Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Farbar Recovery Scan Tool fixlist.txt


  • This topic is locked This topic is locked
27 replies to this topic

#1 mraman84

mraman84

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 26 February 2013 - 11:58 AM

Hi Guys, 

 

I recently installed a piece of software and in doing so also encountered the dreaded Delta Search malware.  It seems that I have been able to remedy the problem for the most part using Malwarebytes etc.  However, I am now experiencing the minor residual affects of the malware as far as 1)Shutting down my computer, 2) "Windows not responding" messages when right clicking on a program from time to time.  

 

I have since downloaded the Farbar Recovery Scan Tool and which is now requesting that I provide the fixlist.txt, which is where I have come unstuck.  I'd be really grateful if you could help as I mainly use my laptop for work purposes, and I'm a pretty concerned about potentially putting any of my clients at risk.   

 

I have enclosed FRST details below .  BTW I have since also performed a Clean Boot on my Windows 7.

 

Cheers, 

 

Mark

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2013 01
Ran by IFG at 26-02-2013 12:13:15
Running from F:\
  Service Pack 1 (X64) OS Language: English(US) 
Attention: Could not load system hive.
The operation completed successfully.
 
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.
 
 
==================== One Month Created Files and Folders ========
 
2013-02-26 11:52 - 2013-02-26 12:13 - 00000000 ____D C:\FRST
2013-02-26 10:22 - 2013-02-26 10:22 - 00131843 ____A C:\Users\IFG\Downloads\Unconfirmed 332128.crdownload
2013-02-26 03:10 - 2013-02-26 03:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (3).exe
2013-02-26 03:10 - 2013-02-26 03:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (2).exe
2013-02-26 03:10 - 2013-02-26 03:10 - 00000000 ____D C:\ProgramData\HitmanPro
2013-02-26 03:09 - 2013-02-26 03:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64.exe
2013-02-26 03:09 - 2013-02-26 03:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (1).exe
2013-02-26 03:09 - 2013-02-26 03:09 - 08736848 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro.exe
2013-02-26 02:33 - 2013-02-26 02:58 - 00000465 ____A C:\Windows\wininit.ini
2013-02-26 01:41 - 2013-02-26 01:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-02-26 01:41 - 2013-02-26 01:41 - 00001262 ____A C:\Users\IFG\Desktop\Spybot - Search & Destroy.lnk
2013-02-26 01:41 - 2013-02-26 01:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-02-26 01:39 - 2013-02-26 01:40 - 16409960 ____A (Safer Networking Limited                                    ) C:\Users\IFG\Downloads\spybotsd162.exe
2013-02-26 00:46 - 2013-02-26 00:46 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Malwarebytes
2013-02-26 00:37 - 2013-02-26 00:37 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-26 00:37 - 2013-02-26 00:37 - 00000000 ____D C:\Users\iPhone\AppData\Roaming\Malwarebytes
2013-02-26 00:37 - 2013-02-26 00:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-02-26 00:37 - 2013-02-26 00:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-26 00:22 - 2013-02-26 00:22 - 00000000 ____D C:\Users\iPhone\AppData\Roaming\RealNetworks
2013-02-25 19:39 - 2013-02-25 19:39 - 00000861 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-02-25 19:39 - 2013-02-25 19:39 - 00000861 ____A C:\Windows\System32\InstallUtil.InstallLog
2013-02-25 14:38 - 2013-02-25 14:38 - 00720384 ____A C:\Users\IFG\Downloads\Online proposal Source Republic.xls
2013-02-25 03:58 - 2013-02-25 03:58 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-02-25 03:43 - 2013-02-25 03:43 - 00262144 ____N C:\Windows\Minidump\022513-42213-01.dmp
2013-02-24 19:08 - 2013-02-24 19:08 - 00012610 ____A C:\Users\IFG\Downloads\Recruitment Software.xlsx
2013-02-24 18:46 - 2013-02-25 03:09 - 00000000 ____D C:\Users\IFG\Dropbox
2013-02-24 18:40 - 2013-02-24 22:15 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Dropbox
2013-02-24 17:55 - 2013-02-24 20:32 - 00000000 ____D C:\Users\IFG\AppData\Local\Giant Savings Extension
2013-02-24 17:54 - 2013-02-24 17:54 - 00000000 ____D C:\Users\IFG\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
2013-02-24 17:53 - 2013-02-24 20:29 - 00000000 ____D C:\Users\IFG\AppData\Roaming\HoolappForAndroid
2013-02-22 11:55 - 2013-02-22 11:56 - 07040440 ____A (Xobni) C:\Users\IFG\Downloads\XobniSetup (2).exe
2013-02-22 11:48 - 2013-02-22 11:50 - 00000000 ____D C:\Users\IFG\AppData\Local\Xobni
2013-02-22 11:46 - 2013-02-25 03:11 - 00000000 ____D C:\Program Files (x86)\Xobni
2013-02-22 11:46 - 2013-02-22 11:48 - 00000072 ____A C:\Users\IFG\AppData\Local\xobni_installer_updater.log
2013-02-14 22:52 - 2013-02-14 22:52 - 00016896 ____A C:\Users\IFG\Downloads\google ranking 2013.xls
2013-02-14 08:10 - 2013-01-08 22:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-14 08:10 - 2013-01-08 22:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-14 08:10 - 2013-01-08 22:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-14 08:10 - 2013-01-08 22:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-14 08:10 - 2013-01-08 22:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-14 08:10 - 2013-01-08 22:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-14 08:10 - 2013-01-08 22:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-14 08:10 - 2013-01-08 22:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-14 08:10 - 2013-01-08 22:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-14 08:10 - 2013-01-08 22:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-14 08:10 - 2013-01-08 22:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-14 08:10 - 2013-01-08 22:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-14 08:10 - 2013-01-08 22:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-14 08:10 - 2013-01-08 22:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-14 08:10 - 2013-01-08 22:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-14 08:10 - 2013-01-08 22:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-14 08:10 - 2013-01-08 21:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-14 08:10 - 2013-01-08 21:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-14 08:10 - 2013-01-08 21:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-14 08:10 - 2013-01-08 21:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-14 08:10 - 2013-01-08 21:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-14 08:10 - 2013-01-08 21:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-14 08:10 - 2013-01-08 21:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-14 08:10 - 2013-01-08 21:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-14 08:10 - 2013-01-08 21:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-14 08:10 - 2013-01-08 21:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-14 08:10 - 2013-01-08 21:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-14 08:10 - 2013-01-08 21:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-14 08:10 - 2013-01-08 21:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-14 08:10 - 2013-01-08 21:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-14 08:10 - 2013-01-08 21:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-14 08:10 - 2013-01-08 21:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-14 01:48 - 2013-01-05 05:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-14 01:48 - 2013-01-05 05:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-02-14 01:48 - 2013-01-05 05:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-14 01:48 - 2013-01-05 05:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-14 01:47 - 2013-01-04 04:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-14 01:47 - 2013-01-04 04:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wow32.dll
2013-02-14 01:47 - 2013-01-04 02:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-14 01:47 - 2013-01-04 02:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\setup16.exe
2013-02-14 01:47 - 2013-01-04 02:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-14 01:47 - 2013-01-04 02:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-02-14 01:47 - 2013-01-04 02:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-14 01:47 - 2013-01-04 02:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\instnm.exe
2013-02-14 01:47 - 2013-01-04 02:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-14 01:47 - 2013-01-04 02:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\user.exe
2013-02-13 15:31 - 2013-02-13 15:31 - 11694259 ____A C:\Users\IFG\Downloads\Contract.zip
2013-02-10 19:17 - 2013-02-10 19:17 - 00027144 ____A C:\Users\IFG\Downloads\CV.Marcin.Sarnowicz.111115.odt
2013-02-10 15:57 - 2013-02-10 15:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (3).exe
2013-02-10 15:57 - 2013-02-10 15:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (2).exe
2013-02-10 15:57 - 2013-02-10 15:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (1).exe
2013-02-10 15:55 - 2013-02-10 15:55 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4.exe
2013-02-09 23:16 - 2013-02-09 23:16 - 00002046 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-02-03 01:53 - 2012-12-05 08:56 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-02-03 01:53 - 2012-12-05 08:56 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-02-03 01:53 - 2012-12-05 08:56 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-02-03 01:53 - 2012-12-05 08:56 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-02-03 01:53 - 2012-12-05 08:56 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-02-03 01:53 - 2012-12-05 08:56 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-02-03 01:51 - 2013-02-03 01:53 - 00003449 ____A C:\Windows\SysWOW64\jupdate-1.6.0_39-b04.log
2013-02-03 01:51 - 2013-02-03 01:53 - 00003449 ____A C:\Windows\System32\jupdate-1.6.0_39-b04.log
2013-01-31 11:31 - 2013-01-31 11:33 - 00035617 ____A C:\Users\IFG\Documents\Miss Malgorzata Szeremeta CV docx.odt
2013-01-30 15:44 - 2013-01-30 15:44 - 00392704 ____A C:\Users\IFG\Downloads\SAP FöRETAG I NORDEN (3).xls
2013-01-30 15:44 - 2013-01-30 15:44 - 00392704 ____A C:\Users\IFG\Downloads\SAP FöRETAG I NORDEN (2).xls
 
==================== One Month Modified Files and Folders ========
 
2013-02-26 19:40 - 2010-08-23 09:11 - 00000000 ____D C:\ProgramData\Recovery
2013-02-26 12:13 - 2013-02-26 11:52 - 00000000 ____D C:\FRST
2013-02-26 11:35 - 2009-07-14 05:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-26 11:35 - 2009-07-14 04:51 - 00123955 ____A C:\Windows\setupact.log
2013-02-26 10:45 - 2009-11-05 09:25 - 01981310 ____A C:\Windows\WindowsUpdate.log
2013-02-26 10:38 - 2011-02-23 19:40 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-26 10:22 - 2013-02-26 10:22 - 00131843 ____A C:\Users\IFG\Downloads\Unconfirmed 332128.crdownload
2013-02-26 10:21 - 2012-05-30 06:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-26 10:19 - 2011-02-23 19:40 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-26 07:54 - 2010-08-31 11:31 - 00000000 ___RD C:\Users\IFG\Documents\Outlook Files
2013-02-26 03:10 - 2013-02-26 03:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (3).exe
2013-02-26 03:10 - 2013-02-26 03:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (2).exe
2013-02-26 03:10 - 2013-02-26 03:10 - 00000000 ____D C:\ProgramData\HitmanPro
2013-02-26 03:10 - 2013-02-26 03:09 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64.exe
2013-02-26 03:10 - 2013-02-26 03:09 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (1).exe
2013-02-26 03:09 - 2013-02-26 03:09 - 08736848 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro.exe
2013-02-26 03:05 - 2009-11-05 09:32 - 00298324 ____A C:\Windows\PFRO.log
2013-02-26 02:58 - 2013-02-26 02:33 - 00000465 ____A C:\Windows\wininit.ini
2013-02-26 02:33 - 2009-07-14 03:20 - 00000000 ___RD C:\Program Files (x86)
2013-02-26 01:50 - 2013-02-26 01:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-02-26 01:41 - 2013-02-26 01:41 - 00001262 ____A C:\Users\IFG\Desktop\Spybot - Search & Destroy.lnk
2013-02-26 01:41 - 2013-02-26 01:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-02-26 01:40 - 2013-02-26 01:39 - 16409960 ____A (Safer Networking Limited                                    ) C:\Users\IFG\Downloads\spybotsd162.exe
2013-02-26 00:46 - 2013-02-26 00:46 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Malwarebytes
2013-02-26 00:37 - 2013-02-26 00:37 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-26 00:37 - 2013-02-26 00:37 - 00000000 ____D C:\Users\iPhone\AppData\Roaming\Malwarebytes
2013-02-26 00:37 - 2013-02-26 00:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-02-26 00:37 - 2013-02-26 00:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-26 00:22 - 2013-02-26 00:22 - 00000000 ____D C:\Users\iPhone\AppData\Roaming\RealNetworks
2013-02-26 00:13 - 2011-05-10 09:06 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Mozilla
2013-02-26 00:13 - 2011-05-10 09:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-25 20:17 - 2009-11-07 03:54 - 00000000 ____D C:\ProgramData\Adobe
2013-02-25 20:17 - 2009-11-07 03:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-02-25 20:17 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64
2013-02-25 19:39 - 2013-02-25 19:39 - 00000861 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-02-25 19:39 - 2013-02-25 19:39 - 00000861 ____A C:\Windows\System32\InstallUtil.InstallLog
2013-02-25 18:58 - 2012-09-21 18:06 - 00121768 ____A C:\Users\iPhone\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-25 18:57 - 2012-09-21 18:05 - 00000000 ____D C:\Users\iPhone\AppData\Roaming\Real
2013-02-25 18:41 - 2010-09-08 11:08 - 00007597 ____A C:\Users\IFG\AppData\Local\Resmon.ResmonCfg
2013-02-25 14:38 - 2013-02-25 14:38 - 00720384 ____A C:\Users\IFG\Downloads\Online proposal Source Republic.xls
2013-02-25 10:37 - 2012-02-05 21:25 - 00000402 ___AH C:\Windows\Tasks\Norton Security Scan for IFG.job
2013-02-25 03:58 - 2013-02-25 03:58 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-02-25 03:43 - 2013-02-25 03:43 - 00262144 ____N C:\Windows\Minidump\022513-42213-01.dmp
2013-02-25 03:43 - 2012-01-08 02:20 - 00000000 ____D C:\Windows\Minidump
2013-02-25 03:24 - 2010-07-24 12:37 - 00000000 ____D C:\users\IFG
2013-02-25 03:19 - 2012-09-21 18:01 - 00000000 ____D C:\users\iPhone
2013-02-25 03:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-02-25 03:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-02-25 03:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-02-25 03:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-02-25 03:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-02-25 03:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-02-25 03:19 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\Media
2013-02-25 03:19 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-02-25 03:19 - 2009-07-14 03:20 - 00000000 ___RD C:\users\Public
2013-02-25 03:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\IME
2013-02-25 03:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Cursors
2013-02-25 03:19 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-02-25 03:19 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-02-25 03:18 - 2013-01-08 17:41 - 00000000 ____D C:\Users\IFG\Downloads\Wahiba Normandy_files
2013-02-25 03:18 - 2012-09-21 10:58 - 00000000 ____D C:\Users\IFG\Downloads\GSH Energy and Facilities Management Services. - GSH Group_files
2013-02-25 03:18 - 2012-05-08 18:16 - 00000000 ____D C:\Users\IFG\Downloads\Fernando Lafuente - ERP Consulting Exchange_files
2013-02-25 03:18 - 2011-01-03 00:36 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Spotify
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\SysWOW64\wspell
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\SysWOW64\SPPro
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\SysWOW64\SOLPIM3
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\SysWOW64\GridTools2
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\SysWOW64\DBI Com Controls
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\SysWOW64\CTOCX4
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\System32\wspell
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\System32\SPPro
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\System32\SOLPIM3
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\System32\GridTools2
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\System32\DBI Com Controls
2013-02-25 03:18 - 2010-09-13 09:46 - 00000000 ____D C:\Windows\System32\CTOCX4
2013-02-25 03:18 - 2010-08-26 19:38 - 00000000 ___RD C:\Users\IFG\Documents\UDC Output Files
2013-02-25 03:18 - 2010-08-18 16:42 - 00000000 __RSD C:\Users\IFG\Documents\My Stationery
2013-02-25 03:18 - 2009-11-05 09:28 - 00000000 ____D C:\Windows\SysWOW64\x64
2013-02-25 03:18 - 2009-11-05 09:28 - 00000000 ____D C:\Windows\System32\x64
2013-02-25 03:18 - 2009-09-07 00:40 - 00000000 ___HD C:\SYSTEM.SAV
2013-02-25 03:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-02-25 03:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\AppCompat
2013-02-25 03:17 - 2012-11-21 07:54 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-02-25 03:17 - 2012-09-20 19:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-25 03:17 - 2012-03-16 11:13 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-02-25 03:17 - 2012-02-05 19:25 - 00000000 ____D C:\ProgramData\Real
2013-02-25 03:17 - 2012-01-24 08:57 - 00000000 ____D C:\ProgramData\WebEx
2013-02-25 03:17 - 2010-09-13 09:46 - 00000000 __HDC C:\ProgramData\{8A09F520-A356-4F22-B1E2-D150A7F509CC}
2013-02-25 03:17 - 2010-09-01 14:58 - 00000000 ____D C:\ProgramData\McAfee
2013-02-25 03:17 - 2010-08-26 17:16 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-02-25 03:17 - 2009-11-07 04:15 - 00000000 ____D C:\ProgramData\CyberLink
2013-02-25 03:17 - 2009-11-07 03:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-02-25 03:17 - 2009-11-07 02:56 - 00000000 ____D C:\ProgramData\WildTangent
2013-02-25 03:16 - 2012-11-18 14:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-02-25 03:16 - 2012-09-20 19:43 - 00000000 ____D C:\Program Files\iTunes
2013-02-25 03:16 - 2012-07-18 17:17 - 00000000 ____D C:\Program Files\Bonjour
2013-02-25 03:16 - 2012-02-05 21:25 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-02-25 03:16 - 2011-09-18 17:54 - 00000000 ____D C:\Program Files (x86)\T-Mobile Wireless Pointer
2013-02-25 03:16 - 2011-05-21 22:26 - 00000000 ____D C:\Program Files (x86)\Veetle
2013-02-25 03:16 - 2011-01-31 22:49 - 00000000 ____D C:\Program Files\IDT
2013-02-25 03:16 - 2011-01-03 00:36 - 00000000 ____D C:\Program Files (x86)\Spotify
2013-02-25 03:16 - 2010-08-27 16:20 - 00000000 ____D C:\Program Files (x86)\Safari
2013-02-25 03:16 - 2010-08-26 19:37 - 00000000 ____D C:\Program Files (x86)\Universal Document Converter
2013-02-25 03:16 - 2010-07-24 12:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-02-25 03:16 - 2009-11-07 02:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-02-25 03:16 - 2009-11-07 02:56 - 00000000 ___RD C:\Program Files (x86)\Online Services
2013-02-25 03:15 - 2012-05-14 15:14 - 00000000 ____D C:\Program Files (x86)\Free Text Pad
2013-02-25 03:15 - 2012-03-16 11:13 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-02-25 03:15 - 2011-07-15 13:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-02-25 03:15 - 2010-09-13 14:06 - 00000000 ____D C:\Program Files (x86)\Free PDF to Word Doc Converter
2013-02-25 03:15 - 2010-08-31 23:58 - 00000000 ____D C:\Program Files (x86)\EasyMail SMTP Express
2013-02-25 03:15 - 2010-08-31 23:56 - 00000000 ____D C:\Program Files (x86)\Digitec 1stSelect V5
2013-02-25 03:15 - 2009-11-07 04:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-02-25 03:15 - 2009-11-07 04:31 - 00000000 ____D C:\Program Files (x86)\EasyBits For Kids
2013-02-25 03:15 - 2009-11-07 03:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2013-02-25 03:15 - 2009-11-07 02:56 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-02-25 03:14 - 2012-12-05 09:07 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-02-25 03:14 - 2012-07-18 17:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-02-25 03:14 - 2012-02-26 22:20 - 00000000 ____D C:\IRIS Payroll Basics
2013-02-25 03:14 - 2011-07-15 13:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-02-25 03:14 - 2011-02-11 21:36 - 00000000 ____D C:\2bb7cacca8f176ec363f0151
2013-02-25 03:14 - 2010-08-18 16:41 - 00000000 ____D C:\Program Files (x86)\BTBusinessHub
2013-02-25 03:14 - 2009-11-07 04:15 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-02-25 03:14 - 2009-11-05 09:31 - 00000000 ____D C:\Program Files (x86)\Atheros
2013-02-25 03:11 - 2013-02-22 11:46 - 00000000 ____D C:\Program Files (x86)\Xobni
2013-02-25 03:09 - 2013-02-24 18:46 - 00000000 ____D C:\Users\IFG\Dropbox
2013-02-25 03:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2013-02-25 02:53 - 2010-08-31 23:56 - 00000000 ____D C:\Server16
2013-02-25 02:36 - 2010-08-18 17:28 - 00000000 ____D C:\Program Files (x86)\Google
2013-02-24 22:15 - 2013-02-24 18:40 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Dropbox
2013-02-24 20:32 - 2013-02-24 17:55 - 00000000 ____D C:\Users\IFG\AppData\Local\Giant Savings Extension
2013-02-24 20:29 - 2013-02-24 17:53 - 00000000 ____D C:\Users\IFG\AppData\Roaming\HoolappForAndroid
2013-02-24 19:08 - 2013-02-24 19:08 - 00012610 ____A C:\Users\IFG\Downloads\Recruitment Software.xlsx
2013-02-24 17:54 - 2013-02-24 17:54 - 00000000 ____D C:\Users\IFG\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
2013-02-22 11:56 - 2013-02-22 11:55 - 07040440 ____A (Xobni) C:\Users\IFG\Downloads\XobniSetup (2).exe
2013-02-22 11:50 - 2013-02-22 11:48 - 00000000 ____D C:\Users\IFG\AppData\Local\Xobni
2013-02-22 11:48 - 2013-02-22 11:46 - 00000072 ____A C:\Users\IFG\AppData\Local\xobni_installer_updater.log
2013-02-19 14:08 - 2012-02-21 18:09 - 00000324 ____A C:\Windows\Tasks\HPCeeScheduleForIFG.job
2013-02-18 10:07 - 2010-08-22 15:04 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-02-18 10:07 - 2010-08-22 15:04 - 00000052 ____A C:\Windows\System32\DOErrors.log
2013-02-14 22:52 - 2013-02-14 22:52 - 00016896 ____A C:\Users\IFG\Downloads\google ranking 2013.xls
2013-02-13 15:31 - 2013-02-13 15:31 - 11694259 ____A C:\Users\IFG\Downloads\Contract.zip
2013-02-10 19:17 - 2013-02-10 19:17 - 00027144 ____A C:\Users\IFG\Downloads\CV.Marcin.Sarnowicz.111115.odt
2013-02-10 15:57 - 2013-02-10 15:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (3).exe
2013-02-10 15:57 - 2013-02-10 15:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (2).exe
2013-02-10 15:57 - 2013-02-10 15:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (1).exe
2013-02-10 15:55 - 2013-02-10 15:55 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4.exe
2013-02-09 23:16 - 2013-02-09 23:16 - 00002046 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-02-07 22:21 - 2012-05-30 06:51 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-07 22:21 - 2012-05-30 06:51 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-02-07 22:21 - 2011-05-14 18:05 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-07 22:21 - 2011-05-14 18:05 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-02-06 20:58 - 2010-09-01 15:13 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-02-03 01:53 - 2013-02-03 01:51 - 00003449 ____A C:\Windows\SysWOW64\jupdate-1.6.0_39-b04.log
2013-02-03 01:53 - 2013-02-03 01:51 - 00003449 ____A C:\Windows\System32\jupdate-1.6.0_39-b04.log
2013-02-03 01:53 - 2009-11-07 04:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-01-31 23:09 - 2012-03-19 20:57 - 00000000 ____D C:\Users\IFG\Documents\Employees
2013-01-31 11:33 - 2013-01-31 11:31 - 00035617 ____A C:\Users\IFG\Documents\Miss Malgorzata Szeremeta CV docx.odt
2013-01-30 15:44 - 2013-01-30 15:44 - 00392704 ____A C:\Users\IFG\Downloads\SAP FöRETAG I NORDEN (3).xls
2013-01-30 15:44 - 2013-01-30 15:44 - 00392704 ____A C:\Users\IFG\Downloads\SAP FöRETAG I NORDEN (2).xls
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe
[2011-04-28 07:12] - [2011-02-25 06:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
 
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll
[2011-05-25 21:47] - [2010-11-20 12:08] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 3002.93 MB
Available physical RAM: 2124.41 MB
Total Pagefile: 6004.04 MB
Available Pagefile: 5193.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3995.38 MB
 
==================== Partitions =============================
 
1 Drive c: () (Fixed) (Total:285.42 GB) (Free:201.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:12.47 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.85 GB) (Free:0.44 GB) FAT
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B         
  Disk 1    Online         1896 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: 50D0CCD5
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            199 MB  1024 KB
  Partition 2    Primary            285 GB   200 MB
  Partition 3    Primary             12 GB   285 GB
 
=========================================================
 
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         SYSTEM       NTFS   Partition    199 MB  Healthy    System (partition with boot components)  
 
=========================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    285 GB  Healthy    Boot    
 
=========================================================
 
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   RECOVERY     NTFS   Partition     12 GB  Healthy            
 
=========================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 00BABB19
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1895 MB    16 KB
 
=========================================================
 
Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F                FAT    Removable   1895 MB  Healthy            
 
=========================================================
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 PM

Posted 26 February 2013 - 01:19 PM

Hello mraman84,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
  • ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

    This tool was not ran properly as seen by this statement in your log. We will now run it properly. Make sure to read all the directions and follow them. This tool need to be ran from within the Recovery Environment.





    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:

  • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 mraman84

mraman84
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 26 February 2013 - 03:43 PM

Hi fireman4it,

 

That's great, thanks a lot.  I've now performed this task correctly in the recovery environment and have enclosed the FRST.txt below. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2013 01
Ran by SYSTEM at 26-02-2013 20:13:37
Running from G:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001
 
==================== Registry (Whitelisted) ===================
 
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-11-06] (Sun Microsystems, Inc.)
HKLM\...\Run: [PC Optimizer Pro] "C:\Program Files\PC Optimizer Pro\StartApps.exe" -s [x]
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-01-31] (IDT, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1644680 2013-02-08] (Ask)
HKU\IFG\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\IFG\...\Policies\system: [DisableLockWorkstation] 0
HKU\IFG\...\Policies\system: [DisableChangePassword] 0
HKU\iPhone\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\iPhone\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex [699248 2013-02-07] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B9E1A3AE-D91D-4AC6-8FAF-C39D5C7155EF}: [NameServer]88.82.13.12 88.82.13.12
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
 
==================== Services (Whitelisted) ===================
 
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" [103472 2012-12-04] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe" [235216 2013-02-05] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241016 2012-12-26] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-12-26] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [182312 2012-12-26] (McAfee, Inc.)
2 msoidsvc; "C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE" [2079520 2012-05-17] (Microsoft Corp.)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-12-23] (Trusteer Ltd.)
4 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [38608 2012-11-29] ()
4 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 smtpexp; "C:\Program Files (x86)\EasyMail SMTP Express\smtpexp.exe" -r [176193 2005-03-30] (Quiksoft Corporation)
 
==================== Drivers (Whitelisted) =====================
 
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-12-26] (McAfee, Inc.)
3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-12-26] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-12-26] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-12-26] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)
1 RapportCerberus_43926; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-04] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-09-22] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2013-02-05] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-12-23] (Trusteer Ltd.)
3 vodafone_K380x-z_dc_enum; C:\Windows\System32\Drivers\vodafone_K380x-z_dc_enum.sys [75776 2010-05-20] (Vodafone)
3 ZTEusbwwan; C:\Windows\System32\Drivers\ZTEusbwwan.sys [237056 2011-04-28] (ZTE Incorporated)
4 eabfiltr;  [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
 
==================== NetSvcs (Whitelisted) ====================
 
 
==================== One Month Created Files and Folders ========
 
2013-02-26 12:07 - 2013-02-26 12:08 - 01464427 ____A (Farbar) C:\Users\IFG\Downloads\FRST64 (4).exe
2013-02-26 12:05 - 2013-02-26 12:05 - 01464427 ____A (Farbar) C:\Users\IFG\Downloads\FRST64 (3).exe
2013-02-26 11:58 - 2013-02-26 11:59 - 00027031 ____A C:\Users\IFG\Downloads\FRST.txt
2013-02-26 11:55 - 2013-02-26 11:55 - 01464427 ____A (Farbar) C:\Users\IFG\Downloads\FRST64 (2).exe
2013-02-26 11:49 - 2013-02-26 11:49 - 01464427 ____A (Farbar) C:\Users\IFG\Downloads\FRST64 (1).exe
2013-02-26 11:46 - 2013-02-26 11:46 - 01464427 ____A (Farbar) C:\Users\IFG\Downloads\FRST64.exe
2013-02-26 03:52 - 2013-02-26 11:56 - 00000000 ____D C:\FRST
2013-02-26 02:22 - 2013-02-26 02:22 - 00131843 ____A C:\Users\IFG\Downloads\Unconfirmed 332128.crdownload
2013-02-25 19:10 - 2013-02-25 19:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (3).exe
2013-02-25 19:10 - 2013-02-25 19:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (2).exe
2013-02-25 19:10 - 2013-02-25 19:10 - 00000000 ____D C:\ProgramData\HitmanPro
2013-02-25 19:09 - 2013-02-25 19:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64.exe
2013-02-25 19:09 - 2013-02-25 19:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (1).exe
2013-02-25 19:09 - 2013-02-25 19:09 - 08736848 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro.exe
2013-02-25 18:33 - 2013-02-25 18:58 - 00000465 ____A C:\Windows\wininit.ini
2013-02-25 17:41 - 2013-02-25 17:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-02-25 17:41 - 2013-02-25 17:41 - 00001262 ____A C:\Users\IFG\Desktop\Spybot - Search & Destroy.lnk
2013-02-25 17:41 - 2013-02-25 17:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-02-25 17:39 - 2013-02-25 17:40 - 16409960 ____A (Safer Networking Limited                                    ) C:\Users\IFG\Downloads\spybotsd162.exe
2013-02-25 16:46 - 2013-02-25 16:46 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Malwarebytes
2013-02-25 16:37 - 2013-02-25 16:37 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-25 16:37 - 2013-02-25 16:37 - 00000000 ____D C:\Users\iPhone\AppData\Roaming\Malwarebytes
2013-02-25 16:37 - 2013-02-25 16:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-02-25 16:37 - 2013-02-25 16:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-25 16:37 - 2012-12-14 08:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-02-25 16:22 - 2013-02-25 16:22 - 00000000 ____D C:\Users\iPhone\AppData\Roaming\RealNetworks
2013-02-25 11:39 - 2013-02-25 11:39 - 00000861 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-02-25 06:38 - 2013-02-25 06:38 - 00720384 ____A C:\Users\IFG\Downloads\Online proposal Source Republic.xls
2013-02-24 19:58 - 2013-02-24 19:58 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-02-24 19:43 - 2013-02-24 19:43 - 00262144 ____N C:\Windows\Minidump\022513-42213-01.dmp
2013-02-24 11:08 - 2013-02-24 11:08 - 00012610 ____A C:\Users\IFG\Downloads\Recruitment Software.xlsx
2013-02-24 10:46 - 2013-02-24 19:09 - 00000000 ____D C:\Users\IFG\Dropbox
2013-02-24 10:40 - 2013-02-24 14:15 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Dropbox
2013-02-24 09:55 - 2013-02-24 12:32 - 00000000 ____D C:\Users\IFG\AppData\Local\Giant Savings Extension
2013-02-24 09:54 - 2013-02-24 09:54 - 00000000 ____D C:\Users\IFG\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
2013-02-24 09:53 - 2013-02-24 12:29 - 00000000 ____D C:\Users\IFG\AppData\Roaming\HoolappForAndroid
2013-02-22 03:55 - 2013-02-22 03:56 - 07040440 ____A (Xobni) C:\Users\IFG\Downloads\XobniSetup (2).exe
2013-02-22 03:48 - 2013-02-22 03:50 - 00000000 ____D C:\Users\IFG\AppData\Local\Xobni
2013-02-22 03:46 - 2013-02-24 19:11 - 00000000 ____D C:\Program Files (x86)\Xobni
2013-02-22 03:46 - 2013-02-22 03:48 - 00000072 ____A C:\Users\IFG\AppData\Local\xobni_installer_updater.log
2013-02-14 14:52 - 2013-02-14 14:52 - 00016896 ____A C:\Users\IFG\Downloads\google ranking 2013.xls
2013-02-14 00:10 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-14 00:10 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-14 00:10 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-14 00:10 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-14 00:10 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-14 00:10 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-14 00:10 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-14 00:10 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-14 00:10 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-14 00:10 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-14 00:10 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-14 00:10 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-14 00:10 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-14 00:10 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-14 00:10 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-14 00:10 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-14 00:10 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-14 00:10 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-14 00:10 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-14 00:10 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-14 00:10 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-14 00:10 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-14 00:10 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-14 00:10 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-14 00:10 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-14 00:10 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-14 00:10 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-14 00:10 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-14 00:10 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-14 00:10 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-14 00:10 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-14 00:10 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-13 17:48 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-13 17:48 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-13 17:48 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-13 17:47 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 17:47 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-13 17:47 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-13 17:47 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-13 17:47 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-13 17:47 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-13 17:47 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-13 17:46 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-13 17:46 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-13 07:31 - 2013-02-13 07:31 - 11694259 ____A C:\Users\IFG\Downloads\Contract.zip
2013-02-10 11:17 - 2013-02-10 11:17 - 00027144 ____A C:\Users\IFG\Downloads\CV.Marcin.Sarnowicz.111115.odt
2013-02-10 07:57 - 2013-02-10 07:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (3).exe
2013-02-10 07:57 - 2013-02-10 07:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (2).exe
2013-02-10 07:57 - 2013-02-10 07:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (1).exe
2013-02-10 07:55 - 2013-02-10 07:55 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4.exe
2013-02-09 15:16 - 2013-02-09 15:16 - 00002046 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-02-02 17:53 - 2012-12-05 00:56 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-02-02 17:53 - 2012-12-05 00:56 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-02-02 17:53 - 2012-12-05 00:56 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-02-02 17:51 - 2013-02-02 17:53 - 00003449 ____A C:\Windows\SysWOW64\jupdate-1.6.0_39-b04.log
2013-01-31 03:31 - 2013-01-31 03:33 - 00035617 ____A C:\Users\IFG\Documents\Miss Malgorzata Szeremeta CV docx.odt
2013-01-30 07:44 - 2013-01-30 07:44 - 00392704 ____A C:\Users\IFG\Downloads\SAP FöRETAG I NORDEN (3).xls
2013-01-30 07:44 - 2013-01-30 07:44 - 00392704 ____A C:\Users\IFG\Downloads\SAP FöRETAG I NORDEN (2).xls
 
