 03:23 . 2006-02-15 14:02 585728 ----a-w- c:\windows\system32\cmd.exe
2013-02-01 03:23 . 2006-02-15 14:03 412160 ----a-w- c:\windows\system32\osk.exe
2013-02-01 03:23 . 2006-02-15 14:03 250368 ----a-w- c:\windows\system32\narrator.exe
2013-02-01 03:23 . 2006-02-15 15:33 323072 ----a-w- c:\windows\system32\wbem\wmiapsrv.exe
2013-02-01 03:23 . 2006-02-15 14:03 269312 ----a-w- c:\windows\system32\magnify.exe
2013-02-01 03:23 . 2006-02-15 14:04 269824 ----a-w- c:\windows\system32\tlntsvr.exe
2013-02-01 03:23 . 2006-02-15 14:03 286208 ----a-w- c:\windows\system32\smlogsvc.exe
2013-02-01 03:23 . 2006-02-15 14:04 255488 ----a-w- c:\windows\system32\spoolsv.exe
2013-02-01 03:23 . 2006-02-15 14:03 292352 ----a-w- c:\windows\system32\scardsvr.exe
2013-02-01 03:23 . 2006-02-15 15:34 337920 ----a-w- c:\windows\system32\sessmgr.exe
2013-02-01 03:23 . 2006-02-15 14:03 307712 ----a-w- c:\windows\system32\netdde.exe
2013-02-01 03:23 . 2006-02-15 14:03 275456 ----a-w- c:\windows\system32\msiexec.exe
2013-02-01 03:23 . 2006-02-15 14:02 347136 ----a-w- c:\windows\system32\imapi.exe
2013-02-01 03:23 . 2006-02-15 16:31 307200 ----a-w- c:\windows\system32\DVDRAMSV.exe
2013-02-01 02:42 . 2006-02-15 14:02 271872 ----a-w- c:\windows\system32\locator.exe
2013-02-01 02:42 . 2006-02-15 14:02 421376 ----a-w- c:\windows\system32\dmadmin.exe
2013-02-01 02:30 . 2006-02-15 14:02 202240 ----a-w- c:\windows\system32\cisvc.exe
2013-01-30 06:12 . 2012-12-21 00:39 282624 ----a-w- c:\windows\unvise32.exe
2013-01-30 06:12 . 2006-02-15 15:34 4593152 ----a-w- c:\windows\system32\wpgldfsh.scr
2013-01-30 06:12 . 2006-10-26 17:45 489984 ----a-w- c:\windows\system32\WISPTIS.EXE
2013-01-30 06:12 . 2008-04-14 00:12 225280 ----a-w- c:\windows\system32\verclsid.exe
2013-01-30 06:12 . 2006-02-15 14:01 243712 ----a-w- c:\windows\system32\uwdf.exe
2013-01-30 06:12 . 2006-02-15 15:34 241152 ----a-w- c:\windows\system32\tscupgrd.exe
2013-01-30 06:12 . 2006-02-15 16:59 299008 ----a-w- c:\windows\system32\Tossps.scr
2013-01-30 06:12 . 2006-02-15 16:28 274432 ----a-w- c:\windows\system32\tosmreg.exe
2013-01-30 06:11 . 2006-02-15 14:04 876544 ----a-w- c:\windows\system32\sstext3d.scr
2013-01-30 06:11 . 2006-02-15 14:04 806912 ----a-w- c:\windows\system32\sspipes.scr
2013-01-30 06:11 . 2006-02-15 14:04 589824 ----a-w- c:\windows\system32\ssflwbox.scr
2013-01-30 06:11 . 2006-02-15 14:04 243712 ----a-w- c:\windows\system32\ssmypics.scr
2013-01-30 06:11 . 2006-02-15 14:04 901120 ----a-w- c:\windows\system32\ss3dfo.scr
2013-01-30 06:11 . 2006-02-15 15:34 7290368 ----a-w- c:\windows\system32\space.scr
2013-01-30 06:11 . 2012-10-24 19:16 473088 ----a-w- c:\windows\system32\Smart Bulb Saver.scr
2013-01-30 06:11 . 2008-04-14 00:12 233472 ----a-w- c:\windows\system32\slrundll.exe
2013-01-30 06:10 . 2006-02-18 15:57 323584 ----a-w- c:\windows\system32\Prounstl.exe
2013-01-30 06:10 . 2010-03-18 15:09 485888 ----a-w- c:\windows\system32\PresentationHost.exe
2013-01-30 06:10 . 2006-02-15 15:34 3539968 ----a-w- c:\windows\system32\nature.scr
2013-01-30 06:10 . 2006-02-15 15:34 1938944 ----a-w- c:\windows\system32\mypixdx.scr
2013-01-30 06:10 . 2006-02-15 14:03 313856 ----a-w- c:\windows\system32\mqtgsvc.exe
2013-01-30 06:10 . 2006-02-15 14:03 216576 ----a-w- c:\windows\system32\mqbkup.exe
2013-01-30 06:09 . 2006-02-15 14:04 248320 ----a-w- c:\windows\system32\migpwd.exe
2013-01-30 06:09 . 2006-02-18 15:57 356352 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-01-30 06:09 . 2006-02-18 15:57 311296 ----a-w- c:\windows\system32\igfxzoom.exe
2013-01-30 06:09 . 2006-02-18 15:57 290816 ----a-w- c:\windows\system32\igfxext.exe
2013-01-30 06:09 . 2006-02-18 15:57 647168 ----a-w- c:\windows\system32\igfxcfg.exe
2013-01-30 06:09 . 2005-01-08 01:07 258560 ----a-w- c:\windows\system32\HdAShCut.exe
2013-01-30 06:09 . 2012-04-12 02:05 887808 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-30 06:09 . 2008-04-14 00:12 217600 ----a-w- c:\windows\system32\faxpatch.exe
2013-01-30 06:09 . 2005-08-04 02:29 368640 ----a-w- c:\windows\system32\drmupgds.exe
2013-01-30 06:08 . 2006-02-15 15:34 5265408 ----a-w- c:\windows\system32\davinci.scr
2013-01-30 06:07 . 2006-02-15 16:21 237568 ----a-w- c:\windows\system32\ChCfg.exe
2013-01-30 06:07 . 2007-03-14 09:06 339968 ----a-w- c:\windows\system32\BuEAppNT.exe