==================== One Month Modified Files and Folders =======
 
2013-02-26 12:08 - 2013-02-26 12:07 - 01464427 ____A (Farbar) C:\Users\IFG\Downloads\FRST64 (4).exe
2013-02-26 12:05 - 2013-02-26 12:05 - 01464427 ____A (Farbar) C:\Users\IFG\Downloads\FRST64 (3).exe
2013-02-26 11:59 - 2013-02-26 11:58 - 00027031 ____A C:\Users\IFG\Downloads\FRST.txt
2013-02-26 11:56 - 2013-02-26 03:52 - 00000000 ____D C:\FRST
2013-02-26 11:55 - 2013-02-26 11:55 - 01464427 ____A (Farbar) C:\Users\IFG\Downloads\FRST64 (2).exe
2013-02-26 11:55 - 2009-11-05 01:25 - 02017624 ____A C:\Windows\WindowsUpdate.log
2013-02-26 11:52 - 2011-02-23 11:40 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-26 11:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-26 11:51 - 2009-07-13 20:51 - 00124739 ____A C:\Windows\setupact.log
2013-02-26 11:49 - 2013-02-26 11:49 - 01464427 ____A (Farbar) C:\Users\IFG\Downloads\FRST64 (1).exe
2013-02-26 11:46 - 2013-02-26 11:46 - 01464427 ____A (Farbar) C:\Users\IFG\Downloads\FRST64.exe
2013-02-26 11:40 - 2010-08-23 01:11 - 00000000 ____D C:\ProgramData\Recovery
2013-02-26 11:35 - 2011-02-23 11:40 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-26 10:21 - 2012-05-29 22:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-26 06:54 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-26 06:54 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-26 02:22 - 2013-02-26 02:22 - 00131843 ____A C:\Users\IFG\Downloads\Unconfirmed 332128.crdownload
2013-02-25 23:54 - 2010-08-31 03:31 - 00000000 ___RD C:\Users\IFG\Documents\Outlook Files
2013-02-25 19:10 - 2013-02-25 19:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (3).exe
2013-02-25 19:10 - 2013-02-25 19:10 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (2).exe
2013-02-25 19:10 - 2013-02-25 19:10 - 00000000 ____D C:\ProgramData\HitmanPro
2013-02-25 19:10 - 2013-02-25 19:09 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64.exe
2013-02-25 19:10 - 2013-02-25 19:09 - 09511456 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro_x64 (1).exe
2013-02-25 19:09 - 2013-02-25 19:09 - 08736848 ____A (SurfRight B.V.) C:\Users\IFG\Downloads\HitmanPro.exe
2013-02-25 19:05 - 2009-11-05 01:32 - 00298324 ____A C:\Windows\PFRO.log
2013-02-25 18:58 - 2013-02-25 18:33 - 00000465 ____A C:\Windows\wininit.ini
2013-02-25 17:50 - 2013-02-25 17:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-02-25 17:41 - 2013-02-25 17:41 - 00001262 ____A C:\Users\IFG\Desktop\Spybot - Search & Destroy.lnk
2013-02-25 17:41 - 2013-02-25 17:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-02-25 17:40 - 2013-02-25 17:39 - 16409960 ____A (Safer Networking Limited                                    ) C:\Users\IFG\Downloads\spybotsd162.exe
2013-02-25 16:46 - 2013-02-25 16:46 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Malwarebytes
2013-02-25 16:37 - 2013-02-25 16:37 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-25 16:37 - 2013-02-25 16:37 - 00000000 ____D C:\Users\iPhone\AppData\Roaming\Malwarebytes
2013-02-25 16:37 - 2013-02-25 16:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-02-25 16:37 - 2013-02-25 16:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-25 16:22 - 2013-02-25 16:22 - 00000000 ____D C:\Users\iPhone\AppData\Roaming\RealNetworks
2013-02-25 16:13 - 2011-05-10 01:06 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Mozilla
2013-02-25 16:13 - 2011-05-10 01:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-25 12:17 - 2009-11-06 19:54 - 00000000 ____D C:\ProgramData\Adobe
2013-02-25 12:17 - 2009-11-06 19:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-02-25 11:39 - 2013-02-25 11:39 - 00000861 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-02-25 10:58 - 2012-09-21 10:06 - 00121768 ____A C:\Users\iPhone\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-25 10:57 - 2012-09-21 10:05 - 00000000 ____D C:\Users\iPhone\AppData\Roaming\Real
2013-02-25 10:41 - 2010-09-08 03:08 - 00007597 ____A C:\Users\IFG\AppData\Local\Resmon.ResmonCfg
2013-02-25 06:38 - 2013-02-25 06:38 - 00720384 ____A C:\Users\IFG\Downloads\Online proposal Source Republic.xls
2013-02-25 02:37 - 2012-02-05 13:25 - 00000402 ___AH C:\Windows\Tasks\Norton Security Scan for IFG.job
2013-02-25 01:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-02-24 19:58 - 2013-02-24 19:58 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-02-24 19:43 - 2013-02-24 19:43 - 00262144 ____N C:\Windows\Minidump\022513-42213-01.dmp
2013-02-24 19:43 - 2012-01-07 18:20 - 00000000 ____D C:\Windows\Minidump
2013-02-24 19:24 - 2010-07-24 04:37 - 00000000 ____D C:\users\IFG
2013-02-24 19:19 - 2012-09-21 10:01 - 00000000 ____D C:\users\iPhone
2013-02-24 19:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-02-24 19:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-02-24 19:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-02-24 19:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-02-24 19:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-02-24 19:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-02-24 19:19 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-02-24 19:19 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-02-24 19:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Recovery
2013-02-24 19:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-02-24 19:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-02-24 19:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-02-24 19:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-02-24 19:19 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-02-24 19:19 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-02-24 19:18 - 2013-01-08 09:41 - 00000000 ____D C:\Users\IFG\Downloads\Wahiba Normandy_files
2013-02-24 19:18 - 2012-09-21 02:58 - 00000000 ____D C:\Users\IFG\Downloads\GSH Energy and Facilities Management Services. - GSH Group_files
2013-02-24 19:18 - 2012-05-08 10:16 - 00000000 ____D C:\Users\IFG\Downloads\Fernando Lafuente - ERP Consulting Exchange_files
2013-02-24 19:18 - 2011-07-16 10:05 - 00000000 ____D C:\Windows\System32\SPReview
2013-02-24 19:18 - 2011-07-16 10:03 - 00000000 ____D C:\Windows\System32\EventProviders
2013-02-24 19:18 - 2011-01-02 16:36 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Spotify
2013-02-24 19:18 - 2010-09-13 01:46 - 00000000 ____D C:\Windows\SysWOW64\wspell
2013-02-24 19:18 - 2010-09-13 01:46 - 00000000 ____D C:\Windows\SysWOW64\SPPro
2013-02-24 19:18 - 2010-09-13 01:46 - 00000000 ____D C:\Windows\SysWOW64\SOLPIM3
2013-02-24 19:18 - 2010-09-13 01:46 - 00000000 ____D C:\Windows\SysWOW64\GridTools2
2013-02-24 19:18 - 2010-09-13 01:46 - 00000000 ____D C:\Windows\SysWOW64\DBI Com Controls
2013-02-24 19:18 - 2010-09-13 01:46 - 00000000 ____D C:\Windows\SysWOW64\CTOCX4
2013-02-24 19:18 - 2010-08-26 11:38 - 00000000 ___RD C:\Users\IFG\Documents\UDC Output Files
2013-02-24 19:18 - 2010-08-18 08:42 - 00000000 __RSD C:\Users\IFG\Documents\My Stationery
2013-02-24 19:18 - 2009-11-05 01:28 - 00000000 ____D C:\Windows\SysWOW64\x64
2013-02-24 19:18 - 2009-09-06 16:40 - 00000000 ___HD C:\SYSTEM.SAV
2013-02-24 19:18 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-02-24 19:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-02-24 19:17 - 2012-11-20 23:54 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-02-24 19:17 - 2012-09-20 11:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 19:17 - 2012-03-16 03:13 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-02-24 19:17 - 2012-02-05 11:25 - 00000000 ____D C:\ProgramData\Real
2013-02-24 19:17 - 2012-01-24 00:57 - 00000000 ____D C:\ProgramData\WebEx
2013-02-24 19:17 - 2010-09-13 01:46 - 00000000 __HDC C:\ProgramData\{8A09F520-A356-4F22-B1E2-D150A7F509CC}
2013-02-24 19:17 - 2010-09-01 06:58 - 00000000 ____D C:\ProgramData\McAfee
2013-02-24 19:17 - 2010-08-26 09:16 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-02-24 19:17 - 2009-11-06 20:15 - 00000000 ____D C:\ProgramData\CyberLink
2013-02-24 19:17 - 2009-11-06 19:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-02-24 19:17 - 2009-11-06 18:56 - 00000000 ____D C:\ProgramData\WildTangent
2013-02-24 19:16 - 2012-11-18 06:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-02-24 19:16 - 2012-09-20 11:43 - 00000000 ____D C:\Program Files\iTunes
2013-02-24 19:16 - 2012-07-18 09:17 - 00000000 ____D C:\Program Files\Bonjour
2013-02-24 19:16 - 2012-02-05 13:25 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-02-24 19:16 - 2011-09-18 09:54 - 00000000 ____D C:\Program Files (x86)\T-Mobile Wireless Pointer
2013-02-24 19:16 - 2011-05-21 14:26 - 00000000 ____D C:\Program Files (x86)\Veetle
2013-02-24 19:16 - 2011-01-31 14:49 - 00000000 ____D C:\Program Files\IDT
2013-02-24 19:16 - 2011-01-02 16:36 - 00000000 ____D C:\Program Files (x86)\Spotify
2013-02-24 19:16 - 2010-08-27 08:20 - 00000000 ____D C:\Program Files (x86)\Safari
2013-02-24 19:16 - 2010-08-26 11:37 - 00000000 ____D C:\Program Files (x86)\Universal Document Converter
2013-02-24 19:16 - 2010-07-24 04:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-02-24 19:16 - 2009-11-06 18:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-02-24 19:16 - 2009-11-06 18:56 - 00000000 ___RD C:\Program Files (x86)\Online Services
2013-02-24 19:15 - 2012-05-14 07:14 - 00000000 ____D C:\Program Files (x86)\Free Text Pad
2013-02-24 19:15 - 2012-03-16 03:13 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-02-24 19:15 - 2011-07-15 05:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-02-24 19:15 - 2010-09-13 06:06 - 00000000 ____D C:\Program Files (x86)\Free PDF to Word Doc Converter
2013-02-24 19:15 - 2010-08-31 15:58 - 00000000 ____D C:\Program Files (x86)\EasyMail SMTP Express
2013-02-24 19:15 - 2010-08-31 15:56 - 00000000 ____D C:\Program Files (x86)\Digitec 1stSelect V5
2013-02-24 19:15 - 2009-11-06 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-02-24 19:15 - 2009-11-06 20:31 - 00000000 ____D C:\Program Files (x86)\EasyBits For Kids
2013-02-24 19:15 - 2009-11-06 19:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2013-02-24 19:15 - 2009-11-06 18:56 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-02-24 19:14 - 2012-12-05 01:07 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-02-24 19:14 - 2012-07-18 09:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-02-24 19:14 - 2012-02-26 14:20 - 00000000 ____D C:\IRIS Payroll Basics
2013-02-24 19:14 - 2011-07-15 05:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-02-24 19:14 - 2011-02-11 13:36 - 00000000 ____D C:\2bb7cacca8f176ec363f0151
2013-02-24 19:14 - 2010-08-18 08:41 - 00000000 ____D C:\Program Files (x86)\BTBusinessHub
2013-02-24 19:14 - 2009-11-06 20:15 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-02-24 19:14 - 2009-11-05 01:31 - 00000000 ____D C:\Program Files (x86)\Atheros
2013-02-24 19:11 - 2013-02-22 03:46 - 00000000 ____D C:\Program Files (x86)\Xobni
2013-02-24 19:09 - 2013-02-24 10:46 - 00000000 ____D C:\Users\IFG\Dropbox
2013-02-24 19:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-02-24 18:53 - 2010-08-31 15:56 - 00000000 ____D C:\Server16
2013-02-24 18:36 - 2010-08-18 09:28 - 00000000 ____D C:\Program Files (x86)\Google
2013-02-24 14:15 - 2013-02-24 10:40 - 00000000 ____D C:\Users\IFG\AppData\Roaming\Dropbox
2013-02-24 12:32 - 2013-02-24 09:55 - 00000000 ____D C:\Users\IFG\AppData\Local\Giant Savings Extension
2013-02-24 12:29 - 2013-02-24 09:53 - 00000000 ____D C:\Users\IFG\AppData\Roaming\HoolappForAndroid
2013-02-24 11:08 - 2013-02-24 11:08 - 00012610 ____A C:\Users\IFG\Downloads\Recruitment Software.xlsx
2013-02-24 09:54 - 2013-02-24 09:54 - 00000000 ____D C:\Users\IFG\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
2013-02-22 03:56 - 2013-02-22 03:55 - 07040440 ____A (Xobni) C:\Users\IFG\Downloads\XobniSetup (2).exe
2013-02-22 03:50 - 2013-02-22 03:48 - 00000000 ____D C:\Users\IFG\AppData\Local\Xobni
2013-02-22 03:48 - 2013-02-22 03:46 - 00000072 ____A C:\Users\IFG\AppData\Local\xobni_installer_updater.log
2013-02-19 06:08 - 2012-02-21 10:09 - 00000324 ____A C:\Windows\Tasks\HPCeeScheduleForIFG.job
2013-02-18 02:07 - 2010-08-22 07:04 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-02-18 02:06 - 2011-10-31 05:30 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-02-14 14:52 - 2013-02-14 14:52 - 00016896 ____A C:\Users\IFG\Downloads\google ranking 2013.xls
2013-02-14 00:55 - 2009-07-13 20:45 - 00453656 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-14 00:27 - 2010-08-18 10:38 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-14 00:23 - 2009-07-13 21:13 - 00802386 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-13 07:31 - 2013-02-13 07:31 - 11694259 ____A C:\Users\IFG\Downloads\Contract.zip
2013-02-10 11:17 - 2013-02-10 11:17 - 00027144 ____A C:\Users\IFG\Downloads\CV.Marcin.Sarnowicz.111115.odt
2013-02-10 07:57 - 2013-02-10 07:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (3).exe
2013-02-10 07:57 - 2013-02-10 07:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (2).exe
2013-02-10 07:57 - 2013-02-10 07:57 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4 (1).exe
2013-02-10 07:55 - 2013-02-10 07:55 - 00051724 ____A C:\Users\IFG\Downloads\HDvideo-v4.exe
2013-02-09 15:16 - 2013-02-09 15:16 - 00002046 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-02-07 14:21 - 2012-05-29 22:51 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-07 14:21 - 2011-05-14 10:05 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-06 12:58 - 2010-09-01 07:13 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-02-05 23:59 - 2011-08-25 01:45 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2013-02-02 17:53 - 2013-02-02 17:51 - 00003449 ____A C:\Windows\SysWOW64\jupdate-1.6.0_39-b04.log
2013-02-02 17:53 - 2009-11-06 20:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-01-31 15:09 - 2012-03-19 12:57 - 00000000 ____D C:\Users\IFG\Documents\Employees
2013-01-31 03:33 - 2013-01-31 03:31 - 00035617 ____A C:\Users\IFG\Documents\Miss Malgorzata Szeremeta CV docx.odt
2013-01-30 07:44 - 2013-01-30 07:44 - 00392704 ____A C:\Users\IFG\Downloads\SAP FöRETAG I NORDEN (3).xls
2013-01-30 07:44 - 2013-01-30 07:44 - 00392704 ____A C:\Users\IFG\Downloads\SAP FöRETAG I NORDEN (2).xls
 
==================== Known DLLs (Whitelisted) =================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-02-25 16:14:15
Restore point made on: 2013-02-25 16:26:21
 
==================== Memory info =========================== 
 
Percentage of memory in use: 22%
Total physical RAM: 3002.93 MB
Available physical RAM: 2322.34 MB
Total Pagefile: 3001.07 MB
Available Pagefile: 2319.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
 
==================== Partitions =============================
 
1 Drive c: () (Fixed) (Total:285.42 GB) (Free:201.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:12.47 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:1.85 GB) (Free:0.44 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B         
  Disk 1    Online         1896 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: 50D0CCD5
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            199 MB  1024 KB
  Partition 2    Primary            285 GB   200 MB
  Partition 3    Primary             12 GB   285 GB
 
==================================================================================
 
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    199 MB  Healthy            
 
=========================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    285 GB  Healthy            
 
=========================================================
 
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   RECOVERY     NTFS   Partition     12 GB  Healthy            
 
=========================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 00BABB19
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1895 MB    16 KB
 
==================================================================================
 
Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G                FAT    Removable   1895 MB  Healthy            
 
=========================================================
 
Last Boot: 2013-02-23 10:00
 
==================== End Of Log =============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 PM

Posted 26 February 2013 - 06:53 PM

1.

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

2.

Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop

Link 1
Link 2

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
 

 

Things to include in your next reply::

TdssKiller log

Combofix.txt

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 mraman84

mraman84
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 27 February 2013 - 04:32 PM

Hi fireman4it,

 

I've now managed to complete the 2nd lot of tasks and am happy to say that my laptop seems to be working a lot better.  I can now right click on any programs without it crashing, so thank you very much:)  I am also having less issues shutting down Windows, although I am still having issues when restarting Windows.  I'm also finding that accessing the internet is slightly problematic and web pages also take quite a long time to load.

 

I've been having real issues trying to post a reponse (TDSSKiller/Combofix) the last few hours, perhaps there's too much information.  I've tried sending it separately but to no avail.  Do you have any advice?

 

Cheers!



#6 mraman84

mraman84
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 27 February 2013 - 04:45 PM

 
ComboFix
 
ComboFix 13-02-26.01 - IFG 27/02/2013 17:51:04.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3003.1883 [GMT 0:00]
Running from: c:\users\IFG\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\IFG\Documents\~WRD1241.tmp
c:\users\IFG\Documents\~WRD2421.tmp
c:\users\IFG\Documents\~WRL0003.tmp
c:\users\IFG\Documents\~WRL0365.tmp
c:\users\IFG\Documents\~WRL0375.tmp
c:\users\IFG\Documents\~WRL0958.tmp
c:\users\IFG\Documents\~WRL1294.tmp
c:\users\IFG\Documents\~WRL2445.tmp
c:\users\IFG\Documents\~WRL2784.tmp
c:\users\IFG\Documents\~WRL3262.tmp
c:\users\IFG\Documents\~WRL3293.tmp
c:\users\IFG\Documents\~WRL3385.tmp
c:\users\IFG\GoToAssistDownloadHelper.exe
c:\windows\SysWow64\oledb32.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
.
.
2013-02-27 18:10 . 2013-02-27 18:10    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-27 18:10 . 2013-02-27 18:10    --------    d-----w-    c:\users\iPhone\AppData\Local\temp
2013-02-27 16:24 . 2013-02-27 16:24    15846768    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-02-26 11:52 . 2013-02-26 19:56    --------    d-----w-    C:\FRST
2013-02-26 03:10 . 2013-02-26 03:10    --------    d-----w-    c:\programdata\HitmanPro
2013-02-26 01:41 . 2013-02-26 01:50    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-02-26 01:41 . 2013-02-26 01:41    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2013-02-26 01:09 . 2013-02-19 03:57    9162192    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpengine.dll
2013-02-26 00:46 . 2013-02-26 00:46    --------    d-----w-    c:\users\IFG\AppData\Roaming\Malwarebytes
2013-02-26 00:37 . 2013-02-26 00:37    --------    d-----w-    c:\users\iPhone\AppData\Roaming\Malwarebytes
2013-02-26 00:37 . 2013-02-26 00:37    --------    d-----w-    c:\programdata\Malwarebytes
2013-02-26 00:37 . 2013-02-26 00:37    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-26 00:37 . 2012-12-14 16:49    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-26 00:36 . 2013-02-26 00:36    --------    d-----w-    c:\users\iPhone\AppData\Local\Programs
2013-02-26 00:22 . 2013-02-26 00:22    --------    d-----w-    c:\users\iPhone\AppData\Roaming\RealNetworks
2013-02-24 18:46 . 2013-02-25 03:09    --------    d-----w-    c:\users\IFG\Dropbox
2013-02-24 18:40 . 2013-02-24 22:15    --------    d-----w-    c:\users\IFG\AppData\Roaming\Dropbox
2013-02-24 17:55 . 2013-02-24 20:32    --------    d-----w-    c:\users\IFG\AppData\Local\Giant Savings Extension
2013-02-24 17:54 . 2013-02-24 17:54    --------    d-----w-    c:\users\IFG\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
2013-02-24 17:53 . 2013-02-24 20:29    --------    d-----w-    c:\users\IFG\AppData\Roaming\HoolappForAndroid
2013-02-22 11:48 . 2013-02-22 11:50    --------    d-----w-    c:\users\IFG\AppData\Local\Xobni
2013-02-22 11:46 . 2013-02-25 03:11    --------    d-----w-    c:\program files (x86)\Xobni
2013-02-14 08:19 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:19 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 01:48 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-14 01:48 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 01:48 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 01:47 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-14 01:47 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-14 01:47 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-14 01:47 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-14 01:47 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-14 01:47 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-14 01:47 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-14 01:46 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-14 01:46 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 08:27 . 2010-08-18 18:38    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-07 22:21 . 2012-05-30 06:51    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-07 22:21 . 2011-05-14 18:05    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-06 07:59 . 2011-08-25 09:45    101688    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2013-01-17 01:28 . 2010-09-02 08:22    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 01:47    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-31 12:46 . 2012-12-31 12:46    499712    ----a-w-    c:\windows\SysWow64\msvcp71.dll
2012-12-31 12:46 . 2012-12-31 12:46    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2012-12-26 09:55 . 2011-02-17 08:36    69672    ----a-w-    c:\windows\system32\drivers\cfwids.sys
2012-12-26 09:52 . 2011-02-17 08:36    339776    ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
2012-12-26 09:52 . 2011-02-17 08:36    182312    ----a-w-    c:\windows\system32\mfevtps.exe
2012-12-26 09:51 . 2011-02-17 08:37    10288    ----a-w-    c:\windows\system32\drivers\mfeclnk.sys
2012-12-26 09:51 . 2011-02-17 08:36    106112    ----a-w-    c:\windows\system32\drivers\mferkdet.sys
2012-12-26 09:50 . 2011-02-17 08:36    771096    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2012-12-26 09:49 . 2011-02-17 08:36    515528    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2012-12-26 09:49 . 2011-02-17 08:36    309400    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2012-12-26 09:48 . 2011-02-17 08:36    178840    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
2012-12-16 17:11 . 2012-12-21 17:07    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 17:07    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 17:07    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 17:07    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 23:37    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 23:37    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 23:37    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 23:37    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 23:37    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 23:37    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 23:37    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 23:37    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 23:37    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 23:37    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 23:37    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 23:37    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 23:37    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 23:37    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 23:37    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 23:37    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 23:37    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 23:37    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 23:37    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 23:37    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 23:37    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 23:37    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 23:37    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 23:37    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 23:37    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 23:37    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 23:37    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 23:37    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 23:37    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 23:37    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 23:37    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 23:37    55296    ----a-w-    c:\windows\SysWow64\cero.rs
2012-12-05 08:56 . 2012-12-05 08:56    95208    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-05 08:56 . 2012-05-29 14:58    821736    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2012-12-05 08:56 . 2010-08-18 17:40    746984    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-11-30 05:45 . 2013-01-09 23:35    362496    ----a-w-    c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 23:35    243200    ----a-w-    c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 23:35    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 23:35    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 23:35    424448    ----a-w-    c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 23:35    1161216    ----a-w-    c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 23:35    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 23:35    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 23:34    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:34    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:34    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:34    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:34    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:34    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:34    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:34    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-02-08 14:55    1520776    ----a-w-    c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-26 69672]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 114560]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-30 252928]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-08-11 11776]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-26 106112]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-19 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-08-11 121344]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2011-04-29 237056]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-12-23 976728]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R4 smtpexp;EasyMail SMTP Express;c:\program files (x86)\EasyMail SMTP Express\smtpexp.exe [2005-03-30 176193]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-12-26 339776]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2013-02-06 101688]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-04 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-12-23 297240]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-01-31 89600]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-12-04 103472]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-12-26 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-26 182312]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-05-17 2079520]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 83456]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-26 515528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys [2010-05-20 75776]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 10:38    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-25 03:58    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 22:21]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 19:40]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 19:40]
.
2013-02-19 c:\windows\Tasks\HPCeeScheduleForIFG.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 22:15]
.
2013-02-25 c:\windows\Tasks\Norton Security Scan for IFG.job
- c:\progra~2\NORTON~2\Engine\361~1.11\Nss.exe [2012-02-05 02:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-10 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 365592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 171520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-31 487424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: bt.com\email2.btconnect
Trusted Zone: bt.com\myoffice
Trusted Zone: bt.com\www
Trusted Zone: digitecsoftware.com\www
Trusted Zone: hostingbt.com\hosting
Trusted Zone: mcafee.com\home
Trusted Zone: microsoft.com\office
Trusted Zone: natwest.com\www
Trusted Zone: nwolb.com\www
Trusted Zone: uk.com\www.rec
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B9E1A3AE-D91D-4AC6-8FAF-C39D5C7155EF}: NameServer = 88.82.13.12 88.82.13.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-71743556.sys
SafeBoot-79285363.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-PC Optimizer Pro - c:\program files\PC Optimizer Pro\StartApps.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-27 18:16:29
ComboFix-quarantined-files.txt 2013-02-27 18:16
.
Pre-Run: 216,599,429,120 bytes free
Post-Run: 216,588,046,336 bytes free
.
- - End Of File - - E22CF9464229ACB0B5CB3A7949DDD148
 
 
 
 
 


#7 mraman84

mraman84
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 27 February 2013 - 05:53 PM

TDSSKiller (part 1)
 
16:56:08.0691 1992  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:56:09.0081 1992  ============================================================
16:56:09.0081 1992  Current date / time: 2013/02/27 16:56:09.0081
16:56:09.0081 1992  SystemInfo:
16:56:09.0081 1992  
16:56:09.0081 1992  OS Version: 6.1.7601 ServicePack: 1.0
16:56:09.0081 1992  Product type: Workstation
16:56:09.0081 1992  ComputerName: IFG-PC
16:56:09.0081 1992  UserName: IFG
16:56:09.0081 1992  Windows directory: C:\Windows
16:56:09.0081 1992  System windows directory: C:\Windows
16:56:09.0081 1992  Running under WOW64
16:56:09.0081 1992  Processor architecture: Intel x64
16:56:09.0081 1992  Number of processors: 2
16:56:09.0081 1992  Page size: 0x1000
16:56:09.0081 1992  Boot type: Safe boot with network
16:56:09.0081 1992  ============================================================
16:56:10.0579 1992  BG loaded
16:56:10.0938 1992  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:56:10.0938 1992  ============================================================
16:56:10.0938 1992  \Device\Harddisk0\DR0:
16:56:10.0938 1992  MBR partitions:
16:56:10.0938 1992  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
16:56:10.0938 1992  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23AD8800
16:56:10.0938 1992  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23B3C800, BlocksNum 0x18F1800
16:56:10.0938 1992  ============================================================
16:56:10.0953 1992  C: <-> \Device\Harddisk0\DR0\Partition2
16:56:11.0016 1992  D: <-> \Device\Harddisk0\DR0\Partition3
16:56:11.0016 1992  ============================================================
16:56:11.0016 1992  Initialize success
16:56:11.0016 1992  ============================================================
16:57:12.0667 1748  ============================================================
16:57:12.0667 1748  Scan started
16:57:12.0667 1748  Mode: Manual; SigCheck; TDLFS; 
16:57:12.0667 1748  ============================================================
16:57:13.0993 1748  ================ Scan system memory ========================
16:57:13.0993 1748  System memory - ok
16:57:13.0993 1748  ================ Scan services =============================
16:57:14.0180 1748  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:57:14.0336 1748  1394ohci - ok
16:57:14.0383 1748  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:57:14.0414 1748  ACPI - ok
16:57:14.0461 1748  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:57:14.0524 1748  AcpiPmi - ok
16:57:14.0711 1748  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:57:14.0726 1748  AdobeFlashPlayerUpdateSvc - ok
16:57:14.0789 1748  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:57:14.0820 1748  adp94xx - ok
16:57:14.0836 1748  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:57:14.0867 1748  adpahci - ok
16:57:14.0882 1748  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:57:14.0898 1748  adpu320 - ok
16:57:14.0929 1748  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:57:15.0085 1748  AeLookupSvc - ok
16:57:15.0194 1748  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
16:57:15.0257 1748  AESTFilters - ok
16:57:15.0304 1748  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:57:15.0366 1748  AFD - ok
16:57:15.0428 1748  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
16:57:15.0553 1748  AgereSoftModem - ok
16:57:15.0584 1748  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:57:15.0600 1748  agp440 - ok
16:57:15.0647 1748  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:57:15.0709 1748  ALG - ok
16:57:15.0756 1748  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:57:15.0772 1748  aliide - ok
16:57:15.0787 1748  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:57:15.0803 1748  amdide - ok
16:57:15.0834 1748  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:57:15.0896 1748  AmdK8 - ok
16:57:15.0928 1748  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:57:15.0974 1748  AmdPPM - ok
16:57:16.0006 1748  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:57:16.0021 1748  amdsata - ok
16:57:16.0068 1748  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:57:16.0084 1748  amdsbs - ok
16:57:16.0099 1748  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:57:16.0115 1748  amdxata - ok
16:57:16.0162 1748  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:57:16.0333 1748  AppID - ok
16:57:16.0364 1748  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:57:16.0427 1748  AppIDSvc - ok
16:57:16.0489 1748  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:57:16.0552 1748  Appinfo - ok
16:57:16.0692 1748  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:57:16.0692 1748  Apple Mobile Device - ok
16:57:16.0739 1748  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:57:16.0754 1748  arc - ok
16:57:16.0770 1748  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:57:16.0786 1748  arcsas - ok
16:57:16.0817 1748  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:57:16.0895 1748  AsyncMac - ok
16:57:16.0910 1748  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:57:16.0926 1748  atapi - ok
16:57:16.0988 1748  [ F8633CDD09647A64EE8DB550630427FF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:57:17.0066 1748  athr - ok
16:57:17.0113 1748  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:57:17.0191 1748  AudioEndpointBuilder - ok
16:57:17.0207 1748  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:57:17.0254 1748  AudioSrv - ok
16:57:17.0300 1748  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:57:17.0378 1748  AxInstSV - ok
16:57:17.0425 1748  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:57:17.0488 1748  b06bdrv - ok
16:57:17.0534 1748  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:57:17.0581 1748  b57nd60a - ok
16:57:17.0753 1748  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
16:57:17.0768 1748  BBSvc - ok
16:57:17.0800 1748  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
16:57:17.0815 1748  BBUpdate - ok
16:57:17.0846 1748  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:57:17.0893 1748  BDESVC - ok
16:57:17.0956 1748  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:57:18.0018 1748  Beep - ok
16:57:18.0080 1748  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:57:18.0143 1748  BFE - ok
16:57:18.0205 1748  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:57:18.0283 1748  BITS - ok
16:57:18.0346 1748  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:57:18.0377 1748  blbdrive - ok
16:57:18.0486 1748  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:57:18.0502 1748  Bonjour Service - ok
16:57:18.0533 1748  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:57:18.0595 1748  bowser - ok
16:57:18.0626 1748  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:57:18.0704 1748  BrFiltLo - ok
16:57:18.0736 1748  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:57:18.0767 1748  BrFiltUp - ok
16:57:18.0782 1748  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:57:18.0845 1748  Browser - ok
16:57:18.0876 1748  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:57:18.0923 1748  Brserid - ok
16:57:18.0954 1748  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:57:18.0985 1748  BrSerWdm - ok
16:57:19.0032 1748  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:57:19.0079 1748  BrUsbMdm - ok
16:57:19.0110 1748  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:57:19.0141 1748  BrUsbSer - ok
16:57:19.0172 1748  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:57:19.0204 1748  BTHMODEM - ok
16:57:19.0250 1748  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:57:19.0313 1748  bthserv - ok
16:57:19.0328 1748  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:57:19.0391 1748  cdfs - ok
16:57:19.0422 1748  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:57:19.0453 1748  cdrom - ok
16:57:19.0500 1748  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:57:19.0578 1748  CertPropSvc - ok
16:57:19.0609 1748  [ A73276435F75025DA6E67B2470E1FE16 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
16:57:19.0640 1748  cfwids - ok
16:57:19.0656 1748  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:57:19.0718 1748  circlass - ok
16:57:19.0750 1748  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:57:19.0765 1748  CLFS - ok
16:57:19.0843 1748  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:57:19.0859 1748  clr_optimization_v2.0.50727_32 - ok
16:57:19.0890 1748  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:57:19.0906 1748  clr_optimization_v2.0.50727_64 - ok
16:57:20.0015 1748  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:57:20.0077 1748  clr_optimization_v4.0.30319_32 - ok
16:57:20.0124 1748  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:57:20.0140 1748  clr_optimization_v4.0.30319_64 - ok
16:57:20.0186 1748  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:57:20.0202 1748  CmBatt - ok
16:57:20.0249 1748  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:57:20.0264 1748  cmdide - ok
16:57:20.0296 1748  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:57:20.0327 1748  CNG - ok
16:57:20.0420 1748  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:57:20.0436 1748  Com4QLBEx - ok
16:57:20.0452 1748  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:57:20.0467 1748  Compbatt - ok
16:57:20.0498 1748  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:57:20.0545 1748  CompositeBus - ok
16:57:20.0561 1748  COMSysApp - ok
16:57:20.0592 1748  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:57:20.0608 1748  crcdisk - ok
16:57:20.0654 1748  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:57:20.0717 1748  CryptSvc - ok
16:57:20.0764 1748  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:57:20.0826 1748  DcomLaunch - ok
16:57:20.0842 1748  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:57:20.0904 1748  defragsvc - ok
16:57:20.0935 1748  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:57:20.0998 1748  DfsC - ok
16:57:21.0029 1748  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:57:21.0060 1748  Dhcp - ok
16:57:21.0091 1748  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:57:21.0138 1748  discache - ok
16:57:21.0169 1748  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:57:21.0185 1748  Disk - ok
16:57:21.0216 1748  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:57:21.0278 1748  Dnscache - ok
16:57:21.0310 1748  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:57:21.0372 1748  dot3svc - ok
16:57:21.0419 1748  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:57:21.0481 1748  DPS - ok
16:57:21.0528 1748  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:57:21.0559 1748  drmkaud - ok
16:57:21.0606 1748  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:57:21.0637 1748  DXGKrnl - ok
16:57:21.0684 1748  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:57:21.0746 1748  EapHost - ok
16:57:21.0840 1748  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:57:21.0965 1748  ebdrv - ok
16:57:22.0012 1748  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:57:22.0074 1748  EFS - ok
16:57:22.0168 1748  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:57:22.0230 1748  ehRecvr - ok
16:57:22.0261 1748  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:57:22.0308 1748  ehSched - ok
16:57:22.0339 1748  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:57:22.0370 1748  elxstor - ok
16:57:22.0402 1748  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:57:22.0417 1748  ErrDev - ok
16:57:22.0495 1748  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:57:22.0558 1748  EventSystem - ok
16:57:22.0604 1748  [ DA7CEF9FFBBD6498DF106BCAB84EB10A ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
16:57:22.0667 1748  ewusbnet - ok
16:57:22.0714 1748  [ E2CBB821C7CAE0EF8B56DE28ED85C740 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:57:22.0760 1748  ew_hwusbdev - ok
16:57:22.0807 1748  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:57:22.0854 1748  exfat - ok
16:57:22.0885 1748  ezSharedSvc - ok
16:57:22.0916 1748  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:57:22.0979 1748  fastfat - ok
16:57:23.0041 1748  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:57:23.0104 1748  Fax - ok
16:57:23.0135 1748  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:57:23.0166 1748  fdc - ok
16:57:23.0213 1748  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:57:23.0260 1748  fdPHost - ok
16:57:23.0275 1748  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:57:23.0322 1748  FDResPub - ok
16:57:23.0338 1748  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:57:23.0353 1748  FileInfo - ok
16:57:23.0384 1748  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:57:23.0462 1748  Filetrace - ok
16:57:23.0494 1748  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:57:23.0509 1748  flpydisk - ok
16:57:23.0525 1748  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:57:23.0540 1748  FltMgr - ok
16:57:23.0587 1748  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
16:57:23.0696 1748  FontCache - ok
16:57:23.0743 1748  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:57:23.0759 1748  FontCache3.0.0.0 - ok
16:57:23.0806 1748  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:57:23.0821 1748  FsDepends - ok
16:57:23.0852 1748  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:57:23.0868 1748  Fs_Rec - ok
16:57:23.0884 1748  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:57:23.0915 1748  fvevol - ok
16:57:23.0946 1748  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:57:23.0962 1748  gagp30kx - ok
16:57:24.0055 1748  [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
16:57:24.0071 1748  GameConsoleService - ok
16:57:24.0118 1748  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:57:24.0133 1748  GEARAspiWDM - ok
16:57:24.0180 1748  [ 5CC2B1D06AC1962AF5FBBCF88D781DD8 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
16:57:24.0180 1748  GoToAssist - ok
16:57:24.0227 1748  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:57:24.0305 1748  gpsvc - ok
16:57:24.0414 1748  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:57:24.0430 1748  gupdate - ok
16:57:24.0476 1748  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:57:24.0492 1748  gupdatem - ok
16:57:24.0508 1748  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:57:24.0554 1748  hcw85cir - ok
16:57:24.0586 1748  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:57:24.0617 1748  HdAudAddService - ok
16:57:24.0664 1748  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:57:24.0695 1748  HDAudBus - ok
16:57:24.0742 1748  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:57:24.0773 1748  HidBatt - ok
16:57:24.0820 1748  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:57:24.0851 1748  HidBth - ok
16:57:24.0898 1748  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:57:24.0929 1748  HidIr - ok
16:57:25.0007 1748  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:57:25.0069 1748  hidserv - ok
16:57:25.0116 1748  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:57:25.0147 1748  HidUsb - ok
16:57:25.0194 1748  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
16:57:25.0210 1748  HipShieldK - ok
16:57:25.0256 1748  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:57:25.0319 1748  hkmsvc - ok
16:57:25.0350 1748  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:57:25.0412 1748  HomeGroupListener - ok
16:57:25.0459 1748  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:57:25.0490 1748  HomeGroupProvider - ok
16:57:25.0584 1748  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:57:25.0615 1748  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
16:57:25.0615 1748  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
16:57:25.0662 1748  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:57:25.0709 1748  HpqKbFiltr - ok
16:57:25.0787 1748  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
16:57:25.0818 1748  hpqwmiex - ok
16:57:25.0849 1748  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:57:25.0865 1748  HpSAMD - ok
16:57:25.0912 1748  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:57:25.0974 1748  HTTP - ok
16:57:26.0005 1748  [ 6DBD08BC1331C78548298E82C4B667C5 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:57:26.0052 1748  huawei_enumerator - ok
16:57:26.0099 1748  [ 6E5CD3984742A922D0C183C7E82C3C94 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:57:26.0161 1748  hwdatacard - ok
16:57:26.0177 1748  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:57:26.0192 1748  hwpolicy - ok
16:57:26.0239 1748  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:57:26.0255 1748  i8042prt - ok
16:57:26.0302 1748  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:57:26.0333 1748  iaStorV - ok
16:57:26.0380 1748  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:57:26.0411 1748  idsvc - ok
16:57:26.0582 1748  [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:57:26.0832 1748  igfx - ok
16:57:26.0863 1748  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:57:26.0879 1748  iirsp - ok
16:57:26.0926 1748  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:57:26.0988 1748  IKEEXT - ok
16:57:27.0082 1748  [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:57:27.0128 1748  IntcHdmiAddService - ok
16:57:27.0144 1748  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:57:27.0160 1748  intelide - ok
16:57:27.0191 1748  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:57:27.0222 1748  intelppm - ok
16:57:27.0253 1748  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:57:27.0316 1748  IPBusEnum - ok
16:57:27.0378 1748  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:57:27.0440 1748  IpFilterDriver - ok
16:57:27.0487 1748  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:57:27.0565 1748  iphlpsvc - ok
16:57:27.0596 1748  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:57:27.0628 1748  IPMIDRV - ok
16:57:27.0690 1748  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:57:27.0737 1748  IPNAT - ok
16:57:27.0862 1748  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:57:27.0893 1748  iPod Service - ok
16:57:27.0940 1748  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:57:27.0986 1748  IRENUM - ok
16:57:28.0018 1748  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:57:28.0033 1748  isapnp - ok
16:57:28.0064 1748  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:57:28.0096 1748  iScsiPrt - ok
16:57:28.0127 1748  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:57:28.0142 1748  kbdclass - ok
16:57:28.0174 1748  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:57:28.0205 1748  kbdhid - ok
16:57:28.0236 1748  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:57:28.0252 1748  KeyIso - ok
16:57:28.0267 1748  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:57:28.0283 1748  KSecDD - ok
16:57:28.0298 1748  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:57:28.0314 1748  KSecPkg - ok
16:57:28.0345 1748  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:57:28.0408 1748  ksthunk - ok
16:57:28.0470 1748  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:57:28.0532 1748  KtmRm - ok
16:57:28.0595 1748  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:57:28.0657 1748  LanmanServer - ok
16:57:28.0704 1748  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:57:28.0751 1748  LanmanWorkstation - ok
16:57:28.0829 1748  [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:57:28.0844 1748  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:57:28.0844 1748  LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:57:28.0876 1748  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:57:28.0938 1748  lltdio - ok
16:57:28.0985 1748  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:57:29.0047 1748  lltdsvc - ok
16:57:29.0078 1748  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:57:29.0125 1748  lmhosts - ok
16:57:29.0156 1748  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:57:29.0172 1748  LSI_FC - ok
16:57:29.0219 1748  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:57:29.0234 1748  LSI_SAS - ok
16:57:29.0250 1748  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:57:29.0266 1748  LSI_SAS2 - ok
16:57:29.0281 1748  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:57:29.0297 1748  LSI_SCSI - ok
16:57:29.0328 1748  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:57:29.0390 1748  luafv - ok
16:57:29.0468 1748  [ BB6F30527EEA0D3F61095A8AFA31E2D6 ] massfilter      C:\Windows\system32\DRIVERS\massfilter.sys
16:57:29.0500 1748  massfilter - ok
16:57:29.0562 1748  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:57:29.0562 1748  MBAMProtector - ok
16:57:29.0609 1748  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:57:29.0624 1748  MBAMScheduler - ok
16:57:29.0687 1748  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:57:29.0702 1748  MBAMService - ok
16:57:29.0780 1748  [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
16:57:29.0796 1748  McAfee SiteAdvisor Service - ok
16:57:29.0890 1748  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
16:57:29.0905 1748  McComponentHostService - ok
16:57:30.0030 1748  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:57:30.0046 1748  McMPFSvc - ok
16:57:30.0077 1748  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:57:30.0092 1748  mcmscsvc - ok
16:57:30.0092 1748  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:57:30.0108 1748  McNaiAnn - ok
16:57:30.0124 1748  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:57:30.0139 1748  McNASvc - ok
16:57:30.0217 1748  [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
16:57:30.0248 1748  McODS - ok
16:57:30.0248 1748  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:57:30.0264 1748  McProxy - ok
16:57:30.0311 1748  [ 23EA22ACADD66D7F1E18A4AA72BE6158 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:57:30.0326 1748  McShield - ok
16:57:30.0373 1748  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:57:30.0389 1748  Mcx2Svc - ok
16:57:30.0420 1748  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:57:30.0436 1748  megasas - ok
16:57:30.0451 1748  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:57:30.0482 1748  MegaSR - ok
16:57:30.0498 1748  [ 19323081FA4018C9C1AEBF08114BEA11 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
16:57:30.0514 1748  mfeapfk - ok
16:57:30.0560 1748  [ EF1D39A70CAD1B7BEDC220480F26815C ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
16:57:30.0576 1748  mfeavfk - ok
16:57:30.0623 1748  [ 3CBBB569730EFD069B4BD253DDD4AD58 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:57:30.0638 1748  mfefire - ok
16:57:30.0685 1748  [ 67972BFC8F23054BD23E1DE1450E40BD ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
16:57:30.0701 1748  mfefirek - ok
16:57:30.0732 1748  [ 5C0EE849C03C37071FABDAA6B58D3D94 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
16:57:30.0763 1748  mfehidk - ok
16:57:30.0794 1748  [ 450B77CAC7384A9C1BAF476AC302CD4C ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
16:57:30.0794 1748  mferkdet - ok
16:57:30.0841 1748  [ 74CE2EBE64AB78904E33DD4C5F21611F ] mfevtp          C:\Windows\system32\mfevtps.exe
16:57:30.0857 1748  mfevtp - ok
16:57:30.0872 1748  [ F55F9742BFA88D02F96516B80AB400EC ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
16:57:30.0888 1748  mfewfpk - ok
16:57:30.0904 1748  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:57:30.0966 1748  MMCSS - ok
16:57:30.0997 1748  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:57:31.0060 1748  Modem - ok
16:57:31.0091 1748  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:57:31.0122 1748  monitor - ok
16:57:31.0169 1748  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:57:31.0184 1748  mouclass - ok
16:57:31.0216 1748  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:57:31.0247 1748  mouhid - ok
16:57:31.0294 1748  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:57:31.0309 1748  mountmgr - ok
16:57:31.0325 1748  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:57:31.0340 1748  mpio - ok
16:57:31.0372 1748  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:57:31.0403 1748  mpsdrv - ok
16:57:31.0465 1748  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:57:31.0528 1748  MpsSvc - ok
16:57:31.0559 1748  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:57:31.0606 1748  MRxDAV - ok
16:57:31.0637 1748  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:57:31.0684 1748  mrxsmb - ok
16:57:31.0715 1748  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:57:31.0762 1748  mrxsmb10 - ok
16:57:31.0762 1748  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:57:31.0777 1748  mrxsmb20 - ok
16:57:31.0808 1748  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:57:31.0808 1748  msahci - ok
16:57:31.0840 1748  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:57:31.0855 1748  msdsm - ok
16:57:31.0871 1748  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:57:31.0902 1748  MSDTC - ok
16:57:31.0949 1748  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:57:31.0980 1748  Msfs - ok
16:57:31.0996 1748  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:57:32.0058 1748  mshidkmdf - ok
16:57:32.0089 1748  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:57:32.0105 1748  msisadrv - ok
16:57:32.0152 1748  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:57:32.0214 1748  MSiSCSI - ok
16:57:32.0214 1748  msiserver - ok
16:57:32.0261 1748  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:57:32.0323 1748  MSKSSRV - ok
16:57:32.0432 1748  [ 47A616802531735DF88CD331739D6E97 ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
16:57:32.0526 1748  msoidsvc - ok
16:57:32.0557 1748  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:57:32.0620 1748  MSPCLOCK - ok
16:57:32.0620 1748  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:57:32.0666 1748  MSPQM - ok
16:57:32.0713 1748  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:57:32.0729 1748  MsRPC - ok
16:57:32.0760 1748  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:57:32.0776 1748  mssmbios - ok
16:57:32.0854 1748  MSSQL$SQLEXPRESS - ok
16:57:32.0885 1748  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:57:32.0900 1748  MSSQLServerADHelper - ok
16:57:32.0947 1748  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:57:33.0010 1748  MSTEE - ok
16:57:33.0041 1748  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:57:33.0072 1748  MTConfig - ok
16:57:33.0103 1748  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:57:33.0119 1748  Mup - ok
16:57:33.0150 1748  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:57:33.0212 1748  napagent - ok
16:57:33.0275 1748  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:57:33.0322 1748  NativeWifiP - ok
16:57:33.0384 1748  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:57:33.0415 1748  NDIS - ok
16:57:33.0446 1748  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:57:33.0493 1748  NdisCap - ok
16:57:33.0524 1748  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:57:33.0571 1748  NdisTapi - ok
16:57:33.0587 1748  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:57:33.0649 1748  Ndisuio - ok
16:57:33.0696 1748  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:57:33.0758 1748  NdisWan - ok
16:57:33.0790 1748  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:57:33.0821 1748  NDProxy - ok
16:57:33.0852 1748  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:57:33.0914 1748  NetBIOS - ok
16:57:33.0946 1748  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:57:34.0008 1748  NetBT - ok
16:57:34.0024 1748  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:57:34.0039 1748  Netlogon - ok
16:57:34.0086 1748  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:57:34.0164 1748  Netman - ok
16:57:34.0164 1748  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:57:34.0226 1748  netprofm - ok
16:57:34.0258 1748  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:57:34.0273 1748  NetTcpPortSharing - ok
16:57:34.0414 1748  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
16:57:34.0601 1748  netw5v64 - ok
16:57:34.0648 1748  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:57:34.0663 1748  nfrd960 - ok
16:57:34.0694 1748  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:57:34.0726 1748  NlaSvc - ok
16:57:34.0757 1748  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:57:34.0804 1748  Npfs - ok
16:57:34.0819 1748  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:57:34.0897 1748  nsi - ok
16:57:34.0913 1748  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:57:34.0960 1748  nsiproxy - ok
16:57:35.0006 1748  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:57:35.0084 1748  Ntfs - ok
16:57:35.0131 1748  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:57:35.0162 1748  Null - ok
16:57:35.0178 1748  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:57:35.0194 1748  nvraid - ok
16:57:35.0209 1748  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:57:35.0225 1748  nvstor - ok
16:57:35.0240 1748  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:57:35.0256 1748  nv_agp - ok
16:57:35.0303 1748  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:57:35.0318 1748  ohci1394 - ok
16:57:35.0381 1748  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:57:35.0396 1748  ose - ok
16:57:35.0568 1748  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:57:35.0755 1748  osppsvc - ok
16:57:35.0786 1748  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:57:35.0849 1748  p2pimsvc - ok
16:57:35.0880 1748  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:57:35.0911 1748  p2psvc - ok
16:57:35.0942 1748  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:57:35.0958 1748  Parport - ok
16:57:35.0989 1748  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:57:36.0005 1748  partmgr - ok
16:57:36.0036 1748  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:57:36.0083 1748  PcaSvc - ok
16:57:36.0114 1748  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:57:36.0130 1748  pci - ok
16:57:36.0130 1748  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:57:36.0145 1748  pciide - ok
16:57:36.0176 1748  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:57:36.0208 1748  pcmcia - ok
16:57:36.0239 1748  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:57:36.0254 1748  pcw - ok
16:57:36.0301 1748  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:57:36.0379 1748  PEAUTH - ok
16:57:36.0457 1748  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:57:36.0488 1748  PerfHost - ok
16:57:36.0551 1748  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:57:36.0644 1748  pla - ok
16:57:36.0691 1748  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:57:36.0754 1748  PlugPlay - ok
16:57:36.0785 1748  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:57:36.0800 1748  PNRPAutoReg - ok
16:57:36.0832 1748  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:57:36.0847 1748  PNRPsvc - ok
16:57:36.0863 1748  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:57:36.0925 1748  PolicyAgent - ok
16:57:36.0972 1748  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:57:37.0034 1748  Power - ok
16:57:37.0081 1748  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:57:37.0144 1748  PptpMiniport - ok
16:57:37.0175 1748  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:57:37.0222 1748  Processor - ok
16:57:37.0253 1748  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:57:37.0300 1748  ProfSvc - ok
16:57:37.0315 1748  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:57:37.0331 1748  ProtectedStorage - ok
16:57:37.0362 1748  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:57:37.0409 1748  Psched - ok
16:57:37.0440 1748  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:57:37.0502 1748  ql2300 - ok
16:57:37.0518 1748  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:57:37.0549 1748  ql40xx - ok
16:57:37.0580 1748  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:57:37.0596 1748  QWAVE - ok
16:57:37.0612 1748  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:57:37.0658 1748  QWAVEdrv - ok
16:57:37.0846 1748  [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
16:57:37.0861 1748  RapportCerberus_43926 - ok
16:57:37.0955 1748  [ 6EEB0A1FE786D9EA83D15F6E92386C45 ] RapportEI64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
16:57:37.0970 1748  RapportEI64 - ok
16:57:37.0986 1748  [ DB5975A10B6C52D44BB7D1F07939451E ] RapportKE64     C:\Windows\system32\Drivers\RapportKE64.sys
16:57:38.0002 1748  RapportKE64 - ok
16:57:38.0064 1748  [ F2FA542F21CFD86ECD757F9E68C7C4B8 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
16:57:38.0095 1748  RapportMgmtService - ok
16:57:38.0142 1748  [ 6DA7A5A58039EF4F96D107F0B9ADC9C9 ] RapportPG64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
16:57:38.0158 1748  RapportPG64 - ok
16:57:38.0189 1748  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:57:38.0251 1748  RasAcd - ok
16:57:38.0298 1748  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:57:38.0345 1748  RasAgileVpn - ok
16:57:38.0360 1748  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:57:38.0438 1748  RasAuto - ok
16:57:38.0470 1748  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:57:38.0532 1748  Rasl2tp - ok
16:57:38.0579 1748  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:57:38.0626 1748  RasMan - ok
16:57:38.0657 1748  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:57:38.0719 1748  RasPppoe - ok
16:57:38.0750 1748  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:57:38.0813 1748  RasSstp - ok
16:57:38.0844 1748  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:57:38.0906 1748  rdbss - ok
16:57:38.0938 1748  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:57:38.0984 1748  rdpbus - ok
16:57:39.0000 1748  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:57:39.0062 1748  RDPCDD - ok
16:57:39.0078 1748  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:57:39.0140 1748  RDPENCDD - ok
16:57:39.0172 1748  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:57:39.0218 1748  RDPREFMP - ok
16:57:39.0250 1748  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:57:39.0296 1748  RDPWD - ok
16:57:39.0359 1748  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:57:39.0374 1748  rdyboost - ok
16:57:39.0452 1748  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
16:57:39.0452 1748  RealNetworks Downloader Resolver Service - ok
16:57:39.0530 1748  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:57:39.0593 1748  RemoteAccess - ok
16:57:39.0624 1748  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:57:39.0686 1748  RemoteRegistry - ok
16:57:39.0749 1748  [ 498EB62A160674E793FA40FD65390625 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
16:57:39.0764 1748  RichVideo - ok
16:57:39.0796 1748  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:57:39.0858 1748  RpcEptMapper - ok
16:57:39.0905 1748  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:57:39.0920 1748  RpcLocator - ok
16:57:39.0952 1748  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:57:39.0998 1748  RpcSs - ok
16:57:40.0045 1748  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:57:40.0092 1748  rspndr - ok
16:57:40.0123 1748  RSUSBSTOR - ok
16:57:40.0170 1748  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:57:40.0232 1748  RTL8167 - ok
16:57:40.0248 1748  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:57:40.0264 1748  SamSs - ok
16:57:40.0295 1748  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:57:40.0310 1748  sbp2port - ok
16:57:40.0388 1748  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:57:40.0451 1748  SBSDWSCService - ok
16:57:40.0482 1748  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:57:40.0529 1748  SCardSvr - ok
16:57:40.0576 1748  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:57:40.0622 1748  scfilter - ok
16:57:40.0685 1748  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:57:40.0794 1748  Schedule - ok
16:57:40.0825 1748  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:57:40.0872 1748  SCPolicySvc - ok
16:57:40.0903 1748  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
16:57:40.0950 1748  sdbus - ok
16:57:40.0997 1748  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:57:41.0044 1748  SDRSVC - ok
16:57:41.0090 1748  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:57:41.0122 1748  secdrv - ok
16:57:41.0153 1748  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:57:41.0200 1748  seclogon - ok
16:57:41.0200 1748  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:57:41.0278 1748  SENS - ok
16:57:41.0309 1748  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:57:41.0371 1748  SensrSvc - ok
16:57:41.0387 1748  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:57:41.0418 1748  Serenum - ok
16:57:41.0434 1748  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:57:41.0449 1748  Serial - ok
16:57:41.0496 1748  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:57:41.0527 1748  sermouse - ok
16:57:41.0574 1748  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:57:41.0636 1748  SessionEnv - ok
16:57:41.0668 1748  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:57:41.0699 1748  sffdisk - ok
16:57:41.0699 1748  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:57:41.0730 1748  sffp_mmc - ok
16:57:41.0730 1748  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:57:41.0777 1748  sffp_sd - ok
16:57:41.0792 1748  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:57:41.0808 1748  sfloppy - ok
16:57:41.0839 1748  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:57:41.0902 1748  SharedAccess - ok
16:57:41.0933 1748  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:57:42.0011 1748  ShellHWDetection - ok
16:57:42.0042 1748  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:57:42.0058 1748  SiSRaid2 - ok
16:57:42.0089 1748  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:57:42.0104 1748  SiSRaid4 - ok
16:57:42.0167 1748  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:57:42.0182 1748  SkypeUpdate - ok
16:57:42.0229 1748  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:57:42.0276 1748  Smb - ok
16:57:42.0338 1748  [ B24E30920DD072A77299C48869A240A9 ] smtpexp         C:\Program Files (x86)\EasyMail SMTP Express\smtpexp.exe
16:57:42.0338 1748  smtpexp ( UnsignedFile.Multi.Generic ) - warning
16:57:42.0338 1748  smtpexp - detected UnsignedFile.Multi.Generic (1)
16:57:42.0370 1748  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:57:42.0416 1748  SNMPTRAP - ok
16:57:42.0432 1748  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:57:42.0448 1748  spldr - ok
16:57:42.0494 1748  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:57:42.0526 1748  Spooler - ok
16:57:42.0604 1748  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:57:42.0760 1748  sppsvc - ok
16:57:42.0791 1748  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:57:42.0869 1748  sppuinotify - ok
16:57:42.0947 1748  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:57:42.0962 1748  SQLBrowser - ok
16:57:43.0040 1748  [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:57:43.0056 1748  SQLWriter - ok
16:57:43.0103 1748  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:57:43.0165 1748  srv - ok
16:57:43.0165 1748  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:57:43.0181 1748  srv2 - ok
16:57:43.0228 1748  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:57:43.0243 1748  SrvHsfHDA - ok
16:57:43.0290 1748  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:57:43.0368 1748  SrvHsfV92 - ok
16:57:43.0399 1748  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:57:43.0430 1748  SrvHsfWinac - ok
16:57:43.0462 1748  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:57:43.0493 1748  srvnet - ok
16:57:43.0540 1748  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:57:43.0602 1748  SSDPSRV - ok
16:57:43.0618 1748  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:57:43.0664 1748  SstpSvc - ok
16:57:43.0742 1748  [ 3BD758C56A55930CD6DB89E3DEDCF322 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
16:57:43.0774 1748  STacSV - ok
16:57:43.0789 1748  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:57:43.0805 1748  stexstor - ok
16:57:43.0836 1748  [ A3FB7AD8720D7E02AA0111A6B51C2744 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
16:57:43.0883 1748  STHDA - ok
16:57:43.0930 1748  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:57:44.0008 1748  stisvc - ok
16:57:44.0054 1748  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:57:44.0070 1748  swenum - ok
16:57:44.0117 1748  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:57:44.0195 1748  swprv - ok
16:57:44.0242 1748  [ 3A706A967295E16511E40842B1A2761D ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:57:44.0257 1748  SynTP - ok
16:57:44.0304 1748  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:57:44.0413 1748  SysMain - ok
16:57:44.0444 1748  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:57:44.0476 1748  TabletInputService - ok
16:57:44.0522 1748  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:57:44.0585 1748  TapiSrv - ok
16:57:44.0616 1748  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:57:44.0663 1748  TBS - ok
16:57:44.0741 1748  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:57:44.0834 1748  Tcpip - ok
16:57:44.0881 1748  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:57:44.0928 1748  TCPIP6 - ok
16:57:44.0959 1748  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:57:44.0990 1748  tcpipreg - ok
16:57:45.0037 1748  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:57:45.0084 1748  TDPIPE - ok
16:57:45.0100 1748  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:57:45.0131 1748  TDTCP - ok
16:57:45.0178 1748  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:57:45.0224 1748  tdx - ok
16:57:45.0256 1748  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:57:45.0271 1748  TermDD - ok
16:57:45.0318 1748  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:57:45.0380 1748  TermService - ok
16:57:45.0412 1748  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:57:45.0458 1748  Themes - ok
16:57:45.0490 1748  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:57:45.0521 1748  THREADORDER - ok
16:57:45.0536 1748  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:57:45.0599 1748  TrkWks - ok
16:57:45.0661 1748  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:57:45.0724 1748  TrustedInstaller - ok
16:57:45.0770 1748  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:57:45.0817 1748  tssecsrv - ok
16:57:45.0864 1748  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:57:45.0895 1748  TsUsbFlt - ok
16:57:45.0942 1748  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:57:46.0004 1748  tunnel - ok
16:57:46.0036 1748  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:57:46.0051 1748  uagp35 - ok
16:57:46.0082 1748  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:57:46.0160 1748  udfs - ok
16:57:46.0192 1748  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:57:46.0223 1748  UI0Detect - ok
16:57:46.0238 1748  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:57:46.0254 1748  uliagpkx - ok
16:57:46.0301 1748  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
16:57:46.0332 1748  umbus - ok
16:57:46.0363 1748  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:57:46.0410 1748  UmPass - ok
16:57:46.0441 1748  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:57:46.0504 1748  upnphost - ok
16:57:46.0550 1748  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:57:46.0613 1748  USBAAPL64 - ok
16:57:46.0644 1748  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:57:46.0691 1748  usbccgp - ok
16:57:46.0706 1748  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:57:46.0738 1748  usbcir - ok
16:57:46.0753 1748  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:57:46.0800 1748  usbehci - ok
16:57:46.0847 1748  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:57:46.0878 1748  usbhub - ok
16:57:46.0909 1748  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:57:46.0925 1748  usbohci - ok
16:57:46.0972 1748  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:57:47.0003 1748  usbprint - ok
16:57:47.0034 1748  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:57:47.0081 1748  usbscan - ok
16:57:47.0112 1748  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:57:47.0159 1748  USBSTOR - ok
16:57:47.0190 1748  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:57:47.0221 1748  usbuhci - ok
16:57:47.0284 1748  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:57:47.0299 1748  usbvideo - ok
16:57:47.0330 1748  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:57:47.0393 1748  UxSms - ok
16:57:47.0424 1748  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:57:47.0440 1748  VaultSvc - ok
16:57:47.0471 1748  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:57:47.0486 1748  vdrvroot - ok
16:57:47.0518 1748  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:57:47.0564 1748  vds - ok
16:57:47.0596 1748  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:57:47.0611 1748  vga - ok
16:57:47.0627 1748  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:57:47.0689 1748  VgaSave - ok
16:57:47.0736 1748  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:57:47.0752 1748  vhdmp - ok
16:57:47.0767 1748  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:57:47.0783 1748  viaide - ok
16:57:47.0814 1748  [ 63A26AD5494933FE99B1FF3B0660F45A ] vodafone_K380x-z_dc_enum C:\Windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys
16:57:47.0845 1748  vodafone_K380x-z_dc_enum - ok
16:57:47.0861 1748  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:57:47.0876 1748  volmgr - ok
16:57:47.0908 1748  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:57:47.0939 1748  volmgrx - ok
16:57:47.0939 1748  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:57:47.0970 1748  volsnap - ok
16:57:48.0001 1748  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:57:48.0017 1748  vsmraid - ok
16:57:48.0064 1748  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:57:48.0157 1748  VSS - ok
16:57:48.0188 1748  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:57:48.0235 1748  vwifibus - ok
16:57:48.0266 1748  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:57:48.0282 1748  vwififlt - ok
16:57:48.0298 1748  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:57:48.0360 1748  W32Time - ok
16:57:48.0407 1748  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:57:48.0422 1748  WacomPen - ok
16:57:48.0469 1748  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:57:48.0532 1748  WANARP - ok
16:57:48.0547 1748  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:57:48.0578 1748  Wanarpv6 - ok
16:57:48.0641 1748  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:57:48.0719 1748  WatAdminSvc - ok
16:57:48.0781 1748  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:57:48.0890 1748  wbengine - ok
16:57:48.0937 1748  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:57:48.0953 1748  WbioSrvc - ok
16:57:49.0015 1748  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:57:49.0046 1748  wcncsvc - ok
16:57:49.0062 1748  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:57:49.0093 1748  WcsPlugInService - ok
16:57:49.0109 1748  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:57:49.0124 1748  Wd - ok
16:57:49.0156 1748  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:57:49.0202 1748  Wdf01000 - ok
16:57:49.0234 1748  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:57:49.0312 1748  WdiServiceHost - ok
16:57:49.0312 1748  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:57:49.0343 1748  WdiSystemHost - ok
16:57:49.0374 1748  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:57:49.0421 1748  WebClient - ok
16:57:49.0452 1748  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:57:49.0514 1748  Wecsvc - ok
16:57:49.0546 1748  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:57:49.0608 1748  wercplsupport - ok
16:57:49.0624 1748  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:57:49.0670 1748  WerSvc - ok
16:57:49.0702 1748  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:57:49.0748 1748  WfpLwf - ok
16:57:49.0764 1748  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:57:49.0780 1748  WIMMount - ok
16:57:49.0811 1748  WinDefend - ok
16:57:49.0811 1748  WinHttpAutoProxySvc - ok
16:57:49.0889 1748  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:57:49.0951 1748  Winmgmt - ok
16:57:50.0014 1748  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:57:50.0123 1748  WinRM - ok
16:57:50.0216 1748  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:57:50.0263 1748  WinUsb - ok
16:57:50.0326 1748  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:57:50.0372 1748  Wlansvc - ok
16:57:50.0528 1748  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:57:50.0622 1748  wlidsvc - ok
16:57:50.0653 1748  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:57:50.0700 1748  WmiAcpi - ok
16:57:50.0747 1748  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:57:50.0778 1748  wmiApSrv - ok
16:57:50.0825 1748  WMPNetworkSvc - ok
16:57:50.0840 1748  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:57:50.0887 1748  WPCSvc - ok
16:57:50.0903 1748  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:57:50.0950 1748  WPDBusEnum - ok
16:57:50.0981 1748  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:57:51.0028 1748  ws2ifsl - ok
16:57:51.0043 1748  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:57:51.0090 1748  wscsvc - ok
16:57:51.0090 1748  WSearch - ok
16:57:51.0168 1748  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:57:51.0262 1748  wuauserv - ok
16:57:51.0308 1748  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:57:51.0355 1748  WudfPf - ok
16:57:51.0371 1748  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:57:51.0418 1748  WUDFRd - ok
16:57:51.0464 1748  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:57:51.0496 1748  wudfsvc - ok
16:57:51.0542 1748  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:57:51.0574 1748  WwanSvc - ok
16:57:51.0667 1748  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:57:51.0698 1748  YahooAUService - ok
16:57:51.0730 1748  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
16:57:51.0776 1748  yukonw7 - ok
16:57:51.0839 1748  [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
16:57:51.0886 1748  ZTEusbmdm6k - ok
16:57:51.0948 1748  [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
16:57:51.0964 1748  ZTEusbnmea - ok
16:57:51.0979 1748  [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
16:57:51.0995 1748  ZTEusbser6k - ok
16:57:52.0042 1748  [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbvoice     C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
16:57:52.0057 1748  ZTEusbvoice - ok
16:57:52.0104 1748  [ E188176F34478C9EC1D7DDC705A08670 ] ZTEusbwwan      C:\Windows\system32\DRIVERS\ZTEusbwwan.sys
16:57:52.0151 1748  ZTEusbwwan - ok
16:57:52.0182 1748  ================ Scan global ===============================
16:57:52.0213 1748  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:57:52.0244 1748  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:57:52.0260 1748  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:57:52.0276 1748  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:57:52.0307 1748  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:57:52.0307 1748  [Global] - ok
16:57:52.0307 1748  ================ Scan MBR ==================================
16:57:52.0338 1748  [ 61A0FF974577BCDF62466C6EFE1760F9 ] \Device\Harddisk0\DR0
16:57:52.0603 1748  \Device\Harddisk0\DR0 - ok
16:57:52.0603 1748  ================ Scan VBR ==================================
16:57:52.0603 1748  [ 2724A72FBE774E49F634F5F9ADA115B8 ] \Device\Harddisk0\DR0\Partition1
16:57:52.0603 1748  \Device\Harddisk0\DR0\Partition1 - ok
16:57:52.0634 1748  [ A8115E8D5C0A4CA56CE24593B5CDEBB1 ] \Device\Harddisk0\DR0\Partition2
16:57:52.0634 1748  \Device\Harddisk0\DR0\Partition2 - ok
16:57:52.0666 1748  [ 6BAC1E850E26DC395E2AEC3663EF62E1 ] \Device\Harddisk0\DR0\Partition3
16:57:52.0666 1748  \Device\Harddisk0\DR0\Partition3 - ok
16:57:52.0681 1748  ================ Scan active images ========================
16:57:52.0681 1748  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
16:57:52.0681 1748  C:\Windows\System32\drivers\crashdmp.sys - ok
16:57:52.0681 1748  [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
16:57:52.0681 1748  C:\Windows\System32\drivers\Dumpata.sys - ok
16:57:52.0697 1748  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
16:57:52.0697 1748  C:\Windows\System32\drivers\dumpfve.sys - ok
16:57:52.0697 1748  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] C:\Windows\System32\drivers\msahci.sys
16:57:52.0697 1748  C:\Windows\System32\drivers\msahci.sys - ok
16:57:52.0712 1748  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
16:57:52.0712 1748  C:\Windows\System32\drivers\beep.sys - ok
16:57:52.0712 1748  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
16:57:52.0712 1748  C:\Windows\System32\drivers\null.sys - ok
16:57:52.0728 1748  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
16:57:52.0728 1748  C:\Windows\System32\drivers\msfs.sys - ok
16:57:52.0728 1748  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
16:57:52.0728 1748  C:\Windows\System32\drivers\npfs.sys - ok
16:57:52.0744 1748  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
16:57:52.0744 1748  C:\Windows\System32\drivers\RDPENCDD.sys - ok
16:57:52.0744 1748  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
16:57:52.0744 1748  C:\Windows\System32\drivers\vga.sys - ok
16:57:52.0744 1748  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
16:57:52.0744 1748  C:\Windows\System32\drivers\videoprt.sys - ok
16:57:52.0759 1748  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
16:57:52.0759 1748  C:\Windows\System32\drivers\watchdog.sys - ok
16:57:52.0759 1748  [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
16:57:52.0759 1748  C:\Windows\System32\drivers\netbt.sys - ok
16:57:52.0775 1748  [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
16:57:52.0775 1748  C:\Windows\System32\drivers\tdi.sys - ok
16:57:52.0775 1748  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
16:57:52.0775 1748  C:\Windows\System32\drivers\tdx.sys - ok
16:57:52.0790 1748  [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
16:57:52.0790 1748  C:\Windows\System32\drivers\afd.sys - ok
16:57:52.0790 1748  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
16:57:52.0790 1748  C:\Windows\System32\drivers\netbios.sys - ok
16:57:52.0806 1748  [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
16:57:52.0806 1748  C:\Windows\System32\drivers\pacer.sys - ok
16:57:52.0806 1748  [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
16:57:52.0806 1748  C:\Windows\System32\drivers\vwififlt.sys - ok
16:57:52.0806 1748  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
16:57:52.0806 1748  C:\Windows\System32\drivers\wfplwf.sys - ok
16:57:52.0822 1748  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
16:57:52.0822 1748  C:\Windows\System32\drivers\dfsc.sys - ok
16:57:52.0822 1748  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
16:57:52.0822 1748  C:\Windows\System32\drivers\nsiproxy.sys - ok
16:57:52.0837 1748  [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
16:57:52.0837 1748  C:\Windows\System32\drivers\rdbss.sys - ok
16:57:52.0853 1748  [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
16:57:52.0853 1748  C:\Windows\System32\drivers\tunnel.sys - ok
16:57:52.0853 1748  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
16:57:52.0853 1748  C:\Windows\System32\drivers\hdaudbus.sys - ok
16:57:52.0868 1748  [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
16:57:52.0868 1748  C:\Windows\System32\drivers\usbehci.sys - ok
16:57:52.0868 1748  [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
16:57:52.0868 1748  C:\Windows\System32\drivers\usbport.sys - ok
16:57:52.0868 1748  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] C:\Windows\System32\drivers\usbuhci.sys
16:57:52.0868 1748  C:\Windows\System32\drivers\usbuhci.sys - ok
16:57:52.0884 1748  [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
16:57:52.0884 1748  C:\Windows\System32\ntdll.dll - ok
16:57:52.0884 1748  [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
16:57:52.0884 1748  C:\Windows\System32\smss.exe - ok
16:57:52.0900 1748  [ F8633CDD09647A64EE8DB550630427FF ] C:\Windows\System32\drivers\athrx.sys
16:57:52.0900 1748  C:\Windows\System32\drivers\athrx.sys - ok
16:57:52.0900 1748  [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
16:57:52.0900 1748  C:\Windows\System32\autochk.exe - ok
16:57:52.0915 1748  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
16:57:52.0915 1748  C:\Windows\System32\drivers\vwifibus.sys - ok
16:57:52.0915 1748  [ 9AF482D058BE59CC28BCE52E7C4B747C ] C:\Windows\System32\drivers\HpqKbFiltr.sys
16:57:52.0915 1748  C:\Windows\System32\drivers\HpqKbFiltr.sys - ok
16:57:52.0915 1748  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
16:57:52.0915 1748  C:\Windows\System32\drivers\i8042prt.sys - ok
16:57:52.0931 1748  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
16:57:52.0931 1748  C:\Windows\System32\drivers\kbdclass.sys - ok
16:57:52.0931 1748  [ B49DC435AE3695BAC5623DD94B05732D ] C:\Windows\System32\drivers\Rt64win7.sys
16:57:52.0931 1748  C:\Windows\System32\drivers\Rt64win7.sys - ok
16:57:52.0946 1748  [ 3A706A967295E16511E40842B1A2761D ] C:\Windows\System32\drivers\SynTP.sys
16:57:52.0946 1748  C:\Windows\System32\drivers\SynTP.sys - ok
16:57:52.0946 1748  [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
16:57:52.0946 1748  C:\Windows\System32\drivers\usbd.sys - ok
16:57:52.0962 1748  [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
16:57:52.0962 1748  C:\Windows\System32\drivers\cdrom.sys - ok
16:57:52.0962 1748  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
16:57:52.0962 1748  C:\Windows\System32\drivers\mouclass.sys - ok
16:57:52.0978 1748  [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
16:57:52.0978 1748  C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
16:57:52.0978 1748  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
16:57:52.0978 1748  C:\Windows\System32\drivers\blbdrive.sys - ok
16:57:52.0978 1748  [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
16:57:52.0978 1748  C:\Windows\System32\drivers\CompositeBus.sys - ok
16:57:52.0993 1748  [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
16:57:52.0993 1748  C:\Windows\System32\drivers\wmiacpi.sys - ok
16:57:53.0009 1748  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
16:57:53.0009 1748  C:\Windows\System32\drivers\agilevpn.sys - ok
16:57:53.0009 1748  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
16:57:53.0009 1748  C:\Windows\System32\drivers\mssmbios.sys - ok
16:57:53.0024 1748  [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
16:57:53.0024 1748  C:\Windows\System32\drivers\rasl2tp.sys - ok
16:57:53.0024 1748  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
16:57:53.0024 1748  C:\Windows\System32\drivers\ndistapi.sys - ok
16:57:53.0024 1748  [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
16:57:53.0024 1748  C:\Windows\System32\drivers\ndiswan.sys - ok
16:57:53.0040 1748  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
16:57:53.0040 1748  C:\Windows\System32\drivers\raspppoe.sys - ok
16:57:53.0040 1748  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
16:57:53.0040 1748  C:\Windows\System32\drivers\raspptp.sys - ok
16:57:53.0056 1748  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
16:57:53.0056 1748  C:\Windows\System32\drivers\rassstp.sys - ok
16:57:53.0056 1748  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
16:57:53.0056 1748  C:\Windows\System32\drivers\termdd.sys - ok
16:57:53.0071 1748  [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
16:57:53.0071 1748  C:\Windows\System32\drivers\ks.sys - ok
16:57:53.0071 1748  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
16:57:53.0071 1748  C:\Windows\System32\drivers\swenum.sys - ok
16:57:53.0071 1748  [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
16:57:53.0071 1748  C:\Windows\System32\drivers\umbus.sys - ok
16:57:53.0087 1748  [ 6DBD08BC1331C78548298E82C4B667C5 ] C:\Windows\System32\drivers\ew_jubusenum.sys
16:57:53.0087 1748  C:\Windows\System32\drivers\ew_jubusenum.sys - ok
16:57:53.0087 1748  [ 63A26AD5494933FE99B1FF3B0660F45A ] C:\Windows\System32\drivers\vodafone_K380x-z_dc_enum.sys
16:57:53.0087 1748  C:\Windows\System32\drivers\vodafone_K380x-z_dc_enum.sys - ok
16:57:53.0102 1748  [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
16:57:53.0102 1748  C:\Windows\System32\drivers\usbhub.sys - ok
16:57:53.0102 1748  [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
16:57:53.0102 1748  C:\Windows\System32\ws2_32.dll - ok
16:57:53.0118 1748  [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
16:57:53.0118 1748  C:\Windows\System32\usp10.dll - ok
16:57:53.0118 1748  [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
16:57:53.0118 1748  C:\Windows\System32\rpcrt4.dll - ok
16:57:53.0118 1748  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
16:57:53.0118 1748  C:\Windows\System32\msctf.dll - ok
16:57:53.0134 1748  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
16:57:53.0134 1748  C:\Windows\System32\nsi.dll - ok
16:57:53.0134 1748  [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
16:57:53.0134 1748  C:\Windows\System32\kernel32.dll - ok
16:57:53.0149 1748  [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
16:57:53.0149 1748  C:\Windows\System32\oleaut32.dll - ok
16:57:53.0165 1748  [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
16:57:53.0165 1748  C:\Windows\System32\comdlg32.dll - ok
16:57:53.0165 1748  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
16:57:53.0165 1748  C:\Windows\System32\advapi32.dll - ok
16:57:53.0165 1748  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
16:57:53.0165 1748  C:\Windows\System32\lpk.dll - ok
16:57:53.0180 1748  [ F431C3C86FCCC1C53814F043A6CAD825 ] C:\Windows\System32\iertutil.dll
16:57:53.0180 1748  C:\Windows\System32\iertutil.dll - ok
16:57:53.0180 1748  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
16:57:53.0180 1748  C:\Windows\System32\difxapi.dll - ok
16:57:53.0196 1748  [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
16:57:53.0196 1748  C:\Windows\System32\imagehlp.dll - ok
16:57:53.0196 1748  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
16:57:53.0196 1748  C:\Windows\System32\imm32.dll - ok
16:57:53.0212 1748  [ 87BEA2616EFDEC6A1CB3BFCFB09D816A ] C:\Windows\System32\urlmon.dll
16:57:53.0212 1748  C:\Windows\System32\urlmon.dll - ok
16:57:53.0212 1748  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
16:57:53.0212 1748  C:\Windows\System32\clbcatq.dll - ok
16:57:53.0227 1748  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
16:57:53.0227 1748  C:\Windows\System32\normaliz.dll - ok
16:57:53.0227 1748  [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
16:57:53.0227 1748  C:\Windows\System32\user32.dll - ok
16:57:53.0227 1748  [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
16:57:53.0227 1748  C:\Windows\System32\ole32.dll - ok
16:57:53.0243 1748  [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
16:57:53.0243 1748  C:\Windows\System32\setupapi.dll - ok
16:57:53.0243 1748  [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
16:57:53.0243 1748  C:\Windows\System32\msvcrt.dll - ok
16:57:53.0243 1748  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
16:57:53.0243 1748  C:\Windows\System32\sechost.dll - ok
16:57:53.0258 1748  [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
16:57:53.0258 1748  C:\Windows\System32\gdi32.dll - ok
16:57:53.0258 1748  [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
16:57:53.0258 1748  C:\Windows\System32\Wldap32.dll - ok
16:57:53.0274 1748  [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
16:57:53.0274 1748  C:\Windows\System32\shell32.dll - ok
16:57:53.0274 1748  [ 435E9C764E1EF70058580996452BE6A2 ] C:\Windows\System32\wininet.dll
16:57:53.0274 1748  C:\Windows\System32\wininet.dll - ok
16:57:53.0290 1748  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
16:57:53.0290 1748  C:\Windows\System32\comctl32.dll - ok
16:57:53.0290 1748  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
16:57:53.0290 1748  C:\Windows\System32\psapi.dll - ok
16:57:53.0305 1748  [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
16:57:53.0305 1748  C:\Windows\System32\shlwapi.dll - ok
16:57:53.0305 1748  [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
16:57:53.0305 1748  C:\Windows\System32\cfgmgr32.dll - ok
16:57:53.0321 1748  [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
16:57:53.0321 1748  C:\Windows\System32\devobj.dll - ok
16:57:53.0321 1748  [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
16:57:53.0321 1748  C:\Windows\System32\crypt32.dll - ok
16:57:53.0336 1748  [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
16:57:53.0336 1748  C:\Windows\System32\wintrust.dll - ok
16:57:53.0336 1748  [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
16:57:53.0336 1748  C:\Windows\System32\KernelBase.dll - ok
16:57:53.0352 1748  [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
16:57:53.0352 1748  C:\Windows\System32\msasn1.dll - ok
16:57:53.0352 1748  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
16:57:53.0352 1748  C:\Windows\SysWOW64\normaliz.dll - ok
16:57:53.0352 1748  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
16:57:53.0352 1748  C:\Windows\System32\drivers\ndproxy.sys - ok
16:57:53.0368 1748  [ 67972BFC8F23054BD23E1DE1450E40BD ] C:\Windows\System32\drivers\mfefirek.sys
16:57:53.0368 1748  C:\Windows\System32\drivers\mfefirek.sys - ok
16:57:53.0368 1748  [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
16:57:53.0368 1748  C:\Windows\System32\drivers\dxapi.sys - ok
16:57:53.0383 1748  [ 59E21156113E438D1D91AF4FC0C3B19F ] C:\Windows\System32\win32k.sys
16:57:53.0383 1748  C:\Windows\System32\win32k.sys - ok
16:57:53.0383 1748  [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
16:57:53.0383 1748  C:\Windows\System32\csrsrv.dll - ok
16:57:53.0399 1748  [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
16:57:53.0399 1748  C:\Windows\System32\csrss.exe - ok
16:57:53.0399 1748  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
16:57:53.0399 1748  C:\Windows\System32\basesrv.dll - ok
16:57:53.0414 1748  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
16:57:53.0414 1748  C:\Windows\System32\winsrv.dll - ok
16:57:53.0414 1748  [ FEDE0629ECB23650D48989517D4914DA ] C:\Windows\System32\drivers\dxg.sys
16:57:53.0414 1748  C:\Windows\System32\drivers\dxg.sys - ok
16:57:53.0414 1748  [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
16:57:53.0414 1748  C:\Windows\System32\drivers\usbccgp.sys - ok
16:57:53.0430 1748  [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
16:57:53.0430 1748  C:\Windows\System32\tsddd.dll - ok
16:57:53.0430 1748  [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
16:57:53.0430 1748  C:\Windows\System32\profapi.dll - ok
16:57:53.0446 1748  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
16:57:53.0446 1748  C:\Windows\System32\sxssrv.dll - ok
16:57:53.0446 1748  [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
16:57:53.0446 1748  C:\Windows\System32\wininit.exe - ok
16:57:53.0461 1748  [ 1A83FACA2135AF076E8EA73A30B3B26C ] C:\Windows\System32\KBDUK.DLL
16:57:53.0461 1748  C:\Windows\System32\KBDUK.DLL - ok
16:57:53.0461 1748  [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
16:57:53.0461 1748  C:\Windows\System32\RpcRtRemote.dll - ok
16:57:53.0477 1748  [ 8BEC4D6AD2864EDF68D9AD0C6AA6C6D1 ] C:\Windows\System32\vga.dll
16:57:53.0477 1748  C:\Windows\System32\vga.dll - ok
16:57:53.0477 1748  [ E30B04A8FE665C52162D70233ABEA9A3 ] C:\Windows\System32\framebuf.dll
16:57:53.0477 1748  C:\Windows\System32\framebuf.dll - ok
16:57:53.0477 1748  [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
16:57:53.0492 1748  C:\Windows\System32\WlS0WndH.dll - ok
16:57:53.0492 1748  [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
16:57:53.0492 1748  C:\Windows\System32\sxs.dll - ok
16:57:53.0492 1748  [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
16:57:53.0492 1748  C:\Windows\System32\cryptbase.dll - ok
16:57:53.0508 1748  [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
16:57:53.0508 1748  C:\Windows\System32\lsasrv.dll - ok
16:57:53.0508 1748  [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
16:57:53.0508 1748  C:\Windows\System32\lsass.exe - ok
16:57:53.0524 1748  [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
16:57:53.0524 1748  C:\Windows\System32\lsm.exe - ok
16:57:53.0524 1748  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
16:57:53.0524 1748  C:\Windows\System32\services.exe - ok
16:57:53.0524 1748  [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
16:57:53.0524 1748  C:\Windows\System32\sspisrv.dll - ok
16:57:53.0539 1748  [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
16:57:53.0539 1748  C:\Windows\System32\scesrv.dll - ok
16:57:53.0539 1748  [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
16:57:53.0539 1748  C:\Windows\System32\scext.dll - ok
16:57:53.0555 1748  [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
16:57:53.0555 1748  C:\Windows\System32\secur32.dll - ok
16:57:53.0555 1748  [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
16:57:53.0555 1748  C:\Windows\System32\sspicli.dll - ok
16:57:53.0555 1748  [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
16:57:53.0555 1748  C:\Windows\System32\sysntfy.dll - ok
16:57:53.0570 1748  [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
16:57:53.0570 1748  C:\Windows\System32\wmsgapi.dll - ok
16:57:53.0570 1748  [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
16:57:53.0570 1748  C:\Windows\System32\samsrv.dll - ok
16:57:53.0586 1748  [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
16:57:53.0586 1748  C:\Windows\System32\cryptdll.dll - ok
16:57:53.0586 1748  [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
16:57:53.0586 1748  C:\Windows\System32\srvcli.dll - ok
16:57:53.0602 1748  [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
16:57:53.0602 1748  C:\Windows\System32\authz.dll - ok
16:57:53.0602 1748  [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
16:57:53.0602 1748  C:\Windows\System32\cngaudit.dll - ok
16:57:53.0617 1748  [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
16:57:53.0617 1748  C:\Windows\System32\ncrypt.dll - ok
16:57:53.0617 1748  [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
16:57:53.0617 1748  C:\Windows\System32\wevtapi.dll - ok
16:57:53.0633 1748  [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
16:57:53.0633 1748  C:\Windows\System32\bcrypt.dll - ok
16:57:53.0633 1748  [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
16:57:53.0633 1748  C:\Windows\System32\msprivs.dll - ok
16:57:53.0648 1748  [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
16:57:53.0648 1748  C:\Windows\System32\netjoin.dll - ok
16:57:53.0648 1748  [ CB2ABB2DA1E9C977302A78D86D4AE3B0 ] C:\Windows\System32\atmfd.dll
16:57:53.0648 1748  C:\Windows\System32\atmfd.dll - ok
16:57:53.0664 1748  [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
16:57:53.0664 1748  C:\Windows\System32\negoexts.dll - ok
16:57:53.0664 1748  [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
16:57:53.0664 1748  C:\Windows\System32\kerberos.dll - ok
16:57:53.0664 1748  [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
16:57:53.0664 1748  C:\Windows\System32\cryptsp.dll - ok
16:57:53.0680 1748  [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
16:57:53.0680 1748  C:\Windows\System32\msv1_0.dll - ok
16:57:53.0680 1748  [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
16:57:53.0680 1748  C:\Windows\System32\mswsock.dll - ok
16:57:53.0695 1748  [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
16:57:53.0695 1748  C:\Windows\System32\wship6.dll - ok
16:57:53.0695 1748  [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
16:57:53.0695 1748  C:\Windows\System32\netlogon.dll - ok
16:57:53.0711 1748  [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
16:57:53.0711 1748  C:\Windows\System32\dnsapi.dll - ok
16:57:53.0711 1748  [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
16:57:53.0711 1748  C:\Windows\System32\logoncli.dll - ok
16:57:53.0711 1748  [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
16:57:53.0711 1748  C:\Windows\System32\schannel.dll - ok
16:57:53.0726 1748  [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
16:57:53.0726 1748  C:\Windows\System32\wdigest.dll - ok
16:57:53.0726 1748  [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
16:57:53.0726 1748  C:\Windows\System32\rsaenh.dll - ok
16:57:53.0742 1748  [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
16:57:53.0742 1748  C:\Windows\System32\TSpkg.dll - ok
16:57:53.0742 1748  [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
16:57:53.0742 1748  C:\Windows\System32\pku2u.dll - ok
16:57:53.0758 1748  [ 55C892560C1B42BC57FB61AEFCED2F22 ] C:\Windows\System32\LIVESSP.DLL
16:57:53.0758 1748  C:\Windows\System32\LIVESSP.DLL - ok
16:57:53.0758 1748  [ 5B8B5CCD459DDB54F57AB5027E8E4BAA ] C:\Windows\System32\MSOIDSSP.DLL
16:57:53.0758 1748  C:\Windows\System32\MSOIDSSP.DLL - ok
16:57:53.0773 1748  [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
16:57:53.0773 1748  C:\Windows\System32\winlogon.exe - ok
16:57:53.0773 1748  [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
16:57:53.0773 1748  C:\Windows\System32\winsta.dll - ok
16:57:53.0789 1748  [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
16:57:53.0789 1748  C:\Windows\System32\bcryptprimitives.dll - ok
16:57:53.0789 1748  [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
16:57:53.0789 1748  C:\Windows\System32\credssp.dll - ok
16:57:53.0789 1748  [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
16:57:53.0789 1748  C:\Windows\System32\efslsaext.dll - ok
16:57:53.0804 1748  [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
16:57:53.0804 1748  C:\Windows\System32\scecli.dll - ok
16:57:53.0804 1748  [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
16:57:53.0804 1748  C:\Windows\System32\ubpm.dll - ok
16:57:53.0820 1748  [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
16:57:53.0820 1748  C:\Windows\System32\svchost.exe - ok
16:57:53.0820 1748  [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
16:57:53.0820 1748  C:\Windows\System32\umpnpmgr.dll - ok
16:57:53.0836 1748  [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
16:57:53.0836 1748  C:\Windows\System32\devrtl.dll - ok
16:57:53.0836 1748  [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
16:57:53.0836 1748  C:\Windows\System32\SPInf.dll - ok
16:57:53.0836 1748  [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
16:57:53.0836 1748  C:\Windows\System32\gpapi.dll - ok
16:57:53.0851 1748  [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
16:57:53.0851 1748  C:\Windows\System32\userenv.dll - ok
16:57:53.0851 1748  [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
16:57:53.0851 1748  C:\Windows\System32\pcwum.dll - ok
16:57:53.0867 1748  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
16:57:53.0867 1748  C:\Windows\System32\umpo.dll - ok
16:57:53.0867 1748  [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
16:57:53.0867 1748  C:\Windows\System32\powrprof.dll - ok
16:57:53.0867 1748  [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
16:57:53.0867 1748  C:\Windows\System32\drivers\WUDFPf.sys - ok
16:57:53.0882 1748  [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
16:57:53.0882 1748  C:\Windows\System32\rpcss.dll - ok
16:57:53.0882 1748  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
16:57:53.0882 1748  C:\Windows\System32\RpcEpMap.dll - ok
16:57:53.0898 1748  [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
16:57:53.0898 1748  C:\Windows\System32\WSHTCPIP.DLL - ok
16:57:53.0914 1748  [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
16:57:53.0914 1748  C:\Windows\System32\wshqos.dll - ok
16:57:53.0914 1748  [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
16:57:53.0914 1748  C:\Windows\System32\FirewallAPI.dll - ok
16:57:53.0914 1748  [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
16:57:53.0914 1748  C:\Windows\System32\version.dll - ok
16:57:53.0929 1748  [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
16:57:53.0929 1748  C:\Windows\System32\LogonUI.exe - ok
16:57:53.0929 1748  [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
16:57:53.0929 1748  C:\Windows\System32\authui.dll - ok
16:57:53.0945 1748  [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
16:57:53.0945 1748  C:\Windows\System32\wevtsvc.dll - ok
16:57:53.0945 1748  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
16:57:53.0945 1748  C:\Windows\System32\profsvc.dll - ok
16:57:53.0960 1748  [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
16:57:53.0960 1748  C:\Windows\System32\atl.dll - ok
16:57:53.0960 1748  [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
16:57:53.0960 1748  C:\Windows\System32\WUDFSvc.dll - ok
16:57:53.0976 1748  [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
16:57:53.0976 1748  C:\Windows\System32\WUDFPlatform.dll - ok
16:57:53.0976 1748  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
16:57:53.0976 1748  C:\Windows\System32\drivers\nwifi.sys - ok
16:57:53.0976 1748  [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
16:57:53.0976 1748  C:\Windows\System32\drivers\ndisuio.sys - ok
16:57:53.0992 1748  [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
16:57:53.0992 1748  C:\Windows\System32\lmhsvc.dll - ok
16:57:53.0992 1748  [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
16:57:53.0992 1748  C:\Windows\System32\IPHLPAPI.DLL - ok