2013-01-30 06:07 . 2006-02-15 16:20 282624 ----a-w- c:\windows\SoundMan.exe
2013-01-30 06:04 . 2006-02-15 16:20 552960 ----a-w- c:\windows\RtlUpd.exe
2013-01-30 06:04 . 2006-02-15 16:20 9907200 ----a-w- c:\windows\RTLCPL.exe
2013-01-30 06:04 . 2006-02-15 16:20 15887872 ----a-w- c:\windows\RTHDCPL.exe
2013-01-30 06:02 . 2006-02-15 16:20 2338816 ----a-w- c:\windows\MicCal.exe
2013-01-30 06:02 . 2011-05-01 03:05 219648 ----a-w- c:\windows\kb913800.exe
2013-01-30 06:02 . 2006-02-16 09:18 503296 ----a-w- c:\windows\IsUninst.exe
2013-01-30 05:59 . 2006-02-16 10:18 294912 ----a-w- c:\windows\DLA.EXE
2013-01-30 05:59 . 2006-02-15 16:41 241664 ----a-w- c:\windows\cfdemo.scr
2013-01-30 05:12 . 2006-02-15 14:02 1230336 ----a-w- c:\windows\explorer.exe
2013-01-29 03:13 . 2006-02-15 16:28 307200 ----a-w- c:\windows\system32\cselect.exe
2013-01-29 02:45 . 2006-02-15 14:01 235520 ----a-w- c:\windows\system32\wdfmgr.exe
2013-01-09 03:02 . 2011-07-01 16:12 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-02-15 14:02 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2011-05-01 00:06 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 23:02 . 2012-10-13 23:48 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 23:02 . 2012-10-13 23:48 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-15 02:06 . 2012-10-13 23:48 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-13 01:25 . 2006-02-15 14:04 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-04-14 00:12 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-01 03:01 . 2012-11-01 03:01 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-02-01 . 933A6CF16FBCFA43BC1A03E6392CD12C . 255488 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2013-01-30 . 6A8243195488FEC4EC92877483A3DE0C . 1230336 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2013-01-30 . EFE1933DE8BE108E23F9D78FE02DCA4C . 1230336 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2013-01-29 . F5510A3FC7F659C0D5CAE79AC7BD2BF3 . 1228800 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Gummy Joe\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Gummy Joe\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Gummy Joe\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Gummy Joe\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2013-01-29 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-01-29 443904]
"sbsdk-server"="c:\program files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe" [2012-10-24 62360]
"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2013-01-29 10322944]
"SMART Ink"="c:\program files\SMART Technologies\Education Software\SMARTInk.exe" [2012-10-25 98200]
"RoxioNowMediaManagerApp"="c:\program files\Roxio\RoxioNow Player\RNowShell.exe" [2013-01-29 2975744]
.
c:\documents and settings\Gummy Joe\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Gummy Joe\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/13/2012 6:48 PM 36552]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/13/2012 6:48 PM 85280]
S2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/2/2011 7:37 PM 590336]
S2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe [10/24/2012 2:16 PM 994304]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/30/2013 6:14 AM 40776]
S3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [8/21/2012 9:02 AM 122752]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Gummy Joe\Application Data\Mozilla\Firefox\Profiles\998kq8k8.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
SafeBoot-65459818.sys
SafeBoot-86706486.sys
AddRemove-QuickTime - c:\windows\unvise32qt.exe
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-31 22:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1636)
c:\documents and settings\Gummy Joe\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\program files\Mozilla Firefox\mozglue.dll
c:\program files\Mozilla Firefox\mozsqlite3.dll
.
Completion time: 2013-01-31 22:31:34 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-01 03:31
.
Pre-Run: 72,594,038,784 bytes free
Post-Run: 73,906,159,616 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 643D8E5EC60FE99F45829A7CFE0B0389

Edited by doh102, 31 January 2013 - 10:42 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users