#8 mraman84

mraman84
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 27 February 2013 - 05:55 PM

TDSSKiller (part2)

 

16:57:54.0007 1748  [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll

16:57:54.0007 1748  C:\Windows\System32\nsisvc.dll - ok
16:57:54.0007 1748  [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
16:57:54.0007 1748  C:\Windows\System32\winnsi.dll - ok
16:57:54.0023 1748  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
16:57:54.0023 1748  C:\Windows\System32\dnsrslvr.dll - ok
16:57:54.0023 1748  [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
16:57:54.0023 1748  C:\Windows\System32\nrpsrv.dll - ok
16:57:54.0023 1748  [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
16:57:54.0023 1748  C:\Windows\System32\nlasvc.dll - ok
16:57:54.0038 1748  [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
16:57:54.0038 1748  C:\Windows\System32\keyiso.dll - ok
16:57:54.0038 1748  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
16:57:54.0038 1748  C:\Windows\System32\dhcpcore.dll - ok
16:57:54.0054 1748  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
16:57:54.0054 1748  C:\Windows\System32\eapsvc.dll - ok
16:57:54.0054 1748  [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
16:57:54.0054 1748  C:\Windows\System32\eapphost.dll - ok
16:57:54.0070 1748  [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
16:57:54.0070 1748  C:\Windows\System32\dhcpcsvc.dll - ok
16:57:54.0070 1748  [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
16:57:54.0070 1748  C:\Windows\System32\ncsi.dll - ok
16:57:54.0085 1748  [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
16:57:54.0085 1748  C:\Windows\System32\dhcpcore6.dll - ok
16:57:54.0085 1748  [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
16:57:54.0085 1748  C:\Windows\System32\winhttp.dll - ok
16:57:54.0101 1748  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
16:57:54.0101 1748  C:\Windows\System32\wlansvc.dll - ok
16:57:54.0101 1748  [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
16:57:54.0101 1748  C:\Windows\System32\wtsapi32.dll - ok
16:57:54.0101 1748  [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
16:57:54.0101 1748  C:\Windows\System32\umb.dll - ok
16:57:54.0116 1748  [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
16:57:54.0116 1748  C:\Windows\System32\webio.dll - ok
16:57:54.0116 1748  [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
16:57:54.0116 1748  C:\Windows\System32\FWPUCLNT.DLL - ok
16:57:54.0132 1748  [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
16:57:54.0132 1748  C:\Windows\System32\dnsext.dll - ok
16:57:54.0132 1748  [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
16:57:54.0132 1748  C:\Windows\System32\dsrole.dll - ok
16:57:54.0148 1748  [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
16:57:54.0148 1748  C:\Windows\System32\ssdpapi.dll - ok
16:57:54.0148 1748  [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
16:57:54.0148 1748  C:\Windows\System32\dhcpcsvc6.dll - ok
16:57:54.0148 1748  [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
16:57:54.0148 1748  C:\Windows\System32\wlanmsm.dll - ok
16:57:54.0163 1748  [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
16:57:54.0163 1748  C:\Windows\System32\wlansec.dll - ok
16:57:54.0163 1748  [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
16:57:54.0163 1748  C:\Windows\System32\onex.dll - ok
16:57:54.0179 1748  [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
16:57:54.0179 1748  C:\Windows\System32\eappprxy.dll - ok
16:57:54.0179 1748  [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
16:57:54.0179 1748  C:\Windows\System32\eappcfg.dll - ok
16:57:54.0194 1748  [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
16:57:54.0194 1748  C:\Windows\System32\wlgpclnt.dll - ok
16:57:54.0194 1748  [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
16:57:54.0194 1748  C:\Windows\System32\l2gpstore.dll - ok
16:57:54.0210 1748  [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
16:57:54.0210 1748  C:\Windows\System32\wlanutil.dll - ok
16:57:54.0210 1748  [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
16:57:54.0210 1748  C:\Windows\System32\WinSCard.dll - ok
16:57:54.0210 1748  [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
16:57:54.0210 1748  C:\Windows\System32\msxml6.dll - ok
16:57:54.0226 1748  [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
16:57:54.0226 1748  C:\Windows\System32\drivers\fltMgr.sys - ok
16:57:54.0226 1748  [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
16:57:54.0226 1748  C:\Windows\System32\PSHED.DLL - ok
16:57:54.0241 1748  [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
16:57:54.0241 1748  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
16:57:54.0241 1748  [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
16:57:54.0241 1748  C:\Windows\System32\adtschema.dll - ok
16:57:54.0241 1748  [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
16:57:54.0241 1748  C:\Windows\System32\netutils.dll - ok
16:57:54.0257 1748  [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
16:57:54.0257 1748  C:\Windows\System32\wkscli.dll - ok
16:57:54.0257 1748  [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
16:57:54.0257 1748  C:\Windows\System32\cryptui.dll - ok
16:57:54.0272 1748  [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
16:57:54.0272 1748  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
16:57:54.0272 1748  [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
16:57:54.0272 1748  C:\Windows\System32\shacct.dll - ok
16:57:54.0288 1748  [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
16:57:54.0288 1748  C:\Windows\System32\propsys.dll - ok
16:57:54.0288 1748  [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
16:57:54.0288 1748  C:\Windows\System32\samlib.dll - ok
16:57:54.0304 1748  [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
16:57:54.0304 1748  C:\Windows\System32\uxtheme.dll - ok
16:57:54.0304 1748  [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
16:57:54.0304 1748  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
16:57:54.0304 1748  [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
16:57:54.0304 1748  C:\Windows\System32\dui70.dll - ok
16:57:54.0319 1748  [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
16:57:54.0319 1748  C:\Windows\System32\duser.dll - ok
16:57:54.0319 1748  [ 43FAB56AE5F639AD59D7209693F4C4C2 ] C:\Windows\System32\wlanext.exe
16:57:54.0319 1748  C:\Windows\System32\wlanext.exe - ok
16:57:54.0335 1748  [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
16:57:54.0335 1748  C:\Windows\System32\conhost.exe - ok
16:57:54.0335 1748  [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
16:57:54.0335 1748  C:\Windows\System32\BFE.DLL - ok
16:57:54.0335 1748  [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
16:57:54.0335 1748  C:\Windows\System32\slc.dll - ok
16:57:54.0350 1748  [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
16:57:54.0350 1748  C:\Windows\System32\drivers\bowser.sys - ok
16:57:54.0366 1748  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
16:57:54.0366 1748  C:\Windows\System32\drivers\mpsdrv.sys - ok
16:57:54.0366 1748  [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
16:57:54.0366 1748  C:\Windows\System32\drivers\mrxsmb.sys - ok
16:57:54.0382 1748  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
16:57:54.0382 1748  C:\Windows\System32\MPSSVC.dll - ok
16:57:54.0382 1748  [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
16:57:54.0382 1748  C:\Windows\System32\drivers\mrxsmb10.sys - ok
16:57:54.0397 1748  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
16:57:54.0397 1748  C:\Windows\System32\drivers\mrxsmb20.sys - ok
16:57:54.0397 1748  [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
16:57:54.0397 1748  C:\Windows\System32\wkssvc.dll - ok
16:57:54.0397 1748  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
16:57:54.0397 1748  C:\Windows\System32\cryptsvc.dll - ok
16:57:54.0413 1748  [ 0C043B0ABBB5E14E68906AB80365395B ] C:\Windows\System32\efssvc.dll
16:57:54.0413 1748  C:\Windows\System32\efssvc.dll - ok
16:57:54.0413 1748  [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
16:57:54.0413 1748  C:\Windows\System32\wfapigp.dll - ok
16:57:54.0428 1748  [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
16:57:54.0428 1748  C:\Windows\System32\cryptnet.dll - ok
16:57:54.0428 1748  [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
16:57:54.0428 1748  C:\Windows\System32\IKEEXT.DLL - ok
16:57:54.0428 1748  [ 7F8E83B9466A0A002D4AB15C104062A7 ] C:\Windows\System32\efscore.dll
16:57:54.0428 1748  C:\Windows\System32\efscore.dll - ok
16:57:54.0444 1748  [ 74CE2EBE64AB78904E33DD4C5F21611F ] C:\Windows\System32\mfevtps.exe
16:57:54.0444 1748  C:\Windows\System32\mfevtps.exe - ok
16:57:54.0444 1748  [ 58283053C781AD3A579C95D7765C1FA0 ] C:\Windows\System32\efsutil.dll
16:57:54.0444 1748  C:\Windows\System32\efsutil.dll - ok
16:57:54.0460 1748  [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
16:57:54.0460 1748  C:\Windows\System32\mscms.dll - ok
16:57:54.0460 1748  [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
16:57:54.0460 1748  C:\Windows\System32\sfc.dll - ok
16:57:54.0475 1748  [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
16:57:54.0475 1748  C:\Windows\System32\sfc_os.dll - ok
16:57:54.0475 1748  [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
16:57:54.0475 1748  C:\Windows\System32\ntmarta.dll - ok
16:57:54.0475 1748  [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
16:57:54.0475 1748  C:\Windows\System32\pcasvc.dll - ok
16:57:54.0491 1748  [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
16:57:54.0491 1748  C:\Windows\System32\snmptrap.exe - ok
16:57:54.0506 1748  [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
16:57:54.0506 1748  C:\Windows\System32\provsvc.dll - ok
16:57:54.0506 1748  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
16:57:54.0506 1748  C:\Windows\System32\sstpsvc.dll - ok
16:57:54.0522 1748  [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
16:57:54.0522 1748  C:\Windows\System32\SndVolSSO.dll - ok
16:57:54.0522 1748  [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
16:57:54.0522 1748  C:\Windows\System32\dwmapi.dll - ok
16:57:54.0522 1748  [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
16:57:54.0522 1748  C:\Windows\System32\hid.dll - ok
16:57:54.0538 1748  [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
16:57:54.0538 1748  C:\Windows\System32\MMDevAPI.dll - ok
16:57:54.0538 1748  [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
16:57:54.0538 1748  C:\Windows\System32\xmllite.dll - ok
16:57:54.0553 1748  [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
16:57:54.0553 1748  C:\Windows\System32\WindowsCodecs.dll - ok
16:57:54.0553 1748  [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
16:57:54.0553 1748  C:\Windows\System32\winbrand.dll - ok
16:57:54.0569 1748  [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
16:57:54.0569 1748  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
16:57:54.0569 1748  [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
16:57:54.0569 1748  C:\Windows\System32\VaultCredProvider.dll - ok
16:57:54.0569 1748  [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
16:57:54.0569 1748  C:\Windows\System32\vpnikeapi.dll - ok
16:57:54.0584 1748  [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
16:57:54.0584 1748  C:\Windows\System32\wbem\WMIsvc.dll - ok
16:57:54.0584 1748  [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
16:57:54.0584 1748  C:\Windows\System32\wbemcomn.dll - ok
16:57:54.0600 1748  [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
16:57:54.0600 1748  C:\Windows\System32\wbem\WinMgmtR.dll - ok
16:57:54.0600 1748  [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
16:57:54.0600 1748  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
16:57:54.0616 1748  [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
16:57:54.0616 1748  C:\Windows\System32\wbem\fastprox.dll - ok
16:57:54.0616 1748  [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
16:57:54.0616 1748  C:\Windows\System32\ntdsapi.dll - ok
16:57:54.0616 1748  [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
16:57:54.0616 1748  C:\Windows\System32\wbem\wbemprox.dll - ok
16:57:54.0631 1748  [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
16:57:54.0631 1748  C:\Windows\System32\vssapi.dll - ok
16:57:54.0631 1748  [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
16:57:54.0631 1748  C:\Windows\System32\vsstrace.dll - ok
16:57:54.0647 1748  [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
16:57:54.0647 1748  C:\Windows\System32\wbem\wbemcore.dll - ok
16:57:54.0662 1748  [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
16:57:54.0662 1748  C:\Windows\System32\wbem\esscli.dll - ok
16:57:54.0662 1748  [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
16:57:54.0662 1748  C:\Windows\System32\wbem\wbemsvc.dll - ok
16:57:54.0678 1748  [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
16:57:54.0678 1748  C:\Windows\System32\wbem\wmiutils.dll - ok
16:57:54.0678 1748  [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
16:57:54.0678 1748  C:\Windows\System32\wbem\repdrvfs.dll - ok
16:57:54.0678 1748  [ 3CBBB569730EFD069B4BD253DDD4AD58 ] C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
16:57:54.0678 1748  C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe - ok
16:57:54.0694 1748  [ B6F1513C78CC8ECE1AC2B74C8206F025 ] C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll
16:57:54.0694 1748  C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll - ok
16:57:54.0694 1748  [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
16:57:54.0694 1748  C:\Windows\System32\UXInit.dll - ok
16:57:54.0709 1748  [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
16:57:54.0709 1748  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
16:57:54.0709 1748  [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
16:57:54.0709 1748  C:\Windows\System32\ncobjapi.dll - ok
16:57:54.0725 1748  [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
16:57:54.0725 1748  C:\Windows\System32\wbem\wbemess.dll - ok
16:57:54.0725 1748  [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
16:57:54.0725 1748  C:\Windows\System32\samcli.dll - ok
16:57:54.0725 1748  [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
16:57:54.0725 1748  C:\Windows\System32\imageres.dll - ok
16:57:54.0740 1748  [ F928E5E72BBA15DD0CE9A26E0413D236 ] C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:57:54.0740 1748  C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe - ok
16:57:54.0740 1748  [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
16:57:54.0740 1748  C:\Windows\System32\netcfgx.dll - ok
16:57:54.0756 1748  [ DF3CA8D16BDED6A54977B30E66864D33 ] C:\Windows\System32\msvcr100.dll
16:57:54.0756 1748  C:\Windows\System32\msvcr100.dll - ok
16:57:54.0756 1748  [ 2C0D7AA2DACF6E11C71F22BFC0050147 ] C:\Program Files\Common Files\McAfee\MSC\LogCntrl.dll
16:57:54.0756 1748  C:\Program Files\Common Files\McAfee\MSC\LogCntrl.dll - ok
16:57:54.0772 1748  [ E30E33FEA53642563CF4C240CACA5D2E ] C:\PROGRA~1\McAfee\MPF\MpfSvc.dll
16:57:54.0772 1748  C:\PROGRA~1\McAfee\MPF\MpfSvc.dll - ok
16:57:54.0772 1748  [ 30830E9DA7F0BA3946665827D5247EC0 ] C:\PROGRA~1\McAfee\MPF\MpfEvt.dll
16:57:54.0772 1748  C:\PROGRA~1\McAfee\MPF\MpfEvt.dll - ok
16:57:54.0787 1748  [ 5A55E3E6F53592F8170623DEFA2B7954 ] C:\Windows\System32\atl100.dll
16:57:54.0787 1748  C:\Windows\System32\atl100.dll - ok
16:57:54.0787 1748  [ 4F096D96285E06CD51AEF7D2D3DE04DA ] C:\Windows\System32\msvcp100.dll
16:57:54.0787 1748  C:\Windows\System32\msvcp100.dll - ok
16:57:54.0803 1748  [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
16:57:54.0803 1748  C:\Windows\System32\msxml3.dll - ok
16:57:54.0803 1748  [ F1F438402FC37991A0502F09CC0AA284 ] C:\PROGRA~1\COMMON~1\McAfee\HACKER~1\HWAPI.dll
16:57:54.0803 1748  C:\PROGRA~1\COMMON~1\McAfee\HACKER~1\HWAPI.dll - ok
16:57:54.0818 1748  [ 8ED06C74B9BC9CE0E24EA0CB0C5CF2A7 ] C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll
16:57:54.0818 1748  C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll - ok
16:57:54.0818 1748  [ 19B8FEB9455D9D63425514271F5752E6 ] C:\PROGRA~1\McAfee\MSC\mclwapi.dll
16:57:54.0818 1748  C:\PROGRA~1\McAfee\MSC\mclwapi.dll - ok
16:57:54.0834 1748  [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
16:57:54.0834 1748  C:\Windows\System32\dllhost.exe - ok
16:57:54.0834 1748  [ 254C46A466484D4169DFF44B29F6A979 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\11_6_2~1\mcutil.dll
16:57:54.0834 1748  C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\11_6_2~1\mcutil.dll - ok
16:57:54.0834 1748  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
16:57:54.0834 1748  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
16:57:54.0850 1748  [ 1F4070CD7B8AFFC4E8E4204277ABBC0D ] C:\Program Files\Common Files\McAfee\VSCore\lockdown.dll
16:57:54.0850 1748  C:\Program Files\Common Files\McAfee\VSCore\lockdown.dll - ok
16:57:54.0850 1748  [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
16:57:54.0850 1748  C:\Windows\System32\IDStore.dll - ok
16:57:54.0865 1748  [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
16:57:54.0865 1748  C:\Windows\System32\mpr.dll - ok
16:57:54.0865 1748  [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
16:57:54.0865 1748  C:\Windows\System32\AtBroker.exe - ok
16:57:54.0865 1748  [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
16:57:54.0865 1748  C:\Windows\System32\userinit.exe - ok
16:57:54.0881 1748  [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
16:57:54.0881 1748  C:\Windows\explorer.exe - ok
16:57:54.0881 1748  [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
16:57:54.0881 1748  C:\Windows\System32\ExplorerFrame.dll - ok
16:57:54.0896 1748  [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
16:57:54.0896 1748  C:\Windows\System32\apphelp.dll - ok
16:57:54.0896 1748  [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
16:57:54.0896 1748  C:\Windows\System32\EhStorShell.dll - ok
16:57:54.0912 1748  [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
16:57:54.0912 1748  C:\Windows\System32\cscapi.dll - ok
16:57:54.0912 1748  [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
16:57:54.0912 1748  C:\Windows\System32\ntshrui.dll - ok
16:57:54.0928 1748  [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
16:57:54.0928 1748  C:\Windows\System32\IconCodecService.dll - ok
16:57:54.0928 1748  [ C97C8EC408AC6F2453EB9417E5EF355A ] C:\Program Files\Common Files\McAfee\MSC\McRTMui.dll
16:57:54.0928 1748  C:\Program Files\Common Files\McAfee\MSC\McRTMui.dll - ok
16:57:54.0928 1748  [ 57FA62B72A77EA12B95EB73501D92B63 ] C:\Program Files\Common Files\McAfee\MSC\LangSel.dll
16:57:54.0928 1748  C:\Program Files\Common Files\McAfee\MSC\LangSel.dll - ok
16:57:54.0943 1748  [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
16:57:54.0943 1748  C:\Windows\System32\runonce.exe - ok
16:57:54.0943 1748  [ A5FA1C3B77FD9384D2E34750DCE1E2C5 ] C:\Program Files\McAfee\MSC\oemui.dll
16:57:54.0943 1748  C:\Program Files\McAfee\MSC\oemui.dll - ok
16:57:54.0959 1748  [ 88FD96AD1B0C56474ADDC97100FFFA39 ] C:\Program Files\McAfee\MPF\L10N.dll
16:57:54.0959 1748  C:\Program Files\McAfee\MPF\L10N.dll - ok
16:57:54.0974 1748  [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
16:57:54.0974 1748  C:\Windows\SysWOW64\ntdll.dll - ok
16:57:54.0974 1748  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
16:57:54.0974 1748  C:\Windows\SysWOW64\runonce.exe - ok
16:57:54.0974 1748  [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
16:57:54.0974 1748  C:\Windows\System32\wow64.dll - ok
16:57:54.0990 1748  [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
16:57:54.0990 1748  C:\Windows\System32\wow64cpu.dll - ok
16:57:54.0990 1748  [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
16:57:54.0990 1748  C:\Windows\System32\wow64win.dll - ok
16:57:55.0006 1748  [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
16:57:55.0006 1748  C:\Windows\SysWOW64\kernel32.dll - ok
16:57:55.0006 1748  [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
16:57:55.0006 1748  C:\Windows\System32\ktmw32.dll - ok
16:57:55.0021 1748  [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
16:57:55.0021 1748  C:\Windows\SysWOW64\advapi32.dll - ok
16:57:55.0021 1748  [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
16:57:55.0021 1748  C:\Windows\SysWOW64\KernelBase.dll - ok
16:57:55.0037 1748  [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
16:57:55.0037 1748  C:\Windows\SysWOW64\msvcrt.dll - ok
16:57:55.0037 1748  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
16:57:55.0037 1748  C:\Windows\SysWOW64\cryptbase.dll - ok
16:57:55.0037 1748  [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
16:57:55.0037 1748  C:\Windows\SysWOW64\gdi32.dll - ok
16:57:55.0052 1748  [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
16:57:55.0052 1748  C:\Windows\SysWOW64\rpcrt4.dll - ok
16:57:55.0052 1748  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
16:57:55.0052 1748  C:\Windows\SysWOW64\sechost.dll - ok
16:57:55.0068 1748  [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
16:57:55.0068 1748  C:\Windows\SysWOW64\sspicli.dll - ok
16:57:55.0068 1748  [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
16:57:55.0068 1748  C:\Windows\SysWOW64\user32.dll - ok
16:57:55.0084 1748  [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
16:57:55.0084 1748  C:\Windows\SysWOW64\lpk.dll - ok
16:57:55.0084 1748  [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
16:57:55.0084 1748  C:\Windows\SysWOW64\ole32.dll - ok
16:57:55.0084 1748  [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
16:57:55.0084 1748  C:\Windows\SysWOW64\shlwapi.dll - ok
16:57:55.0099 1748  [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
16:57:55.0099 1748  C:\Windows\SysWOW64\usp10.dll - ok
16:57:55.0115 1748  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
16:57:55.0115 1748  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
16:57:55.0115 1748  [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
16:57:55.0115 1748  C:\Windows\SysWOW64\shell32.dll - ok
16:57:55.0115 1748  [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
16:57:55.0115 1748  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
16:57:55.0130 1748  [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
16:57:55.0130 1748  C:\Windows\System32\wbem\cimwin32.dll - ok
16:57:55.0130 1748  [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
16:57:55.0130 1748  C:\Windows\System32\framedynos.dll - ok
16:57:55.0146 1748  [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
16:57:55.0146 1748  C:\Windows\SysWOW64\imm32.dll - ok
16:57:55.0146 1748  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
16:57:55.0146 1748  C:\Windows\SysWOW64\msctf.dll - ok
16:57:55.0162 1748  [ 42B6A94DD747DF2B5F628A2752E62A98 ] C:\Windows\System32\ctfmon.exe
16:57:55.0162 1748  C:\Windows\System32\ctfmon.exe - ok
16:57:55.0162 1748  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
16:57:55.0162 1748  C:\Windows\System32\MsCtfMonitor.dll - ok
16:57:55.0162 1748  [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
16:57:55.0162 1748  C:\Windows\System32\msutb.dll - ok
16:57:55.0177 1748  [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
16:57:55.0177 1748  C:\Windows\System32\timedate.cpl - ok
16:57:55.0177 1748  [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
16:57:55.0177 1748  C:\Windows\System32\wmi.dll - ok
16:57:55.0193 1748  [ 7625F3667DFC3B00B8BFFCA013B99E42 ] C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll
16:57:55.0193 1748  C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll - ok
16:57:55.0193 1748  [ 732E668096B1A37B7BFD4B9021E69A8E ] C:\Windows\System32\oleres.dll
16:57:55.0193 1748  C:\Windows\System32\oleres.dll - ok
16:57:55.0208 1748  [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
16:57:55.0208 1748  C:\Windows\System32\hnetcfg.dll - ok
16:57:55.0208 1748  [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
16:57:55.0208 1748  C:\Windows\System32\shdocvw.dll - ok
16:57:55.0208 1748  [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
16:57:55.0224 1748  C:\Windows\System32\linkinfo.dll - ok
16:57:55.0224 1748  [ FA752544EE1EE59E8AD938CBB43CAC93 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
16:57:55.0224 1748  C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
16:57:55.0224 1748  [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
16:57:55.0224 1748  C:\Windows\System32\msftedit.dll - ok
16:57:55.0240 1748  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
16:57:55.0240 1748  C:\Windows\System32\IPSECSVC.DLL - ok
16:57:55.0240 1748  [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
16:57:55.0240 1748  C:\Windows\System32\FwRemoteSvr.dll - ok
16:57:55.0255 1748  [ A73276435F75025DA6E67B2470E1FE16 ] C:\Windows\System32\drivers\cfwids.sys
16:57:55.0255 1748  C:\Windows\System32\drivers\cfwids.sys - ok
16:57:55.0255 1748  [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
16:57:55.0255 1748  C:\Windows\System32\gameux.dll - ok
16:57:55.0271 1748  [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
16:57:55.0271 1748  C:\Windows\System32\msls31.dll - ok
16:57:55.0271 1748  [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
16:57:55.0271 1748  C:\Windows\System32\wer.dll - ok
16:57:55.0286 1748  [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
16:57:55.0286 1748  C:\Windows\System32\DeviceCenter.dll - ok
16:57:55.0286 1748  [ 35126DDDE8241C4C4A5F15F6CDDF4434 ] C:\Windows\System32\ieframe.dll
16:57:55.0286 1748  C:\Windows\System32\ieframe.dll - ok
16:57:55.0286 1748  [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
16:57:55.0286 1748  C:\Windows\System32\oleacc.dll - ok
16:57:55.0302 1748  [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
16:57:55.0302 1748  C:\Windows\System32\msi.dll - ok
16:57:55.0302 1748  [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
16:57:55.0302 1748  C:\Windows\System32\msiltcfg.dll - ok
16:57:55.0318 1748  [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
16:57:55.0318 1748  C:\Windows\System32\thumbcache.dll - ok
16:57:55.0318 1748  [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
16:57:55.0318 1748  C:\Windows\System32\networkexplorer.dll - ok
16:57:55.0333 1748  [ BBD351CB2E5455F0E96FE4460EC05F52 ] C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
16:57:55.0333 1748  C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe - ok
16:57:55.0333 1748  [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
16:57:55.0333 1748  C:\Windows\System32\winmm.dll - ok
16:57:55.0349 1748  [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
16:57:55.0349 1748  C:\Windows\System32\avrt.dll - ok
16:57:55.0349 1748  [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
16:57:55.0349 1748  C:\Windows\System32\ksuser.dll - ok
16:57:55.0349 1748  [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
16:57:55.0349 1748  C:\Windows\System32\wdmaud.drv - ok
16:57:55.0364 1748  [ F2EAA9C72F228E19D37D0B57C179E545 ] C:\Windows\Installer\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}\iTunesIco.exe
16:57:55.0364 1748  C:\Windows\Installer\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}\iTunesIco.exe - ok
16:57:55.0364 1748  [ 0100BCF23941C83462E4A70F94C3392E ] C:\Program Files\Internet Explorer\iexplore.exe
16:57:55.0364 1748  C:\Program Files\Internet Explorer\iexplore.exe - ok
16:57:55.0364 1748  [ A0F1C8C0935233F36886997759FADE92 ] C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
16:57:55.0364 1748  C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe - ok
16:57:55.0380 1748  [ BBAAE027C176402E221CADBFCAEB5407 ] C:\Windows\System32\zipfldr.dll
16:57:55.0380 1748  C:\Windows\System32\zipfldr.dll - ok
16:57:55.0396 1748  [ 625020DE1DBE6A19EDF26916A127AD3D ] C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
16:57:55.0396 1748  C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe - ok
16:57:55.0396 1748  [ 2809F6A69068C6C56860E6B8B8DB4AFB ] C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
16:57:55.0396 1748  C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe - ok
16:57:55.0411 1748  [ 85D6E8F735865B502D65D1D91A79E3F3 ] C:\Windows\System32\browserchoice.exe
16:57:55.0411 1748  C:\Windows\System32\browserchoice.exe - ok
16:57:55.0411 1748  [ 10E4A1D2132CCB5C6759F038CDB6F3C9 ] C:\Windows\System32\calc.exe
16:57:55.0411 1748  C:\Windows\System32\calc.exe - ok
16:57:55.0427 1748  [ F2C7BB8ACC97F92E987A2D4087D021B1 ] C:\Windows\System32\notepad.exe
16:57:55.0427 1748  C:\Windows\System32\notepad.exe - ok
16:57:55.0427 1748  [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
16:57:55.0427 1748  C:\Windows\System32\batmeter.dll - ok
16:57:55.0427 1748  [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
16:57:55.0427 1748  C:\Windows\System32\stobject.dll - ok
16:57:55.0442 1748  [ 11F174ED2050121C394C17B4F7B69983 ] C:\Windows\System32\AuthFWGP.dll
16:57:55.0442 1748  C:\Windows\System32\AuthFWGP.dll - ok
16:57:55.0442 1748  [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
16:57:55.0442 1748  C:\Windows\System32\prnfldr.dll - ok
16:57:55.0458 1748  [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
16:57:55.0458 1748  C:\Windows\System32\es.dll - ok
16:57:55.0458 1748  [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
16:57:55.0458 1748  C:\Windows\System32\winspool.drv - ok
16:57:55.0474 1748  [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
16:57:55.0474 1748  C:\Windows\System32\DXP.dll - ok
16:57:55.0474 1748  [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
16:57:55.0474 1748  C:\Windows\System32\Syncreg.dll - ok
16:57:55.0474 1748  [ DB70FE36AC8F594E9E69479C076BADB8 ] C:\Windows\System32\HelpPaneProxy.dll
16:57:55.0474 1748  C:\Windows\System32\HelpPaneProxy.dll - ok
16:57:55.0489 1748  [ CD47548A52B02D254BF6D7F7A5F2BFD3 ] C:\Windows\HelpPane.exe
16:57:55.0489 1748  C:\Windows\HelpPane.exe - ok
16:57:55.0489 1748  [ 86F1F949DD51FB5A044F1BD34CBE4AA8 ] C:\Windows\System32\apds.dll
16:57:55.0489 1748  C:\Windows\System32\apds.dll - ok
16:57:55.0505 1748  [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
16:57:55.0505 1748  C:\Windows\System32\rasapi32.dll - ok
16:57:55.0505 1748  [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
16:57:55.0505 1748  C:\Windows\System32\rasman.dll - ok
16:57:55.0520 1748  [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
16:57:55.0520 1748  C:\Windows\System32\rtutils.dll - ok
16:57:55.0520 1748  [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
16:57:55.0520 1748  C:\Windows\System32\UIAnimation.dll - ok
16:57:55.0520 1748  [ 14DEB733ACB08A71CC0783ED02FF1F8D ] C:\Windows\System32\mshtml.dll
16:57:55.0520 1748  C:\Windows\System32\mshtml.dll - ok
16:57:55.0536 1748  [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
16:57:55.0536 1748  C:\Windows\System32\AltTab.dll - ok
16:57:55.0536 1748  [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
16:57:55.0536 1748  C:\Windows\System32\pnidui.dll - ok
16:57:55.0552 1748  [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
16:57:55.0552 1748  C:\Windows\System32\QUTIL.DLL - ok
16:57:55.0552 1748  [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
16:57:55.0552 1748  C:\Windows\ehome\ehSSO.dll - ok
16:57:55.0567 1748  [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
16:57:55.0567 1748  C:\Windows\System32\netman.dll - ok
16:57:55.0567 1748  [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
16:57:55.0567 1748  C:\Windows\System32\nlaapi.dll - ok
16:57:55.0583 1748  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
16:57:55.0583 1748  C:\Windows\System32\netprofm.dll - ok
16:57:55.0583 1748  [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
16:57:55.0583 1748  C:\Windows\System32\rasadhlp.dll - ok
16:57:55.0598 1748  [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
16:57:55.0598 1748  C:\Windows\System32\netshell.dll - ok
16:57:55.0598 1748  [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
16:57:55.0598 1748  C:\Windows\System32\WPDShServiceObj.dll - ok
16:57:55.0614 1748  [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
16:57:55.0614 1748  C:\Windows\System32\npmproxy.dll - ok
16:57:55.0614 1748  [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
16:57:55.0614 1748  C:\Windows\System32\PortableDeviceTypes.dll - ok
16:57:55.0614 1748  [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
16:57:55.0614 1748  C:\Windows\System32\PortableDeviceApi.dll - ok
16:57:55.0630 1748  [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
16:57:55.0630 1748  C:\Windows\System32\srchadmin.dll - ok
16:57:55.0630 1748  [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
16:57:55.0630 1748  C:\Windows\System32\rasdlg.dll - ok
16:57:55.0645 1748  [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
16:57:55.0645 1748  C:\Windows\System32\mprapi.dll - ok
16:57:55.0645 1748  [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
16:57:55.0645 1748  C:\Windows\System32\taskschd.dll - ok
16:57:55.0645 1748  [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
16:57:55.0645 1748  C:\Windows\System32\mstask.dll - ok
16:57:55.0661 1748  [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
16:57:55.0661 1748  C:\Windows\System32\dot3api.dll - ok
16:57:55.0661 1748  [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
16:57:55.0661 1748  C:\Windows\System32\webcheck.dll - ok
16:57:55.0676 1748  [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
16:57:55.0676 1748  C:\Windows\System32\wlanhlp.dll - ok
16:57:55.0676 1748  [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
16:57:55.0676 1748  C:\Windows\System32\wlanapi.dll - ok
16:57:55.0692 1748  [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
16:57:55.0692 1748  C:\Windows\System32\mlang.dll - ok
16:57:55.0692 1748  [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
16:57:55.0692 1748  C:\Windows\System32\SyncCenter.dll - ok
16:57:55.0708 1748  [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
16:57:55.0708 1748  C:\Windows\System32\ActionCenter.dll - ok
16:57:55.0708 1748  [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
16:57:55.0708 1748  C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
16:57:55.0708 1748  [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
16:57:55.0708 1748  C:\Windows\System32\WWanAPI.dll - ok
16:57:55.0723 1748  [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
16:57:55.0723 1748  C:\Program Files\Windows Media Player\wmpnssci.dll - ok
16:57:55.0723 1748  [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
16:57:55.0723 1748  C:\Windows\System32\wwapi.dll - ok
16:57:55.0739 1748  [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
16:57:55.0739 1748  C:\Windows\System32\imapi2.dll - ok
16:57:55.0739 1748  [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
16:57:55.0739 1748  C:\Windows\System32\QAGENT.DLL - ok
16:57:55.0739 1748  [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
16:57:55.0739 1748  C:\Windows\System32\bthprops.cpl - ok
16:57:55.0754 1748  [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
16:57:55.0754 1748  C:\Windows\System32\hgcpl.dll - ok
16:57:55.0754 1748  [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
16:57:55.0754 1748  C:\Windows\System32\actxprxy.dll - ok
16:57:55.0770 1748  [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
16:57:55.0770 1748  C:\Program Files\Bonjour\mdnsNSP.dll - ok
16:57:55.0770 1748  [ 28AD5E311996A34025CFB07E131058DD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
16:57:55.0770 1748  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
16:57:55.0786 1748  [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
16:57:55.0786 1748  C:\Windows\System32\NapiNSP.dll - ok
16:57:55.0786 1748  [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
16:57:55.0786 1748  C:\Windows\System32\pnrpnsp.dll - ok
16:57:55.0801 1748  [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
16:57:55.0801 1748  C:\Windows\System32\winrnr.dll - ok
16:57:55.0801 1748  [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
16:57:55.0801 1748  C:\Windows\System32\dssenh.dll - ok
16:57:55.0801 1748  [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
16:57:55.0801 1748  C:\Windows\System32\SensApi.dll - ok
16:57:55.0817 1748  [ 1F04E809409A9B5FFD510B5FD89A1155 ] C:\Windows\System32\d2d1.dll
16:57:55.0817 1748  C:\Windows\System32\d2d1.dll - ok
16:57:55.0817 1748  [ 7426279D625196393EABBEFE1C60A0C2 ] C:\Windows\System32\DWrite.dll
16:57:55.0817 1748  C:\Windows\System32\DWrite.dll - ok
16:57:55.0832 1748  [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
16:57:55.0832 1748  C:\Windows\System32\d3d10_1.dll - ok
16:57:55.0832 1748  [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
16:57:55.0832 1748  C:\Windows\System32\d3d10_1core.dll - ok
16:57:55.0848 1748  [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
16:57:55.0848 1748  C:\Windows\System32\dxgi.dll - ok
16:57:55.0848 1748  [ 64ABE1250EC1A1CFD1442E7C8800216E ] C:\Windows\System32\d3d10warp.dll
16:57:55.0848 1748  C:\Windows\System32\d3d10warp.dll - ok
16:57:55.0864 1748  [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
16:57:55.0864 1748  C:\Windows\System32\FXSST.dll - ok
16:57:55.0864 1748  [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
16:57:55.0864 1748  C:\Windows\System32\FXSAPI.dll - ok
16:57:55.0879 1748  [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
16:57:55.0879 1748  C:\Windows\System32\FXSRESM.dll - ok
16:57:55.0879 1748  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
16:57:55.0879 1748  C:\Windows\System32\FXSSVC.exe - ok
16:57:55.0895 1748  [ B3CE0951E3C1EA3C733573C472EE85F9 ] C:\Windows\System32\msimtf.dll
16:57:55.0895 1748  C:\Windows\System32\msimtf.dll - ok
16:57:55.0895 1748  [ BD66ECA9479C688412DDDA9F2CCD2C69 ] C:\Windows\System32\d3d10.dll
16:57:55.0895 1748  C:\Windows\System32\d3d10.dll - ok
16:57:55.0895 1748  [ B628DA8B548E6D11A35B86799714CB22 ] C:\Windows\System32\d3d10core.dll
16:57:55.0895 1748  C:\Windows\System32\d3d10core.dll - ok
16:57:55.0910 1748  [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
16:57:55.0910 1748  C:\Windows\System32\wmp.dll - ok
16:57:55.0910 1748  [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
16:57:55.0910 1748  C:\Windows\System32\wmploc.DLL - ok
16:57:55.0926 1748  [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
16:57:55.0926 1748  C:\Windows\System32\esent.dll - ok
16:57:55.0926 1748  [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
16:57:55.0926 1748  C:\Windows\System32\wbem\NCProv.dll - ok
16:57:55.0926 1748  [ 66E4246FEF8C364611F9782AA0809F42 ] C:\Program Files\Internet Explorer\ieproxy.dll
16:57:55.0926 1748  C:\Program Files\Internet Explorer\ieproxy.dll - ok
16:57:55.0942 1748  [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
16:57:55.0942 1748  C:\Windows\System32\fundisc.dll - ok
16:57:55.0942 1748  [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
16:57:55.0942 1748  C:\Windows\System32\fdProxy.dll - ok
16:57:55.0957 1748  [ 4E81439902079C348B61D7FF027FE147 ] C:\Windows\System32\StructuredQuery.dll
16:57:55.0957 1748  C:\Windows\System32\StructuredQuery.dll - ok
16:57:55.0957 1748  [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
16:57:55.0957 1748  C:\Windows\System32\drprov.dll - ok
16:57:55.0973 1748  [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
16:57:55.0973 1748  C:\Windows\System32\ntlanman.dll - ok
16:57:55.0973 1748  [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
16:57:55.0973 1748  C:\Windows\System32\davclnt.dll - ok
16:57:55.0973 1748  [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
16:57:55.0973 1748  C:\Windows\System32\davhlpr.dll - ok
16:57:55.0988 1748  [ E5BD9C9B7A160D04A9CDD78F3B265C4C ] C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
16:57:55.0988 1748  C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll - ok
16:57:55.0988 1748  [ A8704A10FFDE468F4AB18EBF82A9A86F ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
16:57:55.0988 1748  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
16:57:56.0004 1748  [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
16:57:56.0004 1748  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
16:57:56.0004 1748  [ 4715F8F8CDBFFF2728BA38B789A1D7C7 ] C:\Windows\System32\wpdshext.dll
16:57:56.0004 1748  C:\Windows\System32\wpdshext.dll - ok
16:57:56.0020 1748  [ 03AB2A2E426C2AD400AC8315226347F8 ] C:\Windows\System32\EhStorAPI.dll
16:57:56.0020 1748  C:\Windows\System32\EhStorAPI.dll - ok
16:57:56.0020 1748  [ F2319A3C94859C0AC0C811CC97B78D52 ] C:\Users\IFG\Downloads\FRST64 (1).exe
16:57:56.0020 1748  C:\Users\IFG\Downloads\FRST64 (1).exe - ok
16:57:56.0035 1748  [ F2319A3C94859C0AC0C811CC97B78D52 ] C:\Users\IFG\Downloads\FRST64.exe
16:57:56.0035 1748  C:\Users\IFG\Downloads\FRST64.exe - ok
16:57:56.0035 1748  [ F2319A3C94859C0AC0C811CC97B78D52 ] C:\Users\IFG\Downloads\FRST64 (2).exe
16:57:56.0035 1748  C:\Users\IFG\Downloads\FRST64 (2).exe - ok
16:57:56.0035 1748  [ F2319A3C94859C0AC0C811CC97B78D52 ] C:\Users\IFG\Downloads\FRST64 (3).exe
16:57:56.0035 1748  C:\Users\IFG\Downloads\FRST64 (3).exe - ok
16:57:56.0051 1748  [ F2319A3C94859C0AC0C811CC97B78D52 ] C:\Users\IFG\Downloads\FRST64 (4).exe
16:57:56.0051 1748  C:\Users\IFG\Downloads\FRST64 (4).exe - ok
16:57:56.0051 1748  [ 59D6855D1E465385BF408F4E9860C902 ] C:\Users\IFG\Downloads\HitmanPro_x64 (1).exe
16:57:56.0051 1748  C:\Users\IFG\Downloads\HitmanPro_x64 (1).exe - ok
16:57:56.0066 1748  [ 59D6855D1E465385BF408F4E9860C902 ] C:\Users\IFG\Downloads\HitmanPro_x64 (2).exe
16:57:56.0066 1748  C:\Users\IFG\Downloads\HitmanPro_x64 (2).exe - ok
16:57:56.0066 1748  [ 59D6855D1E465385BF408F4E9860C902 ] C:\Users\IFG\Downloads\HitmanPro_x64 (3).exe
16:57:56.0066 1748  C:\Users\IFG\Downloads\HitmanPro_x64 (3).exe - ok
16:57:56.0082 1748  [ 59D6855D1E465385BF408F4E9860C902 ] C:\Users\IFG\Downloads\HitmanPro_x64.exe
16:57:56.0082 1748  C:\Users\IFG\Downloads\HitmanPro_x64.exe - ok
16:57:56.0082 1748  [ B89910DBAD3A7C4782ECFD5F582D37D3 ] C:\PROGRA~1\McAfee\MSC\mcmscsub.dll
16:57:56.0082 1748  C:\PROGRA~1\McAfee\MSC\mcmscsub.dll - ok
16:57:56.0098 1748  [ FFB6E1AACCF286EBD549DFDAA93BC940 ] C:\PROGRA~1\McAfee\MSC\mcregobj\11_6_4~1\mcregobj.dll
16:57:56.0098 1748  C:\PROGRA~1\McAfee\MSC\mcregobj\11_6_4~1\mcregobj.dll - ok
16:57:56.0098 1748  [ BAB84C5B1EDB5845CDCEDD057533533B ] C:\Program Files\McAfee\MSC\mcoemres.dll
16:57:56.0098 1748  C:\Program Files\McAfee\MSC\mcoemres.dll - ok
16:57:56.0098 1748  [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
16:57:56.0098 1748  C:\Program Files\Windows Defender\MpSvc.dll - ok
16:57:56.0113 1748  [ 3C5AE07EECF8CF0A69E0D9E9AB3D06C1 ] C:\Program Files\McAfee\MSC\mcprlres.dll
16:57:56.0113 1748  C:\Program Files\McAfee\MSC\mcprlres.dll - ok
16:57:56.0113 1748  [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
16:57:56.0113 1748  C:\Program Files\Windows Defender\MpClient.dll - ok
16:57:56.0129 1748  [ AA59306D5EB1D78E0911183B3AFBC6F5 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll
16:57:56.0129 1748  C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll - ok
16:57:56.0129 1748  [ 7CC7440BAF323AF4826EDD99CC9A3B4A ] C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL
16:57:56.0129 1748  C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL - ok
16:57:56.0144 1748  [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
16:57:56.0144 1748  C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
16:57:56.0144 1748  [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll
16:57:56.0160 1748  C:\Program Files\Windows Defender\MpEvMsg.dll - ok
16:57:56.0160 1748  [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll
16:57:56.0160 1748  C:\Program Files\Windows Defender\MpRTP.dll - ok
16:57:56.0160 1748  [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
16:57:56.0160 1748  C:\Windows\System32\tdh.dll - ok
16:57:56.0176 1748  [ 76A11F575782DBAE74F05B8796EF7F9D ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
16:57:56.0176 1748  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll - ok
16:57:56.0176 1748  [ 436EB2742ED35C1ED9DDCB83C9BCF68A ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpasbase.vdm
16:57:56.0176 1748  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpasbase.vdm - ok
16:57:56.0191 1748  [ A71E1EF3F7E6D0A0E471492DC459D064 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpasdlta.vdm
16:57:56.0191 1748  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpasdlta.vdm - ok
16:57:56.0191 1748  [ 76A11F575782DBAE74F05B8796EF7F9D ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpengine.dll
16:57:56.0191 1748  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpengine.dll - ok
16:57:56.0207 1748  [ 436EB2742ED35C1ED9DDCB83C9BCF68A ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpasbase.vdm
16:57:56.0207 1748  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpasbase.vdm - ok
16:57:56.0207 1748  [ 76A11F575782DBAE74F05B8796EF7F9D ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpengine.dll
16:57:56.0207 1748  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpengine.dll - ok
16:57:56.0222 1748  [ A71E1EF3F7E6D0A0E471492DC459D064 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpasdlta.vdm
16:57:56.0222 1748  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpasdlta.vdm - ok
16:57:56.0222 1748  [ 436EB2742ED35C1ED9DDCB83C9BCF68A ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpasbase.vdm
16:57:56.0222 1748  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpasbase.vdm - ok
16:57:56.0238 1748  [ A71E1EF3F7E6D0A0E471492DC459D064 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpasdlta.vdm
16:57:56.0238 1748  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpasdlta.vdm - ok
16:57:56.0238 1748  [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll
16:57:56.0238 1748  C:\Program Files\Windows Defender\MsMpLics.dll - ok
16:57:56.0238 1748  [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
16:57:56.0238 1748  C:\Windows\System32\wscapi.dll - ok
16:57:56.0254 1748  [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
16:57:56.0254 1748  C:\Windows\System32\wscisvif.dll - ok
16:57:56.0254 1748  [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
16:57:56.0254 1748  C:\Windows\System32\wscproxystub.dll - ok
16:57:56.0269 1748  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\IFG\Downloads\tdsskiller.exe
16:57:56.0269 1748  C:\Users\IFG\Downloads\tdsskiller.exe - ok
16:57:56.0269 1748  [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
16:57:56.0269 1748  C:\Windows\SysWOW64\crypt32.dll - ok
16:57:56.0285 1748  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
16:57:56.0285 1748  C:\Windows\SysWOW64\msasn1.dll - ok
16:57:56.0285 1748  [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
16:57:56.0285 1748  C:\Windows\SysWOW64\oleaut32.dll - ok
16:57:56.0285 1748  [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
16:57:56.0285 1748  C:\Windows\SysWOW64\setupapi.dll - ok
16:57:56.0300 1748  [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
16:57:56.0300 1748  C:\Windows\SysWOW64\cfgmgr32.dll - ok
16:57:56.0316 1748  [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
16:57:56.0316 1748  C:\Windows\SysWOW64\devobj.dll - ok
16:57:56.0316 1748  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
16:57:56.0316 1748  C:\Windows\SysWOW64\version.dll - ok
16:57:56.0332 1748  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
16:57:56.0332 1748  C:\Windows\SysWOW64\webio.dll - ok
16:57:56.0332 1748  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
16:57:56.0332 1748  C:\Windows\SysWOW64\winhttp.dll - ok
16:57:56.0332 1748  [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
16:57:56.0332 1748  C:\Windows\SysWOW64\wintrust.dll - ok
16:57:56.0347 1748  [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
16:57:56.0347 1748  C:\Windows\SysWOW64\uxtheme.dll - ok
16:57:56.0347 1748  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
16:57:56.0347 1748  C:\Windows\SysWOW64\credssp.dll - ok
16:57:56.0363 1748  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
16:57:56.0363 1748  C:\Windows\SysWOW64\cryptsp.dll - ok
16:57:56.0363 1748  [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
16:57:56.0363 1748  C:\Windows\SysWOW64\mswsock.dll - ok
16:57:56.0378 1748  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
16:57:56.0378 1748  C:\Windows\SysWOW64\nsi.dll - ok
16:57:56.0378 1748  [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
16:57:56.0378 1748  C:\Windows\SysWOW64\ws2_32.dll - ok
16:57:56.0394 1748  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
16:57:56.0394 1748  C:\Windows\SysWOW64\wship6.dll - ok
16:57:56.0394 1748  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
16:57:56.0394 1748  C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
16:57:56.0394 1748  [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
16:57:56.0394 1748  C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
16:57:56.0410 1748  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
16:57:56.0410 1748  C:\Windows\SysWOW64\dnsapi.dll - ok
16:57:56.0410 1748  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
16:57:56.0410 1748  C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
16:57:56.0425 1748  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
16:57:56.0425 1748  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
16:57:56.0425 1748  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
16:57:56.0425 1748  C:\Windows\SysWOW64\psapi.dll - ok
16:57:56.0425 1748  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
16:57:56.0425 1748  C:\Windows\SysWOW64\rasadhlp.dll - ok
16:57:56.0441 1748  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
16:57:56.0441 1748  C:\Windows\SysWOW64\winnsi.dll - ok
16:57:56.0441 1748  [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
16:57:56.0441 1748  C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
16:57:56.0456 1748  [ BC70295C58B087182275C56CA0D21021 ] C:\PROGRA~1\COMMON~1\McAfee\NMC\McMPFEvt.dll
16:57:56.0456 1748  C:\PROGRA~1\COMMON~1\McAfee\NMC\McMPFEvt.dll - ok
16:57:56.0472 1748  [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\65998986.sys
16:57:56.0472 1748  C:\Windows\System32\drivers\65998986.sys - ok
16:57:56.0472 1748  [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
16:57:56.0472 1748  C:\Windows\SysWOW64\msi.dll - ok
16:57:56.0472 1748  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
16:57:56.0472 1748  C:\Windows\SysWOW64\profapi.dll - ok
16:57:56.0488 1748  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
16:57:56.0488 1748  C:\Windows\SysWOW64\userenv.dll - ok
16:57:56.0488 1748  [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
16:57:56.0488 1748  C:\Windows\SysWOW64\clbcatq.dll - ok
16:57:56.0503 1748  [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
16:57:56.0503 1748  C:\Windows\SysWOW64\riched20.dll - ok
16:57:56.0503 1748  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
16:57:56.0503 1748  C:\Windows\SysWOW64\dui70.dll - ok
16:57:56.0519 1748  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
16:57:56.0519 1748  C:\Windows\SysWOW64\duser.dll - ok
16:57:56.0519 1748  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
16:57:56.0519 1748  C:\Windows\SysWOW64\ExplorerFrame.dll - ok
16:57:56.0534 1748  [ 81252AA3B13743020BCF2089A5A0D911 ] C:\Windows\System32\wscinterop.dll
16:57:56.0534 1748  C:\Windows\System32\wscinterop.dll - ok
16:57:56.0534 1748  [ DF50DAE4C547285E4997A0C61063B632 ] C:\Windows\System32\wscui.cpl
16:57:56.0534 1748  C:\Windows\System32\wscui.cpl - ok
16:57:56.0534 1748  [ F9959237F106F2B2609E61A290C0652E ] C:\Windows\System32\werconcpl.dll
16:57:56.0534 1748  C:\Windows\System32\werconcpl.dll - ok
16:57:56.0550 1748  [ 7E591867422DC788B9E5BD337A669A08 ] C:\Windows\System32\wercplsupport.dll
16:57:56.0550 1748  C:\Windows\System32\wercplsupport.dll - ok
16:57:56.0550 1748  [ 66C87DB880052104808507D6FA84D68E ] C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
16:57:56.0550 1748  C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL - ok
16:57:56.0566 1748  [ 809AE7D4ACE06BBCF621E5C504BF6FC8 ] C:\Windows\System32\hcproviders.dll
16:57:56.0566 1748  C:\Windows\System32\hcproviders.dll - ok
16:57:56.0566 1748  ============================================================
16:57:56.0566 1748  Scan finished
16:57:56.0566 1748  ============================================================
16:57:56.0581 1892  Detected object count: 3
16:57:56.0581 1892  Actual detected object count: 3


#9 mraman84

mraman84
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 27 February 2013 - 05:59 PM

TDSSKiller (part3)

 

16:58:52.0133 1892  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user

16:58:52.0133 1892  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:52.0148 1892  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:52.0148 1892  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:58:52.0148 1892  smtpexp ( UnsignedFile.Multi.Generic ) - skipped by user
16:58:52.0148 1892  smtpexp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:59:42.0927 1464  ============================================================
16:59:42.0927 1464  Scan started
16:59:42.0927 1464  Mode: Manual; SigCheck; TDLFS; 
16:59:42.0927 1464  ============================================================
16:59:44.0019 1464  ================ Scan system memory ========================
16:59:44.0019 1464  System memory - ok
16:59:44.0019 1464  ================ Scan services =============================
16:59:44.0190 1464  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:59:44.0221 1464  1394ohci - ok
16:59:44.0253 1464  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:59:44.0268 1464  ACPI - ok
16:59:44.0299 1464  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:59:44.0315 1464  AcpiPmi - ok
16:59:44.0455 1464  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:59:44.0471 1464  AdobeFlashPlayerUpdateSvc - ok
16:59:44.0518 1464  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:59:44.0549 1464  adp94xx - ok
16:59:44.0549 1464  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:59:44.0580 1464  adpahci - ok
16:59:44.0596 1464  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:59:44.0611 1464  adpu320 - ok
16:59:44.0658 1464  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:59:44.0689 1464  AeLookupSvc - ok
16:59:44.0814 1464  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
16:59:44.0830 1464  AESTFilters - ok
16:59:44.0861 1464  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:59:44.0892 1464  AFD - ok
16:59:44.0939 1464  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
16:59:44.0970 1464  AgereSoftModem - ok
16:59:45.0001 1464  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:59:45.0017 1464  agp440 - ok
16:59:45.0048 1464  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:59:45.0064 1464  ALG - ok
16:59:45.0064 1464  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:59:45.0079 1464  aliide - ok
16:59:45.0111 1464  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:59:45.0111 1464  amdide - ok
16:59:45.0142 1464  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:59:45.0157 1464  AmdK8 - ok
16:59:45.0189 1464  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:59:45.0204 1464  AmdPPM - ok
16:59:45.0220 1464  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:59:45.0235 1464  amdsata - ok
16:59:45.0267 1464  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:59:45.0282 1464  amdsbs - ok
16:59:45.0298 1464  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:59:45.0313 1464  amdxata - ok
16:59:45.0345 1464  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:59:45.0391 1464  AppID - ok
16:59:45.0423 1464  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:59:45.0469 1464  AppIDSvc - ok
16:59:45.0485 1464  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:59:45.0532 1464  Appinfo - ok
16:59:45.0657 1464  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:59:45.0657 1464  Apple Mobile Device - ok
16:59:45.0672 1464  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:59:45.0688 1464  arc - ok
16:59:45.0719 1464  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:59:45.0735 1464  arcsas - ok
16:59:45.0766 1464  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:59:45.0797 1464  AsyncMac - ok
16:59:45.0813 1464  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:59:45.0828 1464  atapi - ok
16:59:45.0891 1464  [ F8633CDD09647A64EE8DB550630427FF ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:59:45.0922 1464  athr - ok
16:59:45.0969 1464  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:59:46.0015 1464  AudioEndpointBuilder - ok
16:59:46.0047 1464  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:59:46.0093 1464  AudioSrv - ok
16:59:46.0109 1464  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:59:46.0140 1464  AxInstSV - ok
16:59:46.0171 1464  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:59:46.0187 1464  b06bdrv - ok
16:59:46.0218 1464  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:59:46.0234 1464  b57nd60a - ok
16:59:46.0327 1464  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
16:59:46.0343 1464  BBSvc - ok
16:59:46.0343 1464  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
16:59:46.0359 1464  BBUpdate - ok
16:59:46.0405 1464  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:59:46.0421 1464  BDESVC - ok
16:59:46.0421 1464  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:59:46.0468 1464  Beep - ok
16:59:46.0499 1464  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:59:46.0546 1464  BFE - ok
16:59:46.0608 1464  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:59:46.0655 1464  BITS - ok
16:59:46.0686 1464  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:59:46.0702 1464  blbdrive - ok
16:59:46.0780 1464  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:59:46.0811 1464  Bonjour Service - ok
16:59:46.0842 1464  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:59:46.0858 1464  bowser - ok
16:59:46.0858 1464  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:59:46.0889 1464  BrFiltLo - ok
16:59:46.0920 1464  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:59:46.0936 1464  BrFiltUp - ok
16:59:46.0967 1464  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:59:46.0983 1464  Browser - ok
16:59:47.0014 1464  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:59:47.0029 1464  Brserid - ok
16:59:47.0061 1464  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:59:47.0076 1464  BrSerWdm - ok
16:59:47.0107 1464  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:59:47.0123 1464  BrUsbMdm - ok
16:59:47.0139 1464  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:59:47.0154 1464  BrUsbSer - ok
16:59:47.0185 1464  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:59:47.0201 1464  BTHMODEM - ok
16:59:47.0232 1464  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:59:47.0279 1464  bthserv - ok
16:59:47.0295 1464  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:59:47.0341 1464  cdfs - ok
16:59:47.0357 1464  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:59:47.0373 1464  cdrom - ok
16:59:47.0404 1464  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:59:47.0451 1464  CertPropSvc - ok
16:59:47.0466 1464  [ A73276435F75025DA6E67B2470E1FE16 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
16:59:47.0482 1464  cfwids - ok
16:59:47.0497 1464  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:59:47.0529 1464  circlass - ok
16:59:47.0560 1464  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:59:47.0575 1464  CLFS - ok
16:59:47.0638 1464  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:47.0653 1464  clr_optimization_v2.0.50727_32 - ok
16:59:47.0685 1464  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:59:47.0700 1464  clr_optimization_v2.0.50727_64 - ok
16:59:47.0763 1464  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:47.0778 1464  clr_optimization_v4.0.30319_32 - ok
16:59:47.0825 1464  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:59:47.0841 1464  clr_optimization_v4.0.30319_64 - ok
16:59:47.0872 1464  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:59:47.0887 1464  CmBatt - ok
16:59:47.0919 1464  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:59:47.0934 1464  cmdide - ok
16:59:47.0950 1464  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:59:47.0981 1464  CNG - ok
16:59:48.0075 1464  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:59:48.0075 1464  Com4QLBEx - ok
16:59:48.0090 1464  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:59:48.0106 1464  Compbatt - ok
16:59:48.0153 1464  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:59:48.0168 1464  CompositeBus - ok
16:59:48.0168 1464  COMSysApp - ok
16:59:48.0199 1464  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:59:48.0215 1464  crcdisk - ok
16:59:48.0262 1464  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:59:48.0277 1464  CryptSvc - ok
16:59:48.0324 1464  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:59:48.0371 1464  DcomLaunch - ok
16:59:48.0387 1464  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:59:48.0433 1464  defragsvc - ok
16:59:48.0449 1464  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:59:48.0496 1464  DfsC - ok
16:59:48.0496 1464  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:59:48.0527 1464  Dhcp - ok
16:59:48.0558 1464  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:59:48.0605 1464  discache - ok
16:59:48.0621 1464  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:59:48.0636 1464  Disk - ok
16:59:48.0699 1464  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:59:48.0714 1464  Dnscache - ok
16:59:48.0745 1464  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:59:48.0792 1464  dot3svc - ok
16:59:48.0839 1464  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:59:48.0886 1464  DPS - ok
16:59:48.0917 1464  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:59:48.0933 1464  drmkaud - ok
16:59:48.0979 1464  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:59:49.0011 1464  DXGKrnl - ok
16:59:49.0042 1464  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:59:49.0089 1464  EapHost - ok
16:59:49.0167 1464  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:59:49.0229 1464  ebdrv - ok
16:59:49.0245 1464  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:59:49.0260 1464  EFS - ok
16:59:49.0338 1464  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:59:49.0369 1464  ehRecvr - ok
16:59:49.0385 1464  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:59:49.0401 1464  ehSched - ok
16:59:49.0432 1464  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:59:49.0447 1464  elxstor - ok
16:59:49.0479 1464  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:59:49.0494 1464  ErrDev - ok
16:59:49.0541 1464  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:59:49.0588 1464  EventSystem - ok
16:59:49.0650 1464  [ DA7CEF9FFBBD6498DF106BCAB84EB10A ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
16:59:49.0650 1464  ewusbnet - ok
16:59:49.0697 1464  [ E2CBB821C7CAE0EF8B56DE28ED85C740 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:59:49.0713 1464  ew_hwusbdev - ok
16:59:49.0759 1464  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:59:49.0791 1464  exfat - ok
16:59:49.0806 1464  ezSharedSvc - ok
16:59:49.0822 1464  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:59:49.0869 1464  fastfat - ok
16:59:49.0915 1464  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:59:49.0931 1464  Fax - ok
16:59:49.0962 1464  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:59:49.0978 1464  fdc - ok
16:59:50.0009 1464  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:59:50.0040 1464  fdPHost - ok
16:59:50.0071 1464  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:59:50.0103 1464  FDResPub - ok
16:59:50.0134 1464  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:59:50.0149 1464  FileInfo - ok
16:59:50.0165 1464  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:59:50.0212 1464  Filetrace - ok
16:59:50.0243 1464  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:59:50.0259 1464  flpydisk - ok
16:59:50.0290 1464  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:59:50.0305 1464  FltMgr - ok
16:59:50.0352 1464  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
16:59:50.0383 1464  FontCache - ok
16:59:50.0430 1464  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:59:50.0446 1464  FontCache3.0.0.0 - ok
16:59:50.0477 1464  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:59:50.0493 1464  FsDepends - ok
16:59:50.0539 1464  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:59:50.0539 1464  Fs_Rec - ok
16:59:50.0571 1464  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:59:50.0586 1464  fvevol - ok
16:59:50.0617 1464  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:59:50.0633 1464  gagp30kx - ok
16:59:50.0695 1464  [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
16:59:50.0711 1464  GameConsoleService - ok
16:59:50.0742 1464  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:59:50.0758 1464  GEARAspiWDM - ok
16:59:50.0805 1464  [ 5CC2B1D06AC1962AF5FBBCF88D781DD8 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
16:59:50.0820 1464  GoToAssist - ok
16:59:50.0851 1464  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:59:50.0914 1464  gpsvc - ok
16:59:50.0976 1464  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:59:50.0992 1464  gupdate - ok
16:59:51.0023 1464  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:59:51.0023 1464  gupdatem - ok
16:59:51.0054 1464  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:59:51.0070 1464  hcw85cir - ok
16:59:51.0101 1464  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:59:51.0117 1464  HdAudAddService - ok
16:59:51.0148 1464  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:59:51.0179 1464  HDAudBus - ok
16:59:51.0195 1464  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:59:51.0210 1464  HidBatt - ok
16:59:51.0241 1464  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:59:51.0273 1464  HidBth - ok
16:59:51.0288 1464  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:59:51.0304 1464  HidIr - ok
16:59:51.0335 1464  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:59:51.0382 1464  hidserv - ok
16:59:51.0444 1464  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:59:51.0460 1464  HidUsb - ok
16:59:51.0522 1464  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
16:59:51.0522 1464  HipShieldK - ok
16:59:51.0553 1464  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:59:51.0600 1464  hkmsvc - ok
16:59:51.0631 1464  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:59:51.0647 1464  HomeGroupListener - ok
16:59:51.0678 1464  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:59:51.0709 1464  HomeGroupProvider - ok
16:59:51.0756 1464  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:59:51.0756 1464  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
16:59:51.0756 1464  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
16:59:51.0787 1464  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:59:51.0803 1464  HpqKbFiltr - ok
16:59:51.0865 1464  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
16:59:51.0881 1464  hpqwmiex - ok
16:59:51.0897 1464  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:59:51.0912 1464  HpSAMD - ok
16:59:51.0959 1464  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:59:52.0006 1464  HTTP - ok
16:59:52.0037 1464  [ 6DBD08BC1331C78548298E82C4B667C5 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:59:52.0053 1464  huawei_enumerator - ok
16:59:52.0099 1464  [ 6E5CD3984742A922D0C183C7E82C3C94 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:59:52.0115 1464  hwdatacard - ok
16:59:52.0146 1464  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:59:52.0146 1464  hwpolicy - ok
16:59:52.0193 1464  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:59:52.0209 1464  i8042prt - ok
16:59:52.0255 1464  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:59:52.0271 1464  iaStorV - ok
16:59:52.0333 1464  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:59:52.0365 1464  idsvc - ok
16:59:52.0536 1464  [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:59:52.0630 1464  igfx - ok
16:59:52.0661 1464  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:59:52.0677 1464  iirsp - ok
16:59:52.0723 1464  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:59:52.0770 1464  IKEEXT - ok
16:59:52.0786 1464  [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:59:52.0801 1464  IntcHdmiAddService - ok
16:59:52.0817 1464  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:59:52.0833 1464  intelide - ok
16:59:52.0848 1464  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:59:52.0864 1464  intelppm - ok
16:59:52.0895 1464  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:59:52.0926 1464  IPBusEnum - ok
16:59:52.0973 1464  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:59:53.0004 1464  IpFilterDriver - ok
16:59:53.0051 1464  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:59:53.0067 1464  iphlpsvc - ok
16:59:53.0098 1464  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:59:53.0113 1464  IPMIDRV - ok
16:59:53.0129 1464  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:59:53.0176 1464  IPNAT - ok
16:59:53.0269 1464  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:59:53.0285 1464  iPod Service - ok
16:59:53.0301 1464  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:59:53.0316 1464  IRENUM - ok
16:59:53.0363 1464  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:59:53.0379 1464  isapnp - ok
16:59:53.0410 1464  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:59:53.0441 1464  iScsiPrt - ok
16:59:53.0472 1464  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:59:53.0488 1464  kbdclass - ok
16:59:53.0503 1464  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:59:53.0519 1464  kbdhid - ok
16:59:53.0535 1464  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:59:53.0550 1464  KeyIso - ok
16:59:53.0581 1464  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:59:53.0597 1464  KSecDD - ok
16:59:53.0613 1464  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:59:53.0628 1464  KSecPkg - ok
16:59:53.0659 1464  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:59:53.0706 1464  ksthunk - ok
16:59:53.0737 1464  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:59:53.0784 1464  KtmRm - ok
16:59:53.0815 1464  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:59:53.0862 1464  LanmanServer - ok
16:59:53.0878 1464  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:59:53.0925 1464  LanmanWorkstation - ok
16:59:54.0003 1464  [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:59:54.0003 1464  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:59:54.0003 1464  LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:59:54.0018 1464  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:59:54.0065 1464  lltdio - ok
16:59:54.0096 1464  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:59:54.0143 1464  lltdsvc - ok
16:59:54.0174 1464  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:59:54.0205 1464  lmhosts - ok
16:59:54.0237 1464  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:59:54.0252 1464  LSI_FC - ok
16:59:54.0283 1464  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:59:54.0299 1464  LSI_SAS - ok
16:59:54.0315 1464  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:59:54.0330 1464  LSI_SAS2 - ok
16:59:54.0346 1464  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:59:54.0361 1464  LSI_SCSI - ok
16:59:54.0377 1464  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:59:54.0424 1464  luafv - ok
16:59:54.0455 1464  [ BB6F30527EEA0D3F61095A8AFA31E2D6 ] massfilter      C:\Windows\system32\DRIVERS\massfilter.sys
16:59:54.0471 1464  massfilter - ok
16:59:54.0486 1464  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:59:54.0502 1464  MBAMProtector - ok
16:59:54.0549 1464  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:59:54.0580 1464  MBAMScheduler - ok
16:59:54.0627 1464  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:59:54.0642 1464  MBAMService - ok
16:59:54.0720 1464  [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
16:59:54.0736 1464  McAfee SiteAdvisor Service - ok
16:59:54.0798 1464  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
16:59:54.0814 1464  McComponentHostService - ok
16:59:54.0907 1464  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:59:54.0923 1464  McMPFSvc - ok
16:59:54.0954 1464  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:59:54.0970 1464  mcmscsvc - ok
16:59:54.0970 1464  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:59:54.0985 1464  McNaiAnn - ok
16:59:54.0985 1464  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:59:55.0001 1464  McNASvc - ok
16:59:55.0079 1464  [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
16:59:55.0095 1464  McODS - ok
16:59:55.0110 1464  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:59:55.0126 1464  McProxy - ok
16:59:55.0173 1464  [ 23EA22ACADD66D7F1E18A4AA72BE6158 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:59:55.0188 1464  McShield - ok
16:59:55.0219 1464  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:59:55.0235 1464  Mcx2Svc - ok
16:59:55.0266 1464  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:59:55.0282 1464  megasas - ok
16:59:55.0313 1464  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:59:55.0329 1464  MegaSR - ok
16:59:55.0344 1464  [ 19323081FA4018C9C1AEBF08114BEA11 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
16:59:55.0344 1464  mfeapfk - ok
16:59:55.0375 1464  [ EF1D39A70CAD1B7BEDC220480F26815C ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
16:59:55.0407 1464  mfeavfk - ok
16:59:55.0438 1464  [ 3CBBB569730EFD069B4BD253DDD4AD58 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:59:55.0453 1464  mfefire - ok
16:59:55.0500 1464  [ 67972BFC8F23054BD23E1DE1450E40BD ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
16:59:55.0516 1464  mfefirek - ok
16:59:55.0547 1464  [ 5C0EE849C03C37071FABDAA6B58D3D94 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
16:59:55.0578 1464  mfehidk - ok
16:59:55.0594 1464  [ 450B77CAC7384A9C1BAF476AC302CD4C ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
16:59:55.0609 1464  mferkdet - ok
16:59:55.0641 1464  [ 74CE2EBE64AB78904E33DD4C5F21611F ] mfevtp          C:\Windows\system32\mfevtps.exe
16:59:55.0656 1464  mfevtp - ok
16:59:55.0656 1464  [ F55F9742BFA88D02F96516B80AB400EC ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
16:59:55.0672 1464  mfewfpk - ok
16:59:55.0703 1464  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:59:55.0750 1464  MMCSS - ok
16:59:55.0781 1464  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:59:55.0812 1464  Modem - ok
16:59:55.0843 1464  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:59:55.0859 1464  monitor - ok
16:59:55.0890 1464  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:59:55.0906 1464  mouclass - ok
16:59:55.0921 1464  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:59:55.0937 1464  mouhid - ok
16:59:55.0968 1464  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:59:55.0984 1464  mountmgr - ok
16:59:55.0999 1464  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:59:56.0015 1464  mpio - ok
16:59:56.0062 1464  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:59:56.0093 1464  mpsdrv - ok
16:59:56.0140 1464  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:59:56.0202 1464  MpsSvc - ok
16:59:56.0218 1464  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:59:56.0249 1464  MRxDAV - ok
16:59:56.0265 1464  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:59:56.0280 1464  mrxsmb - ok
16:59:56.0296 1464  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:59:56.0327 1464  mrxsmb10 - ok
16:59:56.0327 1464  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:59:56.0343 1464  mrxsmb20 - ok
16:59:56.0358 1464  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:59:56.0374 1464  msahci - ok
16:59:56.0389 1464  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:59:56.0405 1464  msdsm - ok
16:59:56.0421 1464  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:59:56.0452 1464  MSDTC - ok
16:59:56.0467 1464  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:59:56.0514 1464  Msfs - ok
16:59:56.0545 1464  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:59:56.0592 1464  mshidkmdf - ok
16:59:56.0608 1464  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:59:56.0623 1464  msisadrv - ok
16:59:56.0655 1464  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:59:56.0701 1464  MSiSCSI - ok
16:59:56.0701 1464  msiserver - ok
16:59:56.0733 1464  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:59:56.0779 1464  MSKSSRV - ok
16:59:56.0857 1464  [ 47A616802531735DF88CD331739D6E97 ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
16:59:56.0904 1464  msoidsvc - ok
16:59:56.0935 1464  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:59:56.0967 1464  MSPCLOCK - ok
16:59:56.0982 1464  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:59:57.0013 1464  MSPQM - ok
16:59:57.0060 1464  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:59:57.0076 1464  MsRPC - ok
16:59:57.0091 1464  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:59:57.0107 1464  mssmbios - ok
16:59:57.0185 1464  MSSQL$SQLEXPRESS - ok
16:59:57.0216 1464  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:59:57.0232 1464  MSSQLServerADHelper - ok
16:59:57.0263 1464  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:59:57.0310 1464  MSTEE - ok
16:59:57.0341 1464  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:59:57.0357 1464  MTConfig - ok
16:59:57.0372 1464  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:59:57.0388 1464  Mup - ok
16:59:57.0419 1464  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:59:57.0466 1464  napagent - ok
16:59:57.0497 1464  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:59:57.0513 1464  NativeWifiP - ok
16:59:57.0559 1464  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:59:57.0591 1464  NDIS - ok
16:59:57.0606 1464  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:59:57.0637 1464  NdisCap - ok
16:59:57.0669 1464  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:59:57.0715 1464  NdisTapi - ok
16:59:57.0731 1464  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:59:57.0778 1464  Ndisuio - ok
16:59:57.0809 1464  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:59:57.0856 1464  NdisWan - ok
16:59:57.0887 1464  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:59:57.0918 1464  NDProxy - ok
16:59:57.0949 1464  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:59:57.0981 1464  NetBIOS - ok
16:59:58.0027 1464  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:59:58.0059 1464  NetBT - ok
16:59:58.0090 1464  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:59:58.0105 1464  Netlogon - ok
16:59:58.0137 1464  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:59:58.0183 1464  Netman - ok
16:59:58.0183 1464  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:59:58.0246 1464  netprofm - ok
16:59:58.0261 1464  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:59:58.0277 1464  NetTcpPortSharing - ok
16:59:58.0417 1464  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
16:59:58.0495 1464  netw5v64 - ok
16:59:58.0527 1464  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:59:58.0542 1464  nfrd960 - ok
16:59:58.0542 1464  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:59:58.0558 1464  NlaSvc - ok
16:59:58.0605 1464  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:59:58.0636 1464  Npfs - ok
16:59:58.0667 1464  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:59:58.0714 1464  nsi - ok
16:59:58.0729 1464  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:59:58.0761 1464  nsiproxy - ok
16:59:58.0823 1464  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:59:58.0870 1464  Ntfs - ok
16:59:58.0901 1464  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:59:58.0948 1464  Null - ok
16:59:58.0963 1464  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:59:58.0979 1464  nvraid - ok
16:59:58.0995 1464  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:59:59.0010 1464  nvstor - ok
16:59:59.0026 1464  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:59:59.0041 1464  nv_agp - ok
16:59:59.0073 1464  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:59:59.0088 1464  ohci1394 - ok
16:59:59.0151 1464  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:59:59.0166 1464  ose - ok
16:59:59.0307 1464  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:59:59.0400 1464  osppsvc - ok
16:59:59.0463 1464  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:59:59.0494 1464  p2pimsvc - ok
16:59:59.0525 1464  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:59:59.0541 1464  p2psvc - ok
16:59:59.0572 1464  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:59:59.0587 1464  Parport - ok
16:59:59.0619 1464  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:59:59.0634 1464  partmgr - ok
16:59:59.0665 1464  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:59:59.0697 1464  PcaSvc - ok
16:59:59.0712 1464  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:59:59.0728 1464  pci - ok
16:59:59.0743 1464  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:59:59.0759 1464  pciide - ok
16:59:59.0790 1464  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:59:59.0806 1464  pcmcia - ok
16:59:59.0853 1464  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:59:59.0868 1464  pcw - ok
16:59:59.0915 1464  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:59:59.0962 1464  PEAUTH - ok
17:00:00.0055 1464  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:00:00.0071 1464  PerfHost - ok
17:00:00.0149 1464  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:00:00.0196 1464  pla - ok
17:00:00.0243 1464  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:00:00.0258 1464  PlugPlay - ok
17:00:00.0274 1464  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:00:00.0289 1464  PNRPAutoReg - ok
17:00:00.0321 1464  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:00:00.0336 1464  PNRPsvc - ok
17:00:00.0367 1464  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:00:00.0414 1464  PolicyAgent - ok
17:00:00.0445 1464  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:00:00.0492 1464  Power - ok
17:00:00.0523 1464  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:00:00.0555 1464  PptpMiniport - ok
17:00:00.0586 1464  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:00:00.0601 1464  Processor - ok
17:00:00.0648 1464  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:00:00.0664 1464  ProfSvc - ok
17:00:00.0679 1464  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:00:00.0695 1464  ProtectedStorage - ok
17:00:00.0726 1464  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:00:00.0757 1464  Psched - ok
17:00:00.0789 1464  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:00:00.0835 1464  ql2300 - ok
17:00:00.0851 1464  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:00:00.0867 1464  ql40xx - ok
17:00:00.0898 1464  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:00:00.0913 1464  QWAVE - ok
17:00:00.0929 1464  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:00:00.0945 1464  QWAVEdrv - ok
17:00:01.0085 1464  [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
17:00:01.0116 1464  RapportCerberus_43926 - ok
17:00:01.0179 1464  [ 6EEB0A1FE786D9EA83D15F6E92386C45 ] RapportEI64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
17:00:01.0194 1464  RapportEI64 - ok
17:00:01.0210 1464  [ DB5975A10B6C52D44BB7D1F07939451E ] RapportKE64     C:\Windows\system32\Drivers\RapportKE64.sys
17:00:01.0225 1464  RapportKE64 - ok
17:00:01.0272 1464  [ F2FA542F21CFD86ECD757F9E68C7C4B8 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
17:00:01.0303 1464  RapportMgmtService - ok
17:00:01.0335 1464  [ 6DA7A5A58039EF4F96D107F0B9ADC9C9 ] RapportPG64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
17:00:01.0350 1464  RapportPG64 - ok
17:00:01.0381 1464  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:00:01.0428 1464  RasAcd - ok
17:00:01.0459 1464  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:00:01.0506 1464  RasAgileVpn - ok
17:00:01.0537 1464  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:00:01.0569 1464  RasAuto - ok
17:00:01.0600 1464  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:00:01.0647 1464  Rasl2tp - ok
17:00:01.0678 1464  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:00:01.0725 1464  RasMan - ok
17:00:01.0756 1464  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:00:01.0803 1464  RasPppoe - ok
17:00:01.0818 1464  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:00:01.0849 1464  RasSstp - ok
17:00:01.0896 1464  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:00:01.0943 1464  rdbss - ok
17:00:01.0959 1464  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:00:01.0990 1464  rdpbus - ok
17:00:01.0990 1464  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:00:02.0037 1464  RDPCDD - ok
17:00:02.0052 1464  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:00:02.0099 1464  RDPENCDD - ok
17:00:02.0115 1464  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:00:02.0146 1464  RDPREFMP - ok
17:00:02.0177 1464  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:00:02.0208 1464  RDPWD - ok
17:00:02.0239 1464  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:00:02.0255 1464  rdyboost - ok
17:00:02.0317 1464  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
17:00:02.0317 1464  RealNetworks Downloader Resolver Service - ok
17:00:02.0349 1464  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:00:02.0395 1464  RemoteAccess - ok
17:00:02.0411 1464  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:00:02.0458 1464  RemoteRegistry - ok
17:00:02.0520 1464  [ 498EB62A160674E793FA40FD65390625 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:00:02.0536 1464  RichVideo - ok
17:00:02.0551 1464  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:00:02.0598 1464  RpcEptMapper - ok
17:00:02.0614 1464  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:00:02.0629 1464  RpcLocator - ok
17:00:02.0676 1464  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:00:02.0723 1464  RpcSs - ok
17:00:02.0754 1464  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:00:02.0801 1464  rspndr - ok
17:00:02.0801 1464  RSUSBSTOR - ok
17:00:02.0832 1464  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:00:02.0848 1464  RTL8167 - ok
17:00:02.0879 1464  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:00:02.0895 1464  SamSs - ok
17:00:02.0895 1464  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:00:02.0910 1464  sbp2port - ok
17:00:02.0973 1464  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:00:03.0004 1464  SBSDWSCService - ok
17:00:03.0051 1464  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:00:03.0097 1464  SCardSvr - ok
17:00:03.0129 1464  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:00:03.0160 1464  scfilter - ok
17:00:03.0222 1464  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:00:03.0269 1464  Schedule - ok
17:00:03.0285 1464  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:00:03.0331 1464  SCPolicySvc - ok
17:00:03.0363 1464  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
17:00:03.0378 1464  sdbus - ok
17:00:03.0409 1464  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:00:03.0425 1464  SDRSVC - ok
17:00:03.0456 1464  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:00:03.0487 1464  secdrv - ok
17:00:03.0534 1464  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:00:03.0581 1464  seclogon - ok
17:00:03.0597 1464  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:00:03.0643 1464  SENS - ok
17:00:03.0675 1464  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:00:03.0690 1464  SensrSvc - ok
17:00:03.0721 1464  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:00:03.0737 1464  Serenum - ok
17:00:03.0753 1464  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:00:03.0768 1464  Serial - ok
17:00:03.0799 1464  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:00:03.0815 1464  sermouse - ok
17:00:03.0862 1464  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:00:03.0909 1464  SessionEnv - ok
17:00:03.0924 1464  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:00:03.0940 1464  sffdisk - ok
17:00:03.0955 1464  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:00:03.0971 1464  sffp_mmc - ok
17:00:03.0971 1464  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:00:04.0002 1464  sffp_sd - ok
17:00:04.0018 1464  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:00:04.0033 1464  sfloppy - ok
17:00:04.0049 1464  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:00:04.0096 1464  SharedAccess - ok
17:00:04.0127 1464  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:00:04.0174 1464  ShellHWDetection - ok
17:00:04.0205 1464  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:00:04.0221 1464  SiSRaid2 - ok
17:00:04.0252 1464  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:00:04.0267 1464  SiSRaid4 - ok
17:00:04.0314 1464  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:00:04.0330 1464  SkypeUpdate - ok
17:00:04.0361 1464  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:00:04.0392 1464  Smb - ok
17:00:04.0455 1464  [ B24E30920DD072A77299C48869A240A9 ] smtpexp         C:\Program Files (x86)\EasyMail SMTP Express\smtpexp.exe
17:00:04.0470 1464  smtpexp ( UnsignedFile.Multi.Generic ) - warning
17:00:04.0470 1464  smtpexp - detected UnsignedFile.Multi.Generic (1)
17:00:04.0501 1464  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:00:04.0517 1464  SNMPTRAP - ok
17:00:04.0533 1464  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:00:04.0548 1464  spldr - ok
17:00:04.0595 1464  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:00:04.0611 1464  Spooler - ok
17:00:04.0689 1464  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:00:04.0782 1464  sppsvc - ok
17:00:04.0813 1464  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:00:04.0860 1464  sppuinotify - ok
17:00:04.0938 1464  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:00:04.0954 1464  SQLBrowser - ok
17:00:05.0016 1464  [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:00:05.0016 1464  SQLWriter - ok
17:00:05.0063 1464  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:00:05.0094 1464  srv - ok
17:00:05.0094 1464  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:00:05.0125 1464  srv2 - ok
17:00:05.0141 1464  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:00:05.0157 1464  SrvHsfHDA - ok
17:00:05.0203 1464  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:00:05.0235 1464  SrvHsfV92 - ok
17:00:05.0266 1464  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:00:05.0297 1464  SrvHsfWinac - ok
17:00:05.0297 1464  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:00:05.0313 1464  srvnet - ok
17:00:05.0344 1464  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:00:05.0391 1464  SSDPSRV - ok
17:00:05.0406 1464  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:00:05.0453 1464  SstpSvc - ok
17:00:05.0531 1464  [ 3BD758C56A55930CD6DB89E3DEDCF322 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
17:00:05.0547 1464  STacSV - ok
17:00:05.0578 1464  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:00:05.0578 1464  stexstor - ok
17:00:05.0609 1464  [ A3FB7AD8720D7E02AA0111A6B51C2744 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
17:00:05.0625 1464  STHDA - ok
17:00:05.0671 1464  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:00:05.0687 1464  stisvc - ok
17:00:05.0718 1464  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:00:05.0734 1464  swenum - ok
17:00:05.0781 1464  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:00:05.0827 1464  swprv - ok
17:00:05.0859 1464  [ 3A706A967295E16511E40842B1A2761D ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:00:05.0874 1464  SynTP - ok
17:00:05.0921 1464  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:00:05.0952 1464  SysMain - ok
17:00:05.0999 1464  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:00:06.0015 1464  TabletInputService - ok
17:00:06.0046 1464  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:00:06.0093 1464  TapiSrv - ok
17:00:06.0124 1464  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:00:06.0171 1464  TBS - ok
17:00:06.0233 1464  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:00:06.0280 1464  Tcpip - ok
17:00:06.0327 1464  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:00:06.0373 1464  TCPIP6 - ok
17:00:06.0420 1464  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:00:06.0436 1464  tcpipreg - ok
17:00:06.0467 1464  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:00:06.0483 1464  TDPIPE - ok
17:00:06.0498 1464  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:00:06.0514 1464  TDTCP - ok
17:00:06.0561 1464  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:00:06.0607 1464  tdx - ok
17:00:06.0639 1464  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:00:06.0654 1464  TermDD - ok
17:00:06.0685 1464  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:00:06.0732 1464  TermService - ok
17:00:06.0763 1464  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:00:06.0795 1464  Themes - ok
17:00:06.0826 1464  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:00:06.0873 1464  THREADORDER - ok
17:00:06.0888 1464  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:00:06.0935 1464  TrkWks - ok
17:00:06.0982 1464  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:00:07.0029 1464  TrustedInstaller - ok
17:00:07.0060 1464  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:00:07.0107 1464  tssecsrv - ok
17:00:07.0138 1464  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:00:07.0153 1464  TsUsbFlt - ok
17:00:07.0169 1464  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:00:07.0216 1464  tunnel - ok
17:00:07.0231 1464  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:00:07.0247 1464  uagp35 - ok
17:00:07.0294 1464  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:00:07.0325 1464  udfs - ok
17:00:07.0372 1464  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:00:07.0387 1464  UI0Detect - ok
17:00:07.0419 1464  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:00:07.0434 1464  uliagpkx - ok
17:00:07.0465 1464  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:00:07.0481 1464  umbus - ok
17:00:07.0512 1464  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:00:07.0528 1464  UmPass - ok
17:00:07.0559 1464  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:00:07.0606 1464  upnphost - ok
17:00:07.0637 1464  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:00:07.0653 1464  USBAAPL64 - ok
17:00:07.0684 1464  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:00:07.0699 1464  usbccgp - ok
17:00:07.0731 1464  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:00:07.0746 1464  usbcir - ok
17:00:07.0777 1464  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:00:07.0793 1464  usbehci - ok
17:00:07.0824 1464  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:00:07.0840 1464  usbhub - ok
17:00:07.0871 1464  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:00:07.0887 1464  usbohci - ok
17:00:07.0918 1464  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:00:07.0933 1464  usbprint - ok
17:00:07.0965 1464  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:00:07.0980 1464  usbscan - ok
17:00:07.0996 1464  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:00:08.0011 1464  USBSTOR - ok
17:00:08.0043 1464  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:00:08.0058 1464  usbuhci - ok
17:00:08.0089 1464  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:00:08.0121 1464  usbvideo - ok
17:00:08.0152 1464  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:00:08.0199 1464  UxSms - ok
17:00:08.0199 1464  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:00:08.0214 1464  VaultSvc - ok
17:00:08.0245 1464  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:00:08.0261 1464  vdrvroot - ok
17:00:08.0308 1464  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:00:08.0355 1464  vds - ok
17:00:08.0370 1464  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:00:08.0386 1464  vga - ok
17:00:08.0417 1464  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:00:08.0464 1464  VgaSave - ok
17:00:08.0511 1464  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:00:08.0526 1464  vhdmp - ok
17:00:08.0542 1464  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:00:08.0557 1464  viaide - ok
17:00:08.0573 1464  [ 63A26AD5494933FE99B1FF3B0660F45A ] vodafone_K380x-z_dc_enum C:\Windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys
17:00:08.0589 1464  vodafone_K380x-z_dc_enum - ok
17:00:08.0604 1464  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:00:08.0620 1464  volmgr - ok
17:00:08.0667 1464  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:00:08.0682 1464  volmgrx - ok
17:00:08.0698 1464  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:00:08.0713 1464  volsnap - ok
17:00:08.0729 1464  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:00:08.0745 1464  vsmraid - ok
17:00:08.0807 1464  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:00:08.0854 1464  VSS - ok
17:00:08.0885 1464  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:00:08.0916 1464  vwifibus - ok
17:00:08.0916 1464  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:00:08.0947 1464  vwififlt - ok
17:00:08.0963 1464  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:00:09.0010 1464  W32Time - ok
17:00:09.0041 1464  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:00:09.0057 1464  WacomPen - ok
17:00:09.0103 1464  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:00:09.0150 1464  WANARP - ok
17:00:09.0150 1464  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:00:09.0197 1464  Wanarpv6 - ok
17:00:09.0259 1464  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:00:09.0291 1464  WatAdminSvc - ok
17:00:09.0353 1464  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:00:09.0384 1464  wbengine - ok
17:00:09.0415 1464  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:00:09.0431 1464  WbioSrvc - ok
17:00:09.0462 1464  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:00:09.0493 1464  wcncsvc - ok
17:00:09.0509 1464  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:00:09.0525 1464  WcsPlugInService - ok
17:00:09.0556 1464  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:00:09.0571 1464  Wd - ok
17:00:09.0618 1464  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:00:09.0649 1464  Wdf01000 - ok
17:00:09.0681 1464  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:00:09.0712 1464  WdiServiceHost - ok
17:00:09.0712 1464  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:00:09.0743 1464  WdiSystemHost - ok
17:00:09.0759 1464  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:00:09.0790 1464  WebClient - ok
17:00:09.0821 1464  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:00:09.0852 1464  Wecsvc - ok
17:00:09.0883 1464  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:00:09.0915 1464  wercplsupport - ok
17:00:09.0930 1464  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:00:09.0977 1464  WerSvc - ok
17:00:10.0008 1464  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:00:10.0039 1464  WfpLwf - ok
17:00:10.0071 1464  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:00:10.0086 1464  WIMMount - ok
17:00:10.0102 1464  WinDefend - ok
17:00:10.0117 1464  WinHttpAutoProxySvc - ok
17:00:10.0180 1464  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:00:10.0227 1464  Winmgmt - ok
17:00:10.0289 1464  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:00:10.0367 1464  WinRM - ok
17:00:10.0398 1464  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:00:10.0414 1464  WinUsb - ok
17:00:10.0476 1464  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:00:10.0507 1464  Wlansvc - ok
17:00:10.0617 1464  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:00:10.0663 1464  wlidsvc - ok
17:00:10.0695 1464  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:00:10.0710 1464  WmiAcpi - ok
17:00:10.0757 1464  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:00:10.0788 1464  wmiApSrv - ok
17:00:10.0819 1464  WMPNetworkSvc - ok
17:00:10.0851 1464  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:00:10.0866 1464  WPCSvc - ok
17:00:10.0897 1464  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:00:10.0929 1464  WPDBusEnum - ok
17:00:10.0944 1464  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:00:10.0991 1464  ws2ifsl - ok
17:00:11.0007 1464  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:00:11.0038 1464  wscsvc - ok
17:00:11.0038 1464  WSearch - ok
17:00:11.0100 1464  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:00:11.0163 1464  wuauserv - ok
17:00:11.0209 1464  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:00:11.0225 1464  WudfPf - ok
17:00:11.0241 1464  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:00:11.0256 1464  WUDFRd - ok
17:00:11.0287 1464  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:00:11.0303 1464  wudfsvc - ok
17:00:11.0334 1464  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:00:11.0350 1464  WwanSvc - ok
17:00:11.0428 1464  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:00:11.0459 1464  YahooAUService - ok
17:00:11.0537 1464  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
17:00:11.0553 1464  yukonw7 - ok
17:00:11.0615 1464  [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
17:00:11.0631 1464  ZTEusbmdm6k - ok
17:00:11.0662 1464  [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
17:00:11.0677 1464  ZTEusbnmea - ok
17:00:11.0693 1464  [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
17:00:11.0709 1464  ZTEusbser6k - ok
17:00:11.0740 1464  [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbvoice     C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
17:00:11.0755 1464  ZTEusbvoice - ok
17:00:11.0787 1464  [ E188176F34478C9EC1D7DDC705A08670 ] ZTEusbwwan      C:\Windows\system32\DRIVERS\ZTEusbwwan.sys
17:00:11.0802 1464  ZTEusbwwan - ok
17:00:11.0818 1464  ================ Scan global ===============================
17:00:11.0849 1464  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:00:11.0880 1464  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:00:11.0880 1464  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:00:11.0911 1464  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:00:11.0943 1464  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:00:11.0943 1464  [Global] - ok
17:00:11.0943 1464  ================ Scan MBR ==================================
17:00:11.0958 1464  [ 61A0FF974577BCDF62466C6EFE1760F9 ] \Device\Harddisk0\DR0


#10 mraman84

mraman84
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 27 February 2013 - 06:00 PM

TDSSKiller (part4-final)

 

 

17:00:12.0223 1464  \Device\Harddisk0\DR0 - ok
17:00:12.0223 1464  ================ Scan VBR ==================================
17:00:12.0239 1464  [ 2724A72FBE774E49F634F5F9ADA115B8 ] \Device\Harddisk0\DR0\Partition1
17:00:12.0239 1464  \Device\Harddisk0\DR0\Partition1 - ok
17:00:12.0270 1464  [ A8115E8D5C0A4CA56CE24593B5CDEBB1 ] \Device\Harddisk0\DR0\Partition2
17:00:12.0270 1464  \Device\Harddisk0\DR0\Partition2 - ok
17:00:12.0301 1464  [ 6BAC1E850E26DC395E2AEC3663EF62E1 ] \Device\Harddisk0\DR0\Partition3
17:00:12.0301 1464  \Device\Harddisk0\DR0\Partition3 - ok
17:00:12.0301 1464  ================ Scan active images ========================
17:00:12.0301 1464  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
17:00:12.0301 1464  C:\Windows\System32\drivers\crashdmp.sys - ok
17:00:12.0317 1464  [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
17:00:12.0317 1464  C:\Windows\System32\drivers\Dumpata.sys - ok
17:00:12.0317 1464  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
17:00:12.0317 1464  C:\Windows\System32\drivers\dumpfve.sys - ok
17:00:12.0333 1464  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] C:\Windows\System32\drivers\msahci.sys
17:00:12.0333 1464  C:\Windows\System32\drivers\msahci.sys - ok
17:00:12.0333 1464  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
17:00:12.0333 1464  C:\Windows\System32\drivers\beep.sys - ok
17:00:12.0348 1464  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
17:00:12.0348 1464  C:\Windows\System32\drivers\null.sys - ok
17:00:12.0348 1464  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
17:00:12.0348 1464  C:\Windows\System32\drivers\msfs.sys - ok
17:00:12.0364 1464  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
17:00:12.0364 1464  C:\Windows\System32\drivers\npfs.sys - ok
17:00:12.0364 1464  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
17:00:12.0364 1464  C:\Windows\System32\drivers\RDPENCDD.sys - ok
17:00:12.0364 1464  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
17:00:12.0364 1464  C:\Windows\System32\drivers\vga.sys - ok
17:00:12.0379 1464  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
17:00:12.0379 1464  C:\Windows\System32\drivers\videoprt.sys - ok
17:00:12.0379 1464  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
17:00:12.0379 1464  C:\Windows\System32\drivers\watchdog.sys - ok
17:00:12.0395 1464  [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
17:00:12.0395 1464  C:\Windows\System32\drivers\netbt.sys - ok
17:00:12.0395 1464  [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
17:00:12.0395 1464  C:\Windows\System32\drivers\tdi.sys - ok
17:00:12.0395 1464  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
17:00:12.0395 1464  C:\Windows\System32\drivers\tdx.sys - ok
17:00:12.0411 1464  [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
17:00:12.0411 1464  C:\Windows\System32\drivers\afd.sys - ok
17:00:12.0411 1464  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
17:00:12.0411 1464  C:\Windows\System32\drivers\netbios.sys - ok
17:00:12.0426 1464  [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
17:00:12.0426 1464  C:\Windows\System32\drivers\pacer.sys - ok
17:00:12.0426 1464  [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
17:00:12.0426 1464  C:\Windows\System32\drivers\vwififlt.sys - ok
17:00:12.0442 1464  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
17:00:12.0442 1464  C:\Windows\System32\drivers\wfplwf.sys - ok
17:00:12.0442 1464  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
17:00:12.0442 1464  C:\Windows\System32\drivers\dfsc.sys - ok
17:00:12.0457 1464  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
17:00:12.0457 1464  C:\Windows\System32\drivers\nsiproxy.sys - ok
17:00:12.0457 1464  [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
17:00:12.0457 1464  C:\Windows\System32\drivers\rdbss.sys - ok
17:00:12.0457 1464  [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
17:00:12.0457 1464  C:\Windows\System32\drivers\tunnel.sys - ok
17:00:12.0473 1464  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
17:00:12.0473 1464  C:\Windows\System32\drivers\hdaudbus.sys - ok
17:00:12.0473 1464  [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
17:00:12.0473 1464  C:\Windows\System32\drivers\usbehci.sys - ok
17:00:12.0489 1464  [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
17:00:12.0489 1464  C:\Windows\System32\drivers\usbport.sys - ok
17:00:12.0489 1464  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] C:\Windows\System32\drivers\usbuhci.sys
17:00:12.0489 1464  C:\Windows\System32\drivers\usbuhci.sys - ok
17:00:12.0504 1464  [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
17:00:12.0504 1464  C:\Windows\System32\ntdll.dll - ok
17:00:12.0504 1464  [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
17:00:12.0504 1464  C:\Windows\System32\smss.exe - ok
17:00:12.0520 1464  [ F8633CDD09647A64EE8DB550630427FF ] C:\Windows\System32\drivers\athrx.sys
17:00:12.0520 1464  C:\Windows\System32\drivers\athrx.sys - ok
17:00:12.0520 1464  [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
17:00:12.0520 1464  C:\Windows\System32\autochk.exe - ok
17:00:12.0520 1464  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
17:00:12.0520 1464  C:\Windows\System32\drivers\vwifibus.sys - ok
17:00:12.0535 1464  [ 9AF482D058BE59CC28BCE52E7C4B747C ] C:\Windows\System32\drivers\HpqKbFiltr.sys
17:00:12.0535 1464  C:\Windows\System32\drivers\HpqKbFiltr.sys - ok
17:00:12.0535 1464  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
17:00:12.0535 1464  C:\Windows\System32\drivers\i8042prt.sys - ok
17:00:12.0551 1464  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
17:00:12.0551 1464  C:\Windows\System32\drivers\kbdclass.sys - ok
17:00:12.0551 1464  [ B49DC435AE3695BAC5623DD94B05732D ] C:\Windows\System32\drivers\Rt64win7.sys
17:00:12.0551 1464  C:\Windows\System32\drivers\Rt64win7.sys - ok
17:00:12.0567 1464  [ 3A706A967295E16511E40842B1A2761D ] C:\Windows\System32\drivers\SynTP.sys
17:00:12.0567 1464  C:\Windows\System32\drivers\SynTP.sys - ok
17:00:12.0567 1464  [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
17:00:12.0567 1464  C:\Windows\System32\drivers\usbd.sys - ok
17:00:12.0567 1464  [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
17:00:12.0567 1464  C:\Windows\System32\drivers\cdrom.sys - ok
17:00:12.0582 1464  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
17:00:12.0582 1464  C:\Windows\System32\drivers\mouclass.sys - ok
17:00:12.0582 1464  [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
17:00:12.0582 1464  C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
17:00:12.0598 1464  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
17:00:12.0598 1464  C:\Windows\System32\drivers\blbdrive.sys - ok
17:00:12.0598 1464  [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
17:00:12.0598 1464  C:\Windows\System32\drivers\CompositeBus.sys - ok
17:00:12.0613 1464  [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
17:00:12.0613 1464  C:\Windows\System32\drivers\wmiacpi.sys - ok
17:00:12.0613 1464  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
17:00:12.0613 1464  C:\Windows\System32\drivers\agilevpn.sys - ok
17:00:12.0629 1464  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
17:00:12.0629 1464  C:\Windows\System32\drivers\mssmbios.sys - ok
17:00:12.0629 1464  [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
17:00:12.0629 1464  C:\Windows\System32\drivers\rasl2tp.sys - ok
17:00:12.0645 1464  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
17:00:12.0645 1464  C:\Windows\System32\drivers\ndistapi.sys - ok
17:00:12.0645 1464  [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
17:00:12.0645 1464  C:\Windows\System32\drivers\ndiswan.sys - ok
17:00:12.0660 1464  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
17:00:12.0660 1464  C:\Windows\System32\drivers\raspppoe.sys - ok
17:00:12.0660 1464  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
17:00:12.0660 1464  C:\Windows\System32\drivers\raspptp.sys - ok
17:00:12.0676 1464  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
17:00:12.0676 1464  C:\Windows\System32\drivers\rassstp.sys - ok
17:00:12.0676 1464  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
17:00:12.0676 1464  C:\Windows\System32\drivers\termdd.sys - ok
17:00:12.0676 1464  [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
17:00:12.0676 1464  C:\Windows\System32\drivers\ks.sys - ok
17:00:12.0691 1464  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
17:00:12.0691 1464  C:\Windows\System32\drivers\swenum.sys - ok
17:00:12.0691 1464  [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
17:00:12.0691 1464  C:\Windows\System32\drivers\umbus.sys - ok
17:00:12.0707 1464  [ 6DBD08BC1331C78548298E82C4B667C5 ] C:\Windows\System32\drivers\ew_jubusenum.sys
17:00:12.0707 1464  C:\Windows\System32\drivers\ew_jubusenum.sys - ok
17:00:12.0707 1464  [ 63A26AD5494933FE99B1FF3B0660F45A ] C:\Windows\System32\drivers\vodafone_K380x-z_dc_enum.sys
17:00:12.0707 1464  C:\Windows\System32\drivers\vodafone_K380x-z_dc_enum.sys - ok
17:00:12.0723 1464  [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
17:00:12.0723 1464  C:\Windows\System32\drivers\usbhub.sys - ok
17:00:12.0723 1464  [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
17:00:12.0723 1464  C:\Windows\System32\ws2_32.dll - ok
17:00:12.0738 1464  [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
17:00:12.0738 1464  C:\Windows\System32\usp10.dll - ok
17:00:12.0738 1464  [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
17:00:12.0738 1464  C:\Windows\System32\rpcrt4.dll - ok
17:00:12.0738 1464  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
17:00:12.0738 1464  C:\Windows\System32\msctf.dll - ok
17:00:12.0754 1464  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
17:00:12.0754 1464  C:\Windows\System32\nsi.dll - ok
17:00:12.0754 1464  [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
17:00:12.0754 1464  C:\Windows\System32\kernel32.dll - ok
17:00:12.0769 1464  [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
17:00:12.0769 1464  C:\Windows\System32\oleaut32.dll - ok
17:00:12.0769 1464  [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
17:00:12.0769 1464  C:\Windows\System32\comdlg32.dll - ok
17:00:12.0769 1464  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
17:00:12.0769 1464  C:\Windows\System32\advapi32.dll - ok
17:00:12.0785 1464  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
17:00:12.0785 1464  C:\Windows\System32\lpk.dll - ok
17:00:12.0801 1464  [ F431C3C86FCCC1C53814F043A6CAD825 ] C:\Windows\System32\iertutil.dll
17:00:12.0801 1464  C:\Windows\System32\iertutil.dll - ok
17:00:12.0801 1464  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
17:00:12.0801 1464  C:\Windows\System32\difxapi.dll - ok
17:00:12.0816 1464  [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
17:00:12.0816 1464  C:\Windows\System32\imagehlp.dll - ok
17:00:12.0816 1464  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
17:00:12.0816 1464  C:\Windows\System32\imm32.dll - ok
17:00:12.0816 1464  [ 87BEA2616EFDEC6A1CB3BFCFB09D816A ] C:\Windows\System32\urlmon.dll
17:00:12.0832 1464  C:\Windows\System32\urlmon.dll - ok
17:00:12.0832 1464  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
17:00:12.0832 1464  C:\Windows\System32\clbcatq.dll - ok
17:00:12.0832 1464  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
17:00:12.0832 1464  C:\Windows\System32\normaliz.dll - ok
17:00:12.0847 1464  [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
17:00:12.0847 1464  C:\Windows\System32\user32.dll - ok
17:00:12.0847 1464  [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
17:00:12.0847 1464  C:\Windows\System32\ole32.dll - ok
17:00:12.0863 1464  [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
17:00:12.0863 1464  C:\Windows\System32\setupapi.dll - ok
17:00:12.0863 1464  [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
17:00:12.0863 1464  C:\Windows\System32\msvcrt.dll - ok
17:00:12.0879 1464  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
17:00:12.0879 1464  C:\Windows\System32\sechost.dll - ok
17:00:12.0879 1464  [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
17:00:12.0879 1464  C:\Windows\System32\gdi32.dll - ok
17:00:12.0879 1464  [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
17:00:12.0879 1464  C:\Windows\System32\Wldap32.dll - ok
17:00:12.0894 1464  [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
17:00:12.0894 1464  C:\Windows\System32\shell32.dll - ok
17:00:12.0894 1464  [ 435E9C764E1EF70058580996452BE6A2 ] C:\Windows\System32\wininet.dll
17:00:12.0894 1464  C:\Windows\System32\wininet.dll - ok
17:00:12.0894 1464  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
17:00:12.0894 1464  C:\Windows\System32\comctl32.dll - ok
17:00:12.0910 1464  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
17:00:12.0910 1464  C:\Windows\System32\psapi.dll - ok
17:00:12.0910 1464  [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
17:00:12.0910 1464  C:\Windows\System32\shlwapi.dll - ok
17:00:12.0925 1464  [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
17:00:12.0925 1464  C:\Windows\System32\cfgmgr32.dll - ok
17:00:12.0925 1464  [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
17:00:12.0925 1464  C:\Windows\System32\devobj.dll - ok
17:00:12.0941 1464  [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
17:00:12.0941 1464  C:\Windows\System32\crypt32.dll - ok
17:00:12.0941 1464  [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
17:00:12.0941 1464  C:\Windows\System32\wintrust.dll - ok
17:00:12.0957 1464  [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
17:00:12.0957 1464  C:\Windows\System32\KernelBase.dll - ok
17:00:12.0957 1464  [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
17:00:12.0957 1464  C:\Windows\System32\msasn1.dll - ok
17:00:12.0972 1464  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
17:00:12.0972 1464  C:\Windows\SysWOW64\normaliz.dll - ok
17:00:12.0972 1464  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
17:00:12.0972 1464  C:\Windows\System32\drivers\ndproxy.sys - ok
17:00:12.0988 1464  [ 67972BFC8F23054BD23E1DE1450E40BD ] C:\Windows\System32\drivers\mfefirek.sys
17:00:12.0988 1464  C:\Windows\System32\drivers\mfefirek.sys - ok
17:00:12.0988 1464  [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
17:00:12.0988 1464  C:\Windows\System32\drivers\dxapi.sys - ok
17:00:13.0003 1464  [ 59E21156113E438D1D91AF4FC0C3B19F ] C:\Windows\System32\win32k.sys
17:00:13.0003 1464  C:\Windows\System32\win32k.sys - ok
17:00:13.0003 1464  [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
17:00:13.0003 1464  C:\Windows\System32\csrsrv.dll - ok
17:00:13.0003 1464  [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
17:00:13.0003 1464  C:\Windows\System32\csrss.exe - ok
17:00:13.0019 1464  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
17:00:13.0019 1464  C:\Windows\System32\basesrv.dll - ok
17:00:13.0019 1464  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
17:00:13.0019 1464  C:\Windows\System32\winsrv.dll - ok
17:00:13.0035 1464  [ FEDE0629ECB23650D48989517D4914DA ] C:\Windows\System32\drivers\dxg.sys
17:00:13.0035 1464  C:\Windows\System32\drivers\dxg.sys - ok
17:00:13.0035 1464  [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
17:00:13.0035 1464  C:\Windows\System32\drivers\usbccgp.sys - ok
17:00:13.0050 1464  [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
17:00:13.0050 1464  C:\Windows\System32\tsddd.dll - ok
17:00:13.0050 1464  [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
17:00:13.0050 1464  C:\Windows\System32\profapi.dll - ok
17:00:13.0050 1464  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
17:00:13.0050 1464  C:\Windows\System32\sxssrv.dll - ok
17:00:13.0066 1464  [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
17:00:13.0066 1464  C:\Windows\System32\wininit.exe - ok
17:00:13.0066 1464  [ 1A83FACA2135AF076E8EA73A30B3B26C ] C:\Windows\System32\KBDUK.DLL
17:00:13.0066 1464  C:\Windows\System32\KBDUK.DLL - ok
17:00:13.0081 1464  [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
17:00:13.0081 1464  C:\Windows\System32\RpcRtRemote.dll - ok
17:00:13.0081 1464  [ 8BEC4D6AD2864EDF68D9AD0C6AA6C6D1 ] C:\Windows\System32\vga.dll
17:00:13.0081 1464  C:\Windows\System32\vga.dll - ok
17:00:13.0097 1464  [ E30B04A8FE665C52162D70233ABEA9A3 ] C:\Windows\System32\framebuf.dll
17:00:13.0097 1464  C:\Windows\System32\framebuf.dll - ok
17:00:13.0097 1464  [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
17:00:13.0097 1464  C:\Windows\System32\WlS0WndH.dll - ok
17:00:13.0113 1464  [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
17:00:13.0113 1464  C:\Windows\System32\sxs.dll - ok
17:00:13.0113 1464  [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
17:00:13.0113 1464  C:\Windows\System32\cryptbase.dll - ok
17:00:13.0113 1464  [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
17:00:13.0113 1464  C:\Windows\System32\lsasrv.dll - ok
17:00:13.0128 1464  [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
17:00:13.0128 1464  C:\Windows\System32\lsass.exe - ok
17:00:13.0128 1464  [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
17:00:13.0128 1464  C:\Windows\System32\lsm.exe - ok
17:00:13.0144 1464  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
17:00:13.0144 1464  C:\Windows\System32\services.exe - ok
17:00:13.0144 1464  [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
17:00:13.0144 1464  C:\Windows\System32\sspisrv.dll - ok
17:00:13.0144 1464  [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
17:00:13.0144 1464  C:\Windows\System32\scesrv.dll - ok
17:00:13.0159 1464  [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
17:00:13.0159 1464  C:\Windows\System32\scext.dll - ok
17:00:13.0159 1464  [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
17:00:13.0159 1464  C:\Windows\System32\secur32.dll - ok
17:00:13.0175 1464  [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
17:00:13.0175 1464  C:\Windows\System32\sspicli.dll - ok
17:00:13.0175 1464  [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
17:00:13.0175 1464  C:\Windows\System32\sysntfy.dll - ok
17:00:13.0191 1464  [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
17:00:13.0191 1464  C:\Windows\System32\wmsgapi.dll - ok
17:00:13.0191 1464  [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
17:00:13.0191 1464  C:\Windows\System32\samsrv.dll - ok
17:00:13.0191 1464  [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
17:00:13.0191 1464  C:\Windows\System32\cryptdll.dll - ok
17:00:13.0206 1464  [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
17:00:13.0206 1464  C:\Windows\System32\srvcli.dll - ok
17:00:13.0206 1464  [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
17:00:13.0206 1464  C:\Windows\System32\authz.dll - ok
17:00:13.0222 1464  [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
17:00:13.0222 1464  C:\Windows\System32\cngaudit.dll - ok
17:00:13.0222 1464  [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
17:00:13.0222 1464  C:\Windows\System32\ncrypt.dll - ok
17:00:13.0237 1464  [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
17:00:13.0237 1464  C:\Windows\System32\wevtapi.dll - ok
17:00:13.0237 1464  [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
17:00:13.0237 1464  C:\Windows\System32\bcrypt.dll - ok
17:00:13.0237 1464  [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
17:00:13.0237 1464  C:\Windows\System32\msprivs.dll - ok
17:00:13.0253 1464  [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
17:00:13.0253 1464  C:\Windows\System32\netjoin.dll - ok
17:00:13.0269 1464  [ CB2ABB2DA1E9C977302A78D86D4AE3B0 ] C:\Windows\System32\atmfd.dll
17:00:13.0269 1464  C:\Windows\System32\atmfd.dll - ok
17:00:13.0269 1464  [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
17:00:13.0269 1464  C:\Windows\System32\negoexts.dll - ok
17:00:13.0269 1464  [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
17:00:13.0269 1464  C:\Windows\System32\kerberos.dll - ok
17:00:13.0284 1464  [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
17:00:13.0284 1464  C:\Windows\System32\cryptsp.dll - ok
17:00:13.0284 1464  [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
17:00:13.0284 1464  C:\Windows\System32\msv1_0.dll - ok
17:00:13.0300 1464  [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
17:00:13.0300 1464  C:\Windows\System32\mswsock.dll - ok
17:00:13.0300 1464  [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
17:00:13.0300 1464  C:\Windows\System32\wship6.dll - ok
17:00:13.0315 1464  [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
17:00:13.0315 1464  C:\Windows\System32\netlogon.dll - ok
17:00:13.0315 1464  [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
17:00:13.0315 1464  C:\Windows\System32\dnsapi.dll - ok
17:00:13.0331 1464  [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
17:00:13.0331 1464  C:\Windows\System32\logoncli.dll - ok
17:00:13.0331 1464  [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
17:00:13.0331 1464  C:\Windows\System32\schannel.dll - ok
17:00:13.0331 1464  [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
17:00:13.0331 1464  C:\Windows\System32\wdigest.dll - ok
17:00:13.0347 1464  [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
17:00:13.0347 1464  C:\Windows\System32\rsaenh.dll - ok
17:00:13.0347 1464  [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
17:00:13.0347 1464  C:\Windows\System32\TSpkg.dll - ok
17:00:13.0362 1464  [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
17:00:13.0362 1464  C:\Windows\System32\pku2u.dll - ok
17:00:13.0362 1464  [ 55C892560C1B42BC57FB61AEFCED2F22 ] C:\Windows\System32\LIVESSP.DLL
17:00:13.0362 1464  C:\Windows\System32\LIVESSP.DLL - ok
17:00:13.0378 1464  [ 5B8B5CCD459DDB54F57AB5027E8E4BAA ] C:\Windows\System32\MSOIDSSP.DLL
17:00:13.0378 1464  C:\Windows\System32\MSOIDSSP.DLL - ok
17:00:13.0378 1464  [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
17:00:13.0378 1464  C:\Windows\System32\winlogon.exe - ok
17:00:13.0393 1464  [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
17:00:13.0393 1464  C:\Windows\System32\winsta.dll - ok
17:00:13.0393 1464  [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
17:00:13.0393 1464  C:\Windows\System32\bcryptprimitives.dll - ok
17:00:13.0393 1464  [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
17:00:13.0393 1464  C:\Windows\System32\credssp.dll - ok
17:00:13.0409 1464  [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
17:00:13.0409 1464  C:\Windows\System32\efslsaext.dll - ok
17:00:13.0409 1464  [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
17:00:13.0409 1464  C:\Windows\System32\scecli.dll - ok
17:00:13.0425 1464  [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
17:00:13.0425 1464  C:\Windows\System32\ubpm.dll - ok
17:00:13.0425 1464  [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
17:00:13.0425 1464  C:\Windows\System32\svchost.exe - ok
17:00:13.0440 1464  [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
17:00:13.0440 1464  C:\Windows\System32\umpnpmgr.dll - ok
17:00:13.0440 1464  [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
17:00:13.0440 1464  C:\Windows\System32\devrtl.dll - ok
17:00:13.0440 1464  [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
17:00:13.0440 1464  C:\Windows\System32\SPInf.dll - ok
17:00:13.0456 1464  [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
17:00:13.0456 1464  C:\Windows\System32\gpapi.dll - ok
17:00:13.0456 1464  [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
17:00:13.0456 1464  C:\Windows\System32\userenv.dll - ok
17:00:13.0471 1464  [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
17:00:13.0471 1464  C:\Windows\System32\pcwum.dll - ok
17:00:13.0471 1464  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
17:00:13.0471 1464  C:\Windows\System32\umpo.dll - ok
17:00:13.0487 1464  [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
17:00:13.0487 1464  C:\Windows\System32\powrprof.dll - ok
17:00:13.0487 1464  [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
17:00:13.0487 1464  C:\Windows\System32\drivers\WUDFPf.sys - ok
17:00:13.0487 1464  [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
17:00:13.0487 1464  C:\Windows\System32\rpcss.dll - ok
17:00:13.0503 1464  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
17:00:13.0503 1464  C:\Windows\System32\RpcEpMap.dll - ok
17:00:13.0503 1464  [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
17:00:13.0503 1464  C:\Windows\System32\WSHTCPIP.DLL - ok
17:00:13.0518 1464  [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
17:00:13.0518 1464  C:\Windows\System32\wshqos.dll - ok
17:00:13.0518 1464  [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
17:00:13.0518 1464  C:\Windows\System32\FirewallAPI.dll - ok
17:00:13.0534 1464  [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
17:00:13.0534 1464  C:\Windows\System32\version.dll - ok
17:00:13.0534 1464  [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
17:00:13.0534 1464  C:\Windows\System32\LogonUI.exe - ok
17:00:13.0549 1464  [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
17:00:13.0549 1464  C:\Windows\System32\authui.dll - ok
17:00:13.0549 1464  [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
17:00:13.0549 1464  C:\Windows\System32\wevtsvc.dll - ok
17:00:13.0565 1464  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
17:00:13.0565 1464  C:\Windows\System32\profsvc.dll - ok
17:00:13.0565 1464  [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
17:00:13.0565 1464  C:\Windows\System32\atl.dll - ok
17:00:13.0565 1464  [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
17:00:13.0565 1464  C:\Windows\System32\WUDFSvc.dll - ok
17:00:13.0581 1464  [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
17:00:13.0581 1464  C:\Windows\System32\WUDFPlatform.dll - ok
17:00:13.0581 1464  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
17:00:13.0581 1464  C:\Windows\System32\drivers\nwifi.sys - ok
17:00:13.0596 1464  [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
17:00:13.0596 1464  C:\Windows\System32\drivers\ndisuio.sys - ok
17:00:13.0596 1464  [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
17:00:13.0596 1464  C:\Windows\System32\lmhsvc.dll - ok
17:00:13.0612 1464  [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
17:00:13.0612 1464  C:\Windows\System32\IPHLPAPI.DLL - ok
17:00:13.0612 1464  [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
17:00:13.0612 1464  C:\Windows\System32\nsisvc.dll - ok
17:00:13.0612 1464  [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
17:00:13.0612 1464  C:\Windows\System32\winnsi.dll - ok
17:00:13.0627 1464  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
17:00:13.0627 1464  C:\Windows\System32\dnsrslvr.dll - ok
17:00:13.0627 1464  [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
17:00:13.0627 1464  C:\Windows\System32\nrpsrv.dll - ok
17:00:13.0643 1464  [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
17:00:13.0643 1464  C:\Windows\System32\nlasvc.dll - ok
17:00:13.0643 1464  [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
17:00:13.0643 1464  C:\Windows\System32\keyiso.dll - ok
17:00:13.0659 1464  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
17:00:13.0659 1464  C:\Windows\System32\dhcpcore.dll - ok
17:00:13.0659 1464  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
17:00:13.0659 1464  C:\Windows\System32\eapsvc.dll - ok
17:00:13.0674 1464  [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
17:00:13.0674 1464  C:\Windows\System32\eapphost.dll - ok
17:00:13.0674 1464  [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
17:00:13.0674 1464  C:\Windows\System32\dhcpcsvc.dll - ok
17:00:13.0674 1464  [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
17:00:13.0674 1464  C:\Windows\System32\ncsi.dll - ok
17:00:13.0690 1464  [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
17:00:13.0690 1464  C:\Windows\System32\dhcpcore6.dll - ok
17:00:13.0690 1464  [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
17:00:13.0690 1464  C:\Windows\System32\winhttp.dll - ok
17:00:13.0690 1464  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
17:00:13.0690 1464  C:\Windows\System32\wlansvc.dll - ok
17:00:13.0705 1464  [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
17:00:13.0705 1464  C:\Windows\System32\wtsapi32.dll - ok
17:00:13.0721 1464  [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
17:00:13.0721 1464  C:\Windows\System32\umb.dll - ok
17:00:13.0721 1464  [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
17:00:13.0721 1464  C:\Windows\System32\webio.dll - ok
17:00:13.0737 1464  [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
17:00:13.0737 1464  C:\Windows\System32\FWPUCLNT.DLL - ok
17:00:13.0737 1464  [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
17:00:13.0737 1464  C:\Windows\System32\dnsext.dll - ok
17:00:13.0737 1464  [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
17:00:13.0737 1464  C:\Windows\System32\dsrole.dll - ok
17:00:13.0752 1464  [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
17:00:13.0752 1464  C:\Windows\System32\ssdpapi.dll - ok
17:00:13.0752 1464  [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
17:00:13.0752 1464  C:\Windows\System32\dhcpcsvc6.dll - ok
17:00:13.0768 1464  [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
17:00:13.0768 1464  C:\Windows\System32\wlanmsm.dll - ok
17:00:13.0768 1464  [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
17:00:13.0768 1464  C:\Windows\System32\wlansec.dll - ok
17:00:13.0768 1464  [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
17:00:13.0768 1464  C:\Windows\System32\onex.dll - ok
17:00:13.0783 1464  [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
17:00:13.0783 1464  C:\Windows\System32\eappprxy.dll - ok
17:00:13.0783 1464  [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
17:00:13.0783 1464  C:\Windows\System32\eappcfg.dll - ok
17:00:13.0799 1464  [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
17:00:13.0799 1464  C:\Windows\System32\wlgpclnt.dll - ok
17:00:13.0799 1464  [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
17:00:13.0799 1464  C:\Windows\System32\l2gpstore.dll - ok
17:00:13.0815 1464  [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
17:00:13.0815 1464  C:\Windows\System32\wlanutil.dll - ok
17:00:13.0815 1464  [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
17:00:13.0815 1464  C:\Windows\System32\WinSCard.dll - ok
17:00:13.0830 1464  [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
17:00:13.0830 1464  C:\Windows\System32\msxml6.dll - ok
17:00:13.0830 1464  [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
17:00:13.0830 1464  C:\Windows\System32\drivers\fltMgr.sys - ok
17:00:13.0830 1464  [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
17:00:13.0830 1464  C:\Windows\System32\PSHED.DLL - ok
17:00:13.0846 1464  [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
17:00:13.0846 1464  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
17:00:13.0846 1464  [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
17:00:13.0846 1464  C:\Windows\System32\adtschema.dll - ok
17:00:13.0861 1464  [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
17:00:13.0861 1464  C:\Windows\System32\netutils.dll - ok
17:00:13.0877 1464  [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
17:00:13.0877 1464  C:\Windows\System32\wkscli.dll - ok
17:00:13.0877 1464  [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
17:00:13.0877 1464  C:\Windows\System32\cryptui.dll - ok
17:00:13.0893 1464  [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
17:00:13.0893 1464  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
17:00:13.0893 1464  [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
17:00:13.0893 1464  C:\Windows\System32\shacct.dll - ok
17:00:13.0893 1464  [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
17:00:13.0893 1464  C:\Windows\System32\propsys.dll - ok
17:00:13.0908 1464  [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
17:00:13.0908 1464  C:\Windows\System32\samlib.dll - ok
17:00:13.0908 1464  [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
17:00:13.0908 1464  C:\Windows\System32\uxtheme.dll - ok
17:00:13.0924 1464  [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
17:00:13.0924 1464  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
17:00:13.0924 1464  [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
17:00:13.0924 1464  C:\Windows\System32\dui70.dll - ok
17:00:13.0939 1464  [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
17:00:13.0939 1464  C:\Windows\System32\duser.dll - ok
17:00:13.0939 1464  [ 43FAB56AE5F639AD59D7209693F4C4C2 ] C:\Windows\System32\wlanext.exe
17:00:13.0939 1464  C:\Windows\System32\wlanext.exe - ok
17:00:13.0939 1464  [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
17:00:13.0939 1464  C:\Windows\System32\conhost.exe - ok
17:00:13.0955 1464  [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
17:00:13.0955 1464  C:\Windows\System32\BFE.DLL - ok
17:00:13.0955 1464  [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
17:00:13.0955 1464  C:\Windows\System32\slc.dll - ok
17:00:13.0971 1464  [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
17:00:13.0971 1464  C:\Windows\System32\drivers\bowser.sys - ok
17:00:13.0971 1464  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
17:00:13.0971 1464  C:\Windows\System32\drivers\mpsdrv.sys - ok
17:00:13.0986 1464  [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
17:00:13.0986 1464  C:\Windows\System32\drivers\mrxsmb.sys - ok
17:00:13.0986 1464  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
17:00:13.0986 1464  C:\Windows\System32\MPSSVC.dll - ok
17:00:13.0986 1464  [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
17:00:13.0986 1464  C:\Windows\System32\drivers\mrxsmb10.sys - ok
17:00:14.0002 1464  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
17:00:14.0002 1464  C:\Windows\System32\drivers\mrxsmb20.sys - ok
17:00:14.0002 1464  [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
17:00:14.0002 1464  C:\Windows\System32\wkssvc.dll - ok
17:00:14.0017 1464  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
17:00:14.0017 1464  C:\Windows\System32\cryptsvc.dll - ok
17:00:14.0017 1464  [ 0C043B0ABBB5E14E68906AB80365395B ] C:\Windows\System32\efssvc.dll
17:00:14.0017 1464  C:\Windows\System32\efssvc.dll - ok
17:00:14.0033 1464  [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
17:00:14.0033 1464  C:\Windows\System32\wfapigp.dll - ok
17:00:14.0033 1464  [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
17:00:14.0033 1464  C:\Windows\System32\cryptnet.dll - ok
17:00:14.0049 1464  [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
17:00:14.0049 1464  C:\Windows\System32\IKEEXT.DLL - ok
17:00:14.0049 1464  [ 7F8E83B9466A0A002D4AB15C104062A7 ] C:\Windows\System32\efscore.dll
17:00:14.0049 1464  C:\Windows\System32\efscore.dll - ok
17:00:14.0064 1464  [ 74CE2EBE64AB78904E33DD4C5F21611F ] C:\Windows\System32\mfevtps.exe
17:00:14.0064 1464  C:\Windows\System32\mfevtps.exe - ok
17:00:14.0064 1464  [ 58283053C781AD3A579C95D7765C1FA0 ] C:\Windows\System32\efsutil.dll
17:00:14.0064 1464  C:\Windows\System32\efsutil.dll - ok
17:00:14.0080 1464  [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
17:00:14.0080 1464  C:\Windows\System32\mscms.dll - ok
17:00:14.0080 1464  [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
17:00:14.0080 1464  C:\Windows\System32\sfc.dll - ok
17:00:14.0080 1464  [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
17:00:14.0080 1464  C:\Windows\System32\sfc_os.dll - ok
17:00:14.0095 1464  [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
17:00:14.0095 1464  C:\Windows\System32\ntmarta.dll - ok
17:00:14.0095 1464  [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
17:00:14.0095 1464  C:\Windows\System32\pcasvc.dll - ok
17:00:14.0111 1464  [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
17:00:14.0111 1464  C:\Windows\System32\snmptrap.exe - ok
17:00:14.0111 1464  [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
17:00:14.0111 1464  C:\Windows\System32\provsvc.dll - ok
17:00:14.0127 1464  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
17:00:14.0127 1464  C:\Windows\System32\sstpsvc.dll - ok
17:00:14.0127 1464  [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
17:00:14.0127 1464  C:\Windows\System32\SndVolSSO.dll - ok
17:00:14.0127 1464  [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
17:00:14.0127 1464  C:\Windows\System32\dwmapi.dll - ok
17:00:14.0142 1464  [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
17:00:14.0142 1464  C:\Windows\System32\hid.dll - ok
17:00:14.0142 1464  [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
17:00:14.0142 1464  C:\Windows\System32\MMDevAPI.dll - ok
17:00:14.0158 1464  [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
17:00:14.0158 1464  C:\Windows\System32\xmllite.dll - ok
17:00:14.0158 1464  [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
17:00:14.0158 1464  C:\Windows\System32\WindowsCodecs.dll - ok
17:00:14.0173 1464  [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
17:00:14.0173 1464  C:\Windows\System32\winbrand.dll - ok
17:00:14.0173 1464  [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
17:00:14.0173 1464  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
17:00:14.0189 1464  [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
17:00:14.0189 1464  C:\Windows\System32\VaultCredProvider.dll - ok
17:00:14.0189 1464  [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
17:00:14.0189 1464  C:\Windows\System32\vpnikeapi.dll - ok
17:00:14.0205 1464  [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
17:00:14.0205 1464  C:\Windows\System32\wbem\WMIsvc.dll - ok
17:00:14.0205 1464  [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
17:00:14.0205 1464  C:\Windows\System32\wbemcomn.dll - ok
17:00:14.0220 1464  [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
17:00:14.0220 1464  C:\Windows\System32\wbem\WinMgmtR.dll - ok
17:00:14.0220 1464  [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
17:00:14.0220 1464  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
17:00:14.0220 1464  [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
17:00:14.0220 1464  C:\Windows\System32\wbem\fastprox.dll - ok
17:00:14.0236 1464  [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
17:00:14.0236 1464  C:\Windows\System32\ntdsapi.dll - ok
17:00:14.0236 1464  [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
17:00:14.0236 1464  C:\Windows\System32\wbem\wbemprox.dll - ok
17:00:14.0251 1464  [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
17:00:14.0251 1464  C:\Windows\System32\vssapi.dll - ok
17:00:14.0251 1464  [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
17:00:14.0251 1464  C:\Windows\System32\vsstrace.dll - ok
17:00:14.0267 1464  [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
17:00:14.0267 1464  C:\Windows\System32\wbem\wbemcore.dll - ok
17:00:14.0267 1464  [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
17:00:14.0267 1464  C:\Windows\System32\wbem\esscli.dll - ok
17:00:14.0267 1464  [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
17:00:14.0267 1464  C:\Windows\System32\wbem\wbemsvc.dll - ok
17:00:14.0283 1464  [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
17:00:14.0283 1464  C:\Windows\System32\wbem\wmiutils.dll - ok
17:00:14.0283 1464  [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
17:00:14.0283 1464  C:\Windows\System32\wbem\repdrvfs.dll - ok
17:00:14.0298 1464  [ 3CBBB569730EFD069B4BD253DDD4AD58 ] C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
17:00:14.0298 1464  C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe - ok
17:00:14.0298 1464  [ B6F1513C78CC8ECE1AC2B74C8206F025 ] C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll
17:00:14.0298 1464  C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll - ok
17:00:14.0314 1464  [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
17:00:14.0314 1464  C:\Windows\System32\UXInit.dll - ok
17:00:14.0314 1464  [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
17:00:14.0314 1464  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
17:00:14.0329 1464  [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
17:00:14.0329 1464  C:\Windows\System32\ncobjapi.dll - ok
17:00:14.0329 1464  [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
17:00:14.0329 1464  C:\Windows\System32\wbem\wbemess.dll - ok
17:00:14.0329 1464  [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
17:00:14.0329 1464  C:\Windows\System32\samcli.dll - ok
17:00:14.0345 1464  [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
17:00:14.0345 1464  C:\Windows\System32\imageres.dll - ok
17:00:14.0345 1464  [ F928E5E72BBA15DD0CE9A26E0413D236 ] C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:00:14.0345 1464  C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe - ok
17:00:14.0361 1464  [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
17:00:14.0361 1464  C:\Windows\System32\netcfgx.dll - ok
17:00:14.0361 1464  [ DF3CA8D16BDED6A54977B30E66864D33 ] C:\Windows\System32\msvcr100.dll
17:00:14.0361 1464  C:\Windows\System32\msvcr100.dll - ok
17:00:14.0376 1464  [ 2C0D7AA2DACF6E11C71F22BFC0050147 ] C:\Program Files\Common Files\McAfee\MSC\LogCntrl.dll
17:00:14.0376 1464  C:\Program Files\Common Files\McAfee\MSC\LogCntrl.dll - ok
17:00:14.0376 1464  [ E30E33FEA53642563CF4C240CACA5D2E ] C:\PROGRA~1\McAfee\MPF\MpfSvc.dll
17:00:14.0376 1464  C:\PROGRA~1\McAfee\MPF\MpfSvc.dll - ok
17:00:14.0392 1464  [ 30830E9DA7F0BA3946665827D5247EC0 ] C:\PROGRA~1\McAfee\MPF\MpfEvt.dll
17:00:14.0392 1464  C:\PROGRA~1\McAfee\MPF\MpfEvt.dll - ok
17:00:14.0392 1464  [ 5A55E3E6F53592F8170623DEFA2B7954 ] C:\Windows\System32\atl100.dll
17:00:14.0392 1464  C:\Windows\System32\atl100.dll - ok
17:00:14.0392 1464  [ 4F096D96285E06CD51AEF7D2D3DE04DA ] C:\Windows\System32\msvcp100.dll
17:00:14.0392 1464  C:\Windows\System32\msvcp100.dll - ok
17:00:14.0407 1464  [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
17:00:14.0407 1464  C:\Windows\System32\msxml3.dll - ok
17:00:14.0407 1464  [ F1F438402FC37991A0502F09CC0AA284 ] C:\PROGRA~1\COMMON~1\McAfee\HACKER~1\HWAPI.dll
17:00:14.0407 1464  C:\PROGRA~1\COMMON~1\McAfee\HACKER~1\HWAPI.dll - ok
17:00:14.0423 1464  [ 8ED06C74B9BC9CE0E24EA0CB0C5CF2A7 ] C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll
17:00:14.0423 1464  C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll - ok
17:00:14.0423 1464  [ 19B8FEB9455D9D63425514271F5752E6 ] C:\PROGRA~1\McAfee\MSC\mclwapi.dll
17:00:14.0423 1464  C:\PROGRA~1\McAfee\MSC\mclwapi.dll - ok
17:00:14.0439 1464  [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
17:00:14.0439 1464  C:\Windows\System32\dllhost.exe - ok
17:00:14.0439 1464  [ 254C46A466484D4169DFF44B29F6A979 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\11_6_2~1\mcutil.dll
17:00:14.0439 1464  C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\11_6_2~1\mcutil.dll - ok
17:00:14.0454 1464  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
17:00:14.0454 1464  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
17:00:14.0454 1464  [ 1F4070CD7B8AFFC4E8E4204277ABBC0D ] C:\Program Files\Common Files\McAfee\VSCore\lockdown.dll
17:00:14.0454 1464  C:\Program Files\Common Files\McAfee\VSCore\lockdown.dll - ok
17:00:14.0454 1464  [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
17:00:14.0454 1464  C:\Windows\System32\IDStore.dll - ok
17:00:14.0470 1464  [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
17:00:14.0470 1464  C:\Windows\System32\mpr.dll - ok
17:00:14.0470 1464  [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
17:00:14.0470 1464  C:\Windows\System32\AtBroker.exe - ok
17:00:14.0485 1464  [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
17:00:14.0485 1464  C:\Windows\System32\userinit.exe - ok
17:00:14.0501 1464  [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
17:00:14.0501 1464  C:\Windows\explorer.exe - ok
17:00:14.0501 1464  [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
17:00:14.0501 1464  C:\Windows\System32\ExplorerFrame.dll - ok
17:00:14.0501 1464  [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
17:00:14.0501 1464  C:\Windows\System32\apphelp.dll - ok
17:00:14.0517 1464  [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
17:00:14.0517 1464  C:\Windows\System32\EhStorShell.dll - ok
17:00:14.0517 1464  [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
17:00:14.0517 1464  C:\Windows\System32\cscapi.dll - ok
17:00:14.0532 1464  [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
17:00:14.0532 1464  C:\Windows\System32\ntshrui.dll - ok
17:00:14.0532 1464  [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
17:00:14.0532 1464  C:\Windows\System32\IconCodecService.dll - ok
17:00:14.0548 1464  [ C97C8EC408AC6F2453EB9417E5EF355A ] C:\Program Files\Common Files\McAfee\MSC\McRTMui.dll
17:00:14.0548 1464  C:\Program Files\Common Files\McAfee\MSC\McRTMui.dll - ok
17:00:14.0548 1464  [ 57FA62B72A77EA12B95EB73501D92B63 ] C:\Program Files\Common Files\McAfee\MSC\LangSel.dll
17:00:14.0548 1464  C:\Program Files\Common Files\McAfee\MSC\LangSel.dll - ok
17:00:14.0548 1464  [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
17:00:14.0548 1464  C:\Windows\System32\runonce.exe - ok
17:00:14.0563 1464  [ A5FA1C3B77FD9384D2E34750DCE1E2C5 ] C:\Program Files\McAfee\MSC\oemui.dll
17:00:14.0563 1464  C:\Program Files\McAfee\MSC\oemui.dll - ok
17:00:14.0563 1464  [ 88FD96AD1B0C56474ADDC97100FFFA39 ] C:\Program Files\McAfee\MPF\L10N.dll
17:00:14.0563 1464  C:\Program Files\McAfee\MPF\L10N.dll - ok
17:00:14.0579 1464  [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
17:00:14.0579 1464  C:\Windows\SysWOW64\ntdll.dll - ok
17:00:14.0579 1464  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
17:00:14.0579 1464  C:\Windows\SysWOW64\runonce.exe - ok
17:00:14.0595 1464  [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
17:00:14.0595 1464  C:\Windows\System32\wow64.dll - ok
17:00:14.0595 1464  [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
17:00:14.0595 1464  C:\Windows\System32\wow64cpu.dll - ok
17:00:14.0610 1464  [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
17:00:14.0610 1464  C:\Windows\System32\wow64win.dll - ok
17:00:14.0610 1464  [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
17:00:14.0610 1464  C:\Windows\SysWOW64\kernel32.dll - ok
17:00:14.0610 1464  [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
17:00:14.0610 1464  C:\Windows\System32\ktmw32.dll - ok
17:00:14.0626 1464  [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
17:00:14.0626 1464  C:\Windows\SysWOW64\advapi32.dll - ok
17:00:14.0626 1464  [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
17:00:14.0626 1464  C:\Windows\SysWOW64\KernelBase.dll - ok
17:00:14.0641 1464  [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
17:00:14.0641 1464  C:\Windows\SysWOW64\msvcrt.dll - ok
17:00:14.0641 1464  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
17:00:14.0641 1464  C:\Windows\SysWOW64\cryptbase.dll - ok
17:00:14.0641 1464  [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
17:00:14.0641 1464  C:\Windows\SysWOW64\gdi32.dll - ok
17:00:14.0657 1464  [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
17:00:14.0657 1464  C:\Windows\SysWOW64\rpcrt4.dll - ok
17:00:14.0673 1464  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
17:00:14.0673 1464  C:\Windows\SysWOW64\sechost.dll - ok
17:00:14.0673 1464  [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
17:00:14.0673 1464  C:\Windows\SysWOW64\sspicli.dll - ok
17:00:14.0688 1464  [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
17:00:14.0688 1464  C:\Windows\SysWOW64\user32.dll - ok
17:00:14.0688 1464  [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
17:00:14.0688 1464  C:\Windows\SysWOW64\lpk.dll - ok
17:00:14.0688 1464  [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
17:00:14.0688 1464  C:\Windows\SysWOW64\ole32.dll - ok
17:00:14.0704 1464  [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
17:00:14.0704 1464  C:\Windows\SysWOW64\shlwapi.dll - ok
17:00:14.0704 1464  [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
17:00:14.0704 1464  C:\Windows\SysWOW64\usp10.dll - ok
17:00:14.0719 1464  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
17:00:14.0719 1464  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
17:00:14.0719 1464  [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
17:00:14.0719 1464  C:\Windows\SysWOW64\shell32.dll - ok
17:00:14.0735 1464  [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
17:00:14.0735 1464  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
17:00:14.0735 1464  [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
17:00:14.0735 1464  C:\Windows\System32\wbem\cimwin32.dll - ok
17:00:14.0751 1464  [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
17:00:14.0751 1464  C:\Windows\System32\framedynos.dll - ok
17:00:14.0751 1464  [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
17:00:14.0751 1464  C:\Windows\SysWOW64\imm32.dll - ok
17:00:14.0751 1464  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
17:00:14.0751 1464  C:\Windows\SysWOW64\msctf.dll - ok
17:00:14.0766 1464  [ 42B6A94DD747DF2B5F628A2752E62A98 ] C:\Windows\System32\ctfmon.exe
17:00:14.0766 1464  C:\Windows\System32\ctfmon.exe - ok
17:00:14.0766 1464  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
17:00:14.0766 1464  C:\Windows\System32\MsCtfMonitor.dll - ok
17:00:14.0766 1464  [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
17:00:14.0766 1464  C:\Windows\System32\msutb.dll - ok
17:00:14.0782 1464  [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
17:00:14.0782 1464  C:\Windows\System32\timedate.cpl - ok
17:00:14.0782 1464  [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
17:00:14.0782 1464  C:\Windows\System32\wmi.dll - ok
17:00:14.0797 1464  [ 7625F3667DFC3B00B8BFFCA013B99E42 ] C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll
17:00:14.0797 1464  C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll - ok
17:00:14.0797 1464  [ 732E668096B1A37B7BFD4B9021E69A8E ] C:\Windows\System32\oleres.dll
17:00:14.0797 1464  C:\Windows\System32\oleres.dll - ok
17:00:14.0813 1464  [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
17:00:14.0813 1464  C:\Windows\System32\hnetcfg.dll - ok
17:00:14.0813 1464  [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
17:00:14.0813 1464  C:\Windows\System32\shdocvw.dll - ok
17:00:14.0829 1464  [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
17:00:14.0829 1464  C:\Windows\System32\linkinfo.dll - ok
17:00:14.0829 1464  [ FA752544EE1EE59E8AD938CBB43CAC93 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
17:00:14.0829 1464  C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
17:00:14.0844 1464  [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
17:00:14.0844 1464  C:\Windows\System32\msftedit.dll - ok
17:00:14.0844 1464  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
17:00:14.0844 1464  C:\Windows\System32\IPSECSVC.DLL - ok
17:00:14.0860 1464  [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
17:00:14.0860 1464  C:\Windows\System32\FwRemoteSvr.dll - ok
17:00:14.0860 1464  [ A73276435F75025DA6E67B2470E1FE16 ] C:\Windows\System32\drivers\cfwids.sys
17:00:14.0860 1464  C:\Windows\System32\drivers\cfwids.sys - ok
17:00:14.0875 1464  [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
17:00:14.0875 1464  C:\Windows\System32\gameux.dll - ok
17:00:14.0875 1464  [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
17:00:14.0875 1464  C:\Windows\System32\msls31.dll - ok
17:00:14.0875 1464  [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
17:00:14.0875 1464  C:\Windows\System32\wer.dll - ok
17:00:14.0891 1464  [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
17:00:14.0891 1464  C:\Windows\System32\DeviceCenter.dll - ok
17:00:14.0891 1464  [ 35126DDDE8241C4C4A5F15F6CDDF4434 ] C:\Windows\System32\ieframe.dll
17:00:14.0891 1464  C:\Windows\System32\ieframe.dll - ok
17:00:14.0907 1464  [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
17:00:14.0907 1464  C:\Windows\System32\oleacc.dll - ok
17:00:14.0907 1464  [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
17:00:14.0907 1464  C:\Windows\System32\msi.dll - ok
17:00:14.0922 1464  [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
17:00:14.0922 1464  C:\Windows\System32\msiltcfg.dll - ok
17:00:14.0922 1464  [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
17:00:14.0922 1464  C:\Windows\System32\thumbcache.dll - ok
17:00:14.0922 1464  [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
17:00:14.0922 1464  C:\Windows\System32\networkexplorer.dll - ok
17:00:14.0938 1464  [ BBD351CB2E5455F0E96FE4460EC05F52 ] C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
17:00:14.0938 1464  C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe - ok
17:00:14.0938 1464  [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
17:00:14.0938 1464  C:\Windows\System32\winmm.dll - ok
17:00:14.0953 1464  [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
17:00:14.0953 1464  C:\Windows\System32\avrt.dll - ok
17:00:14.0953 1464  [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
17:00:14.0953 1464  C:\Windows\System32\ksuser.dll - ok
17:00:14.0969 1464  [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
17:00:14.0969 1464  C:\Windows\System32\wdmaud.drv - ok
17:00:14.0969 1464  [ F2EAA9C72F228E19D37D0B57C179E545 ] C:\Windows\Installer\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}\iTunesIco.exe
17:00:14.0969 1464  C:\Windows\Installer\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}\iTunesIco.exe - ok
17:00:14.0985 1464  [ 0100BCF23941C83462E4A70F94C3392E ] C:\Program Files\Internet Explorer\iexplore.exe
17:00:14.0985 1464  C:\Program Files\Internet Explorer\iexplore.exe - ok
17:00:14.0985 1464  [ A0F1C8C0935233F36886997759FADE92 ] C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
17:00:14.0985 1464  C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe - ok
17:00:15.0000 1464  [ BBAAE027C176402E221CADBFCAEB5407 ] C:\Windows\System32\zipfldr.dll
17:00:15.0000 1464  C:\Windows\System32\zipfldr.dll - ok
17:00:15.0000 1464  [ 625020DE1DBE6A19EDF26916A127AD3D ] C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
17:00:15.0000 1464  C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe - ok
17:00:15.0000 1464  [ 2809F6A69068C6C56860E6B8B8DB4AFB ] C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
17:00:15.0000 1464  C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe - ok
17:00:15.0016 1464  [ 85D6E8F735865B502D65D1D91A79E3F3 ] C:\Windows\System32\browserchoice.exe
17:00:15.0016 1464  C:\Windows\System32\browserchoice.exe - ok
17:00:15.0016 1464  [ 10E4A1D2132CCB5C6759F038CDB6F3C9 ] C:\Windows\System32\calc.exe
17:00:15.0016 1464  C:\Windows\System32\calc.exe - ok
17:00:15.0016 1464  [ F2C7BB8ACC97F92E987A2D4087D021B1 ] C:\Windows\System32\notepad.exe
17:00:15.0016 1464  C:\Windows\System32\notepad.exe - ok
17:00:15.0031 1464  [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
17:00:15.0031 1464  C:\Windows\System32\batmeter.dll - ok
17:00:15.0031 1464  [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
17:00:15.0031 1464  C:\Windows\System32\stobject.dll - ok
17:00:15.0047 1464  [ 11F174ED2050121C394C17B4F7B69983 ] C:\Windows\System32\AuthFWGP.dll
17:00:15.0047 1464  C:\Windows\System32\AuthFWGP.dll - ok
17:00:15.0047 1464  [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
17:00:15.0047 1464  C:\Windows\System32\prnfldr.dll - ok
17:00:15.0063 1464  [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
17:00:15.0063 1464  C:\Windows\System32\es.dll - ok
17:00:15.0063 1464  [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
17:00:15.0063 1464  C:\Windows\System32\winspool.drv - ok
17:00:15.0078 1464  [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
17:00:15.0078 1464  C:\Windows\System32\DXP.dll - ok
17:00:15.0078 1464  [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
17:00:15.0078 1464  C:\Windows\System32\Syncreg.dll - ok
17:00:15.0078 1464  [ DB70FE36AC8F594E9E69479C076BADB8 ] C:\Windows\System32\HelpPaneProxy.dll
17:00:15.0078 1464  C:\Windows\System32\HelpPaneProxy.dll - ok
17:00:15.0094 1464  [ CD47548A52B02D254BF6D7F7A5F2BFD3 ] C:\Windows\HelpPane.exe
17:00:15.0094 1464  C:\Windows\HelpPane.exe - ok
17:00:15.0094 1464  [ 86F1F949DD51FB5A044F1BD34CBE4AA8 ] C:\Windows\System32\apds.dll
17:00:15.0094 1464  C:\Windows\System32\apds.dll - ok
17:00:15.0109 1464  [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
17:00:15.0109 1464  C:\Windows\System32\rasapi32.dll - ok
17:00:15.0109 1464  [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
17:00:15.0109 1464  C:\Windows\System32\rasman.dll - ok
17:00:15.0125 1464  [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
17:00:15.0125 1464  C:\Windows\System32\rtutils.dll - ok
17:00:15.0125 1464  [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
17:00:15.0125 1464  C:\Windows\System32\UIAnimation.dll - ok
17:00:15.0141 1464  [ 14DEB733ACB08A71CC0783ED02FF1F8D ] C:\Windows\System32\mshtml.dll
17:00:15.0141 1464  C:\Windows\System32\mshtml.dll - ok
17:00:15.0141 1464  [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
17:00:15.0141 1464  C:\Windows\System32\AltTab.dll - ok
17:00:15.0156 1464  [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
17:00:15.0156 1464  C:\Windows\System32\pnidui.dll - ok
17:00:15.0156 1464  [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
17:00:15.0156 1464  C:\Windows\System32\QUTIL.DLL - ok
17:00:15.0172 1464  [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
17:00:15.0172 1464  C:\Windows\ehome\ehSSO.dll - ok
17:00:15.0172 1464  [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
17:00:15.0172 1464  C:\Windows\System32\netman.dll - ok
17:00:15.0172 1464  [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
17:00:15.0172 1464  C:\Windows\System32\nlaapi.dll - ok
17:00:15.0187 1464  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
17:00:15.0187 1464  C:\Windows\System32\netprofm.dll - ok
17:00:15.0187 1464  [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
17:00:15.0187 1464  C:\Windows\System32\rasadhlp.dll - ok
17:00:15.0203 1464  [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
17:00:15.0203 1464  C:\Windows\System32\netshell.dll - ok
17:00:15.0203 1464  [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
17:00:15.0203 1464  C:\Windows\System32\WPDShServiceObj.dll - ok
17:00:15.0219 1464  [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
17:00:15.0219 1464  C:\Windows\System32\npmproxy.dll - ok
17:00:15.0219 1464  [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
17:00:15.0219 1464  C:\Windows\System32\PortableDeviceTypes.dll - ok
17:00:15.0234 1464  [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
17:00:15.0234 1464  C:\Windows\System32\PortableDeviceApi.dll - ok
17:00:15.0234 1464  [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
17:00:15.0234 1464  C:\Windows\System32\srchadmin.dll - ok
17:00:15.0234 1464  [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
17:00:15.0234 1464  C:\Windows\System32\rasdlg.dll - ok
17:00:15.0250 1464  [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
17:00:15.0250 1464  C:\Windows\System32\mprapi.dll - ok
17:00:15.0250 1464  [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
17:00:15.0250 1464  C:\Windows\System32\taskschd.dll - ok
17:00:15.0265 1464  [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
17:00:15.0265 1464  C:\Windows\System32\mstask.dll - ok
17:00:15.0265 1464  [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
17:00:15.0265 1464  C:\Windows\System32\dot3api.dll - ok
17:00:15.0265 1464  [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
17:00:15.0265 1464  C:\Windows\System32\webcheck.dll - ok
17:00:15.0281 1464  [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
17:00:15.0281 1464  C:\Windows\System32\wlanhlp.dll - ok
17:00:15.0297 1464  [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
17:00:15.0297 1464  C:\Windows\System32\wlanapi.dll - ok
17:00:15.0297 1464  [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
17:00:15.0297 1464  C:\Windows\System32\mlang.dll - ok
17:00:15.0312 1464  [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
17:00:15.0312 1464  C:\Windows\System32\SyncCenter.dll - ok
17:00:15.0312 1464  [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
17:00:15.0312 1464  C:\Windows\System32\ActionCenter.dll - ok
17:00:15.0312 1464  [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
17:00:15.0312 1464  C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
17:00:15.0328 1464  [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
17:00:15.0328 1464  C:\Windows\System32\WWanAPI.dll - ok
17:00:15.0328 1464  [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
17:00:15.0328 1464  C:\Program Files\Windows Media Player\wmpnssci.dll - ok
17:00:15.0343 1464  [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
17:00:15.0343 1464  C:\Windows\System32\wwapi.dll - ok
17:00:15.0343 1464  [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
17:00:15.0343 1464  C:\Windows\System32\imapi2.dll - ok
17:00:15.0359 1464  [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
17:00:15.0359 1464  C:\Windows\System32\QAGENT.DLL - ok
17:00:15.0359 1464  [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
17:00:15.0359 1464  C:\Windows\System32\bthprops.cpl - ok
17:00:15.0359 1464  [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
17:00:15.0359 1464  C:\Windows\System32\hgcpl.dll - ok
17:00:15.0375 1464  [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
17:00:15.0375 1464  C:\Windows\System32\actxprxy.dll - ok
17:00:15.0375 1464  [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
17:00:15.0375 1464  C:\Program Files\Bonjour\mdnsNSP.dll - ok
17:00:15.0390 1464  [ 28AD5E311996A34025CFB07E131058DD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
17:00:15.0390 1464  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
17:00:15.0390 1464  [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
17:00:15.0390 1464  C:\Windows\System32\NapiNSP.dll - ok
17:00:15.0406 1464  [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
17:00:15.0406 1464  C:\Windows\System32\pnrpnsp.dll - ok
17:00:15.0406 1464  [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
17:00:15.0406 1464  C:\Windows\System32\winrnr.dll - ok
17:00:15.0421 1464  [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
17:00:15.0421 1464  C:\Windows\System32\dssenh.dll - ok
17:00:15.0421 1464  [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
17:00:15.0421 1464  C:\Windows\System32\SensApi.dll - ok
17:00:15.0437 1464  [ 1F04E809409A9B5FFD510B5FD89A1155 ] C:\Windows\System32\d2d1.dll
17:00:15.0437 1464  C:\Windows\System32\d2d1.dll - ok
17:00:15.0437 1464  [ 7426279D625196393EABBEFE1C60A0C2 ] C:\Windows\System32\DWrite.dll
17:00:15.0437 1464  C:\Windows\System32\DWrite.dll - ok
17:00:15.0453 1464  [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
17:00:15.0453 1464  C:\Windows\System32\d3d10_1.dll - ok
17:00:15.0453 1464  [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
17:00:15.0453 1464  C:\Windows\System32\d3d10_1core.dll - ok
17:00:15.0468 1464  [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
17:00:15.0468 1464  C:\Windows\System32\dxgi.dll - ok
17:00:15.0468 1464  [ 64ABE1250EC1A1CFD1442E7C8800216E ] C:\Windows\System32\d3d10warp.dll
17:00:15.0468 1464  C:\Windows\System32\d3d10warp.dll - ok
17:00:15.0484 1464  [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
17:00:15.0484 1464  C:\Windows\System32\FXSST.dll - ok
17:00:15.0484 1464  [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
17:00:15.0484 1464  C:\Windows\System32\FXSAPI.dll - ok
17:00:15.0484 1464  [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
17:00:15.0484 1464  C:\Windows\System32\FXSRESM.dll - ok
17:00:15.0499 1464  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
17:00:15.0499 1464  C:\Windows\System32\FXSSVC.exe - ok
17:00:15.0499 1464  [ B3CE0951E3C1EA3C733573C472EE85F9 ] C:\Windows\System32\msimtf.dll
17:00:15.0499 1464  C:\Windows\System32\msimtf.dll - ok
17:00:15.0515 1464  [ BD66ECA9479C688412DDDA9F2CCD2C69 ] C:\Windows\System32\d3d10.dll
17:00:15.0515 1464  C:\Windows\System32\d3d10.dll - ok
17:00:15.0515 1464  [ B628DA8B548E6D11A35B86799714CB22 ] C:\Windows\System32\d3d10core.dll
17:00:15.0515 1464  C:\Windows\System32\d3d10core.dll - ok
17:00:15.0515 1464  [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
17:00:15.0515 1464  C:\Windows\System32\wmp.dll - ok
17:00:15.0531 1464  [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
17:00:15.0531 1464  C:\Windows\System32\wmploc.DLL - ok
17:00:15.0531 1464  [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
17:00:15.0531 1464  C:\Windows\System32\esent.dll - ok
17:00:15.0546 1464  [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
17:00:15.0546 1464  C:\Windows\System32\wbem\NCProv.dll - ok
17:00:15.0546 1464  [ 66E4246FEF8C364611F9782AA0809F42 ] C:\Program Files\Internet Explorer\ieproxy.dll
17:00:15.0546 1464  C:\Program Files\Internet Explorer\ieproxy.dll - ok
17:00:15.0562 1464  [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
17:00:15.0562 1464  C:\Windows\System32\fundisc.dll - ok
17:00:15.0562 1464  [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
17:00:15.0562 1464  C:\Windows\System32\fdProxy.dll - ok
17:00:15.0562 1464  [ 4E81439902079C348B61D7FF027FE147 ] C:\Windows\System32\StructuredQuery.dll
17:00:15.0562 1464  C:\Windows\System32\StructuredQuery.dll - ok
17:00:15.0577 1464  [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
17:00:15.0577 1464  C:\Windows\System32\drprov.dll - ok
17:00:15.0577 1464  [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
17:00:15.0577 1464  C:\Windows\System32\ntlanman.dll - ok
17:00:15.0593 1464  [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
17:00:15.0593 1464  C:\Windows\System32\davclnt.dll - ok
17:00:15.0593 1464  [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
17:00:15.0593 1464  C:\Windows\System32\davhlpr.dll - ok
17:00:15.0609 1464  [ E5BD9C9B7A160D04A9CDD78F3B265C4C ] C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
17:00:15.0609 1464  C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll - ok
17:00:15.0609 1464  [ A8704A10FFDE468F4AB18EBF82A9A86F ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
17:00:15.0609 1464  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
17:00:15.0624 1464  [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
17:00:15.0624 1464  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
17:00:15.0624 1464  [ 4715F8F8CDBFFF2728BA38B789A1D7C7 ] C:\Windows\System32\wpdshext.dll
17:00:15.0624 1464  C:\Windows\System32\wpdshext.dll - ok
17:00:15.0640 1464  [ 03AB2A2E426C2AD400AC8315226347F8 ] C:\Windows\System32\EhStorAPI.dll
17:00:15.0640 1464  C:\Windows\System32\EhStorAPI.dll - ok
17:00:15.0640 1464  [ F2319A3C94859C0AC0C811CC97B78D52 ] C:\Users\IFG\Downloads\FRST64 (1).exe
17:00:15.0640 1464  C:\Users\IFG\Downloads\FRST64 (1).exe - ok
17:00:15.0640 1464  [ F2319A3C94859C0AC0C811CC97B78D52 ] C:\Users\IFG\Downloads\FRST64.exe
17:00:15.0640 1464  C:\Users\IFG\Downloads\FRST64.exe - ok
17:00:15.0655 1464  [ F2319A3C94859C0AC0C811CC97B78D52 ] C:\Users\IFG\Downloads\FRST64 (2).exe
17:00:15.0655 1464  C:\Users\IFG\Downloads\FRST64 (2).exe - ok
17:00:15.0655 1464  [ F2319A3C94859C0AC0C811CC97B78D52 ] C:\Users\IFG\Downloads\FRST64 (3).exe
17:00:15.0655 1464  C:\Users\IFG\Downloads\FRST64 (3).exe - ok
17:00:15.0671 1464  [ F2319A3C94859C0AC0C811CC97B78D52 ] C:\Users\IFG\Downloads\FRST64 (4).exe
17:00:15.0671 1464  C:\Users\IFG\Downloads\FRST64 (4).exe - ok
17:00:15.0671 1464  [ 59D6855D1E465385BF408F4E9860C902 ] C:\Users\IFG\Downloads\HitmanPro_x64 (1).exe
17:00:15.0671 1464  C:\Users\IFG\Downloads\HitmanPro_x64 (1).exe - ok
17:00:15.0687 1464  [ 59D6855D1E465385BF408F4E9860C902 ] C:\Users\IFG\Downloads\HitmanPro_x64 (2).exe
17:00:15.0687 1464  C:\Users\IFG\Downloads\HitmanPro_x64 (2).exe - ok
17:00:15.0687 1464  [ 59D6855D1E465385BF408F4E9860C902 ] C:\Users\IFG\Downloads\HitmanPro_x64 (3).exe
17:00:15.0687 1464  C:\Users\IFG\Downloads\HitmanPro_x64 (3).exe - ok
17:00:15.0702 1464  [ 59D6855D1E465385BF408F4E9860C902 ] C:\Users\IFG\Downloads\HitmanPro_x64.exe
17:00:15.0702 1464  C:\Users\IFG\Downloads\HitmanPro_x64.exe - ok
17:00:15.0702 1464  [ B89910DBAD3A7C4782ECFD5F582D37D3 ] C:\PROGRA~1\McAfee\MSC\mcmscsub.dll
17:00:15.0702 1464  C:\PROGRA~1\McAfee\MSC\mcmscsub.dll - ok
17:00:15.0702 1464  [ FFB6E1AACCF286EBD549DFDAA93BC940 ] C:\PROGRA~1\McAfee\MSC\mcregobj\11_6_4~1\mcregobj.dll
17:00:15.0702 1464  C:\PROGRA~1\McAfee\MSC\mcregobj\11_6_4~1\mcregobj.dll - ok
17:00:15.0718 1464  [ BAB84C5B1EDB5845CDCEDD057533533B ] C:\Program Files\McAfee\MSC\mcoemres.dll
17:00:15.0718 1464  C:\Program Files\McAfee\MSC\mcoemres.dll - ok
17:00:15.0718 1464  [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
17:00:15.0718 1464  C:\Program Files\Windows Defender\MpSvc.dll - ok
17:00:15.0733 1464  [ 3C5AE07EECF8CF0A69E0D9E9AB3D06C1 ] C:\Program Files\McAfee\MSC\mcprlres.dll
17:00:15.0733 1464  C:\Program Files\McAfee\MSC\mcprlres.dll - ok
17:00:15.0733 1464  [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
17:00:15.0733 1464  C:\Program Files\Windows Defender\MpClient.dll - ok
17:00:15.0749 1464  [ AA59306D5EB1D78E0911183B3AFBC6F5 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll
17:00:15.0749 1464  C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll - ok
17:00:15.0765 1464  [ 7CC7440BAF323AF4826EDD99CC9A3B4A ] C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL
17:00:15.0765 1464  C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL - ok
17:00:15.0765 1464  [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
17:00:15.0765 1464  C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
17:00:15.0765 1464  [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll
17:00:15.0765 1464  C:\Program Files\Windows Defender\MpEvMsg.dll - ok
17:00:15.0780 1464  [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll
17:00:15.0780 1464  C:\Program Files\Windows Defender\MpRTP.dll - ok
17:00:15.0780 1464  [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
17:00:15.0780 1464  C:\Windows\System32\tdh.dll - ok
17:00:15.0796 1464  [ 76A11F575782DBAE74F05B8796EF7F9D ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
17:00:15.0796 1464  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll - ok
17:00:15.0796 1464  [ 436EB2742ED35C1ED9DDCB83C9BCF68A ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpasbase.vdm
17:00:15.0796 1464  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpasbase.vdm - ok
17:00:15.0811 1464  [ A71E1EF3F7E6D0A0E471492DC459D064 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpasdlta.vdm
17:00:15.0811 1464  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpasdlta.vdm - ok
17:00:15.0811 1464  [ 76A11F575782DBAE74F05B8796EF7F9D ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpengine.dll
17:00:15.0811 1464  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpengine.dll - ok
17:00:15.0811 1464  [ 436EB2742ED35C1ED9DDCB83C9BCF68A ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpasbase.vdm
17:00:15.0811 1464  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpasbase.vdm - ok
17:00:15.0827 1464  [ 76A11F575782DBAE74F05B8796EF7F9D ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpengine.dll
17:00:15.0827 1464  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpengine.dll - ok
17:00:15.0827 1464  [ A71E1EF3F7E6D0A0E471492DC459D064 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpasdlta.vdm
17:00:15.0827 1464  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D08176-201A-4382-9333-D8DB59950DE4}\mpasdlta.vdm - ok
17:00:15.0843 1464  [ 436EB2742ED35C1ED9DDCB83C9BCF68A ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpasbase.vdm
17:00:15.0843 1464  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpasbase.vdm - ok
17:00:15.0843 1464  [ A71E1EF3F7E6D0A0E471492DC459D064 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpasdlta.vdm
17:00:15.0843 1464  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112D02EE-6ADF-4AFA-A0DF-FE550A36107A}\mpasdlta.vdm - ok
17:00:15.0858 1464  [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll
17:00:15.0858 1464  C:\Program Files\Windows Defender\MsMpLics.dll - ok
17:00:15.0858 1464  [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
17:00:15.0858 1464  C:\Windows\System32\wscapi.dll - ok
17:00:15.0874 1464  [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
17:00:15.0874 1464  C:\Windows\System32\wscisvif.dll - ok
17:00:15.0874 1464  [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
17:00:15.0874 1464  C:\Windows\System32\wscproxystub.dll - ok
17:00:15.0889 1464  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\IFG\Downloads\tdsskiller.exe
17:00:15.0889 1464  C:\Users\IFG\Downloads\tdsskiller.exe - ok
17:00:15.0889 1464  [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
17:00:15.0889 1464  C:\Windows\SysWOW64\crypt32.dll - ok
17:00:15.0889 1464  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
17:00:15.0889 1464  C:\Windows\SysWOW64\msasn1.dll - ok
17:00:15.0905 1464  [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
17:00:15.0905 1464  C:\Windows\SysWOW64\oleaut32.dll - ok
17:00:15.0921 1464  [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
17:00:15.0921 1464  C:\Windows\SysWOW64\setupapi.dll - ok
17:00:15.0921 1464  [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
17:00:15.0921 1464  C:\Windows\SysWOW64\cfgmgr32.dll - ok
17:00:15.0921 1464  [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
17:00:15.0921 1464  C:\Windows\SysWOW64\devobj.dll - ok
17:00:15.0936 1464  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
17:00:15.0936 1464  C:\Windows\SysWOW64\version.dll - ok
17:00:15.0936 1464  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
17:00:15.0936 1464  C:\Windows\SysWOW64\webio.dll - ok
17:00:15.0952 1464  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
17:00:15.0952 1464  C:\Windows\SysWOW64\winhttp.dll - ok
17:00:15.0952 1464  [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
17:00:15.0952 1464  C:\Windows\SysWOW64\wintrust.dll - ok
17:00:15.0967 1464  [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
17:00:15.0967 1464  C:\Windows\SysWOW64\uxtheme.dll - ok
17:00:15.0967 1464  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
17:00:15.0967 1464  C:\Windows\SysWOW64\credssp.dll - ok
17:00:15.0983 1464  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
17:00:15.0983 1464  C:\Windows\SysWOW64\cryptsp.dll - ok
17:00:15.0983 1464  [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
17:00:15.0983 1464  C:\Windows\SysWOW64\mswsock.dll - ok
17:00:15.0983 1464  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
17:00:15.0983 1464  C:\Windows\SysWOW64\nsi.dll - ok
17:00:15.0999 1464  [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
17:00:15.0999 1464  C:\Windows\SysWOW64\ws2_32.dll - ok
17:00:15.0999 1464  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
17:00:15.0999 1464  C:\Windows\SysWOW64\wship6.dll - ok
17:00:16.0014 1464  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
17:00:16.0014 1464  C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
17:00:16.0014 1464  [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
17:00:16.0014 1464  C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
17:00:16.0030 1464  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
17:00:16.0030 1464  C:\Windows\SysWOW64\dnsapi.dll - ok
17:00:16.0030 1464  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
17:00:16.0030 1464  C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
17:00:16.0045 1464  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
17:00:16.0045 1464  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
17:00:16.0045 1464  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
17:00:16.0045 1464  C:\Windows\SysWOW64\psapi.dll - ok
17:00:16.0045 1464  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
17:00:16.0045 1464  C:\Windows\SysWOW64\rasadhlp.dll - ok
17:00:16.0061 1464  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
17:00:16.0061 1464  C:\Windows\SysWOW64\winnsi.dll - ok
17:00:16.0077 1464  [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
17:00:16.0077 1464  C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
17:00:16.0077 1464  [ BC70295C58B087182275C56CA0D21021 ] C:\PROGRA~1\COMMON~1\McAfee\NMC\McMPFEvt.dll
17:00:16.0077 1464  C:\PROGRA~1\COMMON~1\McAfee\NMC\McMPFEvt.dll - ok
17:00:16.0077 1464  [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\65998986.sys
17:00:16.0077 1464  C:\Windows\System32\drivers\65998986.sys - ok
17:00:16.0092 1464  [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
17:00:16.0092 1464  C:\Windows\SysWOW64\msi.dll - ok
17:00:16.0092 1464  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
17:00:16.0092 1464  C:\Windows\SysWOW64\profapi.dll - ok
17:00:16.0108 1464  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
17:00:16.0108 1464  C:\Windows\SysWOW64\userenv.dll - ok
17:00:16.0108 1464  [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
17:00:16.0108 1464  C:\Windows\SysWOW64\clbcatq.dll - ok
17:00:16.0123 1464  [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
17:00:16.0123 1464  C:\Windows\SysWOW64\riched20.dll - ok
17:00:16.0123 1464  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
17:00:16.0123 1464  C:\Windows\SysWOW64\dui70.dll - ok
17:00:16.0123 1464  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
17:00:16.0123 1464  C:\Windows\SysWOW64\duser.dll - ok
17:00:16.0139 1464  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
17:00:16.0139 1464  C:\Windows\SysWOW64\ExplorerFrame.dll - ok
17:00:16.0139 1464  [ 81252AA3B13743020BCF2089A5A0D911 ] C:\Windows\System32\wscinterop.dll
17:00:16.0139 1464  C:\Windows\System32\wscinterop.dll - ok
17:00:16.0155 1464  [ DF50DAE4C547285E4997A0C61063B632 ] C:\Windows\System32\wscui.cpl
17:00:16.0155 1464  C:\Windows\System32\wscui.cpl - ok
17:00:16.0155 1464  [ F9959237F106F2B2609E61A290C0652E ] C:\Windows\System32\werconcpl.dll
17:00:16.0155 1464  C:\Windows\System32\werconcpl.dll - ok
17:00:16.0170 1464  [ 7E591867422DC788B9E5BD337A669A08 ] C:\Windows\System32\wercplsupport.dll
17:00:16.0170 1464  C:\Windows\System32\wercplsupport.dll - ok
17:00:16.0170 1464  [ 66C87DB880052104808507D6FA84D68E ] C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
17:00:16.0170 1464  C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL - ok
17:00:16.0186 1464  [ 809AE7D4ACE06BBCF621E5C504BF6FC8 ] C:\Windows\System32\hcproviders.dll
17:00:16.0186 1464  C:\Windows\System32\hcproviders.dll - ok
17:00:16.0186 1464  [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
17:00:16.0186 1464  C:\Windows\SysWOW64\bcrypt.dll - ok
17:00:16.0186 1464  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
17:00:16.0186 1464  C:\Windows\SysWOW64\rsaenh.dll - ok
17:00:16.0201 1464  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
17:00:16.0201 1464  C:\Windows\SysWOW64\bcryptprimitives.dll - ok
17:00:16.0201 1464  [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
17:00:16.0201 1464  C:\Windows\SysWOW64\imagehlp.dll - ok
17:00:16.0217 1464  [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
17:00:16.0217 1464  C:\Windows\SysWOW64\ncrypt.dll - ok
17:00:16.0233 1464  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
17:00:16.0233 1464  C:\Windows\SysWOW64\gpapi.dll - ok
17:00:16.0233 1464  [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
17:00:16.0233 1464  C:\Windows\SysWOW64\cryptnet.dll - ok
17:00:16.0233 1464  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
17:00:16.0233 1464  C:\Windows\SysWOW64\SensApi.dll - ok
17:00:16.0248 1464  [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
17:00:16.0248 1464  C:\Windows\SysWOW64\Wldap32.dll - ok
17:00:16.0248 1464  [ 005247E3057BC5D5C3F8C6F886FFC10C ] C:\Windows\System32\wbem\WMIADAP.exe
17:00:16.0248 1464  C:\Windows\System32\wbem\WMIADAP.exe - ok
17:00:16.0264 1464  [ 9FE3ED67345F0FF829A4A53B90E09672 ] C:\Windows\System32\loadperf.dll
17:00:16.0264 1464  C:\Windows\System32\loadperf.dll - ok
17:00:16.0264 1464  [ 5906ADD530AE7CEBF749D2A02F723CE7 ] C:\PROGRA~1\McAfee\MPF\McMPFPPv.dll
17:00:16.0264 1464  C:\PROGRA~1\McAfee\MPF\McMPFPPv.dll - ok
17:00:16.0279 1464  [ 64D9CDDADB7A3400056F5578786A66AE ] C:\PROGRA~1\McAfee\MPF\MpfApi.dll
17:00:16.0279 1464  C:\PROGRA~1\McAfee\MPF\MpfApi.dll - ok
17:00:16.0279 1464  [ EF01746045606AC596EA224451A090A1 ] C:\Program Files\McAfee\VirusScan\McVSPP.dll
17:00:16.0279 1464  C:\Program Files\McAfee\VirusScan\McVSPP.dll - ok
17:00:16.0295 1464  [ B4C9E451C375C1208947C6CDFAD8E606 ] C:\PROGRA~1\McAfee\VIRUSS~1\MVsCfg.dll
17:00:16.0295 1464  C:\PROGRA~1\McAfee\VIRUSS~1\MVsCfg.dll - ok
17:00:16.0295 1464  [ 77FAB5FF8BF12A6FDDAA94C6D9F7A6E4 ] C:\PROGRA~1\McAfee\VIRUSS~1\NaiAnn.dll
17:00:16.0295 1464  C:\PROGRA~1\McAfee\VIRUSS~1\NaiAnn.dll - ok
17:00:16.0295 1464  [ ADCB9A3CC1DB2F027BE463824A1D6F42 ] C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
17:00:16.0295 1464  C:\PROGRA~1\McAfee.com\Agent\mcagent.exe - ok
17:00:16.0311 1464  [ D1D6899FD8DB03046B9A743E69240611 ] C:\PROGRA~1\McAfee\MSC\McMscShm.dll
17:00:16.0311 1464  C:\PROGRA~1\McAfee\MSC\McMscShm.dll - ok
17:00:16.0311 1464  [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
17:00:16.0311 1464  C:\Windows\System32\netapi32.dll - ok
17:00:16.0326 1464  [ 0FCDAD44875E9F798A6CB6695730FDA3 ] C:\PROGRA~1\McAfee\MSC\mcmschlp.dll
17:00:16.0326 1464  C:\PROGRA~1\McAfee\MSC\mcmschlp.dll - ok
17:00:16.0326 1464  [ 1565AEDA55469D030E35801ECD17E1A5 ] C:\PROGRA~1\COMMON~1\McAfee\Core\mccoreps.dll
17:00:16.0326 1464  C:\PROGRA~1\COMMON~1\McAfee\Core\mccoreps.dll - ok
17:00:16.0342 1464  [ 5F967DD42E49483A220FE134D1EA21DB ] C:\PROGRA~1\COMMON~1\McAfee\MSC\mcbrwsr2.dll
17:00:16.0342 1464  C:\PROGRA~1\COMMON~1\McAfee\MSC\mcbrwsr2.dll - ok
17:00:16.0342 1464  [ 05F1120A547B686C05EC08E5D08DA0EB ] C:\PROGRA~1\McAfee\MSC\mcsubmgr\11_6_4~2\mcsubmgr.dll
17:00:16.0342 1464  C:\PROGRA~1\McAfee\MSC\mcsubmgr\11_6_4~2\mcsubmgr.dll - ok
17:00:16.0342 1464  [ D5881073BD9E160576B49203B7B929F3 ] C:\PROGRA~1\McAfee\MSC\McUpdShm.dll
17:00:16.0342 1464  C:\PROGRA~1\McAfee\MSC\McUpdShm.dll - ok
17:00:16.0357 1464  [ 2B5CF26350B42CBCFCCE921F8E36FDA5 ] C:\PROGRA~1\McAfee\MSC\McTelemetryAPI.dll
17:00:16.0357 1464  C:\PROGRA~1\McAfee\MSC\McTelemetryAPI.dll - ok
17:00:16.0357 1464  [ 2592AD8AFDC6307581282FDC60D1A66E ] C:\PROGRA~1\McAfee\MSC\mcuicfg.dll
17:00:16.0357 1464  C:\PROGRA~1\McAfee\MSC\mcuicfg.dll - ok
17:00:16.0373 1464  [ 326B81CDFA6085DAC62A6DB3E76F2A07 ] C:\Program Files\McAfee\MSC\mscjsres.dll
17:00:16.0373 1464  C:\Program Files\McAfee\MSC\mscjsres.dll - ok
17:00:16.0373 1464  [ EB6B6B2ACDD27ED947D4F117919FAE6D ] C:\PROGRA~1\McAfee\MPF\MpfShm.dll
17:00:16.0373 1464  C:\PROGRA~1\McAfee\MPF\MpfShm.dll - ok
17:00:16.0389 1464  [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
17:00:16.0389 1464  C:\Windows\System32\msimg32.dll - ok
17:00:16.0389 1464  [ 987E30CCDAEC027CF1AB54C23D20B3E2 ] C:\PROGRA~1\McAfee\VIRUSS~1\McOasShm.dll
17:00:16.0389 1464  C:\PROGRA~1\McAfee\VIRUSS~1\McOasShm.dll - ok
17:00:16.0404 1464  [ 51C6A44CD80B1BFA47C5471C782F7671 ] C:\PROGRA~1\McAfee\MSC\mscuild.dll
17:00:16.0404 1464  C:\PROGRA~1\McAfee\MSC\mscuild.dll - ok
17:00:16.0404 1464  [ DD9640123AB379A08974247A897177AD ] C:\PROGRA~1\McAfee\MSC\oemuild.dll
17:00:16.0404 1464  C:\PROGRA~1\McAfee\MSC\oemuild.dll - ok
17:00:16.0420 1464  [ 9901FE4815A3221E2AF8238C205086A6 ] C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120628170134.dll
17:00:16.0420 1464  C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120628170134.dll - ok
17:00:16.0420 1464  [ F3500B8809AC8642AF9C51B80B1C946C ] C:\Windows\System32\jscript9.dll
17:00:16.0420 1464  C:\Windows\System32\jscript9.dll - ok
17:00:16.0435 1464  [ C2E1CA7848D834ADD708BB79FA05B6D2 ] C:\Windows\System32\jscript.dll
17:00:16.0435 1464  C:\Windows\System32\jscript.dll - ok
17:00:16.0435 1464  [ BD69A0116B11A91761AB30A25DCB4C9D ] C:\Windows\System32\vbscript.dll
17:00:16.0435 1464  C:\Windows\System32\vbscript.dll - ok
17:00:16.0435 1464  [ CA43FC1DE7F89EAE264C088375722BDC ] C:\PROGRA~1\COMMON~1\McAfee\MSC\McDspWrp.dll
17:00:16.0435 1464  C:\PROGRA~1\COMMON~1\McAfee\MSC\McDspWrp.dll - ok
17:00:16.0451 1464  [ E647BCF00382A7541F359CE496CE95EA ] C:\PROGRA~1\McAfee\VIRUSS~1\vsores.dll
17:00:16.0451 1464  C:\PROGRA~1\McAfee\VIRUSS~1\vsores.dll - ok
17:00:16.0451 1464  [ 8BA275328C6AB1CE2B05D58562587CEF ] C:\PROGRA~1\McAfee\MSC\McIPTShm.dll
17:00:16.0451 1464  C:\PROGRA~1\McAfee\MSC\McIPTShm.dll - ok
17:00:16.0467 1464  [ BC5B7FF13FFFAB9ABA73C2FE071D0EB9 ] C:\PROGRA~1\McAfee\MSC\mcprlalt.dll
17:00:16.0467 1464  C:\PROGRA~1\McAfee\MSC\mcprlalt.dll - ok
17:00:16.0467 1464  [ B2A900C993FC7052E25CA5C1CB8CF647 ] C:\PROGRA~1\McAfee\MQS\QCPROG~1.DLL
17:00:16.0467 1464  C:\PROGRA~1\McAfee\MQS\QCPROG~1.DLL - ok
17:00:16.0482 1464  [ 1814532DB0404C5FB65AA3EB051B2BE5 ] C:\Program Files\McAfee\VirusScan\mcods.exe
17:00:16.0482 1464  C:\Program Files\McAfee\VirusScan\mcods.exe - ok
17:00:16.0482 1464  [ FDABFA42123A28A59EC51AD38A4005EC ] C:\PROGRA~1\McAfee\MSC\McGsShm.dll
17:00:16.0482 1464  C:\PROGRA~1\McAfee\MSC\McGsShm.dll - ok
17:00:16.0498 1464  [ 2063BD65A2046E254D53B7D44D66AD57 ] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
17:00:16.0498 1464  C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe - ok
17:00:16.0498 1464  [ C354130F846F4DFE5483580FFAA9B0BC ] C:\PROGRA~1\McAfee\MSC\mcmispps.dll
17:00:16.0498 1464  C:\PROGRA~1\McAfee\MSC\mcmispps.dll - ok
17:00:16.0498 1464  [ 3F4D62F069FBDB38CCA26DD0D67C53B0 ] C:\Program Files\Common Files\McAfee\Core\mchost.exe
17:00:16.0498 1464  C:\Program Files\Common Files\McAfee\Core\mchost.exe - ok
17:00:16.0513 1464  ============================================================
17:00:16.0513 1464  Scan finished
17:00:16.0513 1464  ============================================================
17:00:16.0513 1720  Detected object count: 3
17:00:16.0513 1720  Actual detected object count: 3
17:01:04.0468 1720  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:04.0468 1720  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:01:04.0468 1720  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:04.0468 1720  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:01:04.0468 1720  smtpexp ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:04.0468 1720  smtpexp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:21:57.0235 1696  Deinitialize success


#11 mraman84

mraman84
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 27 February 2013 - 06:08 PM

I have sent the TDSSKiller report in 4 parts as this is the only way it would allow me to post a response.  

 

I think I also may have spoken a little too soon earlier as I'm once again experiencing issues as far as shutting down, web pages crashing, Windows crashing, unable to use the ctrl +alt +del. for task manager.  I am now actually having to use safemode + network in order to send this without further issues.



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 PM

Posted 27 February 2013 - 07:18 PM

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

 

2.

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:





Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:




Go to Step 4 and under "System Restore" click on Create button:




Go to Start Repairs tab and click Start button.




Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):



Click on box next to the Restart System when Finished. Then click on Start.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 mraman84

mraman84
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 27 February 2013 - 10:27 PM

# AdwCleaner v2.113 - Logfile created 02/28/2013 at 00:27:15
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : IFG - IFG-PC
# Boot Mode : Normal
# Running from : C:\Users\IFG\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\PriceGong
Folder Deleted : C:\Program Files (x86)\Surf Canyon
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\IFG\AppData\Local\APN
Folder Deleted : C:\Users\IFG\AppData\Local\Giant Savings Extension
Folder Deleted : C:\Users\IFG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Folder Deleted : C:\Users\IFG\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\IFG\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\iPhone\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
[OK] Registry is clean.
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Users\IFG\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\iPhone\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [5355 octets] - [28/02/2013 00:27:15]
 
########## EOF - C:\AdwCleaner[S1].txt - [5415 octets] ##########


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:24 PM

Posted 27 February 2013 - 10:31 PM

Did you run the windows repair tool along with Chkdsk and SFC/ Scannow? How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 mraman84

mraman84
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 27 February 2013 - 11:01 PM

I think I followed all of the steps including chkdsk but I don't remember coming across SFC/Scannow though.

I can once again see an improvement, although I am still having slight issues restarting the computer. Access to the Internet seems to have slowed down and I'm also still experiencing problems with the web pages and for i.e if a page gets stop in Chrome or IE, I then have issues trying to reopen it. I've actually even trying to respond a while but the pages just wouldn't open so I've resorted to sending this response via my phone.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